On Sat, 17 Dec 2016, Joey Hess wrote: > Peter Palfrader wrote: > > So, maybe I'm doing something wrong, but I have configured a hidden > > service socket in /var/lib/bla/sock, and I can access it just fine > > without listing that directory in either the apparmor nor the systemd > > service file. > > root@elephant:~> tail -n 2 /etc/tor/torrc > HiddenServiceDir /var/lib/tor/tesths > HiddenServicePort 9999 unix:/var/lib/bla/sock > root@elephant:~> service tor restart # waited for it to finish bootstrap > root@elephant:~> cd /var/lib > root@elephant:/var/lib> mkdir bla > root@elephant:/var/lib> cd bla > root@elephant:/var/lib/bla> socat UNIX-LISTEN:sock STDIO & > root@elephant:/var/lib/bla> chmod 777 sock > root@elephant:/var/lib/bla> ls -l sock > srwxrwxrwx 1 root root 0 Dec 17 18:38 sock= > root@elephant:/var/lib/bla> ls -ld `pwd` > drwxr-xr-x 2 root root 4096 Dec 17 18:42 /var/lib/bla/ > root@elephant:/var/lib/bla> cat /var/lib/tor/tesths/hostname > r7ymlfhfbpp5cfny.onion > root@elephant:/var/lib/bla> torsocks telnet r7ymlfhfbpp5cfny.onion 9999 > Trying 127.42.42.0... > > The telnet never connects. Tor is silently refusing to use /var/lib/bla/sock. > > Following the exact same procedure, but with /etc/tor/sock as the socket, > the telnet connects successfully. > > Note that this only seems to happen when tor is started by systemd. > When I run the daemon manually, it is able to use sockets elsewhere. > My assumption, which may be wrong, is that systemd is loading the > apparmor config. There may be other situations where that does not happen; > dunno. > > Complete tor log after the transcript above: > > Dec 17 22:49:31.000 [notice] Tor 0.2.8.9 (git-cabd4ef300c6b3d6) opening log > file.
Can you retry with an info level log (see Tor#21019[1]), and maybe strace -p <pid> -e connect the process while you're at it? Also, which kernel and which systemd? I had tried it on sid, using systemd 232-8, tor 0.2.9.7-rc-dev-.., and 4.8.0-2-amd64 with apparmor enabled to boot. | HiddenServiceDir /var/lib/tor/other_hidden_service/ | HiddenServicePort 80 unix:/var/lib/bla/sock And } socat UNIX-LISTEN:/var/lib/bla/sock,mode=0666,fork - makes ] torsocks telnet <onion>.onion 80 connect to the socat. Also works for me using 0.2.8.11-2 from sid with apparmor disabled. I also tried a socket in /home/weasel, but that didn't work (probably due to ProtectHome=yes). Aloha, 1: https://bugs.torproject.org/21019 -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `- https://www.debian.org/