commit d89c1799af4551af5c8f819d0fc79812a0bc80aa Author: Nick Mathewson nickm@torproject.org Date: Tue Aug 4 14:06:25 2020 -0400

manual: Describe Sandbox more accurately.

Closes #23378 --- changes/ticket23378 | 4 ++++ doc/man/tor.1.txt | 9 +++++---- 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/changes/ticket23378 b/changes/ticket23378 new file mode 100644 index 0000000000..783d02edfc --- /dev/null +++ b/changes/ticket23378 @@ -0,0 +1,4 @@ + o Documentation (manual page): + - Describe the status of the "Sandbox" option more accurately. It is no + longer "experimental", but it _is_ dependent on kernel and libc + versions. Closes ticket 23378. diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt index 6e504c8a82..318d31ac24 100644 --- a/doc/man/tor.1.txt +++ b/doc/man/tor.1.txt @@ -839,10 +839,11 @@ forward slash (/) in the configuration file and on the command line.

[[Sandbox]] **Sandbox** **0**|**1**:: If set to 1, Tor will run securely through the use of a syscall sandbox. - Otherwise the sandbox will be disabled. The option is currently an - experimental feature. It only works on Linux-based operating systems, - and only when Tor has been built with the libseccomp library. This option - can not be changed while tor is running. + + Otherwise the sandbox will be disabled. The option only works on + Linux-based operating systems, and only when Tor has been built with the + libseccomp library. Note that this option may be incompatible with some + versions of libc, and some kernel versions. This option can not be + changed while tor is running. + + When the **Sandbox** is 1, the following options can not be changed when tor is running: