On Tue, Jan 14, 2020 at 08:56:50AM +0000, Peter Palfrader wrote: > Great. So if you want your service to be able to gain extra privileges, > you set NoNewPrivileges to false in your local override file.
Thanks for the hint about an override file. That's better than editing /lib/systemd/system/tor@* because it will survive upgrades of the tor package. For the benefit of anyone who finds this bug report, here is what I did to use an override or "drop-in" file. https://bugs.torproject.org/18356#comment:10 $ systemctl edit [email protected] [email protected] In the first editor that appears, enter the following text, then save and quit: [Service] NoNewPrivileges=no A second editor will appear. Enter the same text, then save and quit. [Service] NoNewPrivileges=no If all goes well, you will have two new files under /etc: /etc/systemd/system/[email protected]/override.conf /etc/systemd/system/[email protected]/override.conf Restart tor. There is no need to run "systemctl daemon-reload". $ service tor restart
