| Summary: | net-vpn/tor systemd service requires CAP_SYS_RESOURCE | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Chris Wells <gentoo.intel> |
| Component: | Current packages | Assignee: | John Helmert III <ajak> |
| Status: | UNCONFIRMED --- | ||
| Severity: | normal | CC: | candrews, sam, stlman, systemd |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://bugs.gentoo.org/show_bug.cgi?id=529212 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Chris Wells
2014-12-30 14:08:20 UTC
(In reply to Chris Wells from comment #0) > Recent versions of Tor fail to start on my hardened gentoo with: > > [warn] You appear to lack permissions to change memory limits. Are you root? > [warn] Unable to raise RLIMIT_MEMLOCK: Operation not permitted > [notice] Unable to lock all current and future memory pages: Cannot allocate > memory > > If I add CAP_SYS_RESOURCE to the CapabilityBoundingSet line, Tor starts fine. I don't understand systemd to be honest, so I don't know what to do here. Can someone in the systemd team help me out? *** Bug 542464 has been marked as a duplicate of this bug. *** I think this might be fixed with 0.2.6.3 but I'm not sure. Can you test. I personally don't see this error, so either I don't know how to reproduce it or it has been fixed (I'm using net-misc/tor-0.2.8.5_rc). If this problem still exists, it should probably be reported upstream at https://trac.torproject.org/ as well. (In reply to Anthony Basile from comment #1) > I don't understand systemd to be honest, so I don't know what to do here. > > Can someone in the systemd team help me out? Would love to help, but I don't understand tor, and I don't know what capabilities it might need. https://www.freedesktop.org/software/systemd/man/systemd.exec.html#CapabilityBoundingSet= If upstream provides the systemd unit, they would be in the best position to fix it. |
