[tor-bugs] #22991 [- Select a component]: Ubuntu/AppArmor 0.3.0.9 and 0.3.1.4-alpha - onion service setup fails

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jul 20 20:59:32 UTC 2017


#22991: Ubuntu/AppArmor 0.3.0.9 and 0.3.1.4-alpha - onion service setup fails
--------------------------------------+-----------------
     Reporter:  yawnbox               |      Owner:
         Type:  defect                |     Status:  new
     Priority:  Medium                |  Milestone:
    Component:  - Select a component  |    Version:
     Severity:  Normal                |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |   Reviewer:
      Sponsor:                        |
--------------------------------------+-----------------
 After setting up new Ubuntu server hosts and adding the Tor Project repo,
 setting up an onion service fails due to apparmor.

 Hosts tested:

 Xenial server
 Zesty server

 Tor versions tested:

 0.3.0.9
 0.3.1.4-alpha

 Errors:

 /var/log/kern.log |grep tor

 Jul 20 19:25:58 zesty kernel: [   50.173406] audit: type=1400
 audit(1500578758.127:16): apparmor="DENIED" operation="capable"
 profile="system_tor" pid=2148 comm="tor" capability=2
 capname="dac_read_search"

 /var/log/syslog |grep tor

 Jul 20 19:26:00 zesty tor[2190]: Jul 20 19:26:00.111 [notice] Tor
 0.3.1.4-alpha (git-c3fe257c709bb814) running on Linux with Libevent
 2.0.21-stable, OpenSSL 1.0.2g, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
 Jul 20 19:26:00 zesty tor[2190]: Jul 20 19:26:00.112 [notice] Tor can't
 help you if you use it wrong! Learn how to be safe at
 https://www.torproject.org/download/download#warning
 Jul 20 19:26:00 zesty tor[2190]: Jul 20 19:26:00.113 [notice] This version
 is not a stable Tor release. Expect more bugs than usual.
 Jul 20 19:26:00 zesty tor[2190]: Jul 20 19:26:00.114 [notice] Read
 configuration file "/usr/share/tor/tor-service-defaults-torrc".
 Jul 20 19:26:00 zesty tor[2190]: Jul 20 19:26:00.114 [notice] Read
 configuration file "/etc/tor/torrc".
 Jul 20 19:26:00 zesty tor[2190]: Configuration was valid
 Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.223 [notice] Tor
 0.3.1.4-alpha (git-c3fe257c709bb814) running on Linux with Libevent
 2.0.21-stable, OpenSSL 1.0.2g, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
 Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.224 [notice] Tor can't
 help you if you use it wrong! Learn how to be safe at
 https://www.torproject.org/download/download#warning
 Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.225 [notice] This version
 is not a stable Tor release. Expect more bugs than usual.
 Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.225 [notice] Read
 configuration file "/usr/share/tor/tor-service-defaults-torrc".
 Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.226 [notice] Read
 configuration file "/etc/tor/torrc".
 Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.233 [warn] Directory
 /var/lib/tor/hidden_service/ cannot be read: Permission denied
 Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.234 [warn] Failed to
 parse/validate config: Failed to configure rendezvous options. See logs
 for details.
 Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.235 [err] Reading config
 failed--see warnings above.
 Jul 20 19:26:00 zesty systemd[1]: tor at default.service: Main process
 exited, code=exited, status=1/FAILURE
 Jul 20 19:26:00 zesty systemd[1]: tor at default.service: Unit entered failed
 state.
 Jul 20 19:26:00 zesty systemd[1]: tor at default.service: Failed with result
 'exit-code'.
 Jul 20 19:26:00 zesty systemd[1]: tor at default.service: Service hold-off
 time over, scheduling restart.
 Jul 20 19:26:00 zesty systemd[1]: tor at default.service: Start request
 repeated too quickly.
 Jul 20 19:26:00 zesty systemd[1]: tor at default.service: Unit entered failed
 state.
 Jul 20 19:26:00 zesty systemd[1]: tor at default.service: Failed with result
 'exit-code'.

 Identified solution:

 sudo vim /etc/apparmor.d/abstractions/tor

 add this line to capabilities:

 capability dac_read_search,

 reload:

 sudo /etc/init.d/apparmor reload

 sudo service tor restart

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22991>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list