[tor-bugs] #31070 [Community/Relays]: Add information about SELinux boolean tor_can_network_relay

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jul 3 22:05:35 UTC 2019


#31070: Add information about SELinux boolean tor_can_network_relay
-----------------------------------+------------------------
 Reporter:  crimson_king           |          Owner:  Nusenu
     Type:  enhancement            |         Status:  new
 Priority:  Medium                 |      Milestone:
Component:  Community/Relays       |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:  selinux, capabilities  |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:
-----------------------------------+------------------------

Comment (by crimson_king):

 In addition, for exit relays we often serve a page explaining what Tor is.
 In order for the Tor process to have read access to this file and be able
 to serve it, we must setup the SELinux context for such file.

 This is how we do this. The flag ''-a'' means ''add''. The flag ''-e''
 copies the context from the torrc file and assigns it to the html file.
 {{{
 # semanage fcontext -a -e /etc/tor/torrc /etc/tor/tor-exit-notice.html
 }}}

 But in order for that to have any effect, ''restorecon'' needs to be
 executed on the html file. It will save the changes permanently.
 {{{
 # restorecon -v /etc/tor/tor-exit-notice.html
 }}}

 Then the Tor service needs to be restarted/reloaded.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31070#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list