[tor-bugs] #20937 [Core Tor/Tor]: Debian 0.2.8.11 package CapabilityBoundingSet doesn't allow tor to start with a configured HS
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Dec 9 17:03:44 UTC 2016
#20937: Debian 0.2.8.11 package CapabilityBoundingSet doesn't allow tor to start
with a configured HS
------------------------------+----------------------------
Reporter: dgoulet | Owner:
Type: defect | Status: new
Priority: Very High | Milestone:
Component: Core Tor/Tor | Version: Tor: 0.2.8.11
Severity: Normal | Keywords: package debian
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+----------------------------
Latest 0.2.8.11 package changes the capabilities from the systemd service
file from:
{{{
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER
}}}
to
{{{
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
}}}
which makes it that tor doesn't restart after an upgrade with at least one
hidden service configured:
{{{
[warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission
denied
}}}
This is pretty bad because anyone upgrading will have its tor stopped.
(from deb.tpo)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20937>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list