Description of problem: tor.service won't start. Seeing this for the first time today. Sep 27 11:34:48 naruto systemd[1]: Stopped Anonymizing overlay network for TCP. -- Subject: Unit tor.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit tor.service has finished shutting down. Sep 27 11:34:48 naruto systemd[1]: Starting Anonymizing overlay network for TCP... -- Subject: Unit tor.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit tor.service has begun starting up. Sep 27 11:34:48 naruto audit[2158]: AVC avc: denied { mounton } for pid=2158 comm="(tor)" path="/var/lib/tor" dev="dm-4" ino=1311352 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tor_var_lib_t:s0 tclass=dir permissive=0 Sep 27 11:34:48 naruto tor[2158]: Sep 27 11:34:48.540 [notice] Tor v0.2.8.7 running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.2i-fips and Zlib 1.2.8. Sep 27 11:34:48 naruto tor[2158]: Sep 27 11:34:48.540 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Sep 27 11:34:48 naruto tor[2158]: Sep 27 11:34:48.540 [notice] Read configuration file "/usr/share/tor/defaults-torrc". Sep 27 11:34:48 naruto tor[2158]: Sep 27 11:34:48.540 [notice] Read configuration file "/etc/tor/torrc". Sep 27 11:34:48 naruto tor[2158]: Sep 27 11:34:48.543 [notice] Based on detected system memory, MaxMemInQueues is set to 5726 MB. You can override this by setting MaxMemInQueues by hand. Sep 27 11:34:48 naruto tor[2158]: Sep 27 11:34:48.544 [warn] Unable to make /var/lib/tor group-readable: Read-only file system Sep 27 11:34:48 naruto tor[2158]: Configuration was valid Sep 27 11:34:48 naruto audit[2160]: AVC avc: denied { mounton } for pid=2160 comm="(tor)" path="/var/lib/tor" dev="dm-4" ino=1311352 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tor_var_lib_t:s0 tclass=dir permissive=0 Sep 27 11:34:48 naruto tor[2160]: Sep 27 11:34:48.628 [notice] Tor v0.2.8.7 running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.2i-fips and Zlib 1.2.8. Sep 27 11:34:48 naruto tor[2160]: Sep 27 11:34:48.628 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Sep 27 11:34:48 naruto tor[2160]: Sep 27 11:34:48.629 [notice] Read configuration file "/usr/share/tor/defaults-torrc". Sep 27 11:34:48 naruto tor[2160]: Sep 27 11:34:48.629 [notice] Read configuration file "/etc/tor/torrc". Sep 27 11:34:48 naruto tor[2160]: Sep 27 11:34:48.631 [notice] Based on detected system memory, MaxMemInQueues is set to 5726 MB. You can override this by setting MaxMemInQueues by hand. Sep 27 11:34:48 naruto tor[2160]: Sep 27 11:34:48.632 [notice] Opening Socks listener on 127.0.0.1:9050 Sep 27 11:34:48 naruto tor[2160]: Sep 27 11:34:48.633 [notice] Opening DNS listener on 127.0.0.1:53 Sep 27 11:34:48 naruto tor[2160]: Sep 27 11:34:48.633 [notice] Opening OR listener on 0.0.0.0:9001 Sep 27 11:34:48 naruto tor[2160]: Sep 27 11:34:48.634 [warn] Unable to make /var/lib/tor group-readable: Read-only file system Sep 27 11:34:48 naruto Tor[2160]: OpenSSL version from headers does not match the version we're running with. If you get weird crashes, that might be why. (Compiled with 1000208f: OpenSSL 1.0.2h 3 May 2016; running with 1000209f: OpenSSL 1.0.2i-fips 22 Sep 2016). Sep 27 11:34:48 naruto Tor[2160]: Tor v0.2.8.7 running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.2i-fips and Zlib 1.2.8. Sep 27 11:34:48 naruto Tor[2160]: Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Sep 27 11:34:48 naruto Tor[2160]: Read configuration file "/usr/share/tor/defaults-torrc". Sep 27 11:34:48 naruto Tor[2160]: Read configuration file "/etc/tor/torrc". Sep 27 11:34:48 naruto Tor[2160]: Based on detected system memory, MaxMemInQueues is set to 5726 MB. You can override this by setting MaxMemInQueues by hand. Sep 27 11:34:48 naruto Tor[2160]: Opening Socks listener on 127.0.0.1:9050 Sep 27 11:34:48 naruto Tor[2160]: Opening DNS listener on 127.0.0.1:53 Sep 27 11:34:48 naruto Tor[2160]: Opening OR listener on 0.0.0.0:9001 Sep 27 11:34:48 naruto Tor[2160]: Unable to make /var/lib/tor group-readable: Read-only file system Sep 27 11:34:48 naruto Tor[2160]: Couldn't open "/var/lib/tor/lock" for locking: Read-only file system Sep 27 11:34:48 naruto Tor[2160]: set_options(): Bug: Acting on config options left us in a broken state. Dying. (on Tor 0.2.8.7 ) Sep 27 11:34:48 naruto systemd[1]: tor.service: Main process exited, code=exited, status=1/FAILURE Sep 27 11:34:48 naruto systemd[1]: Failed to start Anonymizing overlay network for TCP. -- Subject: Unit tor.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit tor.service has failed. -- -- The result is failed. Sep 27 11:34:48 naruto audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=tor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' Sep 27 11:34:48 naruto systemd[1]: tor.service: Unit entered failed state. Sep 27 11:34:48 naruto systemd[1]: tor.service: Failed with result 'exit-code'. Sep 27 11:34:49 naruto systemd[1]: tor.service: Service hold-off time over, scheduling restart. Sep 27 11:34:49 naruto systemd[1]: Stopped Anonymizing overlay network for TCP. -- Subject: Unit tor.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit tor.service has finished shutting down. Sep 27 11:34:49 naruto audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=tor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Sep 27 11:34:49 naruto audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=tor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Sep 27 11:34:49 naruto systemd[1]: tor.service: Start request repeated too quickly. Sep 27 11:34:49 naruto systemd[1]: Failed to start Anonymizing overlay network for TCP. -- Subject: Unit tor.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit tor.service has failed. -- -- The result is failed. Sep 27 11:34:49 naruto systemd[1]: tor.service: Unit entered failed state. Sep 27 11:34:49 naruto systemd[1]: tor.service: Failed with result 'start-limit-hit'. It complains about /var/lib/tor being read-only. Is that to blame? Version-Release number of selected component (if applicable): tor-0.2.8.7-1.fc26.x86_64 How reproducible: always Steps to Reproduce: 1. systemctl start tor
I don't see the original issue anymore, rather now I see this: Sep 29 09:54:52 naruto audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=tor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Sep 29 09:54:52 naruto audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=tor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Sep 29 09:54:52 naruto systemd[1]: Starting Anonymizing overlay network for TCP... -- Subject: Unit tor.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit tor.service has begun starting up. Sep 29 09:54:52 naruto systemd[28129]: tor.service: Failed at step NAMESPACE spawning /usr/bin/tor: No such file or directory -- Subject: Process /usr/bin/tor could not be executed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- The process /usr/bin/tor could not be executed and failed. -- -- The error number returned by this process is 2. Sep 29 09:54:52 naruto systemd[1]: tor.service: Control process exited, code=exited status=226 Sep 29 09:54:52 naruto systemd[1]: Failed to start Anonymizing overlay network for TCP. -- Subject: Unit tor.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit tor.service has failed. -- -- The result is failed. Sep 29 09:54:52 naruto systemd[1]: tor.service: Unit entered failed state. Sep 29 09:54:52 naruto audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=tor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' Sep 29 09:54:52 naruto systemd[1]: tor.service: Failed with result 'exit-code'. $ which tor /usr/bin/tor
This look like related to https://bugzilla.redhat.com/show_bug.cgi?id=1368621 , does it work if you put selinux in permissive, or does the AVC match the one reported in the bug (and those on https://bugzilla.redhat.com/show_bug.cgi?id=1357395 )
Hi Michael, no joy with setenforce 0. I still see the same error. Also, mounton access was denied to /run/tor up until sept 23, and on sept 27 it changed to /var/lib/tor. See: time->Fri Sep 23 14:22:48 2016 type=AVC msg=audit(1474658568.558:98): avc: denied { mounton } for pid=986 comm="(tor)" path="/run/tor" dev="tmpfs" ino=18911 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tor_var_run_t:s0 tclass=dir permissive=0 ---- time->Fri Sep 23 14:23:50 2016 type=AVC msg=audit(1474658630.268:156): avc: denied { mounton } for pid=1504 comm="(tor)" path="/run/tor" dev="tmpfs" ino=18911 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tor_var_run_t:s0 tclass=dir permissive=0 ---- time->Fri Sep 23 14:23:50 2016 type=AVC msg=audit(1474658630.368:157): avc: denied { mounton } for pid=1508 comm="(tor)" path="/run/tor" dev="tmpfs" ino=18911 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tor_var_run_t:s0 tclass=dir permissive=0 ---- time->Tue Sep 27 10:47:56 2016 type=AVC msg=audit(1474991276.438:86): avc: denied { mounton } for pid=946 comm="(tor)" path="/var/lib/tor" dev="dm-4" ino=1311336 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tor_var_lib_t:s0 tclass=dir permissive=0 ---- time->Tue Sep 27 10:47:56 2016 type=AVC msg=audit(1474991276.672:96): avc: denied { mounton } for pid=996 comm="(tor)" path="/var/lib/tor" dev="dm-4" ino=1311336 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tor_var_lib_t:s0 tclass=dir permissive=0 ---- time->Tue Sep 27 10:47:58 2016 type=AVC msg=audit(1474991278.081:133): avc: denied { mounton } for pid=1061 comm="(tor)" path="/var/lib/tor" dev="dm-4" ino=1311336 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tor_var_lib_t:s0 tclass=dir permissive=0
Can you give the tor log when selinux is in permissive ?
So rawhide now has 0.2.8.8-1 and with that tor works in permissive mode, but in enforcing mode, I see this now: Oct 03 22:11:48 naruto audit[2017]: AVC avc: denied { mounton } for pid=2017 comm="(tor)" path="/var/lib/tor" dev="dm-4" ino=1311822 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tor_var_lib_t:s0 tclass=dir permissive=0 Oct 03 22:11:48 naruto tor[2017]: Oct 03 22:11:48.326 [notice] Tor v0.2.8.8 running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.2j-fips and Zlib 1.2.8. Oct 03 22:11:48 naruto tor[2017]: Oct 03 22:11:48.326 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Oct 03 22:11:48 naruto tor[2017]: Oct 03 22:11:48.326 [notice] Read configuration file "/usr/share/tor/defaults-torrc". Oct 03 22:11:48 naruto tor[2017]: Oct 03 22:11:48.326 [notice] Read configuration file "/etc/tor/torrc". Oct 03 22:11:48 naruto tor[2017]: Oct 03 22:11:48.329 [notice] Based on detected system memory, MaxMemInQueues is set to 5726 MB. You can override this by setting MaxMemInQueues by hand. Oct 03 22:11:48 naruto tor[2017]: Oct 03 22:11:48.330 [warn] Unable to make /var/lib/tor group-readable: Read-only file system Oct 03 22:11:48 naruto tor[2017]: Configuration was valid Oct 03 22:11:48 naruto audit[2019]: AVC avc: denied { mounton } for pid=2019 comm="(tor)" path="/var/lib/tor" dev="dm-4" ino=1311822 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tor_var_lib_t:s0 tclass=dir permissive=0 Oct 03 22:11:48 naruto tor[2019]: Oct 03 22:11:48.414 [notice] Tor v0.2.8.8 running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.2j-fips and Zlib 1.2.8. Oct 03 22:11:48 naruto tor[2019]: Oct 03 22:11:48.414 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Oct 03 22:11:48 naruto tor[2019]: Oct 03 22:11:48.414 [notice] Read configuration file "/usr/share/tor/defaults-torrc". Oct 03 22:11:48 naruto tor[2019]: Oct 03 22:11:48.415 [notice] Read configuration file "/etc/tor/torrc". Oct 03 22:11:48 naruto tor[2019]: Oct 03 22:11:48.417 [notice] Based on detected system memory, MaxMemInQueues is set to 5726 MB. You can override this by setting MaxMemInQueues by hand. Oct 03 22:11:48 naruto tor[2019]: Oct 03 22:11:48.417 [notice] Opening Socks listener on 127.0.0.1:9050 Oct 03 22:11:48 naruto tor[2019]: Oct 03 22:11:48.417 [notice] Opening DNS listener on 127.0.0.1:53 Oct 03 22:11:48 naruto tor[2019]: Oct 03 22:11:48.417 [notice] Opening OR listener on 0.0.0.0:9001 Oct 03 22:11:48 naruto tor[2019]: Oct 03 22:11:48.418 [warn] Unable to make /var/lib/tor group-readable: Read-only file system Oct 03 22:11:48 naruto Tor[2019]: OpenSSL version from headers does not match the version we're running with. If you get weird crashes, that might be why. (Compiled with 100020af: OpenSSL 1.0.2j 26 Sep 2016; running with 100020af: OpenSSL 1.0.2j-fips 26 Sep 2016). Oct 03 22:11:48 naruto Tor[2019]: Tor v0.2.8.8 running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.2j-fips and Zlib 1.2.8. Oct 03 22:11:48 naruto Tor[2019]: Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Oct 03 22:11:48 naruto Tor[2019]: Read configuration file "/usr/share/tor/defaults-torrc". Oct 03 22:11:48 naruto Tor[2019]: Read configuration file "/etc/tor/torrc". Oct 03 22:11:48 naruto Tor[2019]: Based on detected system memory, MaxMemInQueues is set to 5726 MB. You can override this by setting MaxMemInQueues by hand. Oct 03 22:11:48 naruto Tor[2019]: Opening Socks listener on 127.0.0.1:9050 Oct 03 22:11:48 naruto Tor[2019]: Opening DNS listener on 127.0.0.1:53 Oct 03 22:11:48 naruto Tor[2019]: Opening OR listener on 0.0.0.0:9001 Oct 03 22:11:48 naruto Tor[2019]: Unable to make /var/lib/tor group-readable: Read-only file system Oct 03 22:11:48 naruto Tor[2019]: Couldn't open "/var/lib/tor/lock" for locking: Read-only file system Oct 03 22:11:48 naruto Tor[2019]: set_options(): Bug: Acting on config options left us in a broken state. Dying. (on Tor 0.2.8.8 ) Oct 03 22:11:48 naruto systemd[1]: tor.service: Main process exited, code=exited, status=1/FAILURE Oct 03 22:11:48 naruto systemd[1]: Failed to start Anonymizing overlay network for TCP. -- Subject: Unit tor.service has failed
Ok so the selinux are definitely a duplicate of 1357395 *** This bug has been marked as a duplicate of bug 1357395 ***