Peter Palfrader wrote: > So, maybe I'm doing something wrong, but I have configured a hidden > service socket in /var/lib/bla/sock, and I can access it just fine > without listing that directory in either the apparmor nor the systemd > service file.
root@elephant:~> tail -n 2 /etc/tor/torrc HiddenServiceDir /var/lib/tor/tesths HiddenServicePort 9999 unix:/var/lib/bla/sock root@elephant:~> service tor restart # waited for it to finish bootstrap root@elephant:~> cd /var/lib root@elephant:/var/lib> mkdir bla root@elephant:/var/lib> cd bla root@elephant:/var/lib/bla> socat UNIX-LISTEN:sock STDIO & root@elephant:/var/lib/bla> chmod 777 sock root@elephant:/var/lib/bla> ls -l sock srwxrwxrwx 1 root root 0 Dec 17 18:38 sock= root@elephant:/var/lib/bla> ls -ld `pwd` drwxr-xr-x 2 root root 4096 Dec 17 18:42 /var/lib/bla/ root@elephant:/var/lib/bla> cat /var/lib/tor/tesths/hostname r7ymlfhfbpp5cfny.onion root@elephant:/var/lib/bla> torsocks telnet r7ymlfhfbpp5cfny.onion 9999 Trying 127.42.42.0... The telnet never connects. Tor is silently refusing to use /var/lib/bla/sock. Following the exact same procedure, but with /etc/tor/sock as the socket, the telnet connects successfully. Note that this only seems to happen when tor is started by systemd. When I run the daemon manually, it is able to use sockets elsewhere. My assumption, which may be wrong, is that systemd is loading the apparmor config. There may be other situations where that does not happen; dunno. Complete tor log after the transcript above: Dec 17 22:49:31.000 [notice] Tor 0.2.8.9 (git-cabd4ef300c6b3d6) opening log file. Dec 17 22:49:31.330 [notice] Tor v0.2.8.9 (git-cabd4ef300c6b3d6) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2j and Zlib 1.2.8. Dec 17 22:49:31.331 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Dec 17 22:49:31.332 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Dec 17 22:49:31.332 [notice] Read configuration file "/etc/tor/torrc". Dec 17 22:49:31.340 [notice] Opening Socks listener on 127.0.0.1:9050 Dec 17 22:49:31.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip. Dec 17 22:49:31.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6. Dec 17 22:49:31.000 [notice] Bootstrapped 0%: Starting Dec 17 22:49:32.000 [notice] Bootstrapped 80%: Connecting to the Tor network Dec 17 22:49:32.000 [notice] Signaled readiness to systemd Dec 17 22:49:32.000 [notice] Opening Socks listener on /var/run/tor/socks Dec 17 22:49:32.000 [notice] Opening Control listener on /var/run/tor/control Dec 17 22:49:33.000 [notice] Bootstrapped 85%: Finishing handshake with first hop Dec 17 22:49:33.000 [notice] Bootstrapped 90%: Establishing a Tor circuit Dec 17 22:49:33.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Dec 17 22:49:33.000 [notice] Bootstrapped 100%: Done -- see shy jo
signature.asc
Description: PGP signature