[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: TOR lässt sich in einer Installation nicht starten - in einer anderen auf der selben Maschine funktioniert es dagegen.

Am 08.06.20 um 22:51 schrieb Ulf Volmer:
> Ich kann Dein Problem mit Buster, AppArmor, sysvinit und tor zumindest
> nicht reproduzieren.

Okay, dann vergleichen wir mal ein paar Dinge:

Debian-Version:

cat /etc/debian_version
10.4


Paketversionen von tor, sysvinit und apparmor:

dpkg -l tor sysvinit-core sysvinit-utils apparmor
Desired=Unknown/Install/Remove/Purge/Hold
|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version      Architecture Description
+++-==============-============-============-======================================
ii  apparmor       2.13.2-10    i386         user-space parser utility
for AppArmor
ii  sysvinit-core  2.93-8       i386         System-V-like init utilities
ii  sysvinit-utils 2.93-8       i386         System-V-like utilities
ii  tor            0.3.5.10-1   i386         anonymizing overlay network
for TCP

Hast Du noch andere apparmor-Pakete installiert, apparmor-profiles-extra
vielleicht? Oder apparmor-utils?

Oder vielleicht system_tor von enforce auf complain gesetzt?

apparmor_status
apparmor module is loaded.
7 profiles are loaded.
7 profiles are in enforce mode.
   /usr/bin/man
   /usr/sbin/ntpd
   man_filter
   man_groff
   nvidia_modprobe
   nvidia_modprobe//kmod
   system_tor
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode.
   /usr/sbin/ntpd (1777)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

Wenn ich apparmor-utils nachinstalliere, und aa-complain system_tor
(Ausgabe: "Setting /etc/apparmor.d/system_tor to complain mode.")
aufrufe, dann ändert sich das auf:

apparmor_status
apparmor module is loaded.
7 profiles are loaded.
6 profiles are in enforce mode.
   /usr/bin/man
   /usr/sbin/ntpd
   man_filter
   man_groff
   nvidia_modprobe
   nvidia_modprobe//kmod
1 profiles are in complain mode.
   system_tor
1 processes have profiles defined.
1 processes are in enforce mode.
   /usr/sbin/ntpd (1777)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

Und dann lässt sich tor auch als service starten. Das kann ja aber nicht
die Lösung sein.


Systemd ist nicht im Spiel:

dpkg -l systemd
Desired=Unknown/Install/Remove/Purge/Hold
|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version      Architecture Description
+++-==============-============-============-=================================
un  systemd        <none>       <none>       (no description available)


Sicher, dass Du nicht irgendwann die Apparmor-Config-Datei geändert
hast? Hier mal die Prüfsumme von meiner.

sha512sum /etc/apparmor.d/system_tor
018fe41646464db618f71d268a99553dcde4ecc0f8fd10e7cb3050345114dc1a84dab6ba051ac4374cd663cfbf2eb84db9d455c51ac4847c7b6e6ec5494efb49
 /etc/apparmor.d/system_tor


Vollständige Paketliste zum Vergleich hier:
<http://paste.debian.net/1151085/>

Und, wie Du siehst, ein i386-System. Wäre ja drollig, wenn das ein Bug
ist, der nur auf 32-Bit auftritt.


Der Fehler tritt auch direkt bei der Installation schon auf:

apt install tor -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  tor-geoipdb torsocks
Suggested packages:
  mixmaster torbrowser-launcher socat tor-arm apparmor-utils obfs4proxy
The following NEW packages will be installed:
  tor tor-geoipdb torsocks
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 3385 kB of archives.
After this operation, 14.4 MB of additional disk space will be used.
Get:1 http://deb.debian.org/debian buster/main i386 tor i386 0.3.5.10-1
[1868 kB]
Get:2 http://deb.debian.org/debian buster/main i386 tor-geoipdb all
0.3.5.10-1 [1442 kB]
Get:3 http://deb.debian.org/debian buster/main i386 torsocks i386
2.3.0-2 [75.5 kB]
Fetched 3385 kB in 2s (1479 kB/s)
Selecting previously unselected package tor.
(Reading database ... 28922 files and directories currently installed.)
Preparing to unpack .../tor_0.3.5.10-1_i386.deb ...
Unpacking tor (0.3.5.10-1) ...
Selecting previously unselected package tor-geoipdb.
Preparing to unpack .../tor-geoipdb_0.3.5.10-1_all.deb ...
Unpacking tor-geoipdb (0.3.5.10-1) ...
Selecting previously unselected package torsocks.
Preparing to unpack .../torsocks_2.3.0-2_i386.deb ...
Unpacking torsocks (2.3.0-2) ...
Setting up tor (0.3.5.10-1) ...
Something or somebody made /var/lib/tor disappear.
Creating one for you again.
Something or somebody made /var/log/tor disappear.
Creating one for you again.
[....] Starting tor daemon...Jun 08 21:07:46.780 [warn] Directory
/var/lib/tor cannot be read: Permission denied
Jun 08 21:07:46.782 [warn] Failed to parse/validate config: Couldn't
create private data directory "/var/lib/tor"
Jun 08 21:07:46.783 [err] Reading config failed--see warnings above.
failed.
invoke-rc.d: initscript tor, action "start" failed.
Tor was unable to start due to configuration errors.
Please fix them and manually restart the tor daemon using
 ´service start tor´
Setting up torsocks (2.3.0-2) ...
Setting up tor-geoipdb (0.3.5.10-1) ...
Processing triggers for man-db (2.8.5-2) ...

Gruß
Stefan
Reply to: