-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi intrigeri,
thanks your reply.
This is being worked on there: https://bugs.debian.org/761403 (which should be a more appropriate forum to discuss this topic.)
I didn't want to report bugs/feature request in debian's bts for a non-debian repo (deb.torproject.org). This resulted in a situation where tor's trac is apparently not accepted by the maintainer and debian's bts is not entirely the correct place(?) either, but with that info I'll just use debian's bts for similar matters in the future - thanks for suggesting this and the pointer to the current ticket.
Please report such bugs:
- to the Tor project's Trac if they are bugs in
contrib/dist/tor.service.in as shipped with tor
I did so in the past but since I don't know any packages actually using that service file shipped by tor https://gitweb.torproject.org/tor.git/tree/contrib/dist/tor.service.in I'll probably just report any bugs/RFEs against the package instead of tor itself. I hope this makes sense. (The service file in tor does not say on which distributions it should work and generic service file won't make use of the distribution specific features.)
- to the systemd bug tracker if they are bugs in systemd itself
https://bugs.freedesktop.org/show_bug.cgi?id=89875#c2 http://lists.freedesktop.org/archives/systemd-devel/2015-April/031377.html
If anyone is interested in systemd problems I stumble on in the tor context: https://github.com/nusenu/ansible-relayor/issues?utf8=%E2%9C%93&q=is%3Ai...
tested with jessie: https://github.com/nusenu/ansible-relayor/blob/master/files/debian_tor%40.se...
I get a 404 there.
The file moved to a new location and has become an ansible template (=dynamically created) instead of a static file to "improve" security [1]. CapabilityBoundingSet is dynamically build depending on which capabilities are actually required (related to [2]). This is not something you will be able to do in a service file that ships with a package, but you can still copy that service file and simply remove lines 31 and 36-39 of it [4].
Note: The dynamic service file adjustment I'm using is only a temporary workaround until [3] gets addressed - which I don't expect to happen in 2015.
[1] https://github.com/nusenu/ansible-relayor/commit/cc7530a820fd2b4fd579598f6a1... [2] https://lists.torproject.org/pipermail/tor-dev/2015-April/008638.html [3] https://trac.torproject.org/projects/tor/ticket/15659 [4] https://github.com/nusenu/ansible-relayor/blob/master/templates/debian_tor%4...