Summary: | net-misc/tor-0.2.0.34: /etc/security/limits.d/tor.conf is ignored | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | W. Elschner <gentoobugzilla_reply> |
Component: | Current packages | Assignee: | Anthony Basile <blueness> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | chiiph, gentoo.org_4, jochen+gentoo-bugs, kensington |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
Ebuild which will respect limits.d
Init script which will respect limits.d Patch for torrc.sampe to respect limits.d |
Description
W. Elschner
2009-05-03 08:48:49 UTC
Portage 2.1.6.12 (default/linux/amd64/2008.0, gcc-4.3.3, glibc-2.9_p20081201-r4, 2.6.29.2 x86_64) ================================================================= System uname: Linux-2.6.29.2-x86_64-AMD_Athlon-tm-_64_X2_Dual_Core_Processor_4000+-with-gentoo-2.0.0 Timestamp of tree: Sat, 02 May 2009 12:00:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 4.0_p17-r1 dev-java/java-config: 1.3.7-r1, 2.1.7 dev-lang/python: 2.4.4-r6, 2.5.4-r2, 2.6.2 dev-python/pycrypto: 2.0.1-r8 dev-util/ccache: 2.4-r8 dev-util/cmake: 2.6.3-r1 sys-apps/baselayout: 2.0.0 sys-apps/openrc: 9999 sys-apps/sandbox: 1.9 sys-devel/autoconf: 2.13, 2.63-r1 sys-devel/automake: 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.19.1-r1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.28-r1 ACCEPT_KEYWORDS="amd64 ~amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=athlon64 -O2 -pipe -msse3" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=athlon64 -O2 -pipe -msse3" DISTDIR="/usr/portage/distfiles" FEATURES="ccache distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo" LANG="de_DE.UTF-8" LC_ALL="de_DE.UTF-8" LDFLAGS="-Wl,-O1" LINGUAS="de" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/alon-barlev /usr/portage/local/layman/xake-toolchain /usr/portage/local/layman/synce /usr/portage/local/layman/gimpel /usr/portage/local/layman/desktop-effects /usr/portage/local/layman/java-overlay /usr/portage/local/layman/jokey /usr/portage/local/layman/java-gcj-overlay /usr/portage/local/layman/sunrise /usr/portage/local" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow 3dnowext X a52 acl acpi alsa amd64 avahi berkdb bitmap-fonts bzip2 cairo cdr cli cracklib crypt cups dbus dri dvd dvdr eds encode esd exif ffmpeg fortran gdbm glitz gnome gphoto2 gpm gstreamer gtk hal iconv imap ipv6 isdnlog jpeg libnotify lm_sensors midi mmx mmxext mp3 mpeg mudflap multilib ncurses nls nptl nptlonly nsplugin ogg openmp pam pcre pdf perl png pppd python quicktime readline reflection samba session spell spl sse sse2 ssl svg sysfs tcpd threads tiff truetype truetype-fonts type1-fonts unicode vorbis xorg xulrunner xvid zlib" ALSA_CARDS="snd-hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de" USERLAND="GNU" VIDEO_CARDS="nvidia" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS Are you starting tor as system service, or directly by user? pam_limits is only respected at login time or when starting system services, and in the latter case it requires baselayout or openrc to have the pam USE flag enabled... Just checked the init script, it's not running the daemon process as user tor so the pam_limits configuration never hits, that's your problem :) I have debugged this problem together with flameeyes. The settings is ignored because the init script does not start as user tor but root, then the tor process switches its user context to tor without informing PAM to raise the nofile limit. Extending the init script to start as user tor is possible by removing the line "User tor" from torrc(.sample)...but now this prevents tor from starting as it checks for file permissions and thinks it is started as root while the data directory is owned by user tor. So I still have to check who is the culprit. For the records: The failure happens when checkconfig is called because tor does not know it will be run as tor. So adding "--User tor" to the check call will make the init script succeed. Please test -r1 which I bumped to stable directly. My changes cause trouble with Baselayout 1, thus I reverted them and limits.d will be ignored further. Created attachment 194326 [details]
Ebuild which will respect limits.d
Created attachment 194328 [details]
Init script which will respect limits.d
Created attachment 194330 [details]
Patch for torrc.sampe to respect limits.d
Once Baselayout goes stable I can commit those fixes. Until then, sorry for you. Could there be a workaround for baselayout 1 users? Since tor is marked stable, I think it should work correctly on stable baselayout. Actually, while playing around with the init script, I think your solution won't work. I used "--chuid tor" as option for start-stop-daemon. That should have the desired effect, but makes tor unable to bind to ports <1025. Since many relays are run on 443 with directory mirrors on 80, this is not an option. The man page for limits.conf suggests there is no limit to make a user be able to bind priviledged ports. Could this be achieved by a posix capability? For now I call ulimit -n from the init script directly before start-stop-daemon, which seems to work: # cat /proc/`cat /var/run/tor/tor.pid`/limits | grep "files" Max open files 30000 30000 files Assigning to new maintainer. All bits are here. baselayout-2 is now stable. (In reply to comment #14) > baselayout-2 is now stable. Yes, thanks for reminding me :) I'll test Christian's patches above under baselayout-2 and commit if it works. I'm sure the stuff will have to be refreshed for the 0.2.1 and 0.2.2 branches. (In reply to comment #12) > Actually, while playing around with the init script, I think your solution > won't work. > > I used "--chuid tor" as option for start-stop-daemon. That should have the > desired effect, but makes tor unable to bind to ports <1025. Since many relays > are run on 443 with directory mirrors on 80, this is not an option. > > The man page for limits.conf suggests there is no limit to make a user be able > to bind priviledged ports. > Could this be achieved by a posix capability? > > For now I call ulimit -n from the init script directly before > start-stop-daemon, which seems to work: > > # cat /proc/`cat /var/run/tor/tor.pid`/limits | grep "files" > Max open files 30000 30000 files Yep there is a problem with the approach in the patches in comment 7, comment 8, comment 9. It does allow you to set limits, but then you cannot bind to ports <1025. I'm willing to try your (Sebastian's) idea of setting ulimit -n in the init script (perphaps reading values from the /etc/conf.d file). Comments on this approach? > Comments on this approach? Okay I've got both approaches for testing on my dev overlay: http://git.overlays.gentoo.org/gitweb/?p=dev/blueness.git;a=summary Commit e29c917a9368415a1f8e04cc6f0fbd6833c5579e adopts the approach of comment 7, comment 8 and comment 9. In this approach we make use of baselayout-2's ability to start the daemon as a user tor so that it reads /etc/security/limits.d/tor and sets the file limits that way. Commit 000ee0b635581d823e4f3030c45e76a5df8bc586 adopts the approach of comment 12. In this approach the user sets ULIMITN=30000 in /etc/conf.d/tor and the init script makes use of ulimit -n just before start-stop-daemon. Neither allows tor to bind to ports <=1024. I'd say it depends on what you want the ebuild/configs to look like and what usability you want to achive out of the box. I'm perfectly fine using my own custom ebuild if you go with limits.conf, I monitor the relevant mailing lists for updates. (In reply to comment #18) > I'd say it depends on what you want the ebuild/configs to look like and what > usability you want to achive out of the box. I'm perfectly fine using my own > custom ebuild if you go with limits.conf, I monitor the relevant mailing lists > for updates. WilliamH pointed out baselayout-2's rc_ulimit option which can be put into /etc/conf.d/tor. I tested it on my overlay, and it works. You can bind to ports below 1024 (because tor starts as root and binds to the port before dropping privileges) and you can set the ulimit -n. I'm committing it as tor-0.2.1.30-r2.ebuild in a minute. Please test. I'm also porting the same change to the beta 0.2.2 and alpha 0.2.3. I think this bug is done. It appears to be working on all my test boxes an on my own tor relay (simba). If anyone feels this issue needs more attention, please reopen. |