Opened 12 months ago

Last modified 5 months ago

#32218 needs_information defect

Systemd problem with ExecReload and CAP_KILL

Reported by: sunova Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: 0.4.2.2-alpha
Severity: Normal Keywords: systemd
Cc: dangersd@…, weasel Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hi
There is a known issue with CGroup hardening which systemd applies, that without CAP_KILL capability, it's not possible to send HUP signal by managed slice, even to MAINPID.
Please add it to CapabilityBoundingSet= section in unit file.
Running Tor 0.4.2.2-alpha on Gentoo.

https://gitweb.torproject.org/tor.git/tree/contrib/dist/tor.service.in?id=d5cbc58094ec740e768d5fa88a51c20c645ed70e

Child Tickets

Change History (4)

comment:1 Changed 12 months ago by dgoulet

Cc: weasel added
Milestone: Tor: 0.4.2.x-final

comment:2 Changed 12 months ago by teor

This ticket is unlikely to make 042-rc, unless the fix is done in the next few days.

comment:3 Changed 12 months ago by weasel

It's not clear what the problem is or the use-case that is restricted by the current CapabilityBoundingSet.

comment:4 Changed 5 months ago by nickm

Milestone: Tor: 0.4.2.x-finalTor: unspecified
Status: newneeds_information
Note: See TracTickets for help on using tickets.