port anon-ws-disable-stacked-tor to systemd socket activation

For socat there is quite likely a solution to avoid starting unneeded ones:

https://phabricator.whonix.org/T623

Working on that now.

1 Like

Made a ton of progress.


In essence, by using systemd socket activation only the required socket redirection services will be started on demand which should save a lot a lot RAM.


https://github.com/Whonix/anon-ws-disable-stacked-tor/blob/master/usr/share/anon-ws-disable-stacked-tor/systemd-unit-files-generator auto generates all the systemd unit service and socket files. For now, supposed to be run manually at package build time.

Here is the list of all the generated systemd unit files:

anon-ws-disable-stacked-tor/lib/systemd/system at master · Whonix/anon-ws-disable-stacked-tor · GitHub

Port redirection is already functional. Example systemd unit files:

Test from workstation:

nc 127.0.0.1 9051

Type some Tor Control Protocol command such as SIGNAL NEWNYM.

Unix domain socket file based redirection does not work yet. So in effect Tor Browser does not work yet.

Somehow ListenStream=/var/run/anon-ws-disable-stacked-tor/127.0.0.1_9051.sock does not create a unix domain socket file. Any idea?

2 Likes

Just needs adding

SocketUser=debian-tor

Wondering about other man page options we should set?

https://www.freedesktop.org/software/systemd/man/systemd.socket.html


Anyone any good with octals regarding chmod such as chmod 02700 /var/lib/tor ring any bell? I must admit, I never understood the octals and used chmod o+r etc.

anon-ws-disable-stacked-tor in essence is a Tor emulation running on the workstation forwarding it to the gateway. Therefore I need to know…

What is the chmod octal of…?

  • /var/run/tor/ folder?
  • /var/run/tor/socks?
  • /var/run/tor/control?
  • /var/run/tor/control.authcookie?
  • /var/run/tor/log?
  • /var/run/tor/socks?
  • /var/run/tor/tor.pid?
1 Like
find /var/run/tor/
/var/run/tor/
/var/run/tor/control
/var/run/tor/socks
/var/run/tor/control.authcookie
/var/run/tor/tor.pid
/var/run/tor/log
user@host:~$ find /var/run/tor/ | xargs stat --format '%a' 
2755
660
666
640
644
640
/var/run/tor/ 2755
/var/run/tor/control 660
/var/run/tor/socks 666
/var/run/tor/control.authcookie 640
/var/run/tor/tor.pid 644
/var/run/tor/log 640

This is now done. When updated anon-ws-disable-stacked-tor package is uploaded we need to carefully check for regressions in connectivity.

It might be that Tor Browser is starting up slower due to this but it may be unrelated.

3 Likes

Upload done just now.

3 Likes