• Building a Tor Hidden Service From Scratch - SELinux

    On a system with SELinux, upon attempting to start Tor, you may see errors similar to the following

        [root@localhost tor]# service tor start
        Raising maximum number of filedescriptors (ulimit -n) to 16384.
        Starting tor: Apr 02 15:53:14.041 [notice] Tor v0.2.5.11 (git-83abe94c0ad5e92b) running on Linux with Libevent 1.4.13-stable, OpenSSL 1.0.1e-fips and Zlib 1.2.3.
        Apr 02 15:53:14.042 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
        Apr 02 15:53:14.042 [notice] Read configuration file "/etc/tor/tor-rpm-defaults-torrc".
        Apr 02 15:53:14.042 [notice] Read configuration file "/etc/tor/torrc".
        Apr 02 15:53:14.056 [notice] Opening Socks listener on 127.0.0.1:8080
        Apr 02 15:53:14.057 [warn] Could not bind to 127.0.0.1:8080: Permission denied
        Apr 02 15:53:14.058 [notice] Opening DNS listener on 127.0.0.1:54
        Apr 02 15:53:14.060 [warn] Could not bind to 127.0.0.1:54: Permission denied
        Apr 02 15:53:14.060 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9040
        Apr 02 15:53:14.062 [warn] Could not bind to 127.0.0.1:9040: Permission denied
        Apr 02 15:53:14.062 [warn] Failed to parse/validate config: Failed to bind one of the listener ports.
        Apr 02 15:53:14.062 [err] Reading config failed--see warnings above.
        /usr/bin/torctl start: tor could not be started
    

    Which is almost certainly the result of a selinux policy