Opened 4 years ago
Last modified 2 years ago
#17754 needs_information defect
0.2.7.5 cannot work inside lxc container
Reported by: | kibba | Owned by: | |
---|---|---|---|
Priority: | Medium | Milestone: | Tor: unspecified |
Component: | Core Tor/Tor | Version: | Tor: 0.2.7.5 |
Severity: | Normal | Keywords: | lxc tor-client compatibility apparmor needs-diagnosis container |
Cc: | weasel, patrick@… | Actual Points: | |
Parent ID: | Points: | ||
Reviewer: | Sponsor: |
Description
I am running tor inside a lxc container running ubuntu/vivid and Tor don't run since system tor status show it running
Tor version 0.2.7.5 (git-6184c873e90d93b2)
before upgrading to this version, everything work well inside the container. Outside of the container, in a host running ubuntu/vivid, everything work.
output of journalctl :
déc. 04 22:50:29 torouter systemd[1]: Starting Anonymizing overlay network for TCP (multi-instance-master).. déc. 04 22:50:29 torouter systemd[1]: Started Anonymizing overlay network for TCP (multi-instance-master). déc. 04 22:54:09 torouter systemd[1]: tor.service: Failed to kill control group: Invalid argument déc. 04 22:54:09 torouter systemd[1]: tor.service: Failed to kill control group: Invalid argument déc. 04 22:54:09 torouter systemd[1]: tor.service: Failed to kill control group: Invalid argument déc. 04 22:54:09 torouter systemd[1]: tor.service: Failed to kill control group: Invalid argument déc. 04 22:54:09 torouter systemd[1]: Stopped Anonymizing overlay network for TCP (multi-instance-master). déc. 04 22:59:32 torouter systemd[1]: Starting Anonymizing overlay network for TCP (multi-instance-master).. déc. 04 22:59:32 torouter systemd[1]: Started Anonymizing overlay network for TCP (multi-instance-master).
output of systemctl status tor@…
● tor@default.service - Anonymizing overlay network for TCP Loaded: loaded (/lib/systemd/system/tor@default.service; static; vendor preset: enabled) Active: failed (Result: start-limit) since ven. 2015-12-04 23:51:04 CET; 36s ago Process: 4478 ExecStart=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 (code=exited, status=231/APPARMOR) Process: 4464 ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config (code=exited, status=0/SUCCESS) Process: 4450 ExecStartPre=/usr/bin/install -Z -m 02750 -o debian-tor -g debian-tor -d /var/run/tor (code=exited, status=0/SUCCESS) Main PID: 4478 (code=exited, status=231/APPARMOR) déc. 04 23:51:04 torouter systemd[1]: Failed to start Anonymizing overlay network for TCP. déc. 04 23:51:04 torouter systemd[1]: tor@default.service: Unit entered failed state. déc. 04 23:51:04 torouter systemd[1]: tor@default.service: Failed with result 'exit-code'. déc. 04 23:51:04 torouter systemd[1]: tor@default.service: Service hold-off time over, scheduling restart. déc. 04 23:51:04 torouter systemd[1]: Stopped Anonymizing overlay network for TCP. déc. 04 23:51:04 torouter systemd[1]: tor@default.service: Start request repeated too quickly. déc. 04 23:51:04 torouter systemd[1]: Failed to start Anonymizing overlay network for TCP. déc. 04 23:51:04 torouter systemd[1]: tor@default.service: Unit entered failed state. déc. 04 23:51:04 torouter systemd[1]: tor@default.service: Failed with result 'start-limit'.
in /var/log/tor/log =>
Interrupt: exiting cleanly
find /etc/systemd/ | grep /tor /etc/systemd/system/multi-user.target.wants/tor.service
I have try to use the patch in this issue :
https://trac.torproject.org/projects/tor/ticket/17693
Don't work
Child Tickets
Change History (14)
comment:1 Changed 4 years ago by
comment:2 Changed 4 years ago by
Milestone: | Tor: 0.2.??? → Tor: 0.2.8.x-final |
---|---|
Status: | new → needs_information |
comment:3 Changed 4 years ago by
Hope it can help :
kern.log :
Dec 8 01:54:08 torouter kernel: [384376.105956] audit: type=1400 audit(1449536048.599:71891): apparmor="DENIED" operation="file_perm" profile="lxc-container-default" name="private/defer" pid=1407 comm="smtp" requested_mask="r" denied_mask="r" fsuid=109 ouid=0 Dec 8 01:54:17 torouter kernel: [384384.558916] audit_printk_skb: 48 callbacks suppressed Dec 8 01:54:17 torouter kernel: [384384.558925] audit: type=1400 audit(1449536057.055:71918): apparmor="DENIED" operation="file_perm" profile="lxc-container-default" name="private/bounce" pid=1410 comm="smtp" requested_mask="r" denied_mask="r" fsuid=109 ouid=0 Dec 8 01:55:51 torouter kernel: [384479.375750] audit: type=1400 audit(1449536151.847:71926): apparmor="DENIED" operation="file_perm" profile="lxc-container-default" name="private/defer" pid=1406 comm="smtp" requested_mask="r" denied_mask="r" fsuid=109 ouid=0
dmesg :
[384228.364335] audit: type=1400 audit(1449535900.891:71845): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="lxc-container-default" name="/sys/fs/cgroup/" pid=29331 comm="systemd" flags="ro, nosuid, nodev, noexec, remount, strictatime" [384233.054448] audit: type=1400 audit(1449535905.579:71846): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/" pid=30235 comm="(install)" flags="rw, rslave" [384233.233420] audit: type=1400 audit(1449535905.759:71847): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/" pid=30389 comm="(tor)" flags="rw, rslave" [384235.601373] audit: type=1400 audit(1449535908.123:71848): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/" pid=30864 comm="(tor)" flags="rw, rslave" [384236.463215] audit: type=1400 audit(1449535908.987:71849): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/" pid=30976 comm="(install)" flags="rw, rslave" [384236.492256] audit: type=1400 audit(1449535909.015:71850): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/" pid=31005 comm="(tor)" flags="rw, rslave" [384236.539962] audit: type=1400 audit(1449535909.063:71851): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/" pid=31043 comm="(tor)" flags="rw, rslave" [384236.934917] audit: type=1400 audit(1449535909.459:71852): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/" pid=31391 comm="(install)" flags="rw, rslave" [384236.964545] audit: type=1400 audit(1449535909.487:71853): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/" pid=31460 comm="(tor)" flags="rw, rslave" [384237.020065] audit: type=1400 audit(1449535909.543:71854): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/" pid=31522 comm="(tor)" flags="rw, rslave" [384238.450632] audit_printk_skb: 9 callbacks suppressed [384238.450634] audit: type=1400 audit(1449535910.975:71858): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/" pid=31650 comm="(install)" flags="rw, rslave" [384238.475414] audit: type=1400 audit(1449535910.999:71859): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/" pid=31804 comm="(tor)" flags="rw, rslave" [384238.528398] audit: type=1400 audit(1449535911.051:71860): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/" pid=31833 comm="(tor)" flags="rw, rslave" [384241.850826] lxcbr0: port 3(vethYAGFKF) entered forwarding state
systemctl :
déc. 08 02:04:20 torouter systemd[1]: Failed to reset devices.list on /lxc/torouter/system.slice/tor.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Starting Anonymizing overlay network for TCP (multi-instance-master)... déc. 08 02:04:20 torouter systemd[1]: Failed to reset devices.list on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Starting Anonymizing overlay network for TCP... déc. 08 02:04:20 torouter systemd[1]: Started Anonymizing overlay network for TCP (multi-instance-master). déc. 08 02:04:20 torouter systemd[1]: Failed to reset devices.list on /lxc/torouter/system.slice/tor.service: Permission denied déc. 08 02:04:20 torouter tor[1740]: Dec 08 02:04:20.350 [notice] Tor v0.2.7.5 (git-6184c873e90d93b2) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2d and Zlib 1.2.8. déc. 08 02:04:20 torouter tor[1740]: Dec 08 02:04:20.350 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning déc. 08 02:04:20 torouter tor[1740]: Dec 08 02:04:20.350 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". déc. 08 02:04:20 torouter tor[1740]: Dec 08 02:04:20.350 [notice] Read configuration file "/etc/tor/torrc". déc. 08 02:04:20 torouter tor[1740]: Configuration was valid déc. 08 02:04:20 torouter systemd[1754]: tor@default.service: Failed at step APPARMOR spawning /usr/bin/tor: Operation not permitted déc. 08 02:04:20 torouter systemd[1]: tor@default.service: Main process exited, code=exited, status=231/APPARMOR déc. 08 02:04:20 torouter systemd[1]: tor@default.service: Failed to kill control group: Invalid argument déc. 08 02:04:20 torouter systemd[1]: tor@default.service: Failed to kill control group: Invalid argument déc. 08 02:04:20 torouter systemd[1]: tor@default.service: Failed to kill control group: Invalid argument déc. 08 02:04:20 torouter systemd[1]: tor@default.service: Failed to kill control group: Invalid argument déc. 08 02:04:20 torouter systemd[1]: Failed to start Anonymizing overlay network for TCP. déc. 08 02:04:20 torouter systemd[1]: tor@default.service: Unit entered failed state. déc. 08 02:04:20 torouter systemd[1]: tor@default.service: Failed with result 'exit-code'. déc. 08 02:04:20 torouter systemd[1]: tor@default.service: Service hold-off time over, scheduling restart. déc. 08 02:04:20 torouter systemd[1]: Stopped Anonymizing overlay network for TCP. déc. 08 02:04:20 torouter systemd[1]: Failed to reset devices.list on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Starting Anonymizing overlay network for TCP... déc. 08 02:04:20 torouter tor[1785]: Dec 08 02:04:20.802 [notice] Tor v0.2.7.5 (git-6184c873e90d93b2) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2d and Zlib 1.2.8. déc. 08 02:04:20 torouter tor[1785]: Dec 08 02:04:20.802 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning déc. 08 02:04:20 torouter tor[1785]: Dec 08 02:04:20.802 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". déc. 08 02:04:20 torouter tor[1785]: Dec 08 02:04:20.802 [notice] Read configuration file "/etc/tor/torrc". déc. 08 02:04:20 torouter tor[1785]: Configuration was valid déc. 08 02:04:20 torouter systemd[1799]: tor@default.service: Failed at step APPARMOR spawning /usr/bin/tor: Operation not permitted déc. 08 02:04:20 torouter systemd[1]: tor@default.service: Main process exited, code=exited, status=231/APPARMOR déc. 08 02:04:20 torouter systemd[1]: tor@default.service: Failed to kill control group: Invalid argument déc. 08 02:04:20 torouter systemd[1]: tor@default.service: Failed to kill control group: Invalid argument déc. 08 02:04:20 torouter systemd[1]: tor@default.service: Failed to kill control group: Invalid argument déc. 08 02:04:20 torouter systemd[1]: tor@default.service: Failed to kill control group: Invalid argument déc. 08 02:04:20 torouter systemd[1]: Failed to start Anonymizing overlay network for TCP. déc. 08 02:04:20 torouter systemd[1]: tor@default.service: Unit entered failed state. déc. 08 02:04:20 torouter systemd[1]: tor@default.service: Failed with result 'exit-code'. déc. 08 02:04:20 torouter systemd[1]: tor@default.service: Service hold-off time over, scheduling restart. déc. 08 02:04:20 torouter systemd[1]: Stopped Anonymizing overlay network for TCP. déc. 08 02:04:20 torouter systemd[1]: Failed to reset devices.list on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:20 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:21 torouter systemd[1]: Starting Anonymizing overlay network for TCP... déc. 08 02:04:21 torouter tor[1830]: Dec 08 02:04:21.054 [notice] Tor v0.2.7.5 (git-6184c873e90d93b2) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2d and Zlib 1.2.8. déc. 08 02:04:21 torouter tor[1830]: Dec 08 02:04:21.054 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning déc. 08 02:04:21 torouter tor[1830]: Dec 08 02:04:21.054 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". déc. 08 02:04:21 torouter tor[1830]: Dec 08 02:04:21.054 [notice] Read configuration file "/etc/tor/torrc". déc. 08 02:04:21 torouter tor[1830]: Configuration was valid déc. 08 02:04:21 torouter systemd[1844]: tor@default.service: Failed at step APPARMOR spawning /usr/bin/tor: Operation not permitted déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Main process exited, code=exited, status=231/APPARMOR déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Failed to kill control group: Invalid argument déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Failed to kill control group: Invalid argument déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Failed to kill control group: Invalid argument déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Failed to kill control group: Invalid argument déc. 08 02:04:21 torouter systemd[1]: Failed to start Anonymizing overlay network for TCP. déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Unit entered failed state. déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Failed with result 'exit-code'. déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Service hold-off time over, scheduling restart. déc. 08 02:04:21 torouter systemd[1]: Stopped Anonymizing overlay network for TCP. déc. 08 02:04:21 torouter systemd[1]: Failed to reset devices.list on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:21 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:21 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:21 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:21 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:21 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:21 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:21 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:21 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:21 torouter systemd[1]: Starting Anonymizing overlay network for TCP... déc. 08 02:04:21 torouter tor[1875]: Dec 08 02:04:21.296 [notice] Tor v0.2.7.5 (git-6184c873e90d93b2) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2d and Zlib 1.2.8. déc. 08 02:04:21 torouter tor[1875]: Dec 08 02:04:21.296 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning déc. 08 02:04:21 torouter tor[1875]: Dec 08 02:04:21.296 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". déc. 08 02:04:21 torouter tor[1875]: Dec 08 02:04:21.296 [notice] Read configuration file "/etc/tor/torrc". déc. 08 02:04:21 torouter tor[1875]: Configuration was valid déc. 08 02:04:21 torouter systemd[1889]: tor@default.service: Failed at step APPARMOR spawning /usr/bin/tor: Operation not permitted déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Main process exited, code=exited, status=231/APPARMOR déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Failed to kill control group: Invalid argument déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Failed to kill control group: Invalid argument déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Failed to kill control group: Invalid argument déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Failed to kill control group: Invalid argument déc. 08 02:04:21 torouter systemd[1]: Failed to start Anonymizing overlay network for TCP. déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Unit entered failed state. déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Failed with result 'exit-code'. déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Service hold-off time over, scheduling restart. déc. 08 02:04:21 torouter systemd[1]: Stopped Anonymizing overlay network for TCP. déc. 08 02:04:21 torouter systemd[1]: Failed to reset devices.list on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:21 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:21 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:21 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:21 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:21 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:21 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:21 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:21 torouter systemd[1]: Failed to set devices.allow on /lxc/torouter/system.slice/system-tor.slice/tor@default.service: Permission denied déc. 08 02:04:21 torouter systemd[1]: Starting Anonymizing overlay network for TCP... déc. 08 02:04:21 torouter tor[1920]: Dec 08 02:04:21.544 [notice] Tor v0.2.7.5 (git-6184c873e90d93b2) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2d and Zlib 1.2.8. déc. 08 02:04:21 torouter tor[1920]: Dec 08 02:04:21.544 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning déc. 08 02:04:21 torouter tor[1920]: Dec 08 02:04:21.544 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". déc. 08 02:04:21 torouter tor[1920]: Dec 08 02:04:21.544 [notice] Read configuration file "/etc/tor/torrc". déc. 08 02:04:21 torouter tor[1920]: Configuration was valid déc. 08 02:04:21 torouter systemd[1934]: tor@default.service: Failed at step APPARMOR spawning /usr/bin/tor: Operation not permitted déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Main process exited, code=exited, status=231/APPARMOR déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Failed to kill control group: Invalid argument déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Failed to kill control group: Invalid argument déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Failed to kill control group: Invalid argument déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Failed to kill control group: Invalid argument déc. 08 02:04:21 torouter systemd[1]: Failed to start Anonymizing overlay network for TCP. déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Unit entered failed state. déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Failed with result 'exit-code'. déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Service hold-off time over, scheduling restart. déc. 08 02:04:21 torouter systemd[1]: Stopped Anonymizing overlay network for TCP. déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Start request repeated too quickly. déc. 08 02:04:21 torouter systemd[1]: Failed to start Anonymizing overlay network for TCP. déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Unit entered failed state. déc. 08 02:04:21 torouter systemd[1]: tor@default.service: Failed with result 'start-limit'. déc. 08 02:04:35 torouter systemd[1]: tor.service: Failed to kill control group: Invalid argument déc. 08 02:04:35 torouter systemd[1]: tor.service: Failed to kill control group: Invalid argument déc. 08 02:04:35 torouter systemd[1]: tor.service: Failed to kill control group: Invalid argument déc. 08 02:04:35 torouter systemd[1]: tor.service: Failed to kill control group: Invalid argument déc. 08 02:04:35 torouter systemd[1]: Stopped Anonymizing overlay network for TCP (multi-instance-master).
comment:5 Changed 4 years ago by
Cc: | weasel added |
---|
Adding weasel in case he's interested. Is this one for you, weasel?
comment:6 Changed 4 years ago by
Can you confirm it works for you if you disable apparmor for the tor running in the container?
mkdir /etc/systemd/system/tor@default.service.d/ (echo "[Service]"; echo "AppArmorProfile=") > /etc/systemd/system/tor@default.service.d/override.conf systemctl daemon-reload
And then try to start tor,
service tor restart
.
comment:7 Changed 4 years ago by
Yes it work if i disable apparmor for the tor running in the container
comment:8 Changed 4 years ago by
Milestone: | Tor: 0.2.8.x-final → Tor: 0.2.??? |
---|
comment:9 Changed 3 years ago by
Cc: | patrick@… added |
---|
comment:11 Changed 3 years ago by
Keywords: | tor-03-unspecified-201612 added |
---|---|
Milestone: | Tor: 0.3.??? → Tor: unspecified |
Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.
comment:12 Changed 3 years ago by
So, if disabling apparmor made it work, what does this tell us about whether there's a bug here?
comment:13 Changed 3 years ago by
Keywords: | tor-03-unspecified-201612 removed |
---|
Remove an old triaging keyword.
comment:14 Changed 2 years ago by
Keywords: | tor-client compatibility apparmor needs-diagnosis container added |
---|
Please send us the log entries for: