[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] starting tor with the default service file...



Hello,

When trying to start tor using the default service file
contrib/dist/tor.service on a Fedora 26 system with kernel.org kernel we
see a failure to start:

Mar 11 10:40:16.297 [warn] You appear to lack permissions to change
memory limits. Are you root?
Mar 11 10:40:16.297 [warn] Unable to raise RLIMIT_MEMLOCK: Operation not
permitted
Mar 11 10:40:16.298 [notice] Unable to lock all current and future
memory pages: Cannot allocate memory
Mar 11 10:40:16.298 [warn] Failed to parse/validate config:
DisableAllSwap failure. Do you have proper permissions?
Mar 11 10:40:16.298 [err] Reading config failed--see warnings above.

This part of the service file might be relevant:

# Hardening
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/tor
ReadWriteDirectories=-/var/log/tor
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE

How to fix this issue? How do I add the permissions for RLIMIT_MEMLOCK?
Locking memory pages? Disabling swap?

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk