[tor-dev] tor#16518: Read-Only Filesystem Error opening tor lockfile in 0.2.6.9 but not 0.2.5.12

aexlfowley at web.de aexlfowley at web.de
Thu Jul 9 13:24:49 UTC 2015 

> On Tue, 07 Jul 2015, aexlfowley at web.de wrote:
> 
>> After upgrading from 0.2.5.12 (git-3731dd5c3071dcba) to 0.2.6.9
>> (git-145b2587d1269af4) an error occured.
>> I'm on Debian Jessie (stable) on an AMD Athlon 64 X2. Tor won't start
>> and these are the last lines in log:
>> [warn] Couldn't open "/media/cRAID/Tor/lock" for locking: Read-only file
>> system
> 
>> teor thinks that I "could be experiencing an issue with the tor sandbox
>> and not getting the right paths
>> or, tor is running with insufficient permissions"
> 
> I'd assume that's the protection settings enabled in Tor's service file.
> 
> See /lib/systemd/system/tor.service and the systemd.exec(5) manpage.
> You can override these by making your own
> /etc/systemd/system/tor.service file.
> 
> Cheers,
> -- 
>                            |  .''`.       ** Debian **
>       Peter Palfrader      | : :' :      The  universal
>  http://www.palfrader.org/ | `. `'      Operating System
>                            |   `-    http://www.debian.org/

> aexlfowley at web.de wrote (08 Jul 2015 17:57:24 GMT) :
>> (Both packages for 0.2.5.12 and 0.2.6.9 contain an apparmor profile.
>> Only change and new line is
>>   /usr/bin/obfs4proxy PUx,
>> in /etc/apparmor.d/abstracions/tor)
> 
> FTR, the systemd unit file in Debian sid's 0.2.6.9-1 doesn't enable
> the AppArmor profile (yet), so I doubt AppArmor has anything to do
> with this problem (aa-status will tell you).
> 
> However, it has:
> 
>   PrivateTmp=yes
>   PrivateDevices=yes
>   ProtectHome=yes
>   ProtectSystem=full
>   ReadOnlyDirectories=/
>   ReadWriteDirectories=-/var/lib/tor
>   ReadWriteDirectories=-/var/log/tor
>   ReadWriteDirectories=-/var/run
> 
> ... which explains why /media/cRAID/Tor/lock isn't writable.
> 
> So you'll want to add what is called a "drop-in override file" in
> systemd's terminology (that can be created e.g. with `systemctl
> edit'), that adds a ReadWriteDirectories= directive pointing to the
> directory you want.
> 
> Cheers,
> --
> intrigeri

Correct. I edited /lib/systemd/system/tor.service and added
  ReadWriteDirectories=-/media/cRAID/Tor
and now 0.2.6.9 is running.
I'm not entirely sure how to create my own
/etc/systemd/system/tor.service so I leave it at that.
(Trying out 'systemctl edit' I get "Unknown operation 'edit'." BTW.)

Thank you all!

More information about the tor-dev mailing list