-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi Nick,
thanks for your answer.
What capability would one have to add to the list to make it work with CapabilityBoundingSet?
It probably depends on what's in your configuration.
torrc file while testing:
User debian-tor DataDirectory /var/lib/tor Log debug file /var/log/tor/log RunAsDaemon 1 DisableDebuggerAttachment 0
My first guess on how to find out would be to look to see if you can possibly use strace or gdb or something to figure out what system call is failing.
strace output when I trigger the reload via systemctl:
2362 epoll_wait(3, 7f105298a7f0, 32, 99) = -1 EINTR (Interrupted system call) 2362 --- SIGINT {si_signo=SIGINT, si_code=SI_USER, si_pid=1, si_uid=0} --- 2362 sendto(4, 0x7fffe6bcbf57, 1, 0, NULL, 0) = 1 2362 rt_sigreturn() = -1 EINTR (Interrupted system call) 2362 --- SIGCONT {si_signo=SIGCONT, si_code=SI_USER, si_pid=1, si_uid=0} --- 2362 epoll_wait(3, {?} 0x7f105298a7f0, 32, 54) = 1 2362 recvfrom(5, 0x7f10514bb500, 1024, 0, NULL, NULL) = 1 2362 recvfrom(5, 0x7f10514bb500, 1024, 0, 0, 0) = -1 EAGAIN (Resource temporarily unavailable) 2362 write(7, 0x7fffe6bc9a40, 57) = 57 2362 open(0x7f10529933e0, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0600) = 10 2362 write(10, 0x7f105379ac10, 3662) = 3662 2362 close(10) = 0 2362 write(7, 0x7fffe6bc98c0, 96) = 96 2362 rename(0x7f10529933e0, 0x7f1052993200) = 0 2362 write(7, 0x7fffe6bc99c0, 80) = 80 2362 munmap(0x7f1051a06000, 1052672) = 0 2362 write(7, 0x7fffe6bc99c0, 82) = 82 2362 write(7, 0x7fffe6bc99f0, 84) = 84