Giters

netblue30 / fdns

Firejail DNS-over-HTTPS Proxy Server

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

fdns fails to start on Arch Linux with apparmor

glitsj16 opened this issue · comments

commented

The current apparmor profile doesn't take into account that on Arch Linux /etc/ssl/certs/ca-certificates.crt is a symlink to /etc/ca-certificates/extracted/tls-ca-bundle.pem. When auditd.service is enabled, this stops fdns from resolving.

$ /usr/bin/fdns --proxy-addr=127.0.0.1 --server=appliedprivacy
$ fdns --monitor=127.0.0.1
Testing server appliedprivacy
   Tags: non-profit, Austria, Europe
fdns starting
connecting to appliedprivacy server
listening on 127.0.0.1
22:14:11 (1) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
345 filter entries added from /etc/fdns/trackers
7415 filter entries added from /etc/fdns/fp-trackers
50788 filter entries added from /etc/fdns/adblocker
10265 filter entries added from /etc/fdns/coinblocker
Error: resolver 1 (pid 94234) terminated, restarting it...
22:14:11 (0) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 0 (pid 94233) terminated, restarting it...
22:14:11 (2) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
345 filter entries added from /etc/fdns/trackers
7415 filter entries added from /etc/fdns/fp-trackers
50788 filter entries added from /etc/fdns/adblocker
10265 filter entries added from /etc/fdns/coinblocker
Error: resolver 2 (pid 94235) terminated, restarting it...
22:14:13 (0) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 0 (pid 94237) terminated, restarting it...
22:14:13 (1) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 1 (pid 94236) terminated, restarting it...
22:14:16 (2) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
345 filter entries added from /etc/fdns/trackers
7415 filter entries added from /etc/fdns/fp-trackers
50788 filter entries added from /etc/fdns/adblocker
10265 filter entries added from /etc/fdns/coinblocker
Error: resolver 2 (pid 94260) terminated, restarting it...
22:14:16 (0) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 0 (pid 94261) terminated, restarting it...
22:14:18 (1) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 1 (pid 94279) terminated, restarting it...
22:14:18 (2) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
345 filter entries added from /etc/fdns/trackers
7415 filter entries added from /etc/fdns/fp-trackers
50788 filter entries added from /etc/fdns/adblocker
10265 filter entries added from /etc/fdns/coinblocker
Error: resolver 2 (pid 94280) terminated, restarting it...
22:14:21 (0) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 0 (pid 94286) terminated, restarting it...
22:14:21 (1) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 1 (pid 94287) terminated, restarting it...
22:14:23 (2) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
345 filter entries added from /etc/fdns/trackers
7415 filter entries added from /etc/fdns/fp-trackers
50788 filter entries added from /etc/fdns/adblocker
10265 filter entries added from /etc/fdns/coinblocker
Error: resolver 2 (pid 94310) terminated, restarting it...
22:14:23 (0) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 0 (pid 94311) terminated, restarting it...
22:14:26 (2) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 2 (pid 94353) terminated, restarting it...
22:14:26 (1) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
345 filter entries added from /etc/fdns/trackers
7415 filter entries added from /etc/fdns/fp-trackers
50788 filter entries added from /etc/fdns/adblocker
10265 filter entries added from /etc/fdns/coinblocker
Error: resolver 1 (pid 94352) terminated, restarting it...
22:14:28 (0) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 0 (pid 94385) terminated, restarting it...
22:14:28 (2) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
Error: resolver 2 (pid 94386) terminated, restarting it...
22:14:31 (1) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt
345 filter entries added from /etc/fdns/trackers
7415 filter entries added from /etc/fdns/fp-trackers
50788 filter entries added from /etc/fdns/adblocker
10265 filter entries added from /etc/fdns/coinblocker
Error: resolver 1 (pid 94409) terminated, restarting it...
22:14:31 (0) Error: cannot find SSL certificate /etc/ssl/certs/ca-certificates.crt

I'm testing a fix that also enables users to create site-specific additions and overrides for 'usr.bin.fdns' in /etc/apparmor.d/local/usr.bin.fdns. Will report on that asap.