[tor-talk] SELinux issue with Tor?

Jeremy Rand jeremyrand at airmail.cc
Sat Aug 13 20:59:56 UTC 2016


Hey,

Someone reported a weird SELinux issue with Tor on the #zeronet IRC
earlier today.  I've obtained permission to post a partial chatlog, as
I'm curious if this is intended behavior by Tor.  Chatlog below:

<pskosinski> Someone fucked up Tor in my distro and I can't use it now,
ZeroNet still tries to use the fucked up Tor, so I can't do… anything
<pskosinski> nvm, there's zeronet.conf
<Jeremy_Rand_2> pskosinski, might I ask what distro has a broken Tor?
* Jeremy_Rand_2 wants to make a mental note to avoid that distro like
the plague
<pskosinski> Jeremy_Rand_2: Well, so far I had not much time to check if
it's not reported yet or it's not my fault… Anyway, it seem to not work
well in Fedora 24 after last update
<pskosinski> Anyway, it was working, I did not change anything, updated,
doesn't work, SELinux throws alerts
<Jeremy_Rand_2> pskosinski, oh, that's unfortunate, I use Qubes-Fedora
for some of my stuff.  (although I use Fedora 23)
<Jeremy_Rand_2> pskosinski, although my Tor stuff is running in Whonix
* Jeremy_Rand_2 tries to come up with a justification involving Fedora
being advertised as bleeding-edge, but fails because Tor being bricked
by SELinux should be really easy to notice in QA
<pskosinski> According to SELinux tor wants to mount a filesystem on
/var/lib/tor, what sounds weiiiiird
<pskosinski> Do I have NSA-version of tor or what
<pskosinski> So seems good that SELinux is preventing that, the question
why is tor trying to do that
<Jeremy_Rand_2> pskosinski, lemme get this, a security system created by
NSA is stopping a suspected NSA-backdoored version of software created
by the Pentagon from operating
<Jeremy_Rand_2> I love the world of infosec these days
<pskosinski> ;p
<Jeremy_Rand_2> It's better than fiction

Sincere apologies if this behavior is documented somewhere already.
(Also, my reference to onion routing being created by the Pentagon was
purely commentary on how the field of infosec is more interesting than
fiction -- I'm already aware that Tor isn't backdoored by the Pentagon,
please don't think that I was implying that.)

Anyway, if anyone might be able to comment on whether this is intended
behavior, what the purpose is, and whether anyone else has encountered
this issue in Fedora (or any other distros), that would be greatly
appreciated.

Cheers,
-Jeremy Rand

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20160813/71879156/attachment.sig>


More information about the tor-talk mailing list