[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
08/09: services: tor: Switch to 'least-authority-wrapper'.
From: |
guix-commits |
Subject: |
08/09: services: tor: Switch to 'least-authority-wrapper'. |
Date: |
Tue, 19 Jul 2022 12:58:08 -0400 (EDT) |
civodul pushed a commit to branch master
in repository guix.
commit fb868cd7794f15e21298e5bdea996fbf0dad17ca
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Tue Jul 19 16:26:53 2022 +0200
services: tor: Switch to 'least-authority-wrapper'.
* gnu/services/networking.scm (tor-configuration->torrc): Remove "User"
and "PidFile".
(tor-shepherd-service): Use 'least-authority-wrapper' and
'make-forkexec-constructor' instead of
'make-forkexec-constructor/container'.
---
gnu/services/networking.scm | 47 +++++++++++++++++++++++++++------------------
1 file changed, 28 insertions(+), 19 deletions(-)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index a9560db66b..b555c46040 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -918,9 +918,7 @@ applications in communication. It is used by Jami, for
example.")))
(lambda (port)
(display "\
### These lines were generated from your system configuration:
-User tor
DataDirectory /var/lib/tor
-PidFile /var/run/tor/tor.pid
Log notice syslog\n" port)
(when (eq? 'unix '#$socks-socket-type)
(display "\
@@ -960,7 +958,25 @@ HiddenServicePort ~a ~a~%"
"Return a <shepherd-service> running Tor."
(match config
(($ <tor-configuration> tor)
- (let ((torrc (tor-configuration->torrc config)))
+ (let* ((torrc (tor-configuration->torrc config))
+ (tor (least-authority-wrapper
+ (file-append tor "/bin/tor")
+ #:name "tor"
+ #:mappings (list (file-system-mapping
+ (source "/var/lib/tor")
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source "/dev/log") ;for syslog
+ (target source))
+ (file-system-mapping
+ (source "/var/run/tor")
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source torrc)
+ (target source)))
+ #:namespaces (delq 'net %namespaces))))
(with-imported-modules (source-module-closure
'((gnu build shepherd)
(gnu system file-systems)))
@@ -974,22 +990,15 @@ HiddenServicePort ~a ~a~%"
(modules '((gnu build shepherd)
(gnu system file-systems)))
- (start #~(make-forkexec-constructor/container
- (list #$(file-append tor "/bin/tor") "-f" #$torrc)
-
- #:log-file "/var/log/tor.log"
- #:mappings (list (file-system-mapping
- (source "/var/lib/tor")
- (target source)
- (writable? #t))
- (file-system-mapping
- (source "/dev/log") ;for syslog
- (target source))
- (file-system-mapping
- (source "/var/run/tor")
- (target source)
- (writable? #t)))
- #:pid-file "/var/run/tor/tor.pid"))
+ ;; XXX: #:pid-file won't work because the wrapped 'tor'
+ ;; program would print its PID within the user namespace
+ ;; instead of its actual PID outside. There's no inetd or
+ ;; systemd socket activation support either (there's
+ ;; 'sd_notify' though), so we're stuck with that.
+ (start #~(make-forkexec-constructor
+ (list #$tor "-f" #$torrc)
+ #:user "tor" #:group "tor"
+ #:log-file "/var/log/tor.log"))
(stop #~(make-kill-destructor))
(documentation "Run the Tor anonymous network overlay."))))))))
- branch master updated (d519305d83 -> dbf0987971), guix-commits, 2022/07/19
- 01/09: upstream: Sort '%updaters' alphabetically., guix-commits, 2022/07/19
- 02/09: gnu: commencement: Explicitly provide the source of 'tcc-boot'., guix-commits, 2022/07/19
- 03/09: gnu: tcc: Update to a83b285., guix-commits, 2022/07/19
- 04/09: home: Add -I, --list-installed option., guix-commits, 2022/07/19
- 09/09: gnu: clyrics: Update to 0.13., guix-commits, 2022/07/19
- 05/09: system: Add -I, --list-installed option., guix-commits, 2022/07/19
- 08/09: services: tor: Switch to 'least-authority-wrapper'.,
guix-commits <=
- 06/09: gnu: k3b: Fix build., guix-commits, 2022/07/19
- 07/09: gnu: k3b: Add inputs bash-minimal and cdrtools., guix-commits, 2022/07/19