Recent versions of Tor fail to start on my hardened gentoo with: [warn] You appear to lack permissions to change memory limits. Are you root? [warn] Unable to raise RLIMIT_MEMLOCK: Operation not permitted [notice] Unable to lock all current and future memory pages: Cannot allocate memory If I add CAP_SYS_RESOURCE to the CapabilityBoundingSet line, Tor starts fine.
(In reply to Chris Wells from comment #0) > Recent versions of Tor fail to start on my hardened gentoo with: > > [warn] You appear to lack permissions to change memory limits. Are you root? > [warn] Unable to raise RLIMIT_MEMLOCK: Operation not permitted > [notice] Unable to lock all current and future memory pages: Cannot allocate > memory > > If I add CAP_SYS_RESOURCE to the CapabilityBoundingSet line, Tor starts fine. I don't understand systemd to be honest, so I don't know what to do here. Can someone in the systemd team help me out?
*** Bug 542464 has been marked as a duplicate of this bug. ***
I think this might be fixed with 0.2.6.3 but I'm not sure. Can you test.
I personally don't see this error, so either I don't know how to reproduce it or it has been fixed (I'm using net-misc/tor-0.2.8.5_rc). If this problem still exists, it should probably be reported upstream at https://trac.torproject.org/ as well.
(In reply to Anthony Basile from comment #1) > I don't understand systemd to be honest, so I don't know what to do here. > > Can someone in the systemd team help me out? Would love to help, but I don't understand tor, and I don't know what capabilities it might need. https://www.freedesktop.org/software/systemd/man/systemd.exec.html#CapabilityBoundingSet= If upstream provides the systemd unit, they would be in the best position to fix it.
