Your message dated Sun, 13 Aug 2017 17:37:11 +0000
with message-id <[email protected]>
and subject line Bug#862993: fixed in tor 0.3.0.10-1
has caused the Debian Bug report #862993,
regarding tor: Does not start with AppArmor enabled and hidden service
directory owned by non-root
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
862993: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862993
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tor
Version: 0.3.0.7-1
Severity: normal
I see this:
systemd[1]: Starting Anonymizing overlay network for TCP...
tor[25760]: May 19 19:42:30.363 [notice] Tor 0.3.0.7 (git-4e55cb9db769b11c)
running on Linux with Libevent 2.0.21-stable, OpenSSL 1.1.0e and Zlib 1.2
tor[25760]: May 19 19:42:30.363 [notice] Tor can't help you if you use it
wrong! Learn how to be safe at https://www.torproject.org/download/download
tor[25760]: May 19 19:42:30.364 [notice] Read configuration file
"/usr/share/tor/tor-service-defaults-torrc".
tor[25760]: May 19 19:42:30.364 [notice] Read configuration file
"/etc/tor/torrc".
tor[25760]: Configuration was valid
tor[25763]: May 19 19:42:30.557 [notice] Tor 0.3.0.7 (git-4e55cb9db769b11c)
running on Linux with Libevent 2.0.21-stable, OpenSSL 1.1.0e and Zlib 1.2
tor[25763]: May 19 19:42:30.557 [notice] Tor can't help you if you use it
wrong! Learn how to be safe at https://www.torproject.org/download/download
tor[25763]: May 19 19:42:30.557 [notice] Read configuration file
"/usr/share/tor/tor-service-defaults-torrc".
tor[25763]: May 19 19:42:30.557 [notice] Read configuration file
"/etc/tor/torrc".
tor[25763]: May 19 19:42:30.560 [warn] Directory
/var/lib/tor/hidden_service_onioncat cannot be read: Permission denied
tor[25763]: May 19 19:42:30.560 [warn] Checking service directory
/var/lib/tor/hidden_service_onioncat failed.
tor[25763]: May 19 19:42:30.560 [warn] Failed to parse/validate config: Failed
to configure rendezvous options. See logs for details.
tor[25763]: May 19 19:42:30.560 [err] Reading config failed--see warnings above.
systemd[1]: [email protected]: Main process exited, code=exited,
status=1/FAILURE
Adding this line:
capability dac_read_search,
… to the AppArmor profile fixed this problem.
/var/lib/tor/hidden_service_onioncat is only readable by debian-tor;
I suspect that Tor might try to access it as root before changing uid.
Cheers,
--
intrigeri
--- End Message ---
--- Begin Message ---
Source: tor
Source-Version: 0.3.0.10-1
We believe that the bug you reported is fixed in the latest version of
tor, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Peter Palfrader <[email protected]> (supplier of updated tor package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 13 Aug 2017 17:24:23 +0200
Source: tor
Binary: tor tor-geoipdb
Architecture: source
Version: 0.3.0.10-1
Distribution: unstable
Urgency: medium
Maintainer: Peter Palfrader <[email protected]>
Changed-By: Peter Palfrader <[email protected]>
Description:
tor - anonymizing overlay network for TCP
tor-geoipdb - GeoIP database for Tor
Closes: 862993 867547
Changes:
tor (0.3.0.10-1) unstable; urgency=medium
.
* New upstream version.
* Update apparmor profile: replace CAP_DAC_OVERRIDE with
CAP_DAC_READ_SEARCH to match the systemd capability bounding set
changed with 0.3.0.4-rc-1. This change will allow tor to start
again under apparmor if hidden services are configured.
Patch by intrigeri. (closes: #862993)
* Remove tor-dbg binary package. Nowadays Debian's toolchain
automatically builds packages containing debugging symbols. The new
tor-dbgsym package will end up in the debian-debug archive.
This tor-dbgsym package will Replace/Break tor-dbg versions
prior to 0.3.1.5-alpha for now (to match the version in experimental
with the same change), but as we keep providing backported builds for
older suites, and since those keep the tor-dbg package for now,
we'll likely keep increasing this version in future releases.
(closes: #867547)
* The dbgsym migration options require debhelper >= 9.20160114; update
build dependency list accordingly.
Checksums-Sha1:
18fb03d0e92f32808af63e4d1cb1f257f4ca8e2e 1808 tor_0.3.0.10-1.dsc
ae83357955226c635c6ad7de13f1dd5b71fac19a 5845205 tor_0.3.0.10.orig.tar.gz
3c9289047c30c4622eb4a9b8d84f78d2e768823d 47415 tor_0.3.0.10-1.diff.gz
Checksums-Sha256:
9e054606cc4b10c1a271e5949bfb4d7c12ded8dcada05b3932e253d976ba0498 1808
tor_0.3.0.10-1.dsc
9a8e6e49a1688dae64dca10f84a414ec9a4f393fb2256ae28e0c2e3239185ab1 5845205
tor_0.3.0.10.orig.tar.gz
c83f3fb25d5be8f55b8844228b2de4f6b624155cdd441cf039c17452b189ed1a 47415
tor_0.3.0.10-1.diff.gz
Files:
be14faca8a9a70aea420193fa1c89bce 1808 net optional tor_0.3.0.10-1.dsc
c9920169798c28b60b03fa3f0e592509 5845205 net optional tor_0.3.0.10.orig.tar.gz
033a6718dd3b75b7bc69ef075b0a0aa8 47415 net optional tor_0.3.0.10-1.diff.gz
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEs4PXhajJL968BgN2hgLIIDhyMx8FAlmQin8ACgkQhgLIIDhy
Mx8rqggAlA/u6mUtuy4KVBTNE5uhwv5cAOuUSrJxN3cUhhX4zDIW1xxtHegtrtPy
jmAbbtRttC/FXQYfEhk6eMu/OK1iROe8vfdWbCSV5U5Fa5z1mfo7i6nbmX2q3e3d
5K0wuU8kTJCZXaxCnloNcqbOyECK2of47ez7Ti0rh1wiVVsVxanNMHFADiEpmW/m
VVGdmAZhR1Me6NluS5jnQuBek0PWzDDh9hIUXvboA7NWAxUhZusAQ3DBsKvgGJre
2uDwK0QfIYjw012SApBUoRghRA7rQuO2rq+DuFG6CStFLqsJyJGn16xlJP0HieHD
1bucY1M8j2a2WkShzDN0MA8+zGDLHg==
=zDYH
-----END PGP SIGNATURE-----
--- End Message ---
