apparmor-profiles/usr.bin.tor

#include <tunables/global>

/usr/bin/tor {
  #include <abstractions/base>
  #include <abstractions/openssl>

  network netlink raw,
  network tcp,
  network udp,

  /etc/host.conf r,
  /etc/nsswitch.conf r,
  /etc/passwd r,
  /etc/resolv.conf r,
  /etc/tor/* r,

  /proc/sys/kernel/random/uuid r,
  /usr/bin/tor mr,
  /usr/share/tor/geoip r,
  /usr/share/tor/geoip6 r,

  owner /etc/tor/ r,
  owner /var/lib/tor/ r,
  owner /var/lib/tor/** rwk,
  owner @{PROC}/@{pid}/stat r,

}