Thank you for the pointer. Unfortunately aa-logprof doesn't display anything after putting the tor profile in complain mode and attempting to start it a few times. I happened to set up a hidden service today on a machine that never had tor installed before so I decide to diff the two machines. On a broken host I saw 3 files in /lib/systemd/system
tor.service tor@default.service tor@.service
whereas the new machine just had tor.service. I removed the two extra files and copied the contents of the good tor.service to the broken host then ran
systemctl reload tor systemctl daemon-reload systemctl start tor
Tor then started up as expected. So it appears the the problem had to do with these systemd configuration files. I can't provide much more info than that unfortunately.
James
On Jan 1, 2016, at 11:11 AM, Manager Bahia del Sol LLC manager@bahiadelsol.io wrote:
Installing apparmor-utils should help.
After putting tor in complain mode for a while, run aa-logprof
It will ask whether you want to permit violations of the existing profile and update it accordingly.
Here is a brief tutorial http://www.insanitybit.com/2012/05/29/apparmor-how-to/
Cheers
Message: 3 Date: Thu, 31 Dec 2015 12:58:46 -0800 From: James Moore hello@jmoore.me To: tor-relays@lists.torproject.org Subject: [tor-relays] Problem starting tor after upgrading to ubuntu 15.10 / tor 0.2.7.6 Message-ID: B2F39C83-0B75-46BB-9803-3057A5CC88E0@jmoore.me Content-Type: text/plain; charset=us-ascii
Hello all, I've been running two exits for quote some time now and today I decided to update my OS and tor version but it didn't go too well. I was updating from ubuntu 15.04 / 0.2.6.10 to 15.10 / 0.2.7.6. I'm using the apt feed from
deb http://deb.torproject.org/torproject.org wily main
It appears that something about the AppArmor configuration is incorrect but I don't know enough about systemd/apparmor to properly diagnose it. Here are some log snippets:
It seems to come down to this
tor@default.service: Failed at step EXEC spawning /usr/bin/tor: Operation not permitted
I discovered that commenting out the Hardening section of /lib/systemd/system/tor@default.service get's it working again but I'd prefer not to run out-of-band configuration files. Can anyone shed light on this problem? I'm happy to provide more info.
James
-- Manager of Bahia del Sol LLC
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays