[tor-bugs] #22991 [- Select a component]: Ubuntu/AppArmor 0.3.0.9 and 0.3.1.4-alpha - onion service setup fails
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jul 20 20:59:32 UTC 2017
#22991: Ubuntu/AppArmor 0.3.0.9 and 0.3.1.4-alpha - onion service setup fails
--------------------------------------+-----------------
Reporter: yawnbox | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------+-----------------
After setting up new Ubuntu server hosts and adding the Tor Project repo,
setting up an onion service fails due to apparmor.
Hosts tested:
Xenial server
Zesty server
Tor versions tested:
0.3.0.9
0.3.1.4-alpha
Errors:
/var/log/kern.log |grep tor
Jul 20 19:25:58 zesty kernel: [ 50.173406] audit: type=1400
audit(1500578758.127:16): apparmor="DENIED" operation="capable"
profile="system_tor" pid=2148 comm="tor" capability=2
capname="dac_read_search"
/var/log/syslog |grep tor
Jul 20 19:26:00 zesty tor[2190]: Jul 20 19:26:00.111 [notice] Tor
0.3.1.4-alpha (git-c3fe257c709bb814) running on Linux with Libevent
2.0.21-stable, OpenSSL 1.0.2g, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
Jul 20 19:26:00 zesty tor[2190]: Jul 20 19:26:00.112 [notice] Tor can't
help you if you use it wrong! Learn how to be safe at
https://www.torproject.org/download/download#warning
Jul 20 19:26:00 zesty tor[2190]: Jul 20 19:26:00.113 [notice] This version
is not a stable Tor release. Expect more bugs than usual.
Jul 20 19:26:00 zesty tor[2190]: Jul 20 19:26:00.114 [notice] Read
configuration file "/usr/share/tor/tor-service-defaults-torrc".
Jul 20 19:26:00 zesty tor[2190]: Jul 20 19:26:00.114 [notice] Read
configuration file "/etc/tor/torrc".
Jul 20 19:26:00 zesty tor[2190]: Configuration was valid
Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.223 [notice] Tor
0.3.1.4-alpha (git-c3fe257c709bb814) running on Linux with Libevent
2.0.21-stable, OpenSSL 1.0.2g, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.224 [notice] Tor can't
help you if you use it wrong! Learn how to be safe at
https://www.torproject.org/download/download#warning
Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.225 [notice] This version
is not a stable Tor release. Expect more bugs than usual.
Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.225 [notice] Read
configuration file "/usr/share/tor/tor-service-defaults-torrc".
Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.226 [notice] Read
configuration file "/etc/tor/torrc".
Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.233 [warn] Directory
/var/lib/tor/hidden_service/ cannot be read: Permission denied
Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.234 [warn] Failed to
parse/validate config: Failed to configure rendezvous options. See logs
for details.
Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.235 [err] Reading config
failed--see warnings above.
Jul 20 19:26:00 zesty systemd[1]: tor at default.service: Main process
exited, code=exited, status=1/FAILURE
Jul 20 19:26:00 zesty systemd[1]: tor at default.service: Unit entered failed
state.
Jul 20 19:26:00 zesty systemd[1]: tor at default.service: Failed with result
'exit-code'.
Jul 20 19:26:00 zesty systemd[1]: tor at default.service: Service hold-off
time over, scheduling restart.
Jul 20 19:26:00 zesty systemd[1]: tor at default.service: Start request
repeated too quickly.
Jul 20 19:26:00 zesty systemd[1]: tor at default.service: Unit entered failed
state.
Jul 20 19:26:00 zesty systemd[1]: tor at default.service: Failed with result
'exit-code'.
Identified solution:
sudo vim /etc/apparmor.d/abstractions/tor
add this line to capabilities:
capability dac_read_search,
reload:
sudo /etc/init.d/apparmor reload
sudo service tor restart
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22991>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list