[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] what capabilities does tor need for reloading?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

just for the record:

> 'systemctl reload tor' fails due to hardening restrictions in tor's
> systemd service file [1]:
> 
> CapabilityBoundingSet = CAP_SETUID CAP_SETGID ...


The proper 'fix' is:
PermissionsStartOnly=yes


REF:
http://lists.freedesktop.org/archives/systemd-devel/2015-April/030404.html
http://www.freedesktop.org/software/systemd/man/systemd.service.html#PermissionsStartOnly=
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJVQTOVAAoJEFv7XvVCELh0ceUP/14ip5/+6I022mYHuBgTwmkL
69EYtX4uaKb0hDCZAk+hGA1VgAlCwZD87zhXW6Tb42SLnhZ+XGmSg5NefG6MCO5D
mKf39Habzj5eDAbyUYItQu7zYzJfgGO823KC19XTwfUjEfalCv7/D2Ra8eHYJRcX
PL5cvNTyVpViKk9qW/f8rvZRar7Y4iqig4N5xe93eIf/dpLjpkfPlQhWg13zuoHW
YohHSb5BC6+T3CFoIAycRYMSkkBk4KL6CF7q1MTtT1T/1mZlfbZ+ar6MZEfXI1q2
KL6NbdOWv/IIf5aGCAZ58E8RJGZKvoWiga00d8aMgRMASHd6Er93pzhpdF3y2MY9
E5//We2lb+GjDIXbrMNC2ZHsuKgDOFV773w+DJCq0z0BB2WL/X7XNmVxhq3/8h2F
M6Sr0Wjazo4O2eEdE0DTNYrU91xAhfk5OuJWPxGQIU9knaqiiwWlxBCqWFJfuA1/
eiJy8sDumd9BzDtr5ewRswjZaZj4jTRYzH+owxnd8U00cImj17+4H6xjDJji8kXe
cMDOMjxnnGX00PTCXLPLIoVCD//oBQUqcOhpsDP/Ga3O7lGFlynjVJbUYrjS0/lz
cHxF0qX7XGtr0Bevik9xoq8bPomnoULKIfM0EjrD+0LAf3jwFK5Ne5PY+T1AsrdX
Go85L9UdvUYUlZwRRTWX
=7YTi
-----END PGP SIGNATURE-----
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev