Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 640040

Summary: net-vpn/tor: Job for tor.service failed when /var/run is tmpfs
Product: Gentoo Linux Reporter: William Breathitt Gray <gentoo.defile>
Component: Current packagesAssignee: Anthony Basile <blueness>
Status: RESOLVED FIXED    
Severity: normal CC: noein93, tsmksubc
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/7277
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: tmpfiles.d configuration for Tor systemd service

Description William Breathitt Gray 2017-12-06 14:35:15 UTC 
ISSUE SUMMARY
=============

This issue seems to affect all current ebuild versions, but for this test I'm running Tor 0.3.2.6-alpha (git-87012d076ef58bb9). On my system, the /var/run/tor directory does not exist, and /var/run is a link to /run which is mounted as tmpfs:

    tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755)

Attempting to start tor using tor.service fails:

    vilhelm@sophia ~ $ sudo systemctl restart tor
    Job for tor.service failed because the control process exited with error code.
    See "systemctl  status tor.service" and "journalctl  -xe" for details.

    vilhelm@sophia ~ $ sudo systemctl  status tor.service
    ● tor.service - Anonymizing overlay network for TCP
       Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: disabled)
       Active: failed (Result: exit-code) since Wed 2017-12-06 09:08:19 EST; 4s ago
      Process: 12244 ExecStart=/usr/bin/tor -f /etc/tor/torrc (code=exited, status=1/FAILURE)
      Process: 12243 ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config (code=exited, status=0/SUCCESS)
     Main PID: 12244 (code=exited, status=1/FAILURE)
    
    Dec 06 09:08:19 sophia systemd[1]: tor.service: Service hold-off time over, scheduling restart.
    Dec 06 09:08:19 sophia systemd[1]: tor.service: Scheduled restart job, restart counter is at 5.
    Dec 06 09:08:19 sophia systemd[1]: Stopped Anonymizing overlay network for TCP.
    Dec 06 09:08:19 sophia systemd[1]: tor.service: Start request repeated too quickly.
    Dec 06 09:08:19 sophia systemd[1]: tor.service: Failed with result 'exit-code'.
    Dec 06 09:08:19 sophia systemd[1]: Failed to start Anonymizing overlay network for TCP.

    vilhelm@sophia ~ $ sudo journalctl  -xe
    -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit tor.service has begun starting up.
    Dec 06 09:08:18 sophia tor[12243]: Dec 06 09:08:18.595 [notice] Tor 0.3.2.6-alpha (git-87012d076ef58bb9) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.0.2m, Zlib 1.2.11, Liblzma 5.2.3, and Libzstd N/A.
    Dec 06 09:08:18 sophia tor[12243]: Dec 06 09:08:18.595 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
    Dec 06 09:08:18 sophia tor[12243]: Dec 06 09:08:18.595 [notice] This version is not a stable Tor release. Expect more bugs than usual.
    Dec 06 09:08:18 sophia tor[12243]: Dec 06 09:08:18.596 [notice] Read configuration file "/etc/tor/torrc".
    Dec 06 09:08:18 sophia tor[12243]: Dec 06 09:08:18.597 [notice] Based on detected system memory, MaxMemInQueues is set to 8192 MB. You can override this by setting MaxMemInQueues by hand.
    Dec 06 09:08:18 sophia tor[12243]: Configuration was valid
    Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.036 [notice] Tor 0.3.2.6-alpha (git-87012d076ef58bb9) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.0.2m, Zlib 1.2.11, Liblzma 5.2.3, and Libzstd N/A.
    Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.036 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
    Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.036 [notice] This version is not a stable Tor release. Expect more bugs than usual.
    Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.036 [notice] Read configuration file "/etc/tor/torrc".
    Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.038 [notice] Based on detected system memory, MaxMemInQueues is set to 8192 MB. You can override this by setting MaxMemInQueues by hand.
    Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.038 [notice] Scheduler type KIST has been enabled.
    Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.038 [notice] Opening OR listener on 0.0.0.0:443
    Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.038 [notice] Opening Extended OR listener on 127.0.0.1:0
    Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.038 [notice] Extended OR listener listening on port 35193.
    Dec 06 09:08:19 sophia Tor[12244]: Tor 0.3.2.6-alpha (git-87012d076ef58bb9) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.0.2m, Zlib 1.2.11, Liblzma 5.2.3, and Libzstd N/A.
    Dec 06 09:08:19 sophia Tor[12244]: Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
    Dec 06 09:08:19 sophia Tor[12244]: This version is not a stable Tor release. Expect more bugs than usual.
    Dec 06 09:08:19 sophia Tor[12244]: Read configuration file "/etc/tor/torrc".
    Dec 06 09:08:19 sophia Tor[12244]: Based on detected system memory, MaxMemInQueues is set to 8192 MB. You can override this by setting MaxMemInQueues by hand.
    Dec 06 09:08:19 sophia Tor[12244]: Scheduler type KIST has been enabled.
    Dec 06 09:08:19 sophia Tor[12244]: Opening OR listener on 0.0.0.0:443
    Dec 06 09:08:19 sophia Tor[12244]: Opening Extended OR listener on 127.0.0.1:0
    Dec 06 09:08:19 sophia Tor[12244]: Extended OR listener listening on port 35193.
    Dec 06 09:08:19 sophia Tor[12244]: Unable to open "/var/run/tor/tor.pid" for writing: No such file or directory
    Dec 06 09:08:19 sophia Tor[12244]: Unable to write PIDFile "/var/run/tor/tor.pid"
    Dec 06 09:08:19 sophia Tor[12244]: set_options(): Bug: Acting on config options left us in a broken state. Dying. (on Tor 0.3.2.6-alpha 87012d076ef58bb9)
    Dec 06 09:08:19 sophia systemd[1]: tor.service: Main process exited, code=exited, status=1/FAILURE
    Dec 06 09:08:19 sophia systemd[1]: tor.service: Failed with result 'exit-code'.
    Dec 06 09:08:19 sophia systemd[1]: Failed to start Anonymizing overlay network for TCP.
    -- Subject: Unit tor.service has failed
    -- Defined-By: systemd
    -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit tor.service has failed.
    --
    -- The result is RESULT.
    Dec 06 09:08:19 sophia systemd[1]: tor.service: Service hold-off time over, scheduling restart.
    Dec 06 09:08:19 sophia systemd[1]: tor.service: Scheduled restart job, restart counter is at 5.
    Dec 06 09:08:19 sophia systemd[1]: Stopped Anonymizing overlay network for TCP.
    -- Subject: Unit tor.service has finished shutting down
    -- Defined-By: systemd
    -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit tor.service has finished shutting down.
    Dec 06 09:08:19 sophia systemd[1]: tor.service: Start request repeated too quickly.
    Dec 06 09:08:19 sophia systemd[1]: tor.service: Failed with result 'exit-code'.
    Dec 06 09:08:19 sophia systemd[1]: Failed to start Anonymizing overlay network for TCP.
    -- Subject: Unit tor.service has failed
    -- Defined-By: systemd
    -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit tor.service has failed.
    --
    -- The result is RESULT.

SUSPECTED CAUSE
===============

I issue appears to result from the missing /var/run/tor directory and a lack of write permission to create the /var/run/tor/tor.pid PIDFile. I can manually create a /var/run/tor directory, but it will be gone if the system restarts since /var/run is tmpfs. The /var/run/tor directory and appropriate permissions should be configured in the tor.service file by default.

PROPOSED SOLUTION
=================

If I add the following lines to the /lib64/systemd/system/tor.service file the issue is resolved:

    Group=tor
    RuntimeDirectory=tor
    RuntimeDirectoryMode=0770

I suggest adding these lines to the Tor source code contrib/dist/tor.service.in file so that the Gentoo ebuilds will install a tor.service file with the configuration lines to automatically create a /var/run/tor directory with the necessary permissions.
Comment 1 Anthony Basile gentoo-dev 2017-12-17 12:12:20 UTC 
We went back and forth on the tor service file so many times, I gave up and just stuck with upstream.  I'm not a systemd user so I'm not able to test and this was a source of frustration for me.

Can you pass this by upstream and see if they'll add it?  It seems like other distros might have this problem.
Comment 2 William Breathitt Gray 2017-12-22 16:14:57 UTC 
I've created a ticket for this issue on the main Tor project bug tracker site: https://trac.torproject.org/projects/tor/ticket/24715
Comment 3 William Breathitt Gray 2018-02-02 21:18:48 UTC 
The ticket on the main Tor project bug tracker has been closed with a Resolution set to "invalid" and the following explanation:

"I'm wondering if this is in fact a Gentoo bug, since in the standard configuration, the --PIDFile option isn't given to tor through systemd. (My understanding is that this is because systemd has its own system for keeping track of PIDs, i.e. and so using $MAINPID is the most systemd-ish way to do this.) Since Gentoo appears to have enabled PIDFile, they should probably also make sure that the place they are attempting to write to is actually available. Perhaps the Gentoo packagers would be willing to either take your patch or otherwise remove --PIDFile?"

Would we be able to create the directory in the ebuild via the tmpfiles eclass?
Comment 4 William Breathitt Gray 2018-02-23 17:20:21 UTC 
Created attachment 520678 [details]
tmpfiles.d configuration for Tor systemd service

This tmpfiles.d configuration file specfies the creation of the /var/run/tor directory to house the tor.pid file.

This can be installed by the Tor ebuild via the tmpfiles.eclass dotmpfiles and tmpfiles_process functions.

One problem which must still be addressed is permissions: tor.service currently marks / as ReadOnlyDirectory by default, so /var/run/tor must be added as a ReadWriteDirectory to allow tor.pid to be written. However, at that point it may be easier to simply use RuntimeDirectory to create the /var/run/tor directory.
Comment 5 Anthony Basile gentoo-dev 2018-02-23 19:57:46 UTC 
(In reply to William Breathitt Gray from comment #4)
> Created attachment 520678 [details]
> tmpfiles.d configuration for Tor systemd service
> 
> This tmpfiles.d configuration file specfies the creation of the /var/run/tor
> directory to house the tor.pid file.
> 
> This can be installed by the Tor ebuild via the tmpfiles.eclass dotmpfiles
> and tmpfiles_process functions.
> 
> One problem which must still be addressed is permissions: tor.service
> currently marks / as ReadOnlyDirectory by default, so /var/run/tor must be
> added as a ReadWriteDirectory to allow tor.pid to be written. However, at
> that point it may be easier to simply use RuntimeDirectory to create the
> /var/run/tor directory.

can you give me a full patch against the current tree, or even better a PR on github.
Comment 6 Larry the Git Cow gentoo-dev 2018-02-25 00:58:37 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0fe6a0d4e379ce403f88e54f23d77695fe2cf05

commit c0fe6a0d4e379ce403f88e54f23d77695fe2cf05
Author:     William Breathitt Gray <vilhelm.gray@gmail.com>
AuthorDate: 2018-02-25 00:26:52 +0000
Commit:     Anthony G. Basile <blueness@gentoo.org>
CommitDate: 2018-02-25 00:57:29 +0000

    net-vpn/tor: Fix tor.service failure when /var/run is tmpfs
    
    Closes: https://bugs.gentoo.org/640040

 .../files/tor-0.3.3.2-alpha-tor.service.in.patch   | 12 +++
 net-vpn/tor/tor-0.3.3.2_alpha-r1.ebuild            | 85 ++++++++++++++++++++++
 2 files changed, 97 insertions(+)