[tor-relays] Unable to get Tor exit relay to run - Ubuntu 16.04

Fri Jul 28 21:17:01 UTC 2017

Hello tor,

Just in case anybody else comes up with the same issue - Tor just
doesn't do anything when installed from scratch on Ubuntu 16.04 - the
bug is with apparmor. It's some variant on
https://github.com/jlund/streisand/issues/782 and can be circumvented
by running as root:

apt install apparmor-utils
aa-complain system_tor
systemctl restart tor

journalctl reveals the following:

Jul 28 20:59:01 localhost systemd[1]: Starting Anonymizing overlay network for TCP...
Jul 28 20:59:01 localhost systemd[1]: Starting Anonymizing overlay network for TCP (multi-instance-master)...
Jul 28 20:59:01 localhost systemd[1]: Started Anonymizing overlay network for TCP (multi-instance-master).
Jul 28 20:59:02 localhost tor[6106]: Jul 28 20:59:02.023 [notice] Tor 0.3.0.9 (git-100816d92ab5664d) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2g-fips and Zlib 1.2.8.
Jul 28 20:59:02 localhost tor[6106]: Jul 28 20:59:02.025 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jul 28 20:59:02 localhost tor[6106]: Jul 28 20:59:02.025 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Jul 28 20:59:02 localhost tor[6106]: Jul 28 20:59:02.026 [notice] Read configuration file "/etc/tor/torrc".
Jul 28 20:59:02 localhost tor[6106]: Configuration was valid
Jul 28 20:59:02 localhost audit[6114]: AVC apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="system_tor" pid=6114 comm="(tor)"
Jul 28 20:59:02 localhost systemd[6114]: tor at default.service: Failed at step APPARMOR spawning /usr/bin/tor: No such file or directory
Jul 28 20:59:02 localhost systemd[1]: tor at default.service: Main process exited, code=exited, status=231/APPARMOR
Jul 28 20:59:02 localhost kernel: audit: type=1400 audit(1501275542.094:46): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="system_tor" pid=6114 comm="(tor)"
Jul 28 20:59:02 localhost systemd[1]: Failed to start Anonymizing overlay network for TCP.
Jul 28 20:59:02 localhost systemd[1]: tor at default.service: Unit entered failed state.
Jul 28 20:59:02 localhost systemd[1]: tor at default.service: Failed with result 'exit-code'.
Jul 28 20:59:02 localhost systemd[1]: tor at default.service: Service hold-off time over, scheduling restart.
Jul 28 20:59:02 localhost systemd[1]: Stopped Anonymizing overlay network for TCP.

Repeated several times.

Everything runs just fine after the aa-complain command.

Cheers

Doug

Thursday, July 27, 2017, 9:23:07 PM, you wrote:

> Hi Doug,

> I think the short story is that you're managing the service the
> wrong (old) way. Ubuntu moved to systemd as of 15.04. This should help:

> https://www.digitalocean.com/community/tutorials/systemd-essentials-working-with-services-units-and-the-journal

>> sudo service tor restart
>> sudo service tor status

> These are now outdated commands, and so the results will not be
> what you expect, and the output of the latter will potentially be
> misleading. You need to use systemctl (check the above guide).

>> For all I can gather, Tor isn"t running.

>> The odd thing is if I reboot my VPS by sudo shutdown -r now 
>> and do ps aux | grep tor there is tor running as a root user

> It's being started by systemd on boot, as seen in the output of ps here:

>> root 435 0.0 0.5 44760 5716 ? Ss 19:40 0:00 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config

> That looks sane/typical to me, for what it's worth.

>> There are no files in/var/tor/log

> Check in /var/log/syslog; I'm not sure why logs go there instead of
> /var/log/tor, but it may be another artifact of Ubuntu's switch to systemd.

>  

-- 
Best regards,
 King                            mailto:kingqueenits at gmail.com