Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#41670 - [tor] Add further permission restrictions in the systemd service files.
Attached to Project:
Community Packages
Opened by Steven (Stebalien) - Saturday, 23 August 2014, 21:18 GMT
Last edited by Lukas Fleischer (lfleischer) - Friday, 09 January 2015, 13:37 GMT
Opened by Steven (Stebalien) - Saturday, 23 August 2014, 21:18 GMT
Last edited by Lukas Fleischer (lfleischer) - Friday, 09 January 2015, 13:37 GMT
|
DetailsSpecifically, the following options can be added to further sandbox tor:
ProtectSystem=full # Shouldn't be necessary as tor isn't running as root but doesn't hurt. ProtectHome=true # Hide user files. PrivateTmp=true # Hide the shared /tmp NoNewPrivileges=true # This will prevent tor from doing things like executing SETUID programs. |
This task depends upon
Closed by Lukas Fleischer (lfleischer)
Friday, 09 January 2015, 13:37 GMT
Reason for closing: Upstream
Friday, 09 January 2015, 13:37 GMT
Reason for closing: Upstream
[1] https://gitweb.torproject.org/tor.git/blob/HEAD:/contrib/dist/tor.service.in