search for: toranon

...menting with tor hidden services and got it to work nicely on my Centos7, with tor from epel. That is, until I booted the machine. Then SELinux kicked in and in the logs there's? [warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission denied The permissions are drwx------.??2 toranon toranon????4096 Jan 28 23:39 hidden_service And SELinux gives the following SELinux is preventing /usr/bin/tor from using the dac_override capability. *****??Plugin dac_override (91.4 confidence) suggests???********************** If you want to help identify if domain needs this access or you h...

...sg=audit(1539540150.692:60570): avc: denied { dac_override } for pid=18283 comm="tor" capability=1 scontext=system_u:system_r:tor_t:s0 tcontext=system_u:system_r:tor_t:s0 tclass=capability So I had a look at the permissions for /var/lib/tor/hidden_service/ and they were drwx------. toranon toranon system_u:object_r:tor_var_lib_t:s0 hidden_service Could somebody help me out here? I have no idea what to make of this. I know that tor was working for me at least a month ago. I got tor from this package: tor-0.2.9.16-1.el7.x86_64 Cheers Robin

...ite low. dac_override indicates that you're running your process as root, and it's trying to do something on the filesystem which is not explicitly allowed by permissions. DAC is the standard POSIX permission system, and the process is trying to override it. DAC allows access to the toranon user and toranon group only, and the process is trying to override that access by way of root access. I'd say that no, giving dac_override is not a good idea, but mostly because that implies that you'd continue running the process as root. You should be running the service as the &quot...

...tes that you're running your process as root, and? > it's trying to do something on the filesystem which is not > explicitly? > allowed by permissions.??DAC is the standard POSIX permission > system,? > and the process is trying to override it.??DAC allows access to the? > toranon user and toranon group only, and the process is trying to? > override that access by way of root access. That's strange, because I started the tor process simply with sudo systemctl start tor The only changes I've really made was to add two lines of configuration in torrc Cheers Mark

...t; dac_override > } for pid=18283 comm="tor" > capability=1 scontext=system_u:system_r:tor_t:s0 > tcontext=system_u:system_r:tor_t:s0 tclass=capability > > So I had a look at the permissions for /var/lib/tor/hidden_service/ > and > they were > > drwx------. toranon toranon system_u:object_r:tor_var_lib_t:s0 > hidden_service Still trying to figure out this selinux issue :( Perhaps somebody could point me to the best mailing list/forum/tracker for this kind of issue? Cheers Robin

...d=18283 comm="tor" >> capability=1 scontext=system_u:system_r:tor_t:s0 >> tcontext=system_u:system_r:tor_t:s0 tclass=capability >> >> So I had a look at the permissions for /var/lib/tor/hidden_service/ >> and >> they were >> >> drwx------. toranon toranon system_u:object_r:tor_var_lib_t:s0 >> hidden_service > Still trying to figure out this selinux issue :( > > Perhaps somebody could point me to the best mailing list/forum/tracker > for this kind of issue? Most likely this is tor running as root and trying to access this f...