unjail tor

Some of the Firejail restrictions seem to conflict with the systemd service hardening.
2026-01-23 02:24:09 +00:00 · 2021-07-15 18:11:26 -07:00 · 2021-07-15 18:11:26 -07:00 · 144226da8c
commit 144226da8c
parent 658b3738ca
3 changed files with 0 additions and 36 deletions
--- a/roles/tor/files/tor-service-override.conf
+++ b/roles/tor/files/tor-service-override.conf
@ -1,4 +0,0 @@
-[Service]
-ExecStart=
-ExecStart=/usr/bin/firejail /usr/bin/tor -f /etc/tor/torrc
-User=root
--- a/roles/tor/meta/main.yml
+++ b/roles/tor/meta/main.yml
@ -1,5 +1,3 @@
 ---
 dependencies:
-  - { role: firejail }
-  - { role: systemd }
  - { role: nmtrust }
--- a/roles/tor/tasks/main.yml
+++ b/roles/tor/tasks/main.yml
@ -6,36 +6,6 @@
      - torsocks
    state: present

- name: Set Tor to run as tor
-  lineinfile: dest=/etc/tor/torrc
-              regexp=^User
-              state=present
-              line="User tor"
-
- name: Create Tor systemd unit file directory
-  file: path=/etc/systemd/system/tor.service.d state=directory
-  tags:
-    - firejail
-
- name: Push Tor socket unit file
-  copy: src=tor-service-override.conf dest=/etc/systemd/system/tor.service.d/override.conf
-  notify:
-    - reload systemd config
-  tags:
-    - firejail
-
- name: Verify Tor firejail local profile exists
-  file: path=/etc/firejail/tor.local state=touch
-  tags:
-    - firejail
-
- name: Allow Tor firejail /dev access
-  lineinfile:
-    dest: /etc/firejail/tor.local
-    line: "ignore private-dev"
-  tags:
-    - firejail
-
 - include_tasks: roles/nmtrust/tasks/unit.yml
  vars:
      unit: tor.service