Cannot write to ClientOnionAuthDir when Sandbox is enabled
Summary
When tor
has the sandbox option enabled it cannot write to the ClientOnionAuthDir
directory to store onion auth keys, e.g. when checking the "Remember this key" checkbox in Tor Browser when providing the key.
Steps to reproduce:
- Configure
tor
withSandbox 1
- Configure
tor
withClientOnionAuthDir /some/writable/directory
- Use Tor Browser to access an onion service with onion authentication
- Check the "Remember this key" checkbox when providing the key
What is the current bug behavior?
The onion auth prompt in Tor Browser reports "Unable to store creds for ...", and no key is written to the ClientOnionAuthDir
directory.
What is the expected behavior?
No errors, and the key should be written to the ClientOnionAuthDir
directory.
Environment
- Tor version 0.4.7.13
- Tested both on Debian Sid and inside Tails with
tor
installed viaapt
Relevant logs and/or screenshots
Jun 02 13:04:02.000 [warn] sandbox_intern_string(): Bug: No interned sandbox parameter found for /var/lib/tor/keys/n7wwn7f4jirk2yaukobahoane722lnvi7d65emwj4toas7uf5oaomdyd.auth_private.tmp (on Tor 0.4.7.13 )
Jun 02 13:00:25.000 [warn] Couldn't open "/var/lib/tor/keys/n7wwn7f4jirk2yaukobahoane722lnvi7d65emwj4toas7uf5oaomdyd.auth_private.tmp" (/var/lib/tor/keys/n7wwn7f4jirk2yaukobahoane722lnvi7d65emwj4toas7uf5oaomdyd.auth_private) for writing: Operation not permitted
Jun 02 13:00:25.000 [warn] Failed to write client auth creds file for n7wwn7f4jirk2yaukobahoane722lnvi7d65emwj4toas7uf5oaomdyd!
Possible fixes
Update the sandbox rules.