On Wed, Mar 18, 2015 at 6:15 AM, Nusenu nusenu@openmailbox.org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi,
'systemctl reload tor' fails due to hardening restrictions in tor's systemd service file [1]:
CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
Removing that line "solves" the reload issue. Reloading with that line does not generate any tor debug loglines.
What capability would one have to add to the list to make it work with CapabilityBoundingSet?
It probably depends on what's in your configuration. My first guess on how to find out would be to look to see if you can possibly use strace or gdb or something to figure out what system call is failing. You might need to temporarily add DisableDebuggerAttachment 0 to your configuration file to allow you to attach a debugger.
cheers,