On Thu, Sep 07, 2023 at 02:12:36PM +0200, telekobold wrote: > I just want to share some quick bugfix with you (sorry if this is obvious to > you or has been written somewhere else). > > Suddenly, I got the following error messages on my two bridges running on > Debian 11 appearing in the logs (in /var/log/tor/notices.log and in the nyx > output) every second until a restart: > > <timestamp> [warn] Managed proxy "/usr/bin/obfs4proxy" process terminated > with status code 65280 > <timestamp> [warn] Server managed proxy encountered a method error. (obfs4 > listen tcp 0.0.0.0:443: bind: permission denied) > <timestamp> [warn] Managed proxy '/usr/bin/obfs4proxy' was spawned > successfully, but it didn't launch any pluggable transport listeners! > > When restarting the corresponding bridge, in the startup process the second > and the third of the above warning messages again appeared in the logs. So > obfs4 was suddenly not usable any more. Port 443 is not blocked in the > bridge's firewalls. > > A bit research reveled that apparently, an automatic update set the systemd > setting "NoNewPrivileges=no" in /lib/systemd/system/tor@default.service and > tor@.service [1] back to yes, which caused the above issue. After setting it > back and restarting, everything works fine now and instead of the warning > messages mentioned above, the following message appears in the log again: > > <timestamp> [notice] Registered server transport 'obfs4' at '[::]:443'
There's a better way to set `NoNewPrivileges=no` that will not get overwritten in an upgrade. Use a systemd override: https://bugs.torproject.org/tpo/core/tor/18356#note_2439960 ``` systemctl edit tor@.service tor@default.service ``` Enter this text in both editors that appear: ``` [Service] NoNewPrivileges=no ``` Then run ``` service tor restart ``` This will create files /etc/systemd/system/tor@.service.d/override.conf and /etc/systemd/system/tor@default.service.d/override.conf that will not be overwritten in an upgrade. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
