Eu tentei configurar um nó de relé tor no meu servidor executando o debian squeeze com contêineres linux para melhor manutenibilidade. A instalação do repositório principal e do repositório tor falhou. Em debug.log, há apenas uma mensagem de erro:
Sep 20 21:24:12.402 [notice] Tor 0.2.2.39 (git-2f7e71c2e896772f) opening log file.
Sep 20 21:24:12.402 [info] tor_lockfile_lock(): Locking "/var/lib/tor/lock"
Sep 20 21:24:12.402 [debug] parse_dir_server_line(): Trusted 4 dirserver at 128.31.0.39:9131 (9695)
Sep 20 21:24:12.402 [debug] parse_dir_server_line(): Trusted 15 dirserver at 86.59.21.38:80 (847B)
Sep 20 21:24:12.402 [debug] parse_dir_server_line(): Trusted 6 dirserver at 194.109.206.212:80 (7EA6)
Sep 20 21:24:12.402 [debug] parse_dir_server_line(): Trusted 16 dirserver at 82.94.251.203:80 (4A0C)
Sep 20 21:24:12.402 [debug] parse_dir_server_line(): Trusted 4 dirserver at 76.73.17.194:9030 (F397)
Sep 20 21:24:12.402 [debug] parse_dir_server_line(): Trusted 4 dirserver at 212.112.245.170:80 (F204)
Sep 20 21:24:12.402 [debug] parse_dir_server_line(): Trusted 4 dirserver at 193.23.244.244:80 (7BE6)
Sep 20 21:24:12.402 [debug] parse_dir_server_line(): Trusted 4 dirserver at 208.83.223.34:443 (0AD3)
Sep 20 21:24:12.402 [debug] parse_dir_server_line(): Trusted 4 dirserver at 171.25.193.9:443 (BD6A)
Sep 20 21:24:12.402 [info] or_state_load(): Loaded state from "/var/lib/tor/state"
Sep 20 21:24:12.402 [info] circuit_build_times_parse_state(): Adding 0 timeouts.
Sep 20 21:24:12.402 [info] circuit_build_times_parse_state(): Loaded 0/0 values from 0 lines in circuit time histogram
Sep 20 21:24:12.402 [info] read_file_to_str(): Could not open "/var/lib/tor/router-stability": No such file or directory
Sep 20 21:24:12.402 [err] /dev/null can't be opened. Exiting.
Eu tenho acesso total a / dev / null no container, por exemplo
dd if=/home of=/dev/null
funciona corretamente.
A configuração do contêiner lxc é com opção
lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = /var/lib/lxc/tor/rootfs
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
# mounts point
lxc.mount.entry=proc /var/lib/lxc/tor/rootfs/proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry=devpts /var/lib/lxc/tor/rootfs/dev/pts devpts defaults 0 0
lxc.mount.entry=sysfs /var/lib/lxc/tor/rootfs/sys sysfs defaults 0 0
# network
lxc.utsname = tor
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.ipv4 = 172.24.18.14
Então, alguém tem uma ideia do que está errado lá?
Ok, eu entendi ... as permissões dentro do LXC são diferentes das permisssons dos hosts.
Enquanto o host possui 0666 em / dev / null, o contêiner tem acesso somente leitura. É um pouco estranho porque o arquivo de configuração do lxc tem algo como
lxc.cgroup.devices.allow = c 1:3 rwm
para / dev / null.
Obrigado Michael
Tags debian lxc tor debian-squeeze