Debian 0.2.8.11 package CapabilityBoundingSet doesn't allow tor to start with a configured HS
Latest 0.2.8.11 package changes the capabilities from the systemd service file from:
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNERto
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICEwhich makes it that tor doesn't restart after an upgrade with at least one hidden service configured:
[warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission deniedThis is pretty bad because anyone upgrading will have its tor stopped. (from deb.tpo)
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information