[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Tor denied message /etc/torrc.d/95_whonix.conf after upgrade from Whonix 13 to Whonix 14

apparmor
tor

#1

Ok, everything went fine until final reboot.

So after starting ws-gw tor connection is off.

Some logs:

ERROR: Tor Pid Check Result:
Tor not running. (tor_pid_message: Pid file /var/run/tor/tor.pid does not exist.)
You have to fix this error, before you can use Tor.

So I checked:

ls -l /var/run/tor
total 0

ls -l /var/run/tor/tor.pida
ls: cannot access ‘/var/run/tor/tor.pid’: No such file or directory

Next (from “systemctl status tor@default.service” and “journalctl -xe”):

systemctl status tor@default.service

● tor@default.service - Anonymizing overlay network for TCP
Loaded: loaded (/lib/systemd/system/tor@default.service; static; vendor preset: enabled)
Drop-In: /lib/systemd/system/tor@default.service.d
└─40_obfs4proxy-workaround.conf, 50_controlsocket-workaround.conf
Active: failed (Result: exit-code) since Thu 2018-08-30 18:33:43 UTC; 1min 35s ago
Process: 2968 ExecStart=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc ----RunAsDaemon 0 (code=exited, status=1/FAILURE)
Process: 2964 ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config (code=exited, status=0/SUCCESS)
Process: 2963 ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /var/run/tor (code=exited, status=0/SUCCESS)
Main PID: 2968 (code=exited, status=1/FAILURE)

Aug 30 18:33:43 host systemd[1]: Failed to start Anonymizing overlay network for TCP.
Aug 30 18:33:43 host systemd[1]: tor@default.service: Unit entered failed state.
Aug 30 18:33:43 host systemd[1]: tor@default.service: Failed with result ‘exit-code’.
Aug 30 18:33:43 host systemd[1]: tor@default.service: Service hold-off time over, scheduling restart.
Aug 30 18:33:43 host systemd[1]: Stopped Anonymizing overlay network for TCP.
Aug 30 18:33:43 host systemd[1]: tor@default.service: Start request repeated too quickly.
Aug 30 18:33:43 host systemd[1]: Failed to start Anonymizing overlay network for TCP.
Aug 30 18:33:43 host systemd[1]: tor@default.service: Unit entered failed state.
Aug 30 18:33:43 host systemd[1]: tor@default.service: Failed with result ‘exit-code’.

Also (this is going on an on…):

Aug 30 18:33:42 host systemd[1]: Starting Anonymizing overlay network for TCP…
– Subject: Unit tor@default.service has begun start-up
– Defined-By: systemd
– Support: https://www.debian.org/support
**-- **
– Unit tor@default.service has begun starting up.
Aug 30 18:33:42 host tor[2964]: Aug 30 18:33:42.847 [notice] Tor 0.3.3.9 (git-ca1a436fa8e53a32) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.1.0f, Zlib 1.2.8, Liblzma 5.2.2, and Libzstd 1.1.2.
Aug 30 18:33:42 host tor[2964]: Aug 30 18:33:42.848 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Aug 30 18:33:42 host tor[2964]: Aug 30 18:33:42.849 [notice] Read configuration file “/usr/share/tor/tor-service-defaults-torrc”.
Aug 30 18:33:42 host tor[2964]: Aug 30 18:33:42.849 [notice] Read configuration file “/etc/tor/torrc”.
Aug 30 18:33:42 host tor[2964]: Aug 30 18:33:42.858 [warn] Option ‘DisableNetwork’ used more than once; all but the last value will be ignored.
Aug 30 18:33:42 host tor[2964]: Aug 30 18:33:42.858 [notice] You configured a non-loopback address ‘10.152.152.10:5300’ for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Aug 30 18:33:42 host tor[2964]: Aug 30 18:33:42.858 [notice] You configured a non-loopback address ‘10.152.152.10:9040’ for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Aug 30 18:33:42 host tor[2964]: Configuration was valid
Aug 30 18:33:43 host tor[2968]: Aug 30 18:33:43.377 [notice] Tor 0.3.3.9 (git-ca1a436fa8e53a32) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.1.0f, Zlib 1.2.8, Liblzma 5.2.2, and Libzstd 1.1.2.
Aug 30 18:33:43 host tor[2968]: Aug 30 18:33:43.379 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Aug 30 18:33:43 host tor[2968]: Aug 30 18:33:43.380 [notice] Read configuration file “/usr/share/tor/tor-service-defaults-torrc”.
Aug 30 18:33:43 host tor[2968]: Aug 30 18:33:43.380 [notice] Read configuration file “/etc/tor/torrc”.
Aug 30 18:33:43 host audit[2968]: AVC apparmor=“DENIED” operation=“open” profile=“system_tor” name="/etc/torrc.d/95_whonix.conf" pid=2968 comm=“tor” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Aug 30 18:33:43 host audit[2968]: SYSCALL arch=40000003 syscall=5 success=no exit=-13 a0=a2ad20 a1=88000 a2=0 a3=b7278000 items=1 ppid=1 pid=2968 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=“tor” exe="/usr/bin/tor" key=(null)
Aug 30 18:33:43 host audit: CWD cwd="/"
Aug 30 18:33:43 host audit: PATH item=0 name="/etc/torrc.d/95_whonix.conf" inode=3016178 dev=08:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL
Aug 30 18:33:43 host audit: PROCTITLE proctitle=2F7573722F62696E2F746F72002D2D64656661756C74732D746F727263002F7573722F73686172652F746F722F746F722D736572766963652D64656661756C74732D746F727263002D66002F6574632F746F722F746F727263002D2D52756E41734461656D6F6E0030
Aug 30 18:33:43 host tor[2968]: Aug 30 18:33:43.389 [warn] Could not open “/etc/torrc.d/95_whonix.conf”: Permission denied
Aug 30 18:33:43 host tor[2968]: Aug 30 18:33:43.389 [warn] Error reading included configuration file or directory: “/etc/torrc.d/95_whonix.conf”.
Aug 30 18:33:43 host tor[2968]: Aug 30 18:33:43.389 [err] Reading config failed–see warnings above.
Aug 30 18:33:43 host systemd[1]: tor@default.service: Main process exited, code=exited, status=1/FAILURE
Aug 30 18:33:43 host audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=tor@default comm=“systemd” exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed’
Aug 30 18:33:43 host systemd[1]: Failed to start Anonymizing overlay network for TCP.
– Subject: Unit tor@default.service has failed
– Defined-By: systemd
– Support: https://www.debian.org/support
**-- **
– Unit tor@default.service has failed.
**-- **
– The result is failed.
Aug 30 18:33:43 host systemd[1]: tor@default.service: Unit entered failed state.
Aug 30 18:33:43 host systemd[1]: tor@default.service: Failed with result ‘exit-code’.
Aug 30 18:33:43 host systemd[1]: tor@default.service: Service hold-off time over, scheduling restart.
Aug 30 18:33:43 host audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=tor@default comm=“systemd” exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success’
Aug 30 18:33:43 host systemd[1]: brltty.service: Cannot add dependency job, ignoring: Unit brltty.service is masked.
Aug 30 18:33:43 host audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=tor@default comm=“systemd” exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success’
Aug 30 18:33:43 host systemd[1]: Stopped Anonymizing overlay network for TCP.
– Subject: Unit tor@default.service has finished shutting down
– Defined-By: systemd
– Support: https://www.debian.org/support
**-- **
– Unit tor@default.service has finished shutting down.
Aug 30 18:33:43 host systemd[1]: tor@default.service: Start request repeated too quickly.
Aug 30 18:33:43 host systemd[1]: Failed to start Anonymizing overlay network for TCP.

I have checked network interfaces, it look ok (same as posted here).


Upgrade from 13 to 14 breaking Whonix every time
#2

Does your

/etc/apparmor.d/local/system_tor.anondist

and

/etc/apparmor.d/local/system_tor

Look the same? Should be. To check:

diff /etc/apparmor.d/local/system_tor /etc/apparmor.d/local/system_tor.anondist ; echo $?

Expected output: 0

Does your /etc/apparmor.d/local/system_tor look like https://raw.githubusercontent.com/Whonix/anon-gw-anonymizer-config/master/etc/apparmor.d/local/system_tor.anondist?


Upgrade from 13 to 14 breaking Whonix every time
#3

Yes and yes. Both files are the same, and look like the one from the link.