[tor-bugs] #31070 [Community/Relays]: Add information about SELinux boolean tor_can_network_relay
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jul 3 22:05:35 UTC 2019
#31070: Add information about SELinux boolean tor_can_network_relay
-----------------------------------+------------------------
Reporter: crimson_king | Owner: Nusenu
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Community/Relays | Version:
Severity: Normal | Resolution:
Keywords: selinux, capabilities | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------+------------------------
Comment (by crimson_king):
In addition, for exit relays we often serve a page explaining what Tor is.
In order for the Tor process to have read access to this file and be able
to serve it, we must setup the SELinux context for such file.
This is how we do this. The flag ''-a'' means ''add''. The flag ''-e''
copies the context from the torrc file and assigns it to the html file.
{{{
# semanage fcontext -a -e /etc/tor/torrc /etc/tor/tor-exit-notice.html
}}}
But in order for that to have any effect, ''restorecon'' needs to be
executed on the html file. It will save the changes permanently.
{{{
# restorecon -v /etc/tor/tor-exit-notice.html
}}}
Then the Tor service needs to be restarted/reloaded.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31070#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list