Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fdns fails to start on Arch Linux with apparmor #44

Closed
glitsj16 opened this issue Oct 18, 2020 · 0 comments · Fixed by #45
Closed

fdns fails to start on Arch Linux with apparmor #44

glitsj16 opened this issue Oct 18, 2020 · 0 comments · Fixed by #45

Comments

@glitsj16
Copy link
Collaborator

The current apparmor profile doesn't take into account that on Arch Linux /etc/ssl/certs/ca-certificates.crt is a symlink to /etc/ca-certificates/extracted/tls-ca-bundle.pem. When auditd.service is enabled, this stops fdns from resolving.

$ /usr/bin/fdns --proxy-addr=127.0.0.1 --server=appliedprivacy
$ fdns --monitor=127.0.0.1
Testing server appliedprivacy
   Tags: non-profit, Austria, Europe
fdns starting
connecting to appliedprivacy server
listening on 127.0.0.1
22:14:11 (1) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
345 filter entries added from /etc/fdns/trackers
7415 filter entries added from /etc/fdns/fp-trackers
50788 filter entries added from /etc/fdns/adblocker
10265 filter entries added from /etc/fdns/coinblocker
Error: resolver 1 (pid 94234) terminated, restarting it...
22:14:11 (0) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 0 (pid 94233) terminated, restarting it...
22:14:11 (2) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
345 filter entries added from /etc/fdns/trackers
7415 filter entries added from /etc/fdns/fp-trackers
50788 filter entries added from /etc/fdns/adblocker
10265 filter entries added from /etc/fdns/coinblocker
Error: resolver 2 (pid 94235) terminated, restarting it...
22:14:13 (0) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 0 (pid 94237) terminated, restarting it...
22:14:13 (1) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 1 (pid 94236) terminated, restarting it...
22:14:16 (2) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
345 filter entries added from /etc/fdns/trackers
7415 filter entries added from /etc/fdns/fp-trackers
50788 filter entries added from /etc/fdns/adblocker
10265 filter entries added from /etc/fdns/coinblocker
Error: resolver 2 (pid 94260) terminated, restarting it...
22:14:16 (0) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 0 (pid 94261) terminated, restarting it...
22:14:18 (1) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 1 (pid 94279) terminated, restarting it...
22:14:18 (2) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
345 filter entries added from /etc/fdns/trackers
7415 filter entries added from /etc/fdns/fp-trackers
50788 filter entries added from /etc/fdns/adblocker
10265 filter entries added from /etc/fdns/coinblocker
Error: resolver 2 (pid 94280) terminated, restarting it...
22:14:21 (0) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 0 (pid 94286) terminated, restarting it...
22:14:21 (1) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 1 (pid 94287) terminated, restarting it...
22:14:23 (2) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
345 filter entries added from /etc/fdns/trackers
7415 filter entries added from /etc/fdns/fp-trackers
50788 filter entries added from /etc/fdns/adblocker
10265 filter entries added from /etc/fdns/coinblocker
Error: resolver 2 (pid 94310) terminated, restarting it...
22:14:23 (0) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 0 (pid 94311) terminated, restarting it...
22:14:26 (2) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 2 (pid 94353) terminated, restarting it...
22:14:26 (1) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
345 filter entries added from /etc/fdns/trackers
7415 filter entries added from /etc/fdns/fp-trackers
50788 filter entries added from /etc/fdns/adblocker
10265 filter entries added from /etc/fdns/coinblocker
Error: resolver 1 (pid 94352) terminated, restarting it...
22:14:28 (0) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 0 (pid 94385) terminated, restarting it...
22:14:28 (2) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 2 (pid 94386) terminated, restarting it...
22:14:31 (1) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
345 filter entries added from /etc/fdns/trackers
7415 filter entries added from /etc/fdns/fp-trackers
50788 filter entries added from /etc/fdns/adblocker
10265 filter entries added from /etc/fdns/coinblocker
Error: resolver 1 (pid 94409) terminated, restarting it...
22:14:31 (0) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt

I'm testing a fix that also enables users to create site-specific additions and overrides for 'usr.bin.fdns' in /etc/apparmor.d/local/usr.bin.fdns. Will report on that asap.
glitsj16 added a commit to glitsj16/fdns that referenced this issue Oct 18, 2020
@glitsj16
fix apparmor profile for Arch Linux
857e295 
This fixes netblue30#44.
@glitsj16 glitsj16 mentioned this issue Oct 18, 2020
Merged
netblue30 pushed a commit that referenced this issue Jan 1, 2024
@glitsj16
fix apparmor profile for Arch Linux
011c08b 
This fixes #44.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix apparmor profile for Arch Linux glitsj16/fdns
1 participant
@glitsj16