[tor-bugs] #22094 [Core Tor/Tor]: Creating private_key/hostname fails with "RO filesystem" message but target dir is actually RW
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Apr 28 13:30:19 UTC 2017
#22094: Creating private_key/hostname fails with "RO filesystem" message but target
dir is actually RW
------------------------------+-----------------
Reporter: nipil | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+-----------------
Version: 0.2.9.10 (git-e28303bcf90b842d) on debian jessie live iso
== Problem ==
{{{
Apr 28 10:22:58.000 [warn] Couldn't open
"/var/tor/hidden_site/private_key.tmp" (/var/tor/hidden_site/private_key)
for writing: Read-only file system
Apr 28 10:22:58.000 [err] Couldn't write generated key to
"/var/tor/hidden_site/private_key".
}}}
== Wanted behaviour ==
These files are to be written in a directory which *IS* writable by the
designated running user
These error/warning message seem wrong, and the creating of the hidden
service is rendered impossible, if running through systemd
== Steps to reproduce ==
1) run debian-live-8.7.1-amd64-standard.iso is live mode
2) run following commands
{{{
gpg --keyserver keys.gnupg.net --recv
A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
cat << "EOF" | sudo tee /etc/apt/sources.list.d/tor.list
deb http://deb.torproject.org/torproject.org jessie main
deb-src http://deb.torproject.org/torproject.org jessie main
EOF
sudo apt-get update
sudo apt-get install deb.torproject.org-keyring
sudo apt-get install tor
sudo systemctl stop tor
sudo mkdir -p /var/tor
sudo mount -t tmpfs tmpfs /var/tor/
sudo mkdir -p /var/tor/hidden_site
sudo chmod 700 /var/tor/hidden_site
sudo chown debian-tor:debian-tor /var/tor/hidden_site
cat << "EOF" | sudo tee /etc/tor/torrc
HiddenServiceDir /var/tor/hidden_site
HiddenServicePort 80 127.0.0.1:8080
EOF
sudo -u debian-tor tor --verify-config
sudo systemctl start tor
}}}
NOTE: mounting a tmpfs is just an attempt at making sure no RO filesystem
was in the game...
3) tor log
{{{
Apr 28 10:22:58.000 [notice] Tor 0.2.9.10 (git-e28303bcf90b842d) opening
log file.
Apr 28 10:22:58.067 [notice] Tor 0.2.9.10 (git-e28303bcf90b842d) running
on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8.
Apr 28 10:22:58.067 [notice] Tor can't help you if you use it wrong! Learn
how to be safe at https://www.torproject.org/download/download#warning
Apr 28 10:22:58.067 [notice] Read configuration file "/usr/share/tor/tor-
service-defaults-torrc".
Apr 28 10:22:58.067 [notice] Read configuration file "/etc/tor/torrc".
Apr 28 10:22:58.071 [notice] Opening Socks listener on 127.0.0.1:9050
Apr 28 10:22:58.000 [warn] Couldn't open
"/var/tor/hidden_site/private_key.tmp" (/var/tor/hidden_site/private_key)
for writing: Read-only file system
Apr 28 10:22:58.000 [err] Couldn't write generated key to
"/var/tor/hidden_site/private_key".
Apr 28 10:22:58.000 [warn] Error loading rendezvous service keys
Apr 28 10:22:58.000 [err] set_options(): Bug: Acting on config options
left us in a broken state. Dying. (on Tor 0.2.9.10 )
}}}
== Actual mountpoints ==
{{{
aufs on / type aufs
(rw,noatime,si=2cb2b7e036b24d5d,noxino)
hugetlbfs on /dev/hugepages type
hugetlbfs (rw,relatime)
mqueue on /dev/mqueue type mqueue
(rw,relatime)
devpts on /dev/pts type devpts
(rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /dev/shm type tmpfs
(rw,nosuid,nodev)
devtmpfs on /dev type devtmpfs
(rw,nosuid,size=10240k,nr_inodes=124323,mode=755)
/dev/sr0 on /lib/live/mount/medium type iso9660
(ro,noatime)
tmpfs on /lib/live/mount/overlay type tmpfs
(rw,noatime,mode=755)
tmpfs on /lib/live/mount/overlay type tmpfs
(rw,relatime)
/dev/loop0 on /lib/live/mount/rootfs/filesystem.squashfs type squashfs
(ro,noatime)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs
(rw,relatime,fd=22,pgrp=1,timeout=300,minproto=5,maxproto=5,direct)
proc on /proc type proc
(rw,nosuid,nodev,noexec,relatime)
tmpfs on /run/lock type tmpfs
(rw,nosuid,nodev,noexec,relatime,size=5120k)
rpc_pipefs on /run/rpc_pipefs type
rpc_pipefs (rw,relatime)
tmpfs on /run type tmpfs
(rw,nosuid,relatime,size=204864k,mode=755)
cgroup on /sys/fs/cgroup/blkio type cgroup
(rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup
(rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/cpuset type cgroup
(rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/devices type cgroup
(rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup
(rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup
(rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/perf_event type cgroup
(rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/systemd type cgroup
(rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-
cgroups-agent,name=systemd)
tmpfs on /sys/fs/cgroup type tmpfs
(ro,nosuid,nodev,noexec,mode=755)
pstore on /sys/fs/pstore type pstore
(rw,nosuid,nodev,noexec,relatime)
debugfs on /sys/kernel/debug type debugfs
(rw,relatime)
securityfs on /sys/kernel/security type
securityfs (rw,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs
(rw,nosuid,nodev,noexec,relatime)
tmpfs on /tmp type tmpfs
(rw,nosuid,nodev,relatime)
tmpfs on /var/tor type tmpfs
(rw,relatime)
}}}
== Manual run ==
If instead of running tor via systemctl, we then launch it manually in
shell through ssh :
{{{
sudo /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-
torrc -f /etc/tor/torrc --RunAsDaemon 0
}}}
{{{ps auxf}}} confirms it runs as {{{debian-tor}}}.
Here everything goes fine :
{{{
Apr 28 13:00:41.281 [notice] Tor 0.2.9.10 (git-e28303bcf90b842d) running
on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8.
Apr 28 13:00:41.281 [notice] Tor can't help you if you use it wrong! Learn
how to be safe at https://www.torproject.org/download/download#warning
Apr 28 13:00:41.281 [notice] Read configuration file "/usr/share/tor/tor-
service-defaults-torrc".
Apr 28 13:00:41.282 [notice] Read configuration file "/etc/tor/torrc".
Apr 28 13:00:41.286 [notice] Opening Socks listener on 127.0.0.1:9050
Apr 28 13:00:41.000 [notice] Tor 0.2.9.10 (git-e28303bcf90b842d) opening
log file.
Apr 28 13:00:41.281 [notice] Tor 0.2.9.10 (git-e28303bcf90b842d) running
on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8.
Apr 28 13:00:41.281 [notice] Tor can't help you if you use it wrong! Learn
how to be safe at https://www.torproject.org/download/download#warning
Apr 28 13:00:41.281 [notice] Read configuration file "/usr/share/tor/tor-
service-defaults-torrc".
Apr 28 13:00:41.282 [notice] Read configuration file "/etc/tor/torrc".
Apr 28 13:00:41.286 [notice] Opening Socks listener on 127.0.0.1:9050
Apr 28 13:00:41.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Apr 28 13:00:41.000 [notice] Parsing GEOIP IPv6 file
/usr/share/tor/geoip6.
Apr 28 13:00:41.000 [notice] Bootstrapped 0%: Starting
Apr 28 13:00:41.000 [notice] Bootstrapped 80%: Connecting to the Tor
network
Apr 28 13:00:42.000 [notice] Opening Socks listener on /var/run/tor/socks
Apr 28 13:00:42.000 [notice] Opening Control listener on
/var/run/tor/control
Apr 28 13:00:42.000 [notice] Bootstrapped 85%: Finishing handshake with
first hop
Apr 28 13:00:42.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Apr 28 13:00:43.000 [notice] Tor has successfully opened a circuit. Looks
like client functionality is working.
Apr 28 13:00:43.000 [notice] Bootstrapped 100%: Done
}}}
The hidden service files are created :
{{{
sudo find /var/tor -ls
31802 0 drwxrwxrwt 3 root root 60 Apr 28 12:30
/var/tor
31841 0 drwx------ 2 debian-tor debian-tor 80 Apr 28 13:00
/var/tor/hidden_site
36795 4 -rw------- 1 debian-tor debian-tor 23 Apr 28 13:00
/var/tor/hidden_site/hostname
36794 4 -rw------- 1 debian-tor debian-tor 887 Apr 28 13:00
/var/tor/hidden_site/private_key
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22094>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list