ISSUE SUMMARY ============= This issue seems to affect all current ebuild versions, but for this test I'm running Tor 0.3.2.6-alpha (git-87012d076ef58bb9). On my system, the /var/run/tor directory does not exist, and /var/run is a link to /run which is mounted as tmpfs: tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755) Attempting to start tor using tor.service fails: vilhelm@sophia ~ $ sudo systemctl restart tor Job for tor.service failed because the control process exited with error code. See "systemctl status tor.service" and "journalctl -xe" for details. vilhelm@sophia ~ $ sudo systemctl status tor.service ● tor.service - Anonymizing overlay network for TCP Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2017-12-06 09:08:19 EST; 4s ago Process: 12244 ExecStart=/usr/bin/tor -f /etc/tor/torrc (code=exited, status=1/FAILURE) Process: 12243 ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config (code=exited, status=0/SUCCESS) Main PID: 12244 (code=exited, status=1/FAILURE) Dec 06 09:08:19 sophia systemd[1]: tor.service: Service hold-off time over, scheduling restart. Dec 06 09:08:19 sophia systemd[1]: tor.service: Scheduled restart job, restart counter is at 5. Dec 06 09:08:19 sophia systemd[1]: Stopped Anonymizing overlay network for TCP. Dec 06 09:08:19 sophia systemd[1]: tor.service: Start request repeated too quickly. Dec 06 09:08:19 sophia systemd[1]: tor.service: Failed with result 'exit-code'. Dec 06 09:08:19 sophia systemd[1]: Failed to start Anonymizing overlay network for TCP. vilhelm@sophia ~ $ sudo journalctl -xe -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit tor.service has begun starting up. Dec 06 09:08:18 sophia tor[12243]: Dec 06 09:08:18.595 [notice] Tor 0.3.2.6-alpha (git-87012d076ef58bb9) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.0.2m, Zlib 1.2.11, Liblzma 5.2.3, and Libzstd N/A. Dec 06 09:08:18 sophia tor[12243]: Dec 06 09:08:18.595 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Dec 06 09:08:18 sophia tor[12243]: Dec 06 09:08:18.595 [notice] This version is not a stable Tor release. Expect more bugs than usual. Dec 06 09:08:18 sophia tor[12243]: Dec 06 09:08:18.596 [notice] Read configuration file "/etc/tor/torrc". Dec 06 09:08:18 sophia tor[12243]: Dec 06 09:08:18.597 [notice] Based on detected system memory, MaxMemInQueues is set to 8192 MB. You can override this by setting MaxMemInQueues by hand. Dec 06 09:08:18 sophia tor[12243]: Configuration was valid Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.036 [notice] Tor 0.3.2.6-alpha (git-87012d076ef58bb9) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.0.2m, Zlib 1.2.11, Liblzma 5.2.3, and Libzstd N/A. Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.036 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.036 [notice] This version is not a stable Tor release. Expect more bugs than usual. Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.036 [notice] Read configuration file "/etc/tor/torrc". Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.038 [notice] Based on detected system memory, MaxMemInQueues is set to 8192 MB. You can override this by setting MaxMemInQueues by hand. Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.038 [notice] Scheduler type KIST has been enabled. Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.038 [notice] Opening OR listener on 0.0.0.0:443 Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.038 [notice] Opening Extended OR listener on 127.0.0.1:0 Dec 06 09:08:19 sophia tor[12244]: Dec 06 09:08:19.038 [notice] Extended OR listener listening on port 35193. Dec 06 09:08:19 sophia Tor[12244]: Tor 0.3.2.6-alpha (git-87012d076ef58bb9) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.0.2m, Zlib 1.2.11, Liblzma 5.2.3, and Libzstd N/A. Dec 06 09:08:19 sophia Tor[12244]: Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Dec 06 09:08:19 sophia Tor[12244]: This version is not a stable Tor release. Expect more bugs than usual. Dec 06 09:08:19 sophia Tor[12244]: Read configuration file "/etc/tor/torrc". Dec 06 09:08:19 sophia Tor[12244]: Based on detected system memory, MaxMemInQueues is set to 8192 MB. You can override this by setting MaxMemInQueues by hand. Dec 06 09:08:19 sophia Tor[12244]: Scheduler type KIST has been enabled. Dec 06 09:08:19 sophia Tor[12244]: Opening OR listener on 0.0.0.0:443 Dec 06 09:08:19 sophia Tor[12244]: Opening Extended OR listener on 127.0.0.1:0 Dec 06 09:08:19 sophia Tor[12244]: Extended OR listener listening on port 35193. Dec 06 09:08:19 sophia Tor[12244]: Unable to open "/var/run/tor/tor.pid" for writing: No such file or directory Dec 06 09:08:19 sophia Tor[12244]: Unable to write PIDFile "/var/run/tor/tor.pid" Dec 06 09:08:19 sophia Tor[12244]: set_options(): Bug: Acting on config options left us in a broken state. Dying. (on Tor 0.3.2.6-alpha 87012d076ef58bb9) Dec 06 09:08:19 sophia systemd[1]: tor.service: Main process exited, code=exited, status=1/FAILURE Dec 06 09:08:19 sophia systemd[1]: tor.service: Failed with result 'exit-code'. Dec 06 09:08:19 sophia systemd[1]: Failed to start Anonymizing overlay network for TCP. -- Subject: Unit tor.service has failed -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit tor.service has failed. -- -- The result is RESULT. Dec 06 09:08:19 sophia systemd[1]: tor.service: Service hold-off time over, scheduling restart. Dec 06 09:08:19 sophia systemd[1]: tor.service: Scheduled restart job, restart counter is at 5. Dec 06 09:08:19 sophia systemd[1]: Stopped Anonymizing overlay network for TCP. -- Subject: Unit tor.service has finished shutting down -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit tor.service has finished shutting down. Dec 06 09:08:19 sophia systemd[1]: tor.service: Start request repeated too quickly. Dec 06 09:08:19 sophia systemd[1]: tor.service: Failed with result 'exit-code'. Dec 06 09:08:19 sophia systemd[1]: Failed to start Anonymizing overlay network for TCP. -- Subject: Unit tor.service has failed -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit tor.service has failed. -- -- The result is RESULT. SUSPECTED CAUSE =============== I issue appears to result from the missing /var/run/tor directory and a lack of write permission to create the /var/run/tor/tor.pid PIDFile. I can manually create a /var/run/tor directory, but it will be gone if the system restarts since /var/run is tmpfs. The /var/run/tor directory and appropriate permissions should be configured in the tor.service file by default. PROPOSED SOLUTION ================= If I add the following lines to the /lib64/systemd/system/tor.service file the issue is resolved: Group=tor RuntimeDirectory=tor RuntimeDirectoryMode=0770 I suggest adding these lines to the Tor source code contrib/dist/tor.service.in file so that the Gentoo ebuilds will install a tor.service file with the configuration lines to automatically create a /var/run/tor directory with the necessary permissions.
We went back and forth on the tor service file so many times, I gave up and just stuck with upstream. I'm not a systemd user so I'm not able to test and this was a source of frustration for me. Can you pass this by upstream and see if they'll add it? It seems like other distros might have this problem.
I've created a ticket for this issue on the main Tor project bug tracker site: https://trac.torproject.org/projects/tor/ticket/24715
The ticket on the main Tor project bug tracker has been closed with a Resolution set to "invalid" and the following explanation: "I'm wondering if this is in fact a Gentoo bug, since in the standard configuration, the --PIDFile option isn't given to tor through systemd. (My understanding is that this is because systemd has its own system for keeping track of PIDs, i.e. and so using $MAINPID is the most systemd-ish way to do this.) Since Gentoo appears to have enabled PIDFile, they should probably also make sure that the place they are attempting to write to is actually available. Perhaps the Gentoo packagers would be willing to either take your patch or otherwise remove --PIDFile?" Would we be able to create the directory in the ebuild via the tmpfiles eclass?
Created attachment 520678 [details] tmpfiles.d configuration for Tor systemd service This tmpfiles.d configuration file specfies the creation of the /var/run/tor directory to house the tor.pid file. This can be installed by the Tor ebuild via the tmpfiles.eclass dotmpfiles and tmpfiles_process functions. One problem which must still be addressed is permissions: tor.service currently marks / as ReadOnlyDirectory by default, so /var/run/tor must be added as a ReadWriteDirectory to allow tor.pid to be written. However, at that point it may be easier to simply use RuntimeDirectory to create the /var/run/tor directory.
(In reply to William Breathitt Gray from comment #4) > Created attachment 520678 [details] > tmpfiles.d configuration for Tor systemd service > > This tmpfiles.d configuration file specfies the creation of the /var/run/tor > directory to house the tor.pid file. > > This can be installed by the Tor ebuild via the tmpfiles.eclass dotmpfiles > and tmpfiles_process functions. > > One problem which must still be addressed is permissions: tor.service > currently marks / as ReadOnlyDirectory by default, so /var/run/tor must be > added as a ReadWriteDirectory to allow tor.pid to be written. However, at > that point it may be easier to simply use RuntimeDirectory to create the > /var/run/tor directory. can you give me a full patch against the current tree, or even better a PR on github.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0fe6a0d4e379ce403f88e54f23d77695fe2cf05 commit c0fe6a0d4e379ce403f88e54f23d77695fe2cf05 Author: William Breathitt Gray <vilhelm.gray@gmail.com> AuthorDate: 2018-02-25 00:26:52 +0000 Commit: Anthony G. Basile <blueness@gentoo.org> CommitDate: 2018-02-25 00:57:29 +0000 net-vpn/tor: Fix tor.service failure when /var/run is tmpfs Closes: https://bugs.gentoo.org/640040 .../files/tor-0.3.3.2-alpha-tor.service.in.patch | 12 +++ net-vpn/tor/tor-0.3.3.2_alpha-r1.ebuild | 85 ++++++++++++++++++++++ 2 files changed, 97 insertions(+)