[CentOS] tor and selinux
Gordon Messmer
gordon.messmer at gmail.com
Sun Jan 29 23:53:48 UTC 2017
On 01/29/2017 11:59 AM, Mark wrote:
> As I don't know what dac_override is I don't know if it's a good idea
> to give it to tor and the confidence seems quite low.
dac_override indicates that you're running your process as root, and
it's trying to do something on the filesystem which is not explicitly
allowed by permissions. DAC is the standard POSIX permission system,
and the process is trying to override it. DAC allows access to the
toranon user and toranon group only, and the process is trying to
override that access by way of root access.
I'd say that no, giving dac_override is not a good idea, but mostly
because that implies that you'd continue running the process as root.
You should be running the service as the "toranon" user instead, in
which case it will not need dac_override.
More information about the CentOS
mailing list