Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T14:41:38Zhttps://gitlab.torproject.org/legacy/trac/-/issues/14141enhancments and fixes for systemd support2020-06-13T14:41:38ZTracenhancments and fixes for systemd supportThe following patch series contains:
1) fix unit & code to work with both RunAsDaemon = 0 or 1
2) improve information about state presented to administrator
3) fix and enable watchdog support
Detailed descriptions inside each patch.
...The following patch series contains:
1) fix unit & code to work with both RunAsDaemon = 0 or 1
2) improve information about state presented to administrator
3) fix and enable watchdog support
Detailed descriptions inside each patch.
**Trac**:
**Username**: tomek@pipebreaker.plTor: 0.2.6.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/8368Add tor.service (for systemd) to upstream package2020-06-13T14:40:29ZTracAdd tor.service (for systemd) to upstream packageIn Fedora we have a custom systemd service file for running Tor. We are encouraged to push changes upstream, and thus I am proposing that it be included as part of the upstream tarball. I have pasted the contents below, but please do adv...In Fedora we have a custom systemd service file for running Tor. We are encouraged to push changes upstream, and thus I am proposing that it be included as part of the upstream tarball. I have pasted the contents below, but please do advise on whether this can be improved:
$ cat tor.service
[Unit]
Description = Anonymizing overlay network for TCP
After = syslog.target network.target nss-lookup.target
[Service]
Type = simple
ExecStart = /usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc --quiet
ExecReload = /bin/kill -HUP ${MAINPID}
ExecStop = /bin/kill -INT ${MAINPID}
TimeoutSec = 30
Restart = on-failure
LimitNOFILE = 4096
[Install]
WantedBy = multi-user.target
**Trac**:
**Username**: jamielinuxTor: 0.2.5.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/12751systemd unit file could use more filesystem namespace hardening options2020-06-13T14:38:51Zintrigerisystemd unit file could use more filesystem namespace hardening optionssystemd has nice features to restrict what part of the filesystem a service has read-only or read-write access to (ReadOnlyDirectories, ReadWriteDirectories) that we could use. Also InaccessibleDirectories could be made a bit more restri...systemd has nice features to restrict what part of the filesystem a service has read-only or read-write access to (ReadOnlyDirectories, ReadWriteDirectories) that we could use. Also InaccessibleDirectories could be made a bit more restrictive.Tor: 0.2.6.x-finalintrigeriintrigerihttps://gitlab.torproject.org/legacy/trac/-/issues/13196systemd unit file needs to make /var/run/tor writable2020-06-13T14:38:51Zintrigerisystemd unit file needs to make /var/run/tor writableThe changes introduced for #12751 break the unit file with systemd v215, as they prevent /var/run/tor/ from being writable. I'll test and submit a patch that resolves this shortly.The changes introduced for #12751 break the unit file with systemd v215, as they prevent /var/run/tor/ from being writable. I'll test and submit a patch that resolves this shortly.intrigeriintrigerihttps://gitlab.torproject.org/legacy/trac/-/issues/12939Add NoNewPrivileges=true to systemd unit.2020-06-13T14:38:04ZTracAdd NoNewPrivileges=true to systemd unit.Please consider adding NoNewPrivliges=true to the systemd unit. This will prevent tor from gaining privileges (e.g. by executing setuid binaries).
**Trac**:
**Username**: stebalienPlease consider adding NoNewPrivliges=true to the systemd unit. This will prevent tor from gaining privileges (e.g. by executing setuid binaries).
**Trac**:
**Username**: stebalienTor: 0.2.6.x-finalintrigeriintrigerihttps://gitlab.torproject.org/legacy/trac/-/issues/12731systemd unit file should explicitly pass --RunAsDaemon 02020-06-13T14:37:41Zintrigerisystemd unit file should explicitly pass --RunAsDaemon 0The current systemd unit uses "Type = simple", so systemd does not expect tor to fork. If the user has "RunAsDaemon 1" in their torrc, then things won't work as expected. This is e.g. the case on Debian (and derivatives), since there we ...The current systemd unit uses "Type = simple", so systemd does not expect tor to fork. If the user has "RunAsDaemon 1" in their torrc, then things won't work as expected. This is e.g. the case on Debian (and derivatives), since there we pass "--defaults-torrc /usr/share/tor/tor-service-defaults-torrc" (that contains "RunAsDaemon 1") by default.
The only solution I can see to this problem is to explicitly pass "--RunAsDaemon 0" when starting tor from the systemd unit file.Tor: 0.2.5.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/12730systemd unit file could use --verify-config in ExecStartPre2020-06-13T14:37:41Zintrigerisystemd unit file could use --verify-config in ExecStartPreThe ExecStartPre directive (systemd.service(5)) allows to run commands before actually starting the service, and to _not_ start the service if one of these commands fail. It allows one to replicate the behavior that the tor initscript in...The ExecStartPre directive (systemd.service(5)) allows to run commands before actually starting the service, and to _not_ start the service if one of these commands fail. It allows one to replicate the behavior that the tor initscript in Debian has, which is desirable IMO: if we don't have this, then when we install the systemd unit file in Debian, we have a regression.Tor: 0.2.5.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/9807Add systemd service file for openSUSE2020-06-13T14:32:12ZTracAdd systemd service file for openSUSEHi all,
I have written a systemd service file for openSUSE. I have tested it with all currently supported versions (12.1, 12.2 and 12.3). Maybe it can be added in Tor's contrib/suse directory?
Thanks
**Trac**:
**Username**: microchipHi all,
I have written a systemd service file for openSUSE. I have tested it with all currently supported versions (12.1, 12.2 and 12.3). Maybe it can be added in Tor's contrib/suse directory?
Thanks
**Trac**:
**Username**: microchipTor: 0.2.5.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/8908Tor systemd socket activation support2020-06-13T14:29:16ZcypherpunksTor systemd socket activation supportAllow Tor to be started on-demand on Linux under systemd.
WIP patch posted here: https://lists.torproject.org/pipermail/tor-dev/2013-May/004885.html
More info about socket activation: http://0pointer.de/blog/projects/socket-activation....Allow Tor to be started on-demand on Linux under systemd.
WIP patch posted here: https://lists.torproject.org/pipermail/tor-dev/2013-May/004885.html
More info about socket activation: http://0pointer.de/blog/projects/socket-activation.htmlTor: unspecified