[tor-dev] what capabilities does tor need for reloading?
nusenu
nusenu at openmailbox.org
Wed Apr 29 19:40:05 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
just for the record:
> 'systemctl reload tor' fails due to hardening restrictions in tor's
> systemd service file [1]:
>
> CapabilityBoundingSet = CAP_SETUID CAP_SETGID ...
The proper 'fix' is:
PermissionsStartOnly=yes
REF:
http://lists.freedesktop.org/archives/systemd-devel/2015-April/030404.html
http://www.freedesktop.org/software/systemd/man/systemd.service.html#PermissionsStartOnly=
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJVQTOVAAoJEFv7XvVCELh0ceUP/14ip5/+6I022mYHuBgTwmkL
69EYtX4uaKb0hDCZAk+hGA1VgAlCwZD87zhXW6Tb42SLnhZ+XGmSg5NefG6MCO5D
mKf39Habzj5eDAbyUYItQu7zYzJfgGO823KC19XTwfUjEfalCv7/D2Ra8eHYJRcX
PL5cvNTyVpViKk9qW/f8rvZRar7Y4iqig4N5xe93eIf/dpLjpkfPlQhWg13zuoHW
YohHSb5BC6+T3CFoIAycRYMSkkBk4KL6CF7q1MTtT1T/1mZlfbZ+ar6MZEfXI1q2
KL6NbdOWv/IIf5aGCAZ58E8RJGZKvoWiga00d8aMgRMASHd6Er93pzhpdF3y2MY9
E5//We2lb+GjDIXbrMNC2ZHsuKgDOFV773w+DJCq0z0BB2WL/X7XNmVxhq3/8h2F
M6Sr0Wjazo4O2eEdE0DTNYrU91xAhfk5OuJWPxGQIU9knaqiiwWlxBCqWFJfuA1/
eiJy8sDumd9BzDtr5ewRswjZaZj4jTRYzH+owxnd8U00cImj17+4H6xjDJji8kXe
cMDOMjxnnGX00PTCXLPLIoVCD//oBQUqcOhpsDP/Ga3O7lGFlynjVJbUYrjS0/lz
cHxF0qX7XGtr0Bevik9xoq8bPomnoULKIfM0EjrD+0LAf3jwFK5Ne5PY+T1AsrdX
Go85L9UdvUYUlZwRRTWX
=7YTi
-----END PGP SIGNATURE-----
More information about the tor-dev
mailing list