Skip to content
Snippets Groups Projects
Closed (moved) Debian 0.2.8.11 package CapabilityBoundingSet doesn't allow tor to start with a configured HS
  • View options

    • Debian 0.2.8.11 package CapabilityBoundingSet doesn't allow tor to start with a configured HS

  • View options
    • Closed (moved) Issue created by David Goulet

    Latest 0.2.8.11 package changes the capabilities from the systemd service file from:

    CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER

    to

    CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE

    which makes it that tor doesn't restart after an upgrade with at least one hidden service configured:

    [warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission denied

    This is pretty bad because anyone upgrading will have its tor stopped. (from deb.tpo)

    Linked items ... 0

    • Activity

    • All activity
    • Comments only
    • History only
    • Newest first
    • Oldest first
    Loading Loading Loading Loading Loading Loading Loading Loading Loading Loading