[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] what capabilities does tor need for reloading?

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] what capabilities does tor need for reloading?
From: Nick Mathewson <nickm@xxxxxxxxxxxx>
Date: Wed, 18 Mar 2015 08:14:19 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 18 Mar 2015 08:14:32 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=WRyf5OiepSMLGiYyw6qyHufUH9+lEVI7MZIFGMuKZa4=; b=U+6Hg6pQbwdkCoZFKMX1b8UUCT4T9leJLW7EXiIqxP4p04CO4tIBC5qRg1BUWqget7 P1h+lgj/yNxHJ3JMUGxK11v1UfZRw+oR/qOCrXsLI1B6U69NcW83cCR3NRChUGb4uB4e Vz5o7/tiueAUTbA5TH2kIbj8R3RrBmJjsyut4Oa2fZ7nA/I40WC3bhZaAMkxtLdlRNNl qwv57v1BZPboGWWat0PqNYO1HMUIbuQWuZgOnVm4rcbw9Cf54bnwn+Wiev2H/W0wrTbI 4+eYaW283iikMAueS8YeEEnaGhbgduhqpBOt8wi/ik2a198KU/ec5MyD4r9V2B5+f79P 6WxQ==
In-reply-to: <55095040.1040506@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <55095040.1040506@xxxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On Wed, Mar 18, 2015 at 6:15 AM, Nusenu <nusenu@xxxxxxxxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi,
>
> 'systemctl reload tor'
> fails due to hardening restrictions in tor's systemd service file [1]:
>
> CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
>
> Removing that line "solves" the reload issue.
> Reloading with that line does not generate any tor debug loglines.
>
> What capability would one have to add to the list to make it work with
> CapabilityBoundingSet?

It probably depends on what's in your configuration.  My first guess
on how to find out would be to look to see if you can possibly use
strace or gdb or something to figure out what system call is failing.
You might need to temporarily add DisableDebuggerAttachment 0 to your
configuration file to allow you to attach a debugger.

cheers,
-- 
Nick
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] what capabilities does tor need for reloading?
  - From: Nusenu

References:
- [tor-dev] what capabilities does tor need for reloading?
  - From: Nusenu

Prev by Author: Re: [tor-dev] Syncing the Tor+TBB release schedules?
Next by Author: [tor-dev] Brainstorming ideas for controller features for improved testing; want feedback
Previous by thread: [tor-dev] what capabilities does tor need for reloading?
Next by thread: Re: [tor-dev] what capabilities does tor need for reloading?
Index(es):
- Author
- Thread