Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[UbuntuVM] permission issues of tor@default

See original GitHub issue

Using the current state of the dev branch I am running into an annoying issue with the tor@default instance. Interestingly tor@lnd works flawlessly.

Settings are at default and tried already reinstalling and deleting the /mnt/hdd/tor directory to no avail.

$ tor --version
Tor version 0.4.5.10.
$ uname -a
Linux nadmin-BHYVE 5.11.0-34-generic #36~20.04.1-Ubuntu SMP Fri Aug 27 08:06:32 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

The failure is:

$ sudo journalctl  -fu tor@default

Sep 12 18:43:30 nadmin-BHYVE systemd[1]: tor@default.service: Failed with result 'exit-code'.
Sep 12 18:43:30 nadmin-BHYVE systemd[1]: Failed to start Anonymizing overlay network for TCP.
Sep 12 18:43:30 nadmin-BHYVE systemd[1]: tor@default.service: Scheduled restart job, restart counter is at 4.
Sep 12 18:43:30 nadmin-BHYVE systemd[1]: Stopped Anonymizing overlay network for TCP.
Sep 12 18:43:30 nadmin-BHYVE systemd[1]: Starting Anonymizing overlay network for TCP...
Sep 12 18:43:30 nadmin-BHYVE tor[1159]: Sep 12 18:43:30.966 [notice] Tor 0.4.5.10 running on Linux with Libevent 2.1.11-stable, OpenSSL 1.1.1f, Zlib 1.2.11, Liblzma 5.2.4, Libzstd 1.4.4 and Glibc 2.31 as libc.
Sep 12 18:43:30 nadmin-BHYVE tor[1159]: Sep 12 18:43:30.966 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Sep 12 18:43:30 nadmin-BHYVE tor[1159]: Sep 12 18:43:30.966 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Sep 12 18:43:30 nadmin-BHYVE tor[1159]: Sep 12 18:43:30.966 [notice] Read configuration file "/etc/tor/torrc".
Sep 12 18:43:30 nadmin-BHYVE tor[1159]: Sep 12 18:43:30.968 [warn] Your log may contain sensitive information - you disabled SafeLogging. Don't log unless it serves an important reason. Overwrite the log afterwards.
Sep 12 18:43:30 nadmin-BHYVE tor[1159]: Configuration was valid
Sep 12 18:43:30 nadmin-BHYVE tor[1160]: Sep 12 18:43:30.983 [notice] Tor 0.4.5.10 running on Linux with Libevent 2.1.11-stable, OpenSSL 1.1.1f, Zlib 1.2.11, Liblzma 5.2.4, Libzstd 1.4.4 and Glibc 2.31 as libc.
Sep 12 18:43:30 nadmin-BHYVE tor[1160]: Sep 12 18:43:30.983 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Sep 12 18:43:30 nadmin-BHYVE tor[1160]: Sep 12 18:43:30.983 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Sep 12 18:43:30 nadmin-BHYVE tor[1160]: Sep 12 18:43:30.983 [notice] Read configuration file "/etc/tor/torrc".
Sep 12 18:43:30 nadmin-BHYVE tor[1160]: Sep 12 18:43:30.984 [notice] Opening Socks listener on 127.0.0.1:9050
Sep 12 18:43:30 nadmin-BHYVE tor[1160]: Sep 12 18:43:30.985 [notice] Opened Socks listener connection (ready) on 127.0.0.1:9050
Sep 12 18:43:30 nadmin-BHYVE tor[1160]: Sep 12 18:43:30.985 [notice] Opening Control listener on 127.0.0.1:9051
Sep 12 18:43:30 nadmin-BHYVE tor[1160]: Sep 12 18:43:30.985 [notice] Opened Control listener connection (ready) on 127.0.0.1:9051
Sep 12 18:43:30 nadmin-BHYVE tor[1160]: Sep 12 18:43:30.985 [warn] Directory /mnt/hdd/tor/sys cannot be read: Permission denied
Sep 12 18:43:30 nadmin-BHYVE tor[1160]: Sep 12 18:43:30.985 [notice] Closing partially-constructed Socks listener connection (ready) on 127.0.0.1:9050
Sep 12 18:43:30 nadmin-BHYVE tor[1160]: Sep 12 18:43:30.985 [notice] Closing partially-constructed Control listener connection (ready) on 127.0.0.1:9051
Sep 12 18:43:30 nadmin-BHYVE tor[1160]: Sep 12 18:43:30.985 [warn] Failed to parse/validate config: Couldn't create private data directory "/mnt/hdd/tor/sys"
Sep 12 18:43:30 nadmin-BHYVE tor[1160]: Sep 12 18:43:30.985 [err] Reading config failed--see warnings above.
Sep 12 18:43:30 nadmin-BHYVE systemd[1]: tor@default.service: Main process exited, code=exited, status=1/FAILURE
Sep 12 18:43:30 nadmin-BHYVE systemd[1]: tor@default.service: Failed with result 'exit-code'.
Sep 12 18:43:30 nadmin-BHYVE systemd[1]: Failed to start Anonymizing overlay network for TCP.
Sep 12 18:43:31 nadmin-BHYVE systemd[1]: tor@default.service: Scheduled restart job, restart counter is at 5.
Sep 12 18:43:31 nadmin-BHYVE systemd[1]: Stopped Anonymizing overlay network for TCP.
Sep 12 18:43:31 nadmin-BHYVE systemd[1]: tor@default.service: Start request repeated too quickly.
Sep 12 18:43:31 nadmin-BHYVE systemd[1]: tor@default.service: Failed with result 'exit-code'.
Sep 12 18:43:31 nadmin-BHYVE systemd[1]: Failed to start Anonymizing overlay network for TCP.

debug output of a newly built node in a VM: https://termbin.com/fa0t

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:14 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
openomscommented, Jan 10, 2022

Ok this apparmor profile with the added directories does work:

# vim:syntax=apparmor
#include <tunables/global>

profile system_tor flags=(attach_disconnected) {
  #include <abstractions/tor>

  owner /var/lib/tor/** rwk,
  owner /var/lib/tor/ r,
  owner /var/log/tor/* w,

  owner /mnt/hdd/tor/** rwk,
  owner /mnt/hdd/tor/ r,
  owner /mnt/hdd/app-data/tor/** rwk,

  # During startup, tor (as root) tries to open various things such as
  # directories via check_private_dir().  Let it.
  /var/lib/tor/** r,
  /mnt/hdd/tor/** r,
  /mnt/hdd/app-data/tor/** r,

  /{,var/}run/tor/ r,
  /{,var/}run/tor/control w,
  /{,var/}run/tor/socks w,
  /{,var/}run/tor/tor.pid w,
  /{,var/}run/tor/control.authcookie w,
  /{,var/}run/tor/control.authcookie.tmp rw,
  /{,var/}run/systemd/notify w,

  # Site-specific additions and overrides. See local/README for details.
  #include <local/system_tor>
}
1reaction
openomscommented, Sep 12, 2021

SUCCES

disabling the line:

AppArmorProfile=-system_tor

in /lib/systemd/system/tor@default.service did it!

now Tor is working.

Alternatively can add to the /etc/systemd/system/tor@default.service.d/raspiblitz.conf so it looks like:

    # DO NOT EDIT! This file is generated by raspiblitz and will be overwritten
[Service]
ReadWriteDirectories=-/mnt/hdd/tor
AppArmorProfile=
[Unit]
After=network.target nss-lookup.target mnt-hdd.mount

after either modification run:

sudo systemctl daemon-reload
sudo systemctl restart tor@default
# and if there is no error restart the node:
restart
Read more comments on GitHub >

github_iconTop Results From Across the Web

Permission denied on Cloud9 Ubuntu VM - .NET Core
This looks like the permission issue is due to a locked down Cloud9 VM. mjc: I'm wondering then if there are special permissions...
Read more >
世界の 4/1\" 21 7'2\" torq 2 47.2L 4/3\" サーフィン - 買い誠実 NIKE ...
UbuntuVM ] permission issues of tor@default · Issue #2531 新品・未使用 EMPORIO ARMANI EA7 ダウンベスト. K2501 thread | Page 9 | XDA Forums
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Cannot start LND. Error while dialing dial tcp 127.0.0.1:10009

Next page

[UPDATE] manual script downloads for broken updates