[tor-bugs] #17713 [Tor]: Debian 8.2 latest tor package tor_0.2.7.5-1~d80.jessie+1_amd64.deb fails on start with "NO_NEW

Discussion:

[tor-bugs] #17713 [Tor]: Debian 8.2 latest tor package tor_0.2.7.5-1~d80.jessie+1_amd64.deb fails on start with "NO_NEW_PRIVILEGES"

Tor Bug Tracker & Wiki

2015-11-27 11:34:33 UTC

Permalink

#17713: Debian 8.2 latest tor package tor_0.2.7.5-1~d80.jessie+1_amd64.deb fails on
start with "NO_NEW_PRIVILEGES"
------------------------+----------------------------------
Reporter: DeS | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor | Version: Tor: 0.2.7.5
Severity: Normal | Keywords: NO_NEW_PRIVILEGES VM
Actual Points: | Parent ID:
Points: | Sponsor:
------------------------+----------------------------------
Hello,
I operate a tor middle node since several years on a VM in a datacenter.
The VM is running Debian Jessie 8.2.
Up to now I never had a problem.
After Upgrade to the lates 0.2.7.5.-1 package the tor service does not
start anymore.
See below the syslog information. There is no info in the tor server log

{{{
Nov 27 10:22:19 vmd tor[11811]: Nov 27 10:22:19.381 [notice] Read
configuration file "/etc/tor/torrc".
Nov 27 10:22:19 vmd tor[11811]: Nov 27 10:22:19.383 [notice] Based on
detected system memory, MaxMemInQueues is set to 2976 MB. You can override
this by setting MaxMemInQueues by hand.
Nov 27 10:22:19 vmd tor[11811]: Configuration was valid
Nov 27 10:22:19 vmd systemd[11814]: Failed at step NO_NEW_PRIVILEGES
spawning /usr/bin/tor: Invalid argument
Nov 27 10:22:19 vmd systemd[1]: ***@default.service: main process exited,
code=exited, status=227/NO_NEW_PRIVILEGES
Nov 27 10:22:19 vmd systemd[1]: Failed to start Anonymizing overlay
network for TCP.
Nov 27 10:22:19 vmd systemd[1]: Unit ***@default.service entered failed
state.
Nov 27 10:22:19 vmd systemd[1]: ***@default.service start request repeated
too quickly, refusing to start.
Nov 27 10:22:19 vmd systemd[1]: Failed to start Anonymizing overlay
network for TCP.
Nov 27 10:22:19 vmd systemd[1]: Unit ***@default.service entered failed
state.
}}}

Reinstalling the old version 0.2.5.12-1 fixed the Problem.
On another metal maschine I do not experience this problem running several
exits.

Might have something to do with the KVM based virtualization. But this is
just an guess.
Let me know if you need more information

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17713>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

Tor Bug Tracker & Wiki

2015-11-29 16:12:34 UTC

Permalink

#17713: Debian 8.2 latest tor package tor_0.2.7.5-1~d80.jessie+1_amd64.deb fails on
start with "NO_NEW_PRIVILEGES"
----------------------------------+------------------------------
Reporter: DeS | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor | Version: Tor: 0.2.7.5
Severity: Normal | Resolution:
Keywords: NO_NEW_PRIVILEGES VM | Actual Points:
Parent ID: | Points:
Sponsor: |
----------------------------------+------------------------------

Comment (by stemid):

I also have this issue on Debian 8.2 with Tor 0.2.7.5-1 using systemd.

I managed to get around this particular error by overriding
`NoNewPrivileges=no` in
`/etc/systemd/system/***@default.service.d/workaround.conf` and doing
`systemctl daemon-reload` before restarting tor.

However this resulted in new issues with systemctl hanging indefinitely,
and whether I leave the systemctl command running, or if I interrupt it,
this results in a state where tor service keeps being interrupted every
minute.

{{{
Nov 29 17:09:43 vpn.domain Tor[8239]: Self-testing indicates your DirPort
is reachable from the outside. Excellent.
Nov 29 17:11:34 vpn.domain systemd[1]: ***@default.service start operation
timed out. Terminating.
Nov 29 17:11:34 vpn.domain Tor[8239]: Interrupt: we have stopped accepting
new connections, and will shut down in 30 seconds. Interrupt again to exit
now.
}}}

And this repeats, over and over.

Seems to me these issues are in jessie/systemd, not any hypervisor.

The latest issue now is that the service keeps being interrupted every
minute and restarting.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17713#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

Tor Bug Tracker & Wiki

2015-12-01 15:21:27 UTC

Permalink

Tor Bug Tracker & Wiki

2015-12-09 19:53:20 UTC

Permalink

#17713: Debian 8.2 latest tor package tor_0.2.7.5-1~d80.jessie+1_amd64.deb fails on
start with "NO_NEW_PRIVILEGES"
-------------------------------------------------+-------------------------
Reporter: DeS | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
Component: Tor | 0.2.7.x-final
Severity: Normal | Version: Tor:
Keywords: NO_NEW_PRIVILEGES, VM, | 0.2.7.5
TorCoreTeam201512 | Resolution:
Parent ID: | Actual Points:
Sponsor: | Points:
-------------------------------------------------+-------------------------

Comment (by weasel):

Which kernels are you on?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17713#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

Tor Bug Tracker & Wiki

2015-12-09 19:53:49 UTC

Permalink

#17713: Debian 8.2 latest tor package tor_0.2.7.5-1~d80.jessie+1_amd64.deb fails on
start with "NO_NEW_PRIVILEGES"
-------------------------------------------------+-------------------------
Reporter: DeS | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
Component: Tor | 0.2.7.x-final
Severity: Normal | Version: Tor:
Keywords: NO_NEW_PRIVILEGES, VM, | 0.2.7.5
TorCoreTeam201512 | Resolution:
Parent ID: | Actual Points:
Sponsor: | Points:
-------------------------------------------------+-------------------------
Changes (by weasel):

* cc: weasel (added)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17713#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

Tor Bug Tracker & Wiki

2015-12-09 19:55:49 UTC

Permalink

#17713: Debian 8.2 latest tor package tor_0.2.7.5-1~d80.jessie+1_amd64.deb fails on
start with "NO_NEW_PRIVILEGES"
-------------------------------------------------+-------------------------
Reporter: DeS | Owner:
Type: defect | Status:
Priority: Medium | needs_information
Component: Tor | Milestone: Tor:
Severity: Normal | 0.2.7.x-final
Keywords: NO_NEW_PRIVILEGES, VM, | Version: Tor:
TorCoreTeam201512 | 0.2.7.5
Parent ID: | Resolution:
Sponsor: | Actual Points:
| Points:
-------------------------------------------------+-------------------------
Changes (by nickm):

* status: new => needs_information

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17713#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

Tor Bug Tracker & Wiki

2015-12-09 19:57:21 UTC

Permalink

#17713: Debian 8.2 latest tor package tor_0.2.7.5-1~d80.jessie+1_amd64.deb fails on
start with "NO_NEW_PRIVILEGES"
-----------------------------------+------------------------------------
Reporter: DeS | Owner:
Type: defect | Status: needs_information
Priority: Medium | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: 0.2.7.5
Severity: Normal | Resolution:
Keywords: NO_NEW_PRIVILEGES, VM | Actual Points:
Parent ID: | Points:
Sponsor: |
-----------------------------------+------------------------------------
Changes (by nickm):

* keywords: NO_NEW_PRIVILEGES, VM, TorCoreTeam201512 => NO_NEW_PRIVILEGES,
VM

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17713#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

Tor Bug Tracker & Wiki

2015-12-10 09:52:57 UTC

Permalink

#17713: Debian 8.2 latest tor package tor_0.2.7.5-1~d80.jessie+1_amd64.deb fails on
start with "NO_NEW_PRIVILEGES"
-----------------------------------+------------------------------------
Reporter: DeS | Owner:
Type: defect | Status: needs_information
Priority: Medium | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: 0.2.7.5
Severity: Normal | Resolution:
Keywords: NO_NEW_PRIVILEGES, VM | Actual Points:
Parent ID: | Points:
Sponsor: |
-----------------------------------+------------------------------------

Comment (by DeS):

The Server is running on: 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u1
x86_64 GNU/Linux

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17713#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

Tor Bug Tracker & Wiki

2015-12-10 09:53:42 UTC

Permalink

#17713: Debian 8.2 latest tor package tor_0.2.7.5-1~d80.jessie+1_amd64.deb fails on
start with "NO_NEW_PRIVILEGES"
-----------------------------------+------------------------------------
Reporter: DeS | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: 0.2.7.5
Severity: Normal | Resolution:
Keywords: NO_NEW_PRIVILEGES, VM | Actual Points:
Parent ID: | Points:
Sponsor: |
-----------------------------------+------------------------------------
Changes (by DeS):

* status: needs_information => new

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17713#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

Tor Bug Tracker & Wiki

2015-12-10 09:58:16 UTC

Permalink

#17713: Debian 8.2 latest tor package tor_0.2.7.5-1~d80.jessie+1_amd64.deb fails on
start with "NO_NEW_PRIVILEGES"
-----------------------------------+------------------------------------
Reporter: DeS | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: 0.2.7.5
Severity: Normal | Resolution:
Keywords: NO_NEW_PRIVILEGES, VM | Actual Points:
Parent ID: | Points:
Sponsor: |
-----------------------------------+------------------------------------

Comment (by weasel):

Interesting. Does it also happen on a jessie kernel?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17713#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

Tor Bug Tracker & Wiki

2015-12-17 19:54:48 UTC

Permalink

#17713: Debian 8.2 latest tor package tor_0.2.7.5-1~d80.jessie+1_amd64.deb fails on
start with "NO_NEW_PRIVILEGES"
-----------------------------------+------------------------------------
Reporter: DeS | Owner:
Type: defect | Status: needs_information
Priority: Medium | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: 0.2.7.5
Severity: Normal | Resolution:
Keywords: NO_NEW_PRIVILEGES, VM | Actual Points:
Parent ID: | Points:
Sponsor: |
-----------------------------------+------------------------------------
Changes (by nickm):

* status: new => needs_information

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17713#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

Tor Bug Tracker & Wiki

2015-12-18 21:33:45 UTC

Permalink

#17713: Debian 8.2 latest tor package tor_0.2.7.5-1~d80.jessie+1_amd64.deb fails on
start with "NO_NEW_PRIVILEGES"
-----------------------------------+------------------------------------
Reporter: DeS | Owner:
Type: defect | Status: needs_information
Priority: Medium | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: 0.2.7.5
Severity: Normal | Resolution:
Keywords: NO_NEW_PRIVILEGES, VM | Actual Points:
Parent ID: | Points:
Sponsor: |
-----------------------------------+------------------------------------

Comment (by DeS):

Yes that is an Jessie Kernel. See Comment 8.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17713#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

Tor Bug Tracker & Wiki

2015-12-18 21:48:05 UTC

Permalink

#17713: Debian 8.2 latest tor package tor_0.2.7.5-1~d80.jessie+1_amd64.deb fails on
start with "NO_NEW_PRIVILEGES"
-----------------------------------+------------------------------------
Reporter: DeS | Owner:
Type: defect | Status: needs_information
Priority: Medium | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: 0.2.7.5
Severity: Normal | Resolution:
Keywords: NO_NEW_PRIVILEGES, VM | Actual Points:
Parent ID: | Points:
Sponsor: |
-----------------------------------+------------------------------------

Comment (by weasel):

That's not a jessie kernel. That's a wheezy kernel, and one that is
several updates behind as well.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17713#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

Tor Bug Tracker & Wiki

2015-12-18 22:49:55 UTC

Permalink

#17713: Debian 8.2 latest tor package tor_0.2.7.5-1~d80.jessie+1_amd64.deb fails on
start with "NO_NEW_PRIVILEGES"
-----------------------------------+------------------------------------
Reporter: DeS | Owner:
Type: defect | Status: closed
Priority: Medium | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: 0.2.7.5
Severity: Normal | Resolution: not a bug
Keywords: NO_NEW_PRIVILEGES, VM | Actual Points:
Parent ID: | Points:
Sponsor: |
-----------------------------------+------------------------------------
Changes (by DeS):

* status: needs_information => closed
* resolution: => not a bug

Comment:

Ohhhhhhhhh. O.k. Seems out of some reason my kernel got never updated.
Installing the correct Jessie Kernel solved the problem for the Tor
package as well.
Issue resolved. User error.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17713#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online