Re: [tor-dev] Could tor drop privileges even earlier? (before trying to access anything on the filesystem beyond its torrc files)

I pasted that email to trac as https://trac.torproject.org/projects/tor/ticket/26910 -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list

[tor-dev] Could tor drop privileges even earlier? (before trying to access anything on the filesystem beyond its torrc files)

Fedora/CentOS starts the tor service as root and drops privileges to user 'toranon' due to the torrc 'User' parameter by default. Also by default the tor service runs in a SELinux confined domain (tor_t). That means root in that domain can NOT access just any files regardless of DAC filesystem