#22991: Ubuntu/AppArmor 0.3.0.9 and 0.3.1.4-alpha - onion service setup fails --------------------------------------+----------------- Reporter: yawnbox | Owner: Type: defect | Status: new Priority: Medium | Milestone: Component: - Select a component | Version: Severity: Normal | Keywords: Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | --------------------------------------+----------------- After setting up new Ubuntu server hosts and adding the Tor Project repo, setting up an onion service fails due to apparmor.
Hosts tested: Xenial server Zesty server Tor versions tested: 0.3.0.9 0.3.1.4-alpha Errors: /var/log/kern.log |grep tor Jul 20 19:25:58 zesty kernel: [ 50.173406] audit: type=1400 audit(1500578758.127:16): apparmor="DENIED" operation="capable" profile="system_tor" pid=2148 comm="tor" capability=2 capname="dac_read_search" /var/log/syslog |grep tor Jul 20 19:26:00 zesty tor[2190]: Jul 20 19:26:00.111 [notice] Tor 0.3.1.4-alpha (git-c3fe257c709bb814) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2g, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A. Jul 20 19:26:00 zesty tor[2190]: Jul 20 19:26:00.112 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Jul 20 19:26:00 zesty tor[2190]: Jul 20 19:26:00.113 [notice] This version is not a stable Tor release. Expect more bugs than usual. Jul 20 19:26:00 zesty tor[2190]: Jul 20 19:26:00.114 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Jul 20 19:26:00 zesty tor[2190]: Jul 20 19:26:00.114 [notice] Read configuration file "/etc/tor/torrc". Jul 20 19:26:00 zesty tor[2190]: Configuration was valid Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.223 [notice] Tor 0.3.1.4-alpha (git-c3fe257c709bb814) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2g, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A. Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.224 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.225 [notice] This version is not a stable Tor release. Expect more bugs than usual. Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.225 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.226 [notice] Read configuration file "/etc/tor/torrc". Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.233 [warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission denied Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.234 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details. Jul 20 19:26:00 zesty tor[2193]: Jul 20 19:26:00.235 [err] Reading config failed--see warnings above. Jul 20 19:26:00 zesty systemd[1]: tor@default.service: Main process exited, code=exited, status=1/FAILURE Jul 20 19:26:00 zesty systemd[1]: tor@default.service: Unit entered failed state. Jul 20 19:26:00 zesty systemd[1]: tor@default.service: Failed with result 'exit-code'. Jul 20 19:26:00 zesty systemd[1]: tor@default.service: Service hold-off time over, scheduling restart. Jul 20 19:26:00 zesty systemd[1]: tor@default.service: Start request repeated too quickly. Jul 20 19:26:00 zesty systemd[1]: tor@default.service: Unit entered failed state. Jul 20 19:26:00 zesty systemd[1]: tor@default.service: Failed with result 'exit-code'. Identified solution: sudo vim /etc/apparmor.d/abstractions/tor add this line to capabilities: capability dac_read_search, reload: sudo /etc/init.d/apparmor reload sudo service tor restart -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22991> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs