[Privoxy-users] Privoxy-users Digest, Vol 52, Issue 2

Tim Magee lists at qkhx.uk
Mon Aug 23 14:58:25 UTC 2021 

On Wed, 11 Aug 2021 12:00:00 +0000 Tim Magee wrote:
> Subject: [Privoxy-users] Hello! here's some odd behaviour
> 
> * create a new empty actionsfile, eg "/etc/privoxy/foo.action"
> ...
> * click on 'edit' next to /etc/privoxy/foo.action
> * click on 'insert new section at top'
> 
> I get an error message saying that Privoxy can't write my custom
> actionsfile.

Hi me,

Answering my own question to:
- counterbalance my guilt at not knowing that apparmor was running
- help anyone else who sees the same thing

The cause of the problem is Debian's apparmor profile for privoxy
which restricts privoxy's write access to just a couple of the action
files. My new action file wasn't in the writable list, of course,
so my attempts to edit it through Privoxy's CGI interface failed.

Error message fragments people might be searching for are:

 "Cannot write to actions file"
 "The actions file you are trying to edit"

Here's roughly what I did

- back up /etc/apparmor.d
- edit /etc/apparmor.d/usr.sbin.privoxy, and in my original
  example where I added foo.action, add a line to derestrict
  access to that, resulting in a diff like:

--------------------------------------------------------------------
*** usr.sbin.privoxy    2021-08-23 15:43:12.882368609 +0100
--- usr.sbin.privoxy-foo        2021-08-23 15:41:31.579244508 +0100
***************
*** 10,15 ****
--- 10,16 ----
    /etc/privoxy/** r,
    owner /etc/privoxy/match-all.action rw,
    owner /etc/privoxy/user.action rw,
+   owner /etc/privoxy/foo.action rw,
    /run/privoxy*.pid rw,
    /usr/share/doc/privoxy/user-manual/** r,
    /usr/share/doc/privoxy/p_doc.css r,
--------------------------------------------------------------------

- reload the edited apparmor profile:

  sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.privoxy

- restart privoxy

  sudo systemctl restart privoxy

That last command might not have been necessary but it does no harm.

That's it. Privoxy now lets me edit my custom actions file.

Hope this helps someone,
Tim.

More information about the Privoxy-users mailing list