#22991 closed defect (duplicate)

Ubuntu/AppArmor 0.3.0.9 and 0.3.1.4-alpha - onion service setup fails

Reported by: yawnbox Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version:
Severity: Normal Keywords: apparmor
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

After setting up new Ubuntu server hosts and adding the Tor Project repo, setting up an onion service fails due to apparmor.

Hosts tested:

Xenial server
Zesty server

Tor versions tested:

0.3.0.9
0.3.1.4-alpha

Errors:

/var/log/kern.log |grep tor

Jul 20 19:25:58 zesty kernel: [ 50.173406] audit: type=1400 audit(1500578758.127:16): apparmor="DENIED" operation="capable" profile="system_tor" pid=2148 comm="tor" capability=2 capname="dac_read_search"

/var/log/syslog |grep tor

Jul 20 19:26:00 zesty tor[2190]: Jul 20 19:26:00.111 [notice] Tor 0.3.1.4-alpha (git-c3fe257c709bb814) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2g, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
Jul 20 19:26:00 zesty tor[2190]: Jul 20 19:26:00.112 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jul 20 19:26:00 zesty tor[2190]: Jul 20 19:26:00.113 [notice] This version is not a stable Tor release. Expect more bugs than usual.
Jul 20 19:26:00 zesty tor[2190]: Jul 20 19:26:00.114 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Jul 20 19:26:00 zesty tor[2190]: Jul 20 19:26:00.114 [notice] Read configuration file "/etc/tor/torrc".
Jul 20 19:26:00 zesty tor[2190]: Configuration was valid
Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.223 [notice] Tor 0.3.1.4-alpha (git-c3fe257c709bb814) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2g, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.224 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.225 [notice] This version is not a stable Tor release. Expect more bugs than usual.
Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.225 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.226 [notice] Read configuration file "/etc/tor/torrc".
Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.233 [warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission denied
Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.234 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.235 [err] Reading config failed--see warnings above.
Jul 20 19:26:00 zesty systemd[1]: tor@…: Main process exited, code=exited, status=1/FAILURE
Jul 20 19:26:00 zesty systemd[1]: tor@…: Unit entered failed state.
Jul 20 19:26:00 zesty systemd[1]: tor@…: Failed with result 'exit-code'.
Jul 20 19:26:00 zesty systemd[1]: tor@…: Service hold-off time over, scheduling restart.
Jul 20 19:26:00 zesty systemd[1]: tor@…: Start request repeated too quickly.
Jul 20 19:26:00 zesty systemd[1]: tor@…: Unit entered failed state.
Jul 20 19:26:00 zesty systemd[1]: tor@…: Failed with result 'exit-code'.

Identified solution:

sudo vim /etc/apparmor.d/abstractions/tor

add this line to capabilities:

capability dac_read_search,

reload:

sudo /etc/init.d/apparmor reload

sudo service tor restart

Child Tickets

Change History (2)

comment:1 Changed 20 months ago by cypherpunks

Component: - Select a componentCore Tor/Tor
Keywords: apparmor added

comment:2 Changed 20 months ago by dgoulet

Resolution: duplicate
Status: newclosed
Note: See TracTickets for help on using tickets.