Re: Centos7 & Selinux & Tor

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 10/23/18 2:49 PM, Robin Lee wrote:
> On Sun, 2018-10-14 at 20:13 +0200, Robin Lee wrote:
>> I've just encountered a problem starting tor. When I do 'systemctl
>> start tor' it fails and I get selinux errors in the log. There was
>> suggestion to do full auditing with 'auditctl -w /etc/shadow -p w'.
>> Which I did and it gave the following
>>
>> type=PROCTITLE msg=audit(1539540150.692:60570):
>> proctitle=2F7573722F62696E2F746F72002D2D72756E61736461656D6F6E0030002
>> D2
>> D64656661756C74732D746F727263002F7573722F73686172652F746F722F64656661
>> 75
>> 6C74732D746F727263002D66002F6574632F746F722F746F727263002D2D766572696
>> 67
>> 92D636F6E666967
>>
>> type=PATH msg=audit(1539540150.692:60570): item=0
>> name="/var/lib/tor/hidden_service/" inode=201616393 dev=fd:02
>> mode=040700 ouid=494 ogid=490 rdev=00:00
>> obj=system_u:object_r:tor_var_lib_t:s0 objtype=NORMAL
>> cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
>>
>> type=CWD msg=audit(1539540150.692:60570):  cwd="/"
>>
>> type=SYSCALL msg=audit(1539540150.692:60570): arch=c000003e syscall=2
>> success=no exit=-13 a0=562d3767da80 a1=20000 a2=0 a3=1 items=1 ppid=1
>> pid=18283 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
>> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tor"
>> exe="/usr/bin/tor"
>> subj=system_u:system_r:tor_t:s0 key=(null)
>>
>> type=AVC msg=audit(1539540150.692:60570): avc:  denied  {
>> dac_read_search } for  pid=18283 comm="tor"
>> capability=2  scontext=system_u:system_r:tor_t:s0
>> tcontext=system_u:system_r:tor_t:s0 tclass=capability
>>
>> type=AVC msg=audit(1539540150.692:60570): avc:  denied  {
>> dac_override
>> } for  pid=18283 comm="tor"
>> capability=1  scontext=system_u:system_r:tor_t:s0
>> tcontext=system_u:system_r:tor_t:s0 tclass=capability
>>
>> So I had a look at the permissions for /var/lib/tor/hidden_service/
>> and
>> they were 
>>
>> drwx------. toranon toranon system_u:object_r:tor_var_lib_t:s0
>> hidden_service
> Still trying to figure out this selinux issue :( 
>
> Perhaps somebody could point me to the best mailing list/forum/tracker
> for this kind of issue?
Most likely this is tor running as root and trying to access this file.
> Cheers
> Robin
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux