[CentOS] tor and selinux

Mon Jan 30 06:32:24 UTC 2017
Mark <mark2015 at openmailbox.org>

On Sun, 2017-01-29 at 15:53 -0800, Gordon Messmer wrote:
> On 01/29/2017 11:59 AM, Mark wrote:
> > As I don't know what dac_override is I don't know if it's a good
> > idea
> > to give it to tor and the confidence seems quite low.
> dac_override indicates that you're running your process as root, and 
> it's trying to do something on the filesystem which is not
> explicitly 
> allowed by permissions.  DAC is the standard POSIX permission
> system, 
> and the process is trying to override it.  DAC allows access to the 
> toranon user and toranon group only, and the process is trying to 
> override that access by way of root access.

That's strange, because I started the tor process simply with
sudo systemctl start tor

The only changes I've really made was to add two lines of configuration
in torrc