On Tue, 07 Jul 2015, aexlfowley at web.de wrote:
After upgrading from 0.2.5.12 (git-3731dd5c3071dcba) to 0.2.6.9 (git-145b2587d1269af4) an error occured. I'm on Debian Jessie (stable) on an AMD Athlon 64 X2. Tor won't start and these are the last lines in log: [warn] Couldn't open "/media/cRAID/Tor/lock" for locking: Read-only file system
teor thinks that I "could be experiencing an issue with the tor sandbox and not getting the right paths or, tor is running with insufficient permissions"
I'd assume that's the protection settings enabled in Tor's service file.
See /lib/systemd/system/tor.service and the systemd.exec(5) manpage. You can override these by making your own /etc/systemd/system/tor.service file.
Cheers,
| .''`. ** Debian ** Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System | `- http://www.debian.org/
aexlfowley at web.de wrote (08 Jul 2015 17:57:24 GMT) :
(Both packages for 0.2.5.12 and 0.2.6.9 contain an apparmor profile. Only change and new line is /usr/bin/obfs4proxy PUx, in /etc/apparmor.d/abstracions/tor)
FTR, the systemd unit file in Debian sid's 0.2.6.9-1 doesn't enable the AppArmor profile (yet), so I doubt AppArmor has anything to do with this problem (aa-status will tell you).
However, it has:
PrivateTmp=yes PrivateDevices=yes ProtectHome=yes ProtectSystem=full ReadOnlyDirectories=/ ReadWriteDirectories=-/var/lib/tor ReadWriteDirectories=-/var/log/tor ReadWriteDirectories=-/var/run
... which explains why /media/cRAID/Tor/lock isn't writable.
So you'll want to add what is called a "drop-in override file" in systemd's terminology (that can be created e.g. with `systemctl edit'), that adds a ReadWriteDirectories= directive pointing to the directory you want.
Cheers,
intrigeri
Correct. I edited /lib/systemd/system/tor.service and added ReadWriteDirectories=-/media/cRAID/Tor and now 0.2.6.9 is running. I'm not entirely sure how to create my own /etc/systemd/system/tor.service so I leave it at that. (Trying out 'systemctl edit' I get "Unknown operation 'edit'." BTW.)
Thank you all!