Page MenuHomePhorge

Use /lib/systemd/system/tor@service.d instead
Open, NormalPublic

Description

We want to executing some scripts before starting Tor. For example, script that fix the missing file and directory or script that shows detailed Tor configuration report.

However, a drop-in file in /lib/systemd/system/tor@default.service.d may not work as expected. This is because, before executing the drop-in file, tor@default.service will check the tor configuration. If the --verify-config return non-zero, the tor@default.service will just fail and stop further executing, without giving the drop-in file a chance to fix the problem.

user@host:~$ grep -i "execstartpre" /lib/systemd/system/tor@default.service
ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /var/run/tor
ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config

Patrick proposed a workaround that:

we can extend /lib/systemd/system/tor.service with ExecStartPre=... systemd unit file drop-in instead.
[...]
Maybe we shouldn’t tell users to engage with sudo systemctl restart tor@default.service directly but use sudo systemctl restart tor.service instead.

This approach has been used by Qubes:

user@host:~$ ls -l /lib/systemd/system/tor.service.d
total 8
-rw-r--r-- 1 root root  90 Feb 22 11:49 30_qubes.conf
-rw-r--r-- 1 root root 313 Oct 21  2015 40_qubes.conf

Details

Impact
Normal