[tor-bugs] #17391 [Tor]: torrc option "Sandbox 1" doesn't work in Tor v0.2.8.0-alpha-dev
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Oct 20 10:15:51 UTC 2015
#17391: torrc option "Sandbox 1" doesn't work in Tor v0.2.8.0-alpha-dev
-----------------------------+------------------------------
Reporter: TORques | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor: unspecified
Component: Tor | Version: Tor: unspecified
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
-----------------------------+------------------------------
I tried to run a Tor v0.2.8.0-alpha-dev mid relay in Linux 3.16.0-4-amd64
with the torrc option '''"Sandbox 1"''', but I only got this:
{{{
[warn] This version of Tor was built without support for sandboxing. To
build with support for sandboxing on Linux, you must have libseccomp and
its necessary header files (e.g. seccomp.h).
}}}
'''Seccomp''' is a feature of the Linux kernel that is enabled in (most)
contemporary Linux distributions. It restricts a thread to a small number
of system calls: '''read(), write(), exit() and sigreturn()''' - If the
thread calls any other system call, the entire process gets terminated.
now Seccomp is deprecated.
Starting with '''Linux 3.16''', the new '''seccomp.2 a.k.a. Seccomp-BPF'''
has a Berkeley Packet Filter (BPF) with optional allowed syscalls other
than the above mentioned four syscalls. At the developers choice and
according with the application specific tasks.
http://man7.org/linux/man-pages/man2/seccomp.2.html
1. I want to know if the tor code is updated and ready for using the
Seccomp-BPF to make the "Sandbox 1" operational and what exactly
prerequisites and additional compiling parameters are needed to compile
tor with the support for sandboxing.
Thank you.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17391>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list