I haven't noticed any performance impact, but I picked up a recent version of ansible-relayor that enables the sandbox by default and it broke two of my relays running Debian 8.9 under OpenVZ with kernel version 2.6.32. Given the old kernel version I'm not exactly surprised, but enabling the sandbox by default does cause those two relays to fail to start.
If anyone is interested, the relevant log lines (with debug enabled) look like this:
sandbox_getaddrinfo(): (Sandbox) getaddrinfo succeeded. sandbox_getaddrinfo(): (Sandbox) getaddrinfo failed. sandbox_getaddrinfo(): (Sandbox) getaddrinfo succeeded. install_syscall_filter(): Bug: (Sandbox) failed to load: -22 (Invalid argument)! (on Tor 0.3.0.9 ) tor_main(): Bug: Failed to create syscall sandbox filter (on Tor 0.3.0.9 ) main process exited, code=exited, status=1/FAILURE
On Tue, Jul 4, 2017 at 11:35 PM, Roman Mamedov rm@romanrm.net wrote:
On Sun, 25 Jun 2017 18:25:00 +0000 nusenu nusenu-lists@riseup.net wrote:
I'm aiming to enable tor's 'Sandbox' feature by default on Debian based relays starting with the next release of ansible-relayor [1].
Before doing so I'd like to collect some feedback from tor relay operators willing to test this feature.
If you
- run tor 0.3.0.x >= 0.3.0.8
- are on Linux
- willing to report proplems
it would be greate if you could add the following line to your torrc configuration file:
Sandbox 1
Ideally you have also a system monitoring in place that tells you whether this config change has any impact (i.e. on CPU or bandwidth).
FWIW I haven't noticed any impact, bad or good, after enabling this on a couple of relays since the date you asked.
-- With respect, Roman _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays