#28410 closed defect (not a bug)

systemd restart loop when tor@default.service::Type=notify

Reported by: jchevali Owned by:
Priority: Medium Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor Version: Tor: 0.3.5.4-alpha
Severity: Normal Keywords: systemd
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I'm experiencing a 300sec restart loop when Tor is run as a service. This is Debian stretch using systemd.

This is a system in which tor-0.3.4.8 was installed and running OK. Then I overrode the tor executable with a 0.3.5.4-alpha build (with configure --prefix=), and it started showing this problem.

I tried some workarounds found on the Net, such as changing the /var/run symlink from /run to ../run (which shouldn't need to be done), tweaking values of ReadWriteDirectories in tor@default.service, and changing TimeoutStartSec to 0. None of that worked.

What does work is setting Type=simple instead of notify, but then I came across ticket #11016 and really, notify should work. So if it doesn't, I wonder if this version of tor 0.3.5 alpha could have a fault? How can I look into that more closely to verify?

This is the log in syslog prior to restart:

systemd[1]: tor@default.service: Start operation timed out. Terminating.
systemd[1]: Failed to start Anonymizing overlay network for TCP.
systemd[1]: tor@default.service: Unit entered failed state.
systemd[1]: tor@default.service: Failed with result 'timeout'.
systemd[1]: tor@default.service: Service hold-off time over, scheduling restart.
systemd[1]: Stopped Anonymizing overlay network for TCP.
systemd[1]: Starting Anonymizing overlay network for TCP...

And here is my current tor@default.service:

[Unit]
Description=Anonymizing overlay network for TCP
After=network.target nss-lookup.target
PartOf=tor.service
ReloadPropagatedFrom=tor.service

[Service]
#Type=notify
Type=simple
NotifyAccess=all
PIDFile=/var/run/tor/tor.pid
PermissionsStartOnly=yes
ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /var/run/tor
ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config
ExecStart=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0
ExecReload=/bin/kill -HUP ${MAINPID}
KillSignal=SIGINT
TimeoutStartSec=300
TimeoutStopSec=60
Restart=on-failure
LimitNOFILE=65536

# Hardening
AppArmorProfile=-system_tor
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/proc
ReadWriteDirectories=-/var/lib/tor
ReadWriteDirectories=-/var/log/tor
ReadWriteDirectories=-/var/run
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH

Advice?

Child Tickets

Change History (6)

comment:1 Changed 10 months ago by teor

Component: Core TorCore Tor/Tor
Resolution: not a bug
Status: newclosed

type=simple probably works because your tor is built without systemd notify support.

Try configuring your tor build with --enable-systemd, which activates systemd notify support.

If that doesn't work, please re-open this ticket, and we'll look into it further.

comment:2 Changed 10 months ago by jchevali

Resolution: not a bug
Status: closedreopened

It appears that simply adding libsystemd-dev (amd64 215-17+deb8u7) to my system is enough to prevent me from building, even before I may add --enable-systemd to the configure command.

./configure --prefix= --enable-lzma=yes --enable-zstd=no --disable-asciidoc --disable-unittests

Building with the library installed makes it error. Removing it makes it stop erroring.

  ...
  ...
  ...
  CC       src/feature/hibernate/hibernate.o
src/feature/hibernate/hibernate.c: In function ‘hibernate_begin’:
src/feature/hibernate/hibernate.c:876:5:
   warning: implicit declaration of function ‘sd_notifyf’ [-Wimplicit-function-declaration]
     sd_notifyf(0, "EXTEND_TIMEOUT_USEC=%" PRIu64,
     ^
src/feature/hibernate/hibernate.c:876:5:
  warning: nested extern declaration of ‘sd_notifyf’ [-Wnested-externs]
src/feature/hibernate/hibernate.c:877:62:
  error: ‘TOR_USEC_PER_SEC’ undeclared (first use in this function)
     ((uint64_t)(options->ShutdownWaitLength) + 30) * TOR_USEC_PER_SEC);
                                                      ^
src/feature/hibernate/hibernate.c:877:62: 
  note: each undeclared identifier is reported only once for each function it appears in
Makefile:9071: recipe for target 'src/feature/hibernate/hibernate.o' failed
make[1]: *** [src/feature/hibernate/hibernate.o] Error 1
make[1]: Leaving directory '/tmp/tor-0.3.5.4-alpha-with-lzma'
Makefile:4987: recipe for target 'all' failed
make: *** [all] Error 2

comment:3 Changed 10 months ago by jchevali

By the way, I'm building on jessie, not stretch.

comment:4 Changed 10 months ago by jchevali

gcc version is 4.9.2-10.

comment:5 Changed 10 months ago by dgoulet

Milestone: Tor: 0.3.5.x-final
Status: reopenedneeds_information

Hmmm... we've just released 0.3.5.4-alpha which should contain the fix for the above you are seeing:

Commit 212bd9778b5c249f02f8fbdc1e8ccbe4c108f03a

$ git describe --contains 212bd9778b5
tor-0.3.5.4-alpha~1^2

Easy check: do you have TOR_USEC_PER_SEC in hibernate.c?

The HAVE_SYSTEMD should be enough to include the right header or the libsystemd version could be too old? (check for sd_notifyf() in /usr/include maybe?).

comment:6 Changed 10 months ago by jchevali

Resolution: not a bug
Status: needs_informationclosed

I see. I was building from f229c4e ("Bump to 0.3.5.4-alpha") which is a few commits prior to that. I had gone by the commit message and I had not checked that that bore the tag. Next time I'll check that it's the most recent commit that has the tag and that it's the tag that I expect before creating a ticket.

Closing now, thank you.

Note: See TracTickets for help on using tickets.