[tor-dev] Fwd: Intent to Ship: 3rd Party Install Tracking

Another thing to remove/disable from Tor Browser "Mini" (aka Orfox)... - Original message - From: Mark Finkle To: "mobile-firefox-...@mozilla.org" , "dev-platform" Subject: Intent to Ship: 3rd Party Install Tracking Date: Wed, 18 Mar 2015 14:28:57 -0400 We wanted to start some transpar

Re: [tor-dev] What's the explanation for weekly cycles in user graphs?

On Wed, Mar 18, 2015 at 12:41:55PM +0100, Philipp Winter wrote: > On Tue, Mar 17, 2015 at 06:09:00PM -0700, David Fifield wrote: > > You can eyeball more examples in the omni-graph: > > https://people.torproject.org/~dcf/graphs/relays-all.pdf > > That's a really useful overview! It would be great

Re: [tor-dev] what capabilities does tor need for reloading?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > so the somewhat obvious fix was to add "CAP_KILL". after reading: man capabilities: > Bypass permission checks for sending signals (see kill(2)). This > includes use of the ioctl(2) KDSIGACCEPT operation. I'm not entirely sure since that sounds

Re: [tor-dev] what capabilities does tor need for reloading?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > 'systemctl reload tor' fails due to hardening restrictions in tor's > systemd service file [1]: > > CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE This configuration restricts not only the service (tor) but also the ExecReload

Re: [tor-dev] what capabilities does tor need for reloading?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > strace output when I trigger the reload via systemctl: [...] sorry that output was actually not caused by the systemctl reload command, using strace I just found out that tor exits on its own and gets restarted by systemd's watchdog... ok more f

Re: [tor-dev] what capabilities does tor need for reloading?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Nick, thanks for your answer. >> What capability would one have to add to the list to make it work >> with CapabilityBoundingSet? > > It probably depends on what's in your configuration. torrc file while testing: User debian-tor DataDirectory

Re: [tor-dev] what capabilities does tor need for reloading?

On Wed, Mar 18, 2015 at 6:15 AM, Nusenu wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Hi, > > 'systemctl reload tor' > fails due to hardening restrictions in tor's systemd service file [1]: > > CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE > > Removing that li

Re: [tor-dev] What's the explanation for weekly cycles in user graphs?

On Tue, Mar 17, 2015 at 06:09:00PM -0700, David Fifield wrote: > You can eyeball more examples in the omni-graph: > https://people.torproject.org/~dcf/graphs/relays-all.pdf That's a really useful overview! It would be great if we could include that on the metrics page. > Is there a usual story w

[tor-dev] #15349 Symbol "str_tools" not defined "Tortoise and the Hare" tutorial's script.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi everyone, I opened the ticket #15349 about a bug in the "Tortoise and the Hare" stem tutorial's script. I think I've found the solution to it and I attached the corrected script to the ticket. I hope it helps. May I expect some kind of feedbac

[tor-dev] what capabilities does tor need for reloading?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, 'systemctl reload tor' fails due to hardening restrictions in tor's systemd service file [1]: CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE Removing that line "solves" the reload issue. Reloading with that line does not ge