# vim:syntax=apparmor

  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/openssl>

  network tcp,
  network udp,

  capability chown,
  capability dac_read_search,
  capability fowner,
  capability fsetid,
  capability setgid,
  capability setuid,

  /usr/bin/tor r,
  /usr/sbin/tor r,

  # Needed by obfs4proxy
  /proc/sys/net/core/somaxconn r,

  /proc/sys/kernel/random/uuid r,
  /sys/devices/system/cpu/ r,
  /sys/devices/system/cpu/** r,

  /etc/tor/* r,
  /usr/share/tor/** r,

  /usr/bin/obfsproxy PUx,
  /usr/bin/obfs4proxy Pix,

  /usr/bin/snowflake-client Pix,
