Re: TOR lässt sich in einer Installation nicht starten - in einer anderen auf der selben Maschine funktioniert es dagegen.
Am 08.06.20 um 22:51 schrieb Ulf Volmer:
> Ich kann Dein Problem mit Buster, AppArmor, sysvinit und tor zumindest
> nicht reproduzieren.
Okay, dann vergleichen wir mal ein paar Dinge:
Debian-Version:
cat /etc/debian_version
10.4
Paketversionen von tor, sysvinit und apparmor:
dpkg -l tor sysvinit-core sysvinit-utils apparmor
Desired=Unknown/Install/Remove/Purge/Hold
|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-============-============-======================================
ii apparmor 2.13.2-10 i386 user-space parser utility
for AppArmor
ii sysvinit-core 2.93-8 i386 System-V-like init utilities
ii sysvinit-utils 2.93-8 i386 System-V-like utilities
ii tor 0.3.5.10-1 i386 anonymizing overlay network
for TCP
Hast Du noch andere apparmor-Pakete installiert, apparmor-profiles-extra
vielleicht? Oder apparmor-utils?
Oder vielleicht system_tor von enforce auf complain gesetzt?
apparmor_status
apparmor module is loaded.
7 profiles are loaded.
7 profiles are in enforce mode.
/usr/bin/man
/usr/sbin/ntpd
man_filter
man_groff
nvidia_modprobe
nvidia_modprobe//kmod
system_tor
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode.
/usr/sbin/ntpd (1777)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
Wenn ich apparmor-utils nachinstalliere, und aa-complain system_tor
(Ausgabe: "Setting /etc/apparmor.d/system_tor to complain mode.")
aufrufe, dann ändert sich das auf:
apparmor_status
apparmor module is loaded.
7 profiles are loaded.
6 profiles are in enforce mode.
/usr/bin/man
/usr/sbin/ntpd
man_filter
man_groff
nvidia_modprobe
nvidia_modprobe//kmod
1 profiles are in complain mode.
system_tor
1 processes have profiles defined.
1 processes are in enforce mode.
/usr/sbin/ntpd (1777)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
Und dann lässt sich tor auch als service starten. Das kann ja aber nicht
die Lösung sein.
Systemd ist nicht im Spiel:
dpkg -l systemd
Desired=Unknown/Install/Remove/Purge/Hold
|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-============-============-=================================
un systemd <none> <none> (no description available)
Sicher, dass Du nicht irgendwann die Apparmor-Config-Datei geändert
hast? Hier mal die Prüfsumme von meiner.
sha512sum /etc/apparmor.d/system_tor
018fe41646464db618f71d268a99553dcde4ecc0f8fd10e7cb3050345114dc1a84dab6ba051ac4374cd663cfbf2eb84db9d455c51ac4847c7b6e6ec5494efb49
/etc/apparmor.d/system_tor
Vollständige Paketliste zum Vergleich hier:
<http://paste.debian.net/1151085/>
Und, wie Du siehst, ein i386-System. Wäre ja drollig, wenn das ein Bug
ist, der nur auf 32-Bit auftritt.
Der Fehler tritt auch direkt bei der Installation schon auf:
apt install tor -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
tor-geoipdb torsocks
Suggested packages:
mixmaster torbrowser-launcher socat tor-arm apparmor-utils obfs4proxy
The following NEW packages will be installed:
tor tor-geoipdb torsocks
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 3385 kB of archives.
After this operation, 14.4 MB of additional disk space will be used.
Get:1 http://deb.debian.org/debian buster/main i386 tor i386 0.3.5.10-1
[1868 kB]
Get:2 http://deb.debian.org/debian buster/main i386 tor-geoipdb all
0.3.5.10-1 [1442 kB]
Get:3 http://deb.debian.org/debian buster/main i386 torsocks i386
2.3.0-2 [75.5 kB]
Fetched 3385 kB in 2s (1479 kB/s)
Selecting previously unselected package tor.
(Reading database ... 28922 files and directories currently installed.)
Preparing to unpack .../tor_0.3.5.10-1_i386.deb ...
Unpacking tor (0.3.5.10-1) ...
Selecting previously unselected package tor-geoipdb.
Preparing to unpack .../tor-geoipdb_0.3.5.10-1_all.deb ...
Unpacking tor-geoipdb (0.3.5.10-1) ...
Selecting previously unselected package torsocks.
Preparing to unpack .../torsocks_2.3.0-2_i386.deb ...
Unpacking torsocks (2.3.0-2) ...
Setting up tor (0.3.5.10-1) ...
Something or somebody made /var/lib/tor disappear.
Creating one for you again.
Something or somebody made /var/log/tor disappear.
Creating one for you again.
[....] Starting tor daemon...Jun 08 21:07:46.780 [warn] Directory
/var/lib/tor cannot be read: Permission denied
Jun 08 21:07:46.782 [warn] Failed to parse/validate config: Couldn't
create private data directory "/var/lib/tor"
Jun 08 21:07:46.783 [err] Reading config failed--see warnings above.
failed.
invoke-rc.d: initscript tor, action "start" failed.
Tor was unable to start due to configuration errors.
Please fix them and manually restart the tor daemon using
´service start tor´
Setting up torsocks (2.3.0-2) ...
Setting up tor-geoipdb (0.3.5.10-1) ...
Processing triggers for man-db (2.8.5-2) ...
Gruß
Stefan
Reply to: