[tor-relays] serious gap in 'chroot' documentation
starlight.2013q4 at binnacle.cx
starlight.2013q4 at binnacle.cx
Thu Oct 17 03:13:44 UTC 2013
Newer versions of 'openssl' require access to
/proc/sys/kernel/random
and so the line
/proc/sys/kernel/random /chroot_tor/proc/sys/kernel/random auto bind 0 0
must be added to the
/etc/fstab
file or the command
mount -o bind /proc/sys/kernel/random /chroot_tor/proc/sys/kernel/random
must be run from somewhere. Keep in mind
that issuing the 'mount' more than once
causes nested overly mounts rather than
doing nothing, so the 'fstab' approach
is best.
Obviously the directories
proc/sys/kernel/random
must be created in the 'chroot' jail tree.
----------------
This problem will appear when 'tor' attempts
to roll-over it's key after several days.
Took significant effort of figure out
what happened as 'tor' dies without
comment.
It appears that if 'tor' fails in the middle
of a re-key operation, the node name and state
is lost entirely and the relay must rebuild
it's reputation from scratch with a new
name. Quite vexing.
More information about the tor-relays
mailing list