[tor-bugs] #18356 [Core Tor/Tor]: obfs4proxy cannot bind to <1024 port with systemd hardened service unit
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 10 18:21:54 UTC 2020
#18356: obfs4proxy cannot bind to <1024 port with systemd hardened service unit
-------------------------------------------------+-------------------------
Reporter: irregulator | Owner: asn
Type: defect | Status: new
Priority: Low | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version: Tor:
| 0.2.7.4-rc
Severity: Normal | Resolution:
Keywords: obfs4proxy, systemd, jessie, tor-pt | Actual Points:
Parent ID: | Points: 15
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by dcf):
At https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865495#32, weasel
provided a hint about using an override or
[https://www.freedesktop.org/software/systemd/man/systemd.unit.html "drop-
in" file] to do the `NoNewPrivileges=no` configuration change. This is
better than editing `/lib/systemd/system/tor at default.service` and
`/lib/systemd/system/tor at .service` because it will persist across upgrades
of the tor package.
Run the command
{{{
systemctl edit tor at .service tor at default.service
}}}
In the editor, enter the following text, then save and quit.
{{{
[Service]
NoNewPrivileges=no
}}}
In the second editor that appears, enter the same text, then save and
quit.
{{{
[Service]
NoNewPrivileges=no
}}}
If everything worked correctly, you will now have two files
`/etc/systemd/system/tor at .service.d/override.conf` and
`/etc/systemd/system/tor at default.service.d/override.conf` containing the
text you entered. Now run
{{{
service tor restart
}}}
There is no need to run `systemctl daemon-reload` because `systemctl edit`
does it automatically.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18356#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list