[tor-relays] serious gap in 'chroot' documentation

starlight.2013q4 at binnacle.cx starlight.2013q4 at binnacle.cx
Thu Oct 17 03:13:44 UTC 2013


Newer versions of 'openssl' require access to

   /proc/sys/kernel/random 

and so the line

   /proc/sys/kernel/random /chroot_tor/proc/sys/kernel/random auto bind 0 0

must be added to the

   /etc/fstab

file or the command

   mount -o bind /proc/sys/kernel/random /chroot_tor/proc/sys/kernel/random

must be run from somewhere.  Keep in mind
that issuing the 'mount' more than once
causes nested overly mounts rather than
doing nothing, so the 'fstab' approach
is best.

Obviously the directories

   proc/sys/kernel/random

must be created in the 'chroot' jail tree.

----------------

This problem will appear when 'tor' attempts
to roll-over it's key after several days.
Took significant effort of figure out
what happened as 'tor' dies without
comment.

It appears that if 'tor' fails in the middle
of a re-key operation, the node name and state
is lost entirely and the relay must rebuild
it's reputation from scratch with a new
name.  Quite vexing.



More information about the tor-relays mailing list