[tor-talk] starting tor with the default service file...
Udo van den Heuvel
udovdh at xs4all.nl
Sun Mar 11 09:48:40 UTC 2018
Hello,
When trying to start tor using the default service file
contrib/dist/tor.service on a Fedora 26 system with kernel.org kernel we
see a failure to start:
Mar 11 10:40:16.297 [warn] You appear to lack permissions to change
memory limits. Are you root?
Mar 11 10:40:16.297 [warn] Unable to raise RLIMIT_MEMLOCK: Operation not
permitted
Mar 11 10:40:16.298 [notice] Unable to lock all current and future
memory pages: Cannot allocate memory
Mar 11 10:40:16.298 [warn] Failed to parse/validate config:
DisableAllSwap failure. Do you have proper permissions?
Mar 11 10:40:16.298 [err] Reading config failed--see warnings above.
This part of the service file might be relevant:
# Hardening
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/tor
ReadWriteDirectories=-/var/log/tor
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
How to fix this issue? How do I add the permissions for RLIMIT_MEMLOCK?
Locking memory pages? Disabling swap?
Kind regards,
Udo
More information about the tor-talk
mailing list