znoxx Posted July 18, 2017 Posted July 18, 2017 Hi! Just installed Orange Pi Zero Armbian (xenial stable legacy kernel - I still want some internal wifi ) But, tor package from default repository is failing. Error: Jul 18 22:36:52 localhost systemd[7985]: tor@default.service: Failed at step NO_NEW_PRIVILEGES spawning /usr/bin/tor: Invalid argument Jul 18 22:36:52 localhost systemd[1]: tor@default.service: Main process exited, code=exited, status=227/NO_NEW_PRIVILEGES This applies to default tor version and tor version from repository of torproject.org (https://www.torproject.org/docs/debian.html.en) System info: orangepizero:~$ uname -a Linux orangepizero 3.4.113-sun8i #18 SMP PREEMPT Thu Jun 15 02:16:06 CEST 2017 armv7l armv7l armv7l GNU/Linux orangepizero:~$ cat /etc/armbian-release # PLEASE DO NOT EDIT THIS FILE BOARD=orangepizero BOARD_NAME="Orange Pi Zero" VERSION=5.31 LINUXFAMILY=sun8i BRANCH=default ARCH=arm IMAGE_TYPE=stable Exactly the same issue is here: http://tor-bugs.torproject.narkive.com/C3javj0U/17713-tor-debian-8-2-latest-tor-package-tor-0-2-7-5-1-d80-jessie-1-amd64-deb-fails-on-start-with-no- We have 0.2.7.6 i guess, but symptoms are the same. Tried "haveged-like" fix with NoNewPrivileges=yes - it just fails immediately with same error. Removing this options lets tor process to run for 5-7 seconds. Thanks in advance for handling this if possible.
zador.blood.stained Posted July 19, 2017 Posted July 19, 2017 10 hours ago, znoxx said: Tried "haveged-like" fix with NoNewPrivileges=yes - it just fails immediately with same error. This means that "NoNewPrivileges" option is not correctly applied to the TOR service. What file did you add it to? Did you reload the systemd configuration? Edit: You need to add something like [Service] NoNewPrivileges=no to a new file - /etc/systemd/system/tor@.service.d/10-no-new-privileges.conf this should apply this setting to all TOR instances. "sudo systemctl daemon-reload" is required to reload the configuration after changing. Upstream Debian Jessie relies on kernel 3.16, Ubuntu Xenial - on kernel 4.4. "NoNewPrivileges" option tries to use kernel features that are not present in kernel 3.4, so it has to be disabled first. 1
znoxx Posted July 19, 2017 Author Posted July 19, 2017 @zador.blood.stained I will definitely try to do this, tried "reversal approach" with "=yes" =) Will check ASAP.
Recommended Posts