无法启动托管代理可执行文件

Question

我在 ubuntu 14.04 上使用网桥时遇到了 Tor 和 obfsproxy 的问题。Tor 无法启动 obfsproxy 并且总是返回权限被拒绝。

grep -v "^#" /etc/tor/torrc | sed '/^$/d'

UseBridges 1
Bridge obfs2 192.36.27.216:55313 fccb4bf2a7b89b070902bdd05923c255fb4b0bdb 
ClientTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy --managed

---

tail -f /var/log/tor/log

Aug 01 13:06:30.000 [notice] Tor 0.2.4.23 (git-05b81fcd2a655c5a) opening new log file.
Aug 01 13:06:30.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Aug 01 13:06:30.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Aug 01 13:06:30.000 [warn] OpenSSL version from headers does not match the version we're running with. If you get weird crashes, that might be why. (Compiled with 1000105f:     OpenSSL 1.0.1e 11 Feb 2013; running with 1000106f: OpenSSL 1.0.1f 6 Jan 2014).
Aug 01 13:06:33.000 [warn] Could not launch managed proxy executable at '/usr/bin/obfsproxy' ('Permission denied').
Aug 01 13:06:34.000 [notice] Bootstrapped 5%: Connecting to directory server.
Aug 01 13:06:34.000 [warn] We were supposed to connect to bridge '192.36.27.216:55313' using pluggable transport 'obfs2', but we can't find a pluggable transport proxy supporting 'obfs2'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.

Answer 1

前提
如何配置 Tor 和 Obfsproxy：
- https://www.torproject.org/projects/obfsproxy-debian-instructions

根据这个错误报告：
https
://trac.torproject.org/projects/tor/ticket/6996 ... obfsproxy 权限错误是由 tor init 脚本（至少在 debian/ubuntu 上）触发的，因为 tor apparmor 错误脚本 ( /etc/apparmor.d/system_tor)

所以基本上方法是停止服务并直接启动tor，如此简单直接：

sudo service tor stop && tor

这应该可以工作（不要sudo用来启动 tor 否则你会得到一个不同的错误:(

更好的解决方案
是修复 apparmor 配置文件，以便 tor 服务正确启动

1. 编辑这个文件 /etc/apparmor.d/system_tor
2. 添加这一行 /usr/bin/obfsproxy Ux,
3. 重启 apparmor 服务 ( sudo service apparmor restart)

所以配置文件应该是这样的：

# vim:syntax=apparmor
#include <tunables/global>

profile system_tor {
  #include <abstractions/tor>

  owner /var/lib/tor/** rwk,
  owner /var/log/tor/* w,

  /usr/bin/obfsproxy  Ux,  ## this is the FIX

  /{,var/}run/tor/control w,
  /{,var/}run/tor/tor.pid w,
  /{,var/}run/tor/control.authcookie w,
  /{,var/}run/tor/control.authcookie.tmp rw,

  # Site-specific additions and overrides. See local/README for details.
  #include <local/system_tor>
}