In Fedora 39 (Silverblue), /var/lib/tor is owned by a different user called setroubleshoot or some random user ID. Everytime `rpm-ostree upgrade` is executed the ownership seems to be changed from `toranon` to a different user. Thus systemd service keeps failing ``` > sudo systemctl start tor tor.service: Failed with result 'exit-code'. tor.service: Control process exited, code=exited, status=1/FAILURE Dec 03 08:47:28.341 [err] Reading config failed--see warnings above. Dec 03 08:47:28.341 [warn] Failed to parse/validate config: Couldn't access private data directory "/var/lib/tor/keys" Dec 03 08:47:28.341 [warn] Directory /var/lib/tor/keys cannot be read: Permission denied Dec 03 08:47:28.334 [notice] Read configuration file "/etc/tor/torrc". Dec 03 08:47:28.334 [notice] Read configuration file "/usr/share/tor/defaults-torrc". Dec 03 08:47:28.334 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/ Dec 03 08:47:28.334 [notice] Tor 0.4.8.9 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.1.1, Zlib 1.2.13, Liblzma 5.4.4, Libzstd 1.5.5 and Glibc 2.38 as libc. ``` Reproducible: Always Steps to Reproduce: 1. Install `rpm-ostree install tor` 2. Reboot 3. Start the service `sudo systemctl start tor` Actual Results: tor.service: Failed with result 'exit-code'. tor.service: Control process exited, code=exited, status=1/FAILURE Dec 03 08:47:28.341 [err] Reading config failed--see warnings above. Dec 03 08:47:28.341 [warn] Failed to parse/validate config: Couldn't access private data directory "/var/lib/tor/keys" Dec 03 08:47:28.341 [warn] Directory /var/lib/tor/keys cannot be read: Permission denied Dec 03 08:47:28.334 [notice] Read configuration file "/etc/tor/torrc". Dec 03 08:47:28.334 [notice] Read configuration file "/usr/share/tor/defaults-torrc". Dec 03 08:47:28.334 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/ Dec 03 08:47:28.334 [notice] Tor 0.4.8.9 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.1.1, Zlib 1.2.13, Liblzma 5.4.4, Libzstd 1.5.5 and Glibc 2.38 as libc. Expected Results: Service should start successfully. Changing ownership of all files in `/var/lib/tor/` seems to fix the problem. ``` > cd /var/lib/tor/ > chown toranon:toranon * > systemctl start tor ``` fixes the issue.
I'm not a packaging expert, but it appears that the spec files is manually using `useradd` to configure the `toranon` user: https://src.fedoraproject.org/rpms/tor/blob/rawhide/f/tor.spec#_129-134 ...but probably should be using the sysusers.d approach: https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_allocation_strategies
Linking another Fedora Discussion thread https://discussion.fedoraproject.org/t/tor-service-fail-to-start-on-silverblue-f39/98725
Can confirm that this issue persists on Fedora Silverblue 40. `toranon` user workarounds don't work, because SystemD Login management service prevents it from being created.
FEDORA-2024-c015cf3a38 (tor-0.4.8.12-1.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-c015cf3a38
FEDORA-2024-4d686ae1b5 (tor-0.4.8.12-1.fc39) has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2024-4d686ae1b5
FEDORA-2024-4d686ae1b5 has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-4d686ae1b5` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-4d686ae1b5 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-c015cf3a38 has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-c015cf3a38` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-c015cf3a38 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-3f9eb3c86c (tor-0.4.8.12-2.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-3f9eb3c86c
FEDORA-2024-c2da7f4de7 (tor-0.4.8.12-2.fc39) has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2024-c2da7f4de7
FEDORA-EPEL-2024-4188096f1c (tor-0.4.8.12-2.el9) has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-4188096f1c
FEDORA-EPEL-2024-2d8a766d53 (tor-0.4.8.12-2.el8) has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-2d8a766d53
FEDORA-EPEL-2024-4188096f1c has been pushed to the Fedora EPEL 9 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-4188096f1c See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2024-2d8a766d53 has been pushed to the Fedora EPEL 8 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-2d8a766d53 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-c2da7f4de7 has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-c2da7f4de7` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-c2da7f4de7 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-3f9eb3c86c has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-3f9eb3c86c` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-3f9eb3c86c See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2024-4188096f1c (tor-0.4.8.12-2.el9) has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2024-2d8a766d53 (tor-0.4.8.12-2.el8) has been pushed to the Fedora EPEL 8 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-c2da7f4de7 (tor-0.4.8.12-2.fc39) has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-3f9eb3c86c (tor-0.4.8.12-2.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.