Opened 7 years ago

Last modified 5 months ago

#3782 new enhancement

Add native chroot support to Tor

Reported by: ioerror Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-relay
Cc: nickm, arma, weasel Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

To run Tor in a chroot is somewhat difficult. Currently users have to create a custom chroot and then manually chroot before starting Tor. This is a difficult process for most people and in general it would be much easier to add an option to Tor.

I think that to do this the Tor process will need to open devices and log files before chrooting and then in the chroot, it will need to store all of the things normally stored in /var/lib/tor and it will need to have access to /etc/tor/torrc or a copy of it. It will need to use syslog rather than a file unless we pass an open fd (yuck).

Thoughts?

Child Tickets

Change History (15)

comment:1 Changed 7 years ago by ioerror

In an ideal world, we'd not need to have any open files at all - we'd read the data in and close everything and call it a day.

comment:2 Changed 7 years ago by nickm

Milestone: Tor: unspecified

comment:3 Changed 7 years ago by Sebastian

Resolution: duplicate
Status: newclosed

seems to be a duplicate of #3794.

comment:4 Changed 6 years ago by nickm

Keywords: tor-relay added

comment:5 Changed 6 years ago by nickm

Component: Tor RelayTor

comment:6 in reply to:  3 Changed 20 months ago by cypherpunks

Cc: nickm arma weasel added; nickm arma weasel removed
Resolution: duplicate
Severity: Normal
Status: closedreopened
Summary: Tor should learn to chrootAdd native chroot support to Tor

Replying to Sebastian:

seems to be a duplicate of #3794.

This isn't a duplicate. That ticket is for scripts which copy files to a directory and use the chroot command. This ticket is specifically about avoiding that.

comment:7 Changed 17 months ago by nickm

Resolution: wontfix
Status: reopenedclosed

comment:8 Changed 17 months ago by nickm

(Closed because it's really better to do this --and everything else that needs elevated privileges!-- outside of Tor.)

comment:9 Changed 17 months ago by nickm

Resolution: wontfix
Status: closedreopened

Weasel tells me you can't do chrooting right from outside the process. :(

comment:10 Changed 17 months ago by nickm

Status: reopenednew

comment:11 Changed 5 months ago by cypherpunks

Tor currently needs to access a few directories, including /var/lib/tor, /var/log/tor, and /etc/tor. I believe all of these have files that can't simply be opened once before a chroot because they need to be re-read when Tor reloads (e.g. when it receives a SIGHUP). Would it be an issue to create a /var/lib/tor/chroot directory and populate it with hardlinks to the relevant files?

comment:12 in reply to:  11 Changed 5 months ago by teor

Replying to cypherpunks:

Tor currently needs to access a few directories, including /var/lib/tor, /var/log/tor, and /etc/tor. I believe all of these have files that can't simply be opened once before a chroot because they need to be re-read when Tor reloads (e.g. when it receives a SIGHUP). Would it be an issue to create a /var/lib/tor/chroot directory and populate it with hardlinks to the relevant files?

Those directories are the default. Tor has the DataDirectory, Log, and -f options, which can all be used to place the relevant files in a chroot directory.

Edit: autocorrect

Last edited 5 months ago by teor (previous) (diff)

comment:13 Changed 5 months ago by cypherpunks

That's good, then symlinks can be used to make the files appear in their expected places if desired. Is the only thing blocking this the fact that no one has written the code yet? I could easily write a patch.

comment:14 in reply to:  13 Changed 5 months ago by teor

Replying to cypherpunks:

That's good, then symlinks can be used to make the files appear in their expected places if desired.

Hard links will work in a chroot. Symlinks won't work, because symlinks only contain the path to the file outside the chroot.

Is the only thing blocking this the fact that no one has written the code yet? I could easily write a patch.

I don't think this change needs a proposal.

How about you write the code for a new Chroot option, and then we'll review it?

If you can write unit tests, or integration tests, that will help us make sure it works on different platforms.

comment:15 Changed 5 months ago by cypherpunks

I meant using symlinks for the benefit of other programs outside of the chroot, e.g. a symlink from /var/lib/tor/chroot/torrc (the real file) to /etc/tor/torrc (a symlink). Otherwise it might be hard to convince people to change their log monitors to somewhere other than /var/log, etc.

I haven't been on my development system for a while but when I get back on I'll give it a shot.

Note: See TracTickets for help on using tickets.