CentOS7 & Selinux & Tor
I’ve just encountered a problem starting tor. When I do ‘systemctl start tor’ it fails and I get selinux errors in the log. There was suggestion to do full auditing with ‘auditctl -w /etc/shadow -p w’. Which I did and it gave the following
type=PROCTITLE msg=audit(1539540150.692:60570):
proctitle/7573722F62696E2F746F72002D2D72756E61736461656D6F6E0030002D2
D64656661756C74732D746F727263002F7573722F73686172652F746F722F6465666175
6C74732D746F727263002D66002F6574632F746F722F746F727263002D2D76657269667
92D636F6E666967
type=PATH msg=audit(1539540150.692:60570): item=0
name=”/var/lib/tor/hidden_service/” inode 1616393 dev
4 thoughts on - CentOS7 & Selinux & Tor
I explored this a bit further. I moved away the
/var/lib/tor/hidden_service directory. Then I started tor and now it came up fine. It also recreated the /var/lib/tor/hidden_service directory as torrc hadn’t changed. But then I tried to restart it. Now it failed, with the same selinux errors.
Seems definitely to be a bug of some sort. Not sure if it is with selinux or tor though. And I know it worked a while back.
Cheers Robin
Still trying to figure out this selinux issue :(
Perhaps somebody could point me to the best mailing list/forum/tracker for this kind of issue?
Cheers Robin
Most likely this is tor running as root and trying to access this file.
I’m trying to start tor using ‘systemctl start tor’ and I haven’t touched any systemd file.
What I get in the logs when I try to start is
polkitd[1097]: Registered Authentication Agent for unix-
process:18981:211495106 (system bus name :1.27348 [/usr/bin/pkttyagent
–notify-fd 5 –fallback], object path
/org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_GB.UTF-8)
systemd[1]: Starting Anonymizing overlay network for TCP… tor[18988]: Oct 23 20:26:10.746 [notice] Tor 0.2.9.16 (git-
645ef2e2854b2225) running on Linux with Libevent 2.0.21-stable, OpenSSL
1.0.2k-fips and Zlib 1.2.7. tor[18988]: Oct 23 20:26:10.746 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning tor[18988]: Oct 23 20:26:10.746 [notice] Read configuration file
“/usr/share/tor/defaults-torrc”. tor[18988]: Oct 23 20:26:10.746 [notice] Read configuration file
“/etc/tor/torrc”. tor[18988]: Oct 23 20:26:10.752 [warn] Directory
/var/lib/tor/hidden_service/ cannot be read: Permission denied tor[18988]: Oct 23 20:26:10.752 [warn] Checking service directory
/var/lib/tor/hidden_service/ failed. tor[18988]: Oct 23 20:26:10.752 [warn] Failed to parse/validate config:
Failed to configure rendezvous options. See logs for details. tor[18988]: Oct 23 20:26:10.752 [err] Reading config failed–see warnings above. systemd[1]: tor.service: control process exited, code=exited status=1
systemd[1]: Failed to start Anonymizing overlay network for TCP.
How can I check which user it is trying to start as?
Cheers Robin