tor/contrib/dist/tor.service.in

# tor.service -- this systemd configuration file for Tor sets up a
# relatively conservative, hardened Tor service.  You may need to
# edit it if you are making changes to your Tor configuration that it
# does not allow.  Package maintainers: this should be a starting point
# for your tor.service; it is not the last point.

[Unit]
Description = Anonymizing overlay network for TCP
After = syslog.target network.target nss-lookup.target

[Service] Type = notify NotifyAccess = all ExecStartPre = @BINDIR@/tor
-f @CONFDIR@/torrc --verify-config ExecStart = @BINDIR@/tor -f
@CONFDIR@/torrc ExecReload = /bin/kill -HUP ${MAINPID} KillSignal =
SIGINT TimeoutSec = 30 Restart = on-failure WatchdogSec = 1m
LimitNOFILE = 32768

# Hardening
PrivateTmp = yes
PrivateDevices = yes
ProtectHome = yes
ProtectSystem = full
ReadOnlyDirectories = /
ReadWriteDirectories = -@LOCALSTATEDIR@/lib/tor
ReadWriteDirectories = -@LOCALSTATEDIR@/log/tor
NoNewPrivileges = yes
CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE

[Install]
WantedBy = multi-user.target
Added a comment to tor.service.in This explains that if you change your torrc to do more, you might need to change tor.service.in to allow it. See #15195. 2015-03-12 13:11:53 -04:00			`# tor.service -- this systemd configuration file for Tor sets up a`
			`# relatively conservative, hardened Tor service. You may need to`
			`# edit it if you are making changes to your Tor configuration that it`
			`# does not allow. Package maintainers: this should be a starting point`
			`# for your tor.service; it is not the last point.`

Add contrib/tor.service for use with systemd 2014-04-21 14:47:44 +01:00			`[Unit]`
			`Description = Anonymizing overlay network for TCP`
			`After = syslog.target network.target nss-lookup.target`

Forward-port changelog and releasenotes 2015-03-17 10:54:38 -04:00			`[Service] Type = notify NotifyAccess = all ExecStartPre = @BINDIR@/tor`
			`-f @CONFDIR@/torrc --verify-config ExecStart = @BINDIR@/tor -f`
			`@CONFDIR@/torrc ExecReload = /bin/kill -HUP ${MAINPID} KillSignal =`
			`SIGINT TimeoutSec = 30 Restart = on-failure WatchdogSec = 1m`
Add contrib/tor.service for use with systemd 2014-04-21 14:47:44 +01:00			`LimitNOFILE = 32768`

			`# Hardening`
			`PrivateTmp = yes`
Use PrivateDevices instead of DeviceAllow See 13805 2014-11-28 12:36:17 -05:00			`PrivateDevices = yes`
Use ProtectHome instead of InaccessibleDirectories See 13805 2014-11-28 12:36:56 -05:00			`ProtectHome = yes`
Add ProtectSystem = full See 13805 2014-11-28 12:41:23 -05:00			`ProtectSystem = full`
systemd unit file: only allow tor to write to /var/lib/tor and /var/log/tor (#12751). The rest of the filesystem is accessible for reading only. Still, quoting systemd.exec(5): Note that restricting access with these options does not extend to submounts of a directory that are created later on. 2014-08-27 03:05:12 +00:00			`ReadOnlyDirectories = /`
Prefix ReadWriteDirectories with a "-" so if they don't exist it's not an error See 13805 2014-11-28 12:38:40 -05:00			`ReadWriteDirectories = -@LOCALSTATEDIR@/lib/tor`
			`ReadWriteDirectories = -@LOCALSTATEDIR@/log/tor`
systemd unit file: ensures that the process and all its children can never gain new privileges (#12939). 2014-08-27 03:18:26 +00:00			`NoNewPrivileges = yes`
systemd changes for 13805 as recommened by Tomasz on that ticket. 2015-01-11 11:26:08 -05:00			`CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE`
Add contrib/tor.service for use with systemd 2014-04-21 14:47:44 +01:00
			`[Install]`
			`WantedBy = multi-user.target`