Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/tor: fix systemd service #41852

Merged
merged 2 commits into from Jun 13, 2018
Merged

nixos/tor: fix systemd service #41852

merged 2 commits into from Jun 13, 2018

Conversation

oxij
Copy link
Member

@oxij oxij commented Jun 11, 2018

Kindly contributed fix to what #39083 apparently broke when fixing what #37827 broke.

  • Tested by the original author.
  • Tested by me in NixOS VM with control socked and hidden services enabled. It works.

@dotlambda, can you verify it works with your config? Let's try really hard not to break anything this time.

SLNOS added 2 commits June 11, 2018 15:52
@oxij
nixos/tor: add tor-init service to fix directory ownerships, fix hard…
2de3c4b 
…enings

This reverts a part of 5bd12c6.

Apparently there's no way to specify user for RuntimeDirectory in systemd
service file (it's always root) but tor won't create control socket if the dir
is owned by anybody except the tor user.

These hardenings were adopted from the upstream service file, checked
against systemd.service(5) and systemd.exec(5) manuals, and tested to
actually work with all the options enabled.

`PrivateDevices` implies `DevicePolicy=closed` according to systemd.exec(5),
removed.

`--RunAsDaemon 0` is the default value according to tor(5), removed.
@oxij
nixos/tor: use ControlPort for controlSocket for simplicity
adab27a
@dotlambda
Copy link
Member

I think we should instead run the systemd service as the tor user instead of letting Tor switch to that user itself. This also what Arch does: https://git.archlinux.org/svntogit/community.git/tree/trunk/tor.service?h=packages/tor. Do you think that's possible?
The only problem I see is that sometimes people configure bridges to listen on 443 in order to hide the fact they are running a Tor relay. We might have to give the service additional capabilities.

@oxij
Copy link
Member Author

oxij commented Jun 11, 2018 via email

@joachifm
Copy link
Contributor

If the separate service thing works that seems fine to me ... Depending on how tor does its privsep, it may even be preferrable to let it do its thing anyway.

An alternative is to set User, RuntimeDirectory, StateDirectory and use StateDirectoryMode to restrict visibility into that dir. Or use tmpfiles or something.

@joachifm joachifm merged commit f0f385a into NixOS:master Jun 13, 2018
@joachifm
Copy link
Contributor

Makes sense to me to just merge this & maybe iterate later. Thank you.

@oxij oxij deleted the nixos/tor-service branch November 18, 2018 08:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@oxij @dotlambda @joachifm @GrahamcOfBorg