Opened 9 months ago

Closed 8 months ago

#24715 closed enhancement (invalid)

Job for tor.service failed when /var/run is tmpfs

Reported by: vilhelmgray Owned by:
Priority: Medium Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor Version: Tor: 0.3.2.6-alpha
Severity: Normal Keywords: tmpfs, tor.service, systemd, review-group-31
Cc: Actual Points:
Parent ID: Points:
Reviewer: isis Sponsor:

Description

ISSUE SUMMARY
=============

For this test I'm running Tor 0.3.2.6-alpha (git-87012d076ef58bb9) on Gentoo Linux. On my system, the /var/run/tor directory does not exist, and /var/run is a link to /run which is mounted as tmpfs:

tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755)

Attempting to start tor using tor.service fails:

vilhelm@sophia ~ $ sudo systemctl restart tor
Job for tor.service failed because the control process exited with error code.
See "systemctl status tor.service" and "journalctl -xe" for details.

vilhelm@sophia ~ $ sudo systemctl status tor.service
● tor.service - Anonymizing overlay network for TCP

Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2017-12-06 09:08:19 EST; 4s ago

Process: 12244 ExecStart=/usr/bin/tor -f /etc/tor/torrc (code=exited, status=1/FAILURE)
Process: 12243 ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config (code=exited, status=0/SUCCESS)

Main PID: 12244 (code=exited, status=1/FAILURE)


Dec 06 09:08:19 sophia systemd[1]: tor.service: Service hold-off time over, scheduling restart.
Dec 06 09:08:19 sophia systemd[1]: tor.service: Scheduled restart job, restart counter is at 5.
Dec 06 09:08:19 sophia systemd[1]: Stopped Anonymizing overlay network for TCP.
Dec 06 09:08:19 sophia systemd[1]: tor.service: Start request repeated too quickly.
Dec 06 09:08:19 sophia systemd[1]: tor.service: Failed with result 'exit-code'.
Dec 06 09:08:19 sophia systemd[1]: Failed to start Anonymizing overlay network for TCP.

vilhelm@sophia ~ $ sudo journalctl -xe
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit tor.service has begun starting up.
Dec 06 09:08:18 sophia tor[12243]: Dec 06 09:08:18.595 [notice] Tor 0.3.2.6-alpha (git-87012d076ef58bb9) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.0.2m, Zlib 1.2.11, Liblzma 5.2.3, and Libzstd N/A.
Dec 06 09:08:18 sophia tor[12243]: Dec 06 09:08:18.595 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Dec 06 09:08:18 sophia tor[12243]: Dec 06 09:08:18.595 [notice] This version is not a stable Tor release. Expect more bugs than usual.
Dec 06 09:08:18 sophia tor[12243]: Dec 06 09:08:18.596 [notice] Read configuration file "/etc/tor/torrc".
Dec 06 09:08:18 sophia tor[12243]: Dec 06 09:08:18.597 [notice] Based on detected system memory, MaxMemInQueues is set to 8192 MB. You can override this by setting MaxMemInQueues by hand.
Dec 06 09:08:18 sophia tor[12243]: Configuration was valid
Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.036 [notice] Tor 0.3.2.6-alpha (git-87012d076ef58bb9) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.0.2m, Zlib 1.2.11, Liblzma 5.2.3, and Libzstd N/A.
Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.036 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.036 [notice] This version is not a stable Tor release. Expect more bugs than usual.
Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.036 [notice] Read configuration file "/etc/tor/torrc".
Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.038 [notice] Based on detected system memory, MaxMemInQueues is set to 8192 MB. You can override this by setting MaxMemInQueues by hand.
Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.038 [notice] Scheduler type KIST has been enabled.
Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.038 [notice] Opening OR listener on 0.0.0.0:443
Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.038 [notice] Opening Extended OR listener on 127.0.0.1:0
Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.038 [notice] Extended OR listener listening on port 35193.
Dec 06 09:08:19 sophia Tor[12244]: Tor 0.3.2.6-alpha (git-87012d076ef58bb9) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.0.2m, Zlib 1.2.11, Liblzma 5.2.3, and Libzstd N/A.
Dec 06 09:08:19 sophia Tor[12244]: Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Dec 06 09:08:19 sophia Tor[12244]: This version is not a stable Tor release. Expect more bugs than usual.
Dec 06 09:08:19 sophia Tor[12244]: Read configuration file "/etc/tor/torrc".
Dec 06 09:08:19 sophia Tor[12244]: Based on detected system memory, MaxMemInQueues is set to 8192 MB. You can override this by setting MaxMemInQueues by hand.
Dec 06 09:08:19 sophia Tor[12244]: Scheduler type KIST has been enabled.
Dec 06 09:08:19 sophia Tor[12244]: Opening OR listener on 0.0.0.0:443
Dec 06 09:08:19 sophia Tor[12244]: Opening Extended OR listener on 127.0.0.1:0
Dec 06 09:08:19 sophia Tor[12244]: Extended OR listener listening on port 35193.
Dec 06 09:08:19 sophia Tor[12244]: Unable to open "/var/run/tor/tor.pid" for writing: No such file or directory
Dec 06 09:08:19 sophia Tor[12244]: Unable to write PIDFile "/var/run/tor/tor.pid"
Dec 06 09:08:19 sophia Tor[12244]: set_options(): Bug: Acting on config options left us in a broken state. Dying. (on Tor 0.3.2.6-alpha 87012d076ef58bb9)
Dec 06 09:08:19 sophia systemd[1]: tor.service: Main process exited, code=exited, status=1/FAILURE
Dec 06 09:08:19 sophia systemd[1]: tor.service: Failed with result 'exit-code'.
Dec 06 09:08:19 sophia systemd[1]: Failed to start Anonymizing overlay network for TCP.
-- Subject: Unit tor.service has failed
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit tor.service has failed.
--
-- The result is RESULT.
Dec 06 09:08:19 sophia systemd[1]: tor.service: Service hold-off time over, scheduling restart.
Dec 06 09:08:19 sophia systemd[1]: tor.service: Scheduled restart job, restart counter is at 5.
Dec 06 09:08:19 sophia systemd[1]: Stopped Anonymizing overlay network for TCP.
-- Subject: Unit tor.service has finished shutting down
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit tor.service has finished shutting down.
Dec 06 09:08:19 sophia systemd[1]: tor.service: Start request repeated too quickly.
Dec 06 09:08:19 sophia systemd[1]: tor.service: Failed with result 'exit-code'.
Dec 06 09:08:19 sophia systemd[1]: Failed to start Anonymizing overlay network for TCP.
-- Subject: Unit tor.service has failed
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit tor.service has failed.
--
-- The result is RESULT.

SUSPECTED CAUSE
===============

The issue appears to result from the missing /var/run/tor directory and a lack of write permission to create the /var/run/tor/tor.pid PIDFile. I can manually create a /var/run/tor directory, but it will be gone if the system restarts since /var/run is tmpfs. The /var/run/tor directory and appropriate permissions should be configured in the tor.service file by default.

PROPOSED SOLUTION
=================

If I add the following lines to the /lib64/systemd/system/tor.service file the issue is resolved:

Group=tor
RuntimeDirectory=tor
RuntimeDirectoryMode=0770

I suggest adding these lines to the Tor source code contrib/dist/tor.service.in file so that the installed tor.service file will have the configuration lines to automatically create a /var/run/tor directory with the necessary permissions.

Child Tickets

Attachments (1)

tmpfs_runtime_fix.patch (353 bytes) - added by vilhelmgray 8 months ago.
Add runtime options to resolve failure on tmpfs

Download all attachments as: .zip

Change History (8)

comment:1 Changed 9 months ago by nickm

Milestone: Tor: 0.3.3.x-final

comment:2 Changed 8 months ago by nickm

Do you think you could write those lines as a patch to the tor.service file? And/or can anybody else test them out?

Changed 8 months ago by vilhelmgray

Attachment: tmpfs_runtime_fix.patch added

Add runtime options to resolve failure on tmpfs

comment:3 Changed 8 months ago by nickm

Status: newneeds_review

comment:4 Changed 8 months ago by nickm

Keywords: review-group-31 added

comment:5 Changed 8 months ago by Hello71

This is a Gentoo bug. if Gentoo adds PIDFile stanza to the torrc, it is Gentoo's responsibility to have the directory created (preferably via tmpfiles).

comment:6 Changed 8 months ago by isis

Reviewer: isis

Others who are more knowledgeable about systemd are welcome to review as well!

comment:7 Changed 8 months ago by isis

Resolution: invalid
Status: needs_reviewclosed

Hi vilhelmgray! Thanks for the bug report and the patch.

I'm wondering if this is in fact a Gentoo bug, since in the standard configuration, the --PIDFile option isn't given to tor through systemd. (My understanding is that this is because systemd has its own system for keeping track of PIDs, i.e. and so using $MAINPID is the most systemd-ish way to do this.) Since Gentoo appears to have enabled PIDFile, they should probably also make sure that the place they are attempting to write to is actually available. Perhaps the Gentoo packagers would be willing to either take your patch or otherwise remove --PIDFile?

Feel free to reopen if I've misunderstood something… I'm not the most systemd-inclined person and my only experience is through setting up VMs for various services in Qubes.

Note: See TracTickets for help on using tickets.