systemd support
Details
Nov 6 2019
This was done. If not, please create specific tickets where it isn't done.
Jul 8 2019
Removed a few. Would not start without openat, so kept.
Yay, we have ProtectSystem=strict now.
Jul 7 2019
Yay, we have ProtectSystem=strict now.
Can we exclude ExecStartPre=/usr/lib/onion-grater-merger from systemd hardening?
Error back after reboot.
Jul 6 2019
https://github.com/Whonix/onion-grater/blob/master/lib/systemd/system/onion-grater.service currently works without ReadWritePaths. So let's not add?
https://github.com/Whonix/onion-grater/blob/master/lib/systemd/system/onion-grater.service currently works without ReadWritePaths. So let's not add?
Jul 4 2019
It's a file, not a folder.
It's a file, not a folder. Nothing in the code of
/usr/lib/onion-grater-merger writes to /usr/lib/onion-grater-merger.
Jul 3 2019
I just re-read the error message. Try adding
That's weird. Onion-grater is trying to write to somewhere that's being mounted read-only by systemd.
Jul 1 2019
Merged your changes.
Jun 24 2019
Jun 23 2019
Does it work after you comment ProtectSystem=strict and ReadWriteDirectories=? I think on Qubes-Whonix it is trying to write to a directory in /var/run (probably /var/run/qubes-service). I can't test as I don't use Qubes.
Unfortunately not. On Qubes-Whonix. Could be Non-Qubes-Whonix vs
Qubes-Whonix?
Does it work using this? It looks like it needs the openat syscall which it now allows.
Does not work yet. @madaidan
Dec 9 2018
Dec 7 2018
Sep 18 2018
Actually, the "apt-daily.timer: Adding 1h 17min 24.927437s random time" message have real impact, not only noise. Each time sdwdate change time, systemd adds a random delay to those timers. which means the timer will never expire (unless that random delay will happen to be very close to 0 - i.e. below the time until sdwdate change the time, which looks to be 1s).
Aug 15 2018
Jul 25 2018
This is sorted in a later version of systemd.
Mar 7 2018
Feb 6 2018
Jul 23 2017
Jul 11 2017
All yes.
sudo netstal -tulpen
JasonJAyalaP (Jason J. Ayala P.):
JasonJAyalaP added a comment.
sudo apt-get remove control-port-filter-python It wants to remove everything. I don't think 'Replaces' worked.
sudo service tor-controlport-filter stop
sudo service onion-grater start
same failure
if i try
sudo apt-get remove control-port-filter-python
It wants to remove everything. I don't think 'Replaces' worked.
Jul 9 2017
Probably tor-controlport-filter systemd unit file (the old one) still
running and blocking the onion-grater systemd unit file.
Jul 7 2017
Python is choking on the line:
server = FilteredControlPortProxy(address, FilteredControlPortProxyHandler)
Jul 6 2017
sudo journalctl -u onion-grater
Jul 5 2017
sudo service onion-grater status just tells me that it failed to load. Any clues about how to debug this?
Jul 1 2017
Should be even easier since onion-grater debian/control contains
Replaces: control-port-filter-python. So just installing onion-grater
should do.
Question: To install OG in whonix 14 dev, so I simply pull the repo, make deb-icup, stop the old tor control port filter proxy, and start onion grater?
Jun 27 2017
They happily take it if we contribute it.
Tails didn't feel the need to use system call filtering?
Jun 26 2017
Using the hardening broke Tails? What do you mean?
Jun 25 2017
I haven't tested it yet and unfortunately I'm very busy these days, so cpfp apparmor work is up for grabs.