[Solved] PrivateDevices option in systemd severely reduces output

honza · 2014-04-10 23:52:53

Since upgrading systemd (to version 212-2), a new option has appeared in some unit files. "PrivateDevices=yes" runs a service in an environment without access to physical devices in /dev (more information on the FedoraProject website).

When checking the journald logs for tor, I noticed they were sparse:

$ journlctl -lb -u tor
-- Logs begin at Sun 2013-09-15 19:06:08 EDT. --
...
Apr 10 19:16:38 ****** systemd[1]: Starting Anonymizing Overlay Network...
Apr 10 19:16:38 ****** systemd[1]: Started Anonymizing Overlay Network.
Apr 10 19:16:38 ****** tor[9810]: Apr 10 19:16:38.921 [notice] Tor v0.2.4.21 (git-505962724c05445f) running on Linux with Libevent 2.0.21-stable and OpenSSL 1.0.1g.
Apr 10 19:16:38 ****** tor[9810]: Apr 10 19:16:38.921 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Apr 10 19:16:38 ****** tor[9810]: Apr 10 19:16:38.921 [notice] Read configuration file "/etc/tor/torrc".
Apr 10 19:16:38 ****** tor[9810]: Apr 10 19:16:38.925 [notice] Opening Socks listener on 127.0.0.1:9050
Apr 10 19:16:38 ****** tor[9810]: Apr 10 19:16:38.925 [notice] Opening DNS listener on 127.0.0.1:9053

compared the their previous appearance (setting PrivateDevices=no will produce the same results):

$ journalctl -lb -u tor
...
Apr 10 19:15:47 ****** systemd[1]: Starting Anonymizing Overlay Network...
Apr 10 19:15:47 ****** systemd[1]: Started Anonymizing Overlay Network.
Apr 10 19:15:47 ****** tor[9082]: Apr 10 19:15:47.626 [notice] Tor v0.2.4.21 (git-505962724c05445f) running on Linux with Libevent 2.0.21-stable and OpenSSL 1.0.1g.
Apr 10 19:15:47 ****** tor[9082]: Apr 10 19:15:47.627 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#wa
Apr 10 19:15:47 ****** tor[9082]: Apr 10 19:15:47.627 [notice] Read configuration file "/etc/tor/torrc".
Apr 10 19:15:47 ****** tor[9082]: Apr 10 19:15:47.631 [notice] Opening Socks listener on 127.0.0.1:9050
Apr 10 19:15:47 ****** tor[9082]: Apr 10 19:15:47.631 [notice] Opening DNS listener on 127.0.0.1:9053
Apr 10 19:15:47 ****** Tor[9082]: Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Apr 10 19:15:47 ****** Tor[9082]: Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Apr 10 19:15:48 ****** Tor[9082]: We now have enough directory information to build circuits.
Apr 10 19:15:48 ****** Tor[9082]: Bootstrapped 80%: Connecting to the Tor network.
Apr 10 19:15:49 ****** Tor[9082]: Bootstrapped 85%: Finishing handshake with first hop.
Apr 10 19:15:49 ****** Tor[9082]: Bootstrapped 90%: Establishing a Tor circuit.
Apr 10 19:15:50 ****** Tor[9082]: Tor has successfully opened a circuit. Looks like client functionality is working.
Apr 10 19:15:50 ****** Tor[9082]: Bootstrapped 100%: Done.
...

I understand the security advantage "PrivateDevices" provides, but it would be nice to have readable output for stats and diagnosing any problems. Is there any way to have tor.service output messages to journald AND run it with the "PrivateDevices=yes" option?

Last edited by honza (2014-04-11 03:47:28)

honza · 2014-04-11 02:19:46

Well, that was stupid of me. I had "Log notice syslog" in the torrc file. After commenting that out it works just fine.

WonderWoofy · 2014-04-11 03:42:20

Don't forget to mark the thread as [Solved]. You can edit the title by editing the first post.

honza · 2014-04-11 03:48:16

Thanks. I didn't know how to edit it.

thestinger · 2014-04-11 20:13:12

Please report something like this as a bug in the future. I've removed PrivateDevices=yes from the tor unit file for now, until it picks up support for journald directly and no longer needs this device.

honza · 2014-04-11 20:21:08

I don't think it was a bug. I think it was a careless error on my part. I had the following option uncommented in the torrc file

Log notice syslog

Checking the torrc-dist file in the same directory revealed that option was not enabled by default.

After commenting out that option and reloading the tor.service file, everything worked as it should, even with "PrivateDevices=yes" in the service file.

thestinger · 2014-04-11 20:22:04

The torrc file comes with the package too, and that line is uncommented by default. I'm not sure why we ship both.

honza · 2014-04-11 22:07:08

Beats me. I just always thought of it as a backup torrc file.

I saw that you updated the tor unit file to remove "PrivateDevices=yes". I'm confused as to why you did that though. Tor works fine with journald as long as they default configuration is used.

I do not know if syslog functionality is impaired as I do not use it.

thestinger · 2014-04-11 22:27:20

The default tor configuration we ship (/etc/tor/torrc) in the package uses the syslog support. I added PrivateDevices=yes because I missed that syslog required this. When it gains direct support for logging to the journal, it can use PrivateDevices=yes again.

Arch Linux

#1 2014-04-10 23:52:53

[Solved] PrivateDevices option in systemd severely reduces output

#2 2014-04-11 02:19:46

Re: [Solved] PrivateDevices option in systemd severely reduces output

#3 2014-04-11 03:42:20

Re: [Solved] PrivateDevices option in systemd severely reduces output

#4 2014-04-11 03:48:16

Re: [Solved] PrivateDevices option in systemd severely reduces output

#5 2014-04-11 20:13:12

Re: [Solved] PrivateDevices option in systemd severely reduces output

#6 2014-04-11 20:21:08

Re: [Solved] PrivateDevices option in systemd severely reduces output

#7 2014-04-11 20:22:04

Re: [Solved] PrivateDevices option in systemd severely reduces output

#8 2014-04-11 22:07:08

Re: [Solved] PrivateDevices option in systemd severely reduces output

#9 2014-04-11 22:27:20

Re: [Solved] PrivateDevices option in systemd severely reduces output

Board footer