[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] serious gap in 'chroot' documentation

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] serious gap in 'chroot' documentation
From: starlight.2013q4@xxxxxxxxxxx
Date: Wed, 16 Oct 2013 23:13:44 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 16 Oct 2013 23:22:15 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Newer versions of 'openssl' require access to

   /proc/sys/kernel/random 

and so the line

   /proc/sys/kernel/random /chroot_tor/proc/sys/kernel/random auto bind 0 0

must be added to the

   /etc/fstab

file or the command

   mount -o bind /proc/sys/kernel/random /chroot_tor/proc/sys/kernel/random

must be run from somewhere.  Keep in mind
that issuing the 'mount' more than once
causes nested overly mounts rather than
doing nothing, so the 'fstab' approach
is best.

Obviously the directories

   proc/sys/kernel/random

must be created in the 'chroot' jail tree.

----------------

This problem will appear when 'tor' attempts
to roll-over it's key after several days.
Took significant effort of figure out
what happened as 'tor' dies without
comment.

It appears that if 'tor' fails in the middle
of a re-key operation, the node name and state
is lost entirely and the relay must rebuild
it's reputation from scratch with a new
name.  Quite vexing.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] serious gap in 'chroot' documentation
  - From: Fabio Pietrosanti (naif)
- Re: [tor-relays] serious gap in 'chroot' documentation
  - From: starlight . 2013q4
- Re: [tor-relays] serious gap in 'chroot' documentation
  - From: starlight . 2013q4

Prev by Author: Re: [tor-relays] OT: Re: risk of relay exploit
Next by Author: Re: [tor-relays] serious gap in 'chroot' documentation
Previous by thread: Re: [tor-relays] OT: Re: risk of relay exploit
Next by thread: Re: [tor-relays] serious gap in 'chroot' documentation
Index(es):
- Author
- Thread