[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Problem starting 0.3.0.7 on Ubuntu?



On Tue, May 23, 2017 at 01:43:37PM +1000, teor wrote:
> > HiddenServiceDir /var/lib/tor/SERVICE_NAME/
> 
> What are the permissions on each of the enclosing directories?
> (Tor checks permissions recursively in some cases.)
> 
> In 0.3.0.7, we made a number of hidden service checks stricter.
> Perhaps one of the checks is too strict.

Earlier in this thread, Alexander said:
| The permissions on /var/lib/tor/SERVICE_NAME/ are "rwx--S---" and it's
| owned by debian-tor, which worked for 0.2.9.10."

I asked weasel about this question, and he pointed me to
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862993
which looks exactly like Alexander's issue.

It doesn't affect Debian by default, because Debian doesn't have
apparmor enabled by default.

So, the short term workaround for Alexander would be to add the line that
intrigeri suggests to the apparmor profile. The better fix imo will be
for Tor to stop doing behavior that the apparmor profile wants to prevent,
such as trying to read directories before it has switched uids. I'll
open a ticket about that once I understand it more.

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays