tor/contrib/dist/tor.service.in

[Unit]
Description = Anonymizing overlay network for TCP
After = syslog.target network.target nss-lookup.target

[Service]
Type = notify
NotifyAccess = all
ExecStartPre = @BINDIR@/tor -f @CONFDIR@/torrc --verify-config
ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc
ExecReload = /bin/kill -HUP ${MAINPID}
KillSignal = SIGINT
TimeoutSec = 30
Restart = on-failure
WatchdogSec = 1m
LimitNOFILE = 32768

# Hardening
PrivateTmp = yes
PrivateDevices = yes
ProtectHome = yes
ProtectSystem = full
ReadOnlyDirectories = /
ReadWriteDirectories = -@LOCALSTATEDIR@/lib/tor
ReadWriteDirectories = -@LOCALSTATEDIR@/log/tor
NoNewPrivileges = yes
CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE

[Install]
WantedBy = multi-user.target
Add contrib/tor.service for use with systemd 2014-04-21 14:47:44 +01:00			`[Unit]`
			`Description = Anonymizing overlay network for TCP`
			`After = syslog.target network.target nss-lookup.target`

			`[Service]`
send PID of the main daemon to supervisor If running under systemd, notify the supervisor about current PID of Tor daemon. This makes systemd unit simpler and more robust: it will do the right thing regardless of RunAsDaemon settings. 2015-01-09 22:17:50 +01:00			`Type = notify`
			`NotifyAccess = all`
Verify configuration file via ExecStartPre in the systemd unit file (#12730). 2014-07-29 12:13:01 +00:00			`ExecStartPre = @BINDIR@/tor -f @CONFDIR@/torrc --verify-config`
systemd changes for 13805 as recommened by Tomasz on that ticket. 2015-01-11 11:26:08 -05:00			`ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc`
Add contrib/tor.service for use with systemd 2014-04-21 14:47:44 +01:00			`ExecReload = /bin/kill -HUP ${MAINPID}`
			`KillSignal = SIGINT`
			`TimeoutSec = 30`
			`Restart = on-failure`
fix and enable systemd watchdog There were following problems: - configure.ac wrongly checked for defined HAVE_SYSTEMD; this wasn't working, so the watchdog code was not compiled in. Replace library search with explicit version check - sd_notify() watchdog call was unsetting NOTIFY_SOCKET from env; this means only first "watchdog ping" was delivered, each subsequent one did not have socket to be sent to and systemd was killing service - after those fixes, enable Watchdog in systemd unit with one minute intervals 2015-01-09 23:42:16 +01:00			`WatchdogSec = 1m`
Add contrib/tor.service for use with systemd 2014-04-21 14:47:44 +01:00			`LimitNOFILE = 32768`

			`# Hardening`
			`PrivateTmp = yes`
Use PrivateDevices instead of DeviceAllow See 13805 2014-11-28 12:36:17 -05:00			`PrivateDevices = yes`
Use ProtectHome instead of InaccessibleDirectories See 13805 2014-11-28 12:36:56 -05:00			`ProtectHome = yes`
Add ProtectSystem = full See 13805 2014-11-28 12:41:23 -05:00			`ProtectSystem = full`
systemd unit file: only allow tor to write to /var/lib/tor and /var/log/tor (#12751). The rest of the filesystem is accessible for reading only. Still, quoting systemd.exec(5): Note that restricting access with these options does not extend to submounts of a directory that are created later on. 2014-08-27 03:05:12 +00:00			`ReadOnlyDirectories = /`
Prefix ReadWriteDirectories with a "-" so if they don't exist it's not an error See 13805 2014-11-28 12:38:40 -05:00			`ReadWriteDirectories = -@LOCALSTATEDIR@/lib/tor`
			`ReadWriteDirectories = -@LOCALSTATEDIR@/log/tor`
systemd unit file: ensures that the process and all its children can never gain new privileges (#12939). 2014-08-27 03:18:26 +00:00			`NoNewPrivileges = yes`
systemd changes for 13805 as recommened by Tomasz on that ticket. 2015-01-11 11:26:08 -05:00			`CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE`
Add contrib/tor.service for use with systemd 2014-04-21 14:47:44 +01:00
			`[Install]`
			`WantedBy = multi-user.target`