[tor-bugs] #8368 [Tor]: Add tor.service (for systemd) to upstream package
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Mar 4 17:58:51 UTC 2013
#8368: Add tor.service (for systemd) to upstream package
-------------------------+--------------------------------------------------
Reporter: jamielinux | Owner:
Type: enhancement | Status: needs_review
Priority: minor | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Keywords: tor-relay | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by jamielinux):
We've been considering hardening the tor systemd service and I paste our
current draft below. We're working on further hardening and testing at the
moment.
I do have one question. If limiting the tor service to specific devices
(with DeviceAllow), does it actually need /dev/random?
[Service]
...
PrivateTmp = yes
LimitNPROC = 2
DeviceAllow = /dev/null rw
DeviceAllow = /dev/urandom r
DeviceAllow = /dev/random r
InaccessibleDirectories = /
ReadOnlyDirectories = /etc /usr
ReadWriteDirectories = /var/lib/tor /var/log/tor
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8368#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list