aboutsummaryrefslogtreecommitdiff
path: root/contrib/dist/tor.service.in
AgeCommit message (Collapse)Author
2015-07-20Merge remote-tracking branch 'public/bug16162_026'Nick Mathewson
2015-07-20Use a more recommended syntax for the systemd unit fileNick Mathewson
closes 16162.
2015-05-21Revert the broken part of 548b4beNick Mathewson
Fixes 16152.
2015-03-17Forward-port changelog and releasenotesNick Mathewson
2015-03-12Added a comment to tor.service.inNick Mathewson
This explains that if you change your torrc to do more, you might need to change tor.service.in to allow it. See #15195.
2015-01-11Actually remove LOCALSTATEDIR@/run/tor line from tor.service.inNick Mathewson
2015-01-11systemd changes for 13805 as recommened by Tomasz on that ticket.Nick Mathewson
2015-01-11Merge remote-tracking branch 'candrews/issue13805'Nick Mathewson
2015-01-11fix and enable systemd watchdogTomasz Torcz
There were following problems: - configure.ac wrongly checked for defined HAVE_SYSTEMD; this wasn't working, so the watchdog code was not compiled in. Replace library search with explicit version check - sd_notify() watchdog call was unsetting NOTIFY_SOCKET from env; this means only first "watchdog ping" was delivered, each subsequent one did not have socket to be sent to and systemd was killing service - after those fixes, enable Watchdog in systemd unit with one minute intervals
2015-01-11send PID of the main daemon to supervisorTomasz Torcz
If running under systemd, notify the supervisor about current PID of Tor daemon. This makes systemd unit simpler and more robust: it will do the right thing regardless of RunAsDaemon settings.
2014-11-28Add ProtectSystem = fullCraig Andrews
See 13805
2014-11-28Prefix ReadWriteDirectories with a "-" so if they don't exist it's not an errorCraig Andrews
See 13805
2014-11-28Use ProtectHome instead of InaccessibleDirectoriesCraig Andrews
See 13805
2014-11-28Use PrivateDevices instead of DeviceAllowCraig Andrews
See 13805
2014-09-19systemd unit file: set up /var/run/tor as writable for the Tor service.intrigeri
For some strange reason, this was not needed with systemd v208. But it's needed with systemd v215 on current Debian sid, and entirely makes sense.
2014-09-03Merge remote-tracking branch 'intrigeri/bug12939-systemd-no-new-privileges'Nick Mathewson
Conflicts: contrib/dist/tor.service.in
2014-08-27systemd unit file: ensures that the process and all its children can never gainintrigeri
new privileges (#12939).
2014-08-27systemd unit file: only allow tor to write to /var/lib/tor and /var/log/tor ↵intrigeri
(#12751). The rest of the filesystem is accessible for reading only. Still, quoting systemd.exec(5): Note that restricting access with these options does not extend to submounts of a directory that are created later on.
2014-07-30Merge remote-tracking branch 'intrigeri/bug12731-systemd-no-run-as-daemon' ↵Nick Mathewson
into maint-0.2.5 Conflicts: contrib/dist/tor.service.in
2014-07-30Verify configuration file via ExecStartPre in the systemd unit file (#12730).intrigeri
2014-07-30Explicitly disable RunAsDaemon in the systemd unit file (#12731).intrigeri
Our current systemd unit uses "Type = simple", so systemd does not expect tor to fork. If the user has "RunAsDaemon 1" in their torrc, then things won't work as expected. This is e.g. the case on Debian (and derivatives), since there we pass "--defaults-torrc /usr/share/tor/tor-service-defaults-torrc" (that contains "RunAsDaemon 1") by default. The only solution I could find is to explicitly pass "--RunAsDaemon 0" when starting tor from the systemd unit file, which this commit does.
2014-04-29Put tor.service in the right place, and autoconfify itNick Mathewson
This closes 8368.
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion