-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hello Zack,
thanks for your answer.
Zack Weinberg:
Could you please put
Log debug /tmp/tor-startup.log
I had:
Log debug file /var/log/tor/log
but it is not being written to.
(I disabled ExecStartPre for now).
in your torrc, try to start the daemon with NoNewPrivileges=yes, and then post the contents of /tmp/tor-startup.log ? We need to know exactly how it's failing. (We might actually need you to run it under `strace`, even.)
It is a bit tricky environment to run strace, how would you go about it?
If anyone wants to try here is the unit file: (use it with the torrc file from the initial email)
- ------------------------------------ [Unit] Description = Anonymizing overlay network for TCP After = syslog.target network.target nss-lookup.target
[Service] Type = simple #ExecStartPre = /usr/bin/tor -f /etc/tor/torrc --verify-config ExecStart = /usr/bin/tor -f /etc/tor/torrc --runasdaemon 0 ExecReload = /bin/kill -HUP ${MAINPID} KillSignal = SIGINT TimeoutSec = 30 Restart = on-failure WatchdogSec = 1m LimitNOFILE = 32768
# Hardening PrivateTmp = yes
ReadOnlyDirectories = /
ReadWriteDirectories = /var/lib/tor ReadWriteDirectories = /var/log/tor
NoNewPrivileges = yes CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
# not supported in wheezy-backports (systemd 204) #PrivateDevices = yes #ProtectHome = yes #ProtectSystem = full
[Install] WantedBy = multi-user.target - ------------------------------------