Want to help test 'Sandbox 1'? (Linux only) - tor-relays - lists.torproject.org

newer
MyFamily consensus byte savings

Want to help test 'Sandbox 1'? (Linux only)

older
Util helping maintain MyFamily

nusenu

25 Jun 2017 25 Jun '17

6:25 p.m.

Hi, I'm aiming to enable tor's 'Sandbox' feature by default on Debian based relays starting with the next release of ansible-relayor [1]. Before doing so I'd like to collect some feedback from tor relay operators willing to test this feature. If you - run tor 0.3.0.x >= 0.3.0.8 - are on Linux - willing to report proplems it would be greate if you could add the following line to your torrc configuration file: Sandbox 1 Ideally you have also a system monitoring in place that tells you whether this config change has any impact (i.e. on CPU or bandwidth). [1] https://github.com/nusenu/ansible-relayor -- https://mastodon.social/@nusenu https://twitter.com/nusenu_

Attachments:

signature.asc (application/pgp-signature — 801 bytes)

Reply

Sign in to reply online Use email software

Show replies by date

John Ricketts

25 Jun 25 Jun

6:25 p.m.

I will shortly. All of my relays or just one?

Reply

Sign in to reply online Use email software

nusenu

6:49 p.m.

John Ricketts:

I will shortly. All of my relays or just one?

Maybe start with one and if it runs without any issues or negative impact for a week proceed with the rest, but whatever you feel comfortable with. thanks! -- https://mastodon.social/@nusenu https://twitter.com/nusenu_

Reply

Sign in to reply online Use email software

Roman Mamedov

5 Jul 5 Jul

6:35 a.m.

On Sun, 25 Jun 2017 18:25:00 +0000 nusenu <nusenu-lists@riseup.net> wrote:

FWIW I haven't noticed any impact, bad or good, after enabling this on a couple of relays since the date you asked. -- With respect, Roman

Reply

Sign in to reply online Use email software

nusenu

9 Jul 9 Jul

7:57 p.m.

thank you for testing it -- https://mastodon.social/@nusenu https://twitter.com/nusenu_

Reply

Sign in to reply online Use email software

Kevin Beranek

2 Aug 2 Aug

3:32 a.m.

I haven't noticed any performance impact, but I picked up a recent version of ansible-relayor that enables the sandbox by default and it broke two of my relays running Debian 8.9 under OpenVZ with kernel version 2.6.32. Given the old kernel version I'm not exactly surprised, but enabling the sandbox by default does cause those two relays to fail to start. If anyone is interested, the relevant log lines (with debug enabled) look like this: sandbox_getaddrinfo(): (Sandbox) getaddrinfo succeeded. sandbox_getaddrinfo(): (Sandbox) getaddrinfo failed. sandbox_getaddrinfo(): (Sandbox) getaddrinfo succeeded. install_syscall_filter(): Bug: (Sandbox) failed to load: -22 (Invalid argument)! (on Tor 0.3.0.9 ) tor_main(): Bug: Failed to create syscall sandbox filter (on Tor 0.3.0.9 ) main process exited, code=exited, status=1/FAILURE On Tue, Jul 4, 2017 at 11:35 PM, Roman Mamedov <rm@romanrm.net> wrote:

Reply

Sign in to reply online Use email software

teor

11:41 a.m.

I logged this on the tor bug tracker: https://trac.torproject.org/projects/tor/ticket/23090 T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------

Reply

Sign in to reply online Use email software

2847

Age (days ago)

2885

Last active (days ago)

Download

6 comments

5 participants

tags

participants (5)

John Ricketts
Kevin Beranek
nusenu
Roman Mamedov
teor