From 5dfd80e1c5c9803a281804801592d191cf9148ae Mon Sep 17 00:00:00 2001 From: Chris Marusich Date: Sun, 22 Jul 2018 16:23:53 -0700 Subject: services: tor: Add a system test. * gnu/services/networking.scm (tor-configuration->torrc): Set PidFile to /var/run/tor/tor.pid in the base torrc configuration. (tor-shepherd-service) : Call make-forkexec-constructor/container with a new #:pid-file argument to tell Shepherd where to find the PID file. Add a a new to its existing #:mappings argument to share /var/run/tor with the the container. (tor-hidden-services-activation): Update docstring. Create /var/run/tor and set its permissions so only the tor user can access it. * gnu/tests/networking.scm (%test-tor, %tor-os): New variables. (run-tor-test): New procedure. --- gnu/services/networking.scm | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) (limited to 'gnu/services/networking.scm') diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index d5d0cf9d1d..66772e48b7 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -7,6 +7,7 @@ ;;; Copyright © 2017 Thomas Danckaert ;;; Copyright © 2017 Marius Bakke ;;; Copyright © 2018 Tobias Geerinckx-Rice +;;; Copyright © 2018 Chris Marusich ;;; ;;; This file is part of GNU Guix. ;;; @@ -612,6 +613,7 @@ (define (tor-configuration->torrc config) ### These lines were generated from your system configuration: User tor DataDirectory /var/lib/tor +PidFile /var/run/tor/tor.pid Log notice syslog\n" port) (for-each (match-lambda @@ -639,7 +641,7 @@ (define (tor-configuration->torrc config) #t)))))))) (define (tor-shepherd-service config) - "Return a running TOR." + "Return a running Tor." (match config (($ tor) (let ((torrc (tor-configuration->torrc config))) @@ -665,12 +667,17 @@ (define (tor-shepherd-service config) (writable? #t)) (file-system-mapping (source "/dev/log") ;for syslog - (target source))))) + (target source)) + (file-system-mapping + (source "/var/run/tor") + (target source) + (writable? #t))) + #:pid-file "/var/run/tor/tor.pid")) (stop #~(make-kill-destructor)) (documentation "Run the Tor anonymous network overlay.")))))))) (define (tor-hidden-service-activation config) - "Return the activation gexp for SERVICES, a list of hidden services." + "Set up directories for Tor and its hidden services, if any." #~(begin (use-modules (guix build utils)) @@ -686,6 +693,15 @@ (define (initialize service) ;; The daemon bails out if we give wider permissions. (chmod directory #o700))) + ;; Allow Tor to write its PID file. + (mkdir-p "/var/run/tor") + (chown "/var/run/tor" (passwd:uid %user) (passwd:gid %user)) + ;; Set the group permissions to rw so that if the system administrator + ;; has specified UnixSocksGroupWritable=1 in their torrc file, members + ;; of the "tor" group will be able to use the SOCKS socket. + (chmod "/var/run/tor" #o750) + + ;; Allow Tor to access the hidden services' directories. (mkdir-p "/var/lib/tor") (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user)) (chmod "/var/lib/tor" #o700) -- cgit v1.2.3