-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
'systemctl reload tor'
fails due to hardening restrictions in tor's systemd service file [1]:
CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
Removing that line solves the reload issue.
Reloading with that line does not
On Tue, Mar 17, 2015 at 06:09:00PM -0700, David Fifield wrote:
You can eyeball more examples in the omni-graph:
https://people.torproject.org/~dcf/graphs/relays-all.pdf
That's a really useful overview! It would be great if we could include
that on the metrics page.
Is there a usual story we
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Nick,
thanks for your answer.
What capability would one have to add to the list to make it work
with CapabilityBoundingSet?
It probably depends on what's in your configuration.
torrc file while testing:
User debian-tor
DataDirectory
On Wed, Mar 18, 2015 at 6:15 AM, Nusenu nus...@openmailbox.org wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
'systemctl reload tor'
fails due to hardening restrictions in tor's systemd service file [1]:
CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
so the somewhat obvious fix was to add CAP_KILL.
after reading:
man capabilities:
Bypass permission checks for sending signals (see kill(2)). This
includes use of the ioctl(2) KDSIGACCEPT operation.
I'm not entirely sure since that sounds
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
'systemctl reload tor' fails due to hardening restrictions in tor's
systemd service file [1]:
CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
This configuration restricts not only the service (tor) but also the
ExecReload
On Wed, Mar 18, 2015 at 12:41:55PM +0100, Philipp Winter wrote:
On Tue, Mar 17, 2015 at 06:09:00PM -0700, David Fifield wrote:
You can eyeball more examples in the omni-graph:
https://people.torproject.org/~dcf/graphs/relays-all.pdf
That's a really useful overview! It would be great if we