Opened 2 years ago

Last modified 2 years ago

#22094 needs_information defect

Creating private_key/hostname fails with "RO filesystem" message but target dir is actually RW

Reported by: nipil Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-relay systemd configuration debian downstream
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Version: 0.2.9.10 (git-e28303bcf90b842d) on debian jessie live iso

Problem

Apr 28 10:22:58.000 [warn] Couldn't open "/var/tor/hidden_site/private_key.tmp" (/var/tor/hidden_site/private_key) for writing: Read-only file system
Apr 28 10:22:58.000 [err] Couldn't write generated key to "/var/tor/hidden_site/private_key".

Wanted behaviour

These files are to be written in a directory which *IS* writable by the designated running user

These error/warning message seem wrong, and the creating of the hidden service is rendered impossible, if running through systemd

Steps to reproduce

1) run debian-live-8.7.1-amd64-standard.iso is live mode

2) run following commands

gpg --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
cat << "EOF" | sudo tee /etc/apt/sources.list.d/tor.list
deb http://deb.torproject.org/torproject.org jessie main
deb-src http://deb.torproject.org/torproject.org jessie main
EOF
sudo apt-get update
sudo apt-get install deb.torproject.org-keyring
sudo apt-get install tor
sudo systemctl stop tor
sudo mkdir -p /var/tor
sudo mount -t tmpfs tmpfs /var/tor/
sudo mkdir -p /var/tor/hidden_site
sudo chmod 700 /var/tor/hidden_site
sudo chown debian-tor:debian-tor /var/tor/hidden_site
cat << "EOF" | sudo tee /etc/tor/torrc
HiddenServiceDir /var/tor/hidden_site
HiddenServicePort 80 127.0.0.1:8080
EOF
sudo -u debian-tor tor --verify-config
sudo systemctl start tor

NOTE: mounting a tmpfs is just an attempt at making sure no RO filesystem was in the game...

3) tor log

Apr 28 10:22:58.000 [notice] Tor 0.2.9.10 (git-e28303bcf90b842d) opening log file.
Apr 28 10:22:58.067 [notice] Tor 0.2.9.10 (git-e28303bcf90b842d) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8.
Apr 28 10:22:58.067 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Apr 28 10:22:58.067 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Apr 28 10:22:58.067 [notice] Read configuration file "/etc/tor/torrc".
Apr 28 10:22:58.071 [notice] Opening Socks listener on 127.0.0.1:9050
Apr 28 10:22:58.000 [warn] Couldn't open "/var/tor/hidden_site/private_key.tmp" (/var/tor/hidden_site/private_key) for writing: Read-only file system
Apr 28 10:22:58.000 [err] Couldn't write generated key to "/var/tor/hidden_site/private_key".
Apr 28 10:22:58.000 [warn] Error loading rendezvous service keys
Apr 28 10:22:58.000 [err] set_options(): Bug: Acting on config options left us in a broken state. Dying. (on Tor 0.2.9.10 )

Actual mountpoints

aufs        on  /                                           type  aufs        (rw,noatime,si=2cb2b7e036b24d5d,noxino)
hugetlbfs   on  /dev/hugepages                              type  hugetlbfs   (rw,relatime)
mqueue      on  /dev/mqueue                                 type  mqueue      (rw,relatime)
devpts      on  /dev/pts                                    type  devpts      (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs       on  /dev/shm                                    type  tmpfs       (rw,nosuid,nodev)
devtmpfs    on  /dev                                        type  devtmpfs    (rw,nosuid,size=10240k,nr_inodes=124323,mode=755)
/dev/sr0    on  /lib/live/mount/medium                      type  iso9660     (ro,noatime)
tmpfs       on  /lib/live/mount/overlay                     type  tmpfs       (rw,noatime,mode=755)
tmpfs       on  /lib/live/mount/overlay                     type  tmpfs       (rw,relatime)
/dev/loop0  on  /lib/live/mount/rootfs/filesystem.squashfs  type  squashfs    (ro,noatime)
systemd-1   on  /proc/sys/fs/binfmt_misc                    type  autofs      (rw,relatime,fd=22,pgrp=1,timeout=300,minproto=5,maxproto=5,direct)
proc        on  /proc                                       type  proc        (rw,nosuid,nodev,noexec,relatime)
tmpfs       on  /run/lock                                   type  tmpfs       (rw,nosuid,nodev,noexec,relatime,size=5120k)
rpc_pipefs  on  /run/rpc_pipefs                             type  rpc_pipefs  (rw,relatime)
tmpfs       on  /run                                        type  tmpfs       (rw,nosuid,relatime,size=204864k,mode=755)
cgroup      on  /sys/fs/cgroup/blkio                        type  cgroup      (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup      on  /sys/fs/cgroup/cpu,cpuacct                  type  cgroup      (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup      on  /sys/fs/cgroup/cpuset                       type  cgroup      (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup      on  /sys/fs/cgroup/devices                      type  cgroup      (rw,nosuid,nodev,noexec,relatime,devices)
cgroup      on  /sys/fs/cgroup/freezer                      type  cgroup      (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup      on  /sys/fs/cgroup/net_cls,net_prio             type  cgroup      (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup      on  /sys/fs/cgroup/perf_event                   type  cgroup      (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup      on  /sys/fs/cgroup/systemd                      type  cgroup      (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
tmpfs       on  /sys/fs/cgroup                              type  tmpfs       (ro,nosuid,nodev,noexec,mode=755)
pstore      on  /sys/fs/pstore                              type  pstore      (rw,nosuid,nodev,noexec,relatime)
debugfs     on  /sys/kernel/debug                           type  debugfs     (rw,relatime)
securityfs  on  /sys/kernel/security                        type  securityfs  (rw,nosuid,nodev,noexec,relatime)
sysfs       on  /sys                                        type  sysfs       (rw,nosuid,nodev,noexec,relatime)
tmpfs       on  /tmp                                        type  tmpfs       (rw,nosuid,nodev,relatime)
tmpfs       on  /var/tor                                    type  tmpfs       (rw,relatime)

Manual run

If instead of running tor via systemctl, we then launch it manually in shell through ssh :

sudo /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 

ps auxf confirms it runs as debian-tor.

Here everything goes fine :

Apr 28 13:00:41.281 [notice] Tor 0.2.9.10 (git-e28303bcf90b842d) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8.
Apr 28 13:00:41.281 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Apr 28 13:00:41.281 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Apr 28 13:00:41.282 [notice] Read configuration file "/etc/tor/torrc".
Apr 28 13:00:41.286 [notice] Opening Socks listener on 127.0.0.1:9050
Apr 28 13:00:41.000 [notice] Tor 0.2.9.10 (git-e28303bcf90b842d) opening log file.
Apr 28 13:00:41.281 [notice] Tor 0.2.9.10 (git-e28303bcf90b842d) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8.
Apr 28 13:00:41.281 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Apr 28 13:00:41.281 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Apr 28 13:00:41.282 [notice] Read configuration file "/etc/tor/torrc".
Apr 28 13:00:41.286 [notice] Opening Socks listener on 127.0.0.1:9050
Apr 28 13:00:41.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Apr 28 13:00:41.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Apr 28 13:00:41.000 [notice] Bootstrapped 0%: Starting
Apr 28 13:00:41.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Apr 28 13:00:42.000 [notice] Opening Socks listener on /var/run/tor/socks
Apr 28 13:00:42.000 [notice] Opening Control listener on /var/run/tor/control
Apr 28 13:00:42.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Apr 28 13:00:42.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Apr 28 13:00:43.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Apr 28 13:00:43.000 [notice] Bootstrapped 100%: Done

The hidden service files are created :

sudo find /var/tor -ls
 31802    0 drwxrwxrwt   3 root     root           60 Apr 28 12:30 /var/tor
 31841    0 drwx------   2 debian-tor debian-tor       80 Apr 28 13:00 /var/tor/hidden_site
 36795    4 -rw-------   1 debian-tor debian-tor       23 Apr 28 13:00 /var/tor/hidden_site/hostname
 36794    4 -rw-------   1 debian-tor debian-tor      887 Apr 28 13:00 /var/tor/hidden_site/private_key

Child Tickets

Change History (3)

comment:1 Changed 2 years ago by dgoulet

Milestone: Tor: unspecified
Status: newneeds_information

Seems that the systemd configuration file for tor on Debian allows RW to:

ReadOnlyDirectories=/
ReadWriteDirectories=-/proc
ReadWriteDirectories=-/var/lib/tor
ReadWriteDirectories=-/var/log/tor
ReadWriteDirectories=-/var/run

In your example, you are using /var/tor, maybe try with the "lib/" instead and see how it goes?

comment:2 Changed 2 years ago by teor

After you fix this, you might also run into #22331, if your systemd file does not include CAP_DAC_OVERRIDE, then tor tries to read/write directories as the root user, but can't, because only the tor user is allowed to read them.

comment:3 Changed 2 years ago by nickm

Keywords: tor-relay systemd configuration debian downstream added
Note: See TracTickets for help on using tickets.