[tor-dev] docker bridge suddenly fails startup with "Directory /var/lib/tor cannot be read: Permission denied"

gentle.luck4713 at doublequote.org gentle.luck4713 at doublequote.org
Thu Feb 1 00:14:38 UTC 2024


Hi tor-dev@,

I have been running a bridge following the instructions at <https://community.torproject.org/relay/setup/bridge/docker/> on a Debian 12.4 system but when I just tried to make sure everything is up to date I got the following error message from docker-compose logs:

obfs4-bridge_1  | Using NICKNAME=DockerObfs4Bridge, OR_PORT=3845, PT_PORT=443, and EMAIL=redacted at example.com.
obfs4-bridge_1  | Additional properties from 'OBFS4V_' environment variables processing enabled
obfs4-bridge_1  | Overriding 'AddressDisableIPv6' with value '1'
obfs4-bridge_1  | Starting tor.
obfs4-bridge_1  | Jan 31 22:49:20.501 [notice] Tor 0.4.8.10 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.0.11, Zlib 1.2.13, Liblzma 5.4.1, Libzstd 1.5.4 and Glibc 2.36 as libc.
obfs4-bridge_1  | Jan 31 22:49:20.501 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
obfs4-bridge_1  | Jan 31 22:49:20.501 [notice] Read configuration file "/etc/tor/torrc".
obfs4-bridge_1  | Jan 31 22:49:20.502 [notice] Based on detected system memory, MaxMemInQueues is set to 6264 MB. You can override this by setting MaxMemInQueues by hand.
obfs4-bridge_1  | Jan 31 22:49:20.503 [notice] Opening OR listener on 0.0.0.0:3845
obfs4-bridge_1  | Jan 31 22:49:20.503 [notice] Opened OR listener connection (ready) on 0.0.0.0:3845
obfs4-bridge_1  | Jan 31 22:49:20.503 [notice] Opening OR listener on [::]:3845
obfs4-bridge_1  | Jan 31 22:49:20.503 [notice] Opened OR listener connection (ready) on [::]:3845
obfs4-bridge_1  | Jan 31 22:49:20.503 [notice] Opening Extended OR listener on 127.0.0.1:0
obfs4-bridge_1  | Jan 31 22:49:20.503 [notice] Extended OR listener listening on port 44595.
obfs4-bridge_1  | Jan 31 22:49:20.503 [notice] Opened Extended OR listener connection (ready) on 127.0.0.1:44595
obfs4-bridge_1  | Jan 31 22:49:20.504 [warn] Directory /var/lib/tor cannot be read: Permission denied
obfs4-bridge_1  | Jan 31 22:49:20.504 [notice] Closing partially-constructed OR listener connection (ready) on 0.0.0.0:3845
obfs4-bridge_1  | Jan 31 22:49:20.504 [notice] Closing partially-constructed OR listener connection (ready) on [::]:3845
obfs4-bridge_1  | Jan 31 22:49:20.504 [notice] Closing partially-constructed Extended OR listener connection (ready) on 127.0.0.1:44595
obfs4-bridge_1  | Jan 31 22:49:20.504 [warn] Failed to parse/validate config: Couldn't create private data directory "/var/lib/tor"
obfs4-bridge_1  | Jan 31 22:49:20.504 [err] Reading config failed--see warnings above.

I confirmed that my docker-compose.yaml is unmodified and my .env is innocuous. 

I know that I can blow away the docker volumes but that'd remove the private keys etc. and that'd doesn't seem desirable.

Any advice?

Thanks,
Hein



More information about the tor-dev mailing list