Opened 4 weeks ago

Last modified 2 weeks ago

#32218 new defect

Systemd problem with ExecReload and CAP_KILL

Reported by: sunova Owned by:
Priority: Medium Milestone: Tor: 0.4.2.x-final
Component: Core Tor/Tor Version: Tor: 0.4.2.2-alpha
Severity: Normal Keywords: systemd
Cc: dangersd@…, weasel Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hi
There is a known issue with CGroup hardening which systemd applies, that without CAP_KILL capability, it's not possible to send HUP signal by managed slice, even to MAINPID.
Please add it to CapabilityBoundingSet= section in unit file.
Running Tor 0.4.2.2-alpha on Gentoo.

https://gitweb.torproject.org/tor.git/tree/contrib/dist/tor.service.in?id=d5cbc58094ec740e768d5fa88a51c20c645ed70e

Child Tickets

Change History (3)

comment:1 Changed 4 weeks ago by dgoulet

Cc: weasel added
Milestone: Tor: 0.4.2.x-final

comment:2 Changed 2 weeks ago by teor

This ticket is unlikely to make 042-rc, unless the fix is done in the next few days.

comment:3 Changed 2 weeks ago by weasel

It's not clear what the problem is or the use-case that is restricted by the current CapabilityBoundingSet.

Note: See TracTickets for help on using tickets.