[tor-bugs] #18397 [Tor]: `Sandbox 1` in Tor 0.2.7.6 should not filter `getsockopt` syscall
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 29 20:39:40 UTC 2016
#18397: `Sandbox 1` in Tor 0.2.7.6 should not filter `getsockopt` syscall
-------------------------------------------------+-------------------------
Reporter: fowlslegs | Owner: nickm
Type: defect | Status:
Priority: High | needs_information
Component: Tor | Milestone: Tor:
Severity: Major | 0.2.8.x-final
Keywords: seccomp, sandbox, getsockopt, | Version: Tor:
027-backport | 0.2.7.6
Parent ID: | Resolution:
Reviewer: | Actual Points:
| Points:
| Sponsor:
-------------------------------------------------+-------------------------
Comment (by cypherpunks):
Spent a little bit of time looking at this... I'm a noob at debugging
what's not in logs... so first I ran "tor &" in terminal from my normal
user (I know not ideal but figured it'd give me an opportunity to check
terminal for output) with "Sandbox 1" in torrc... and it started fine (no
crash), and I checked /proc/<pid>/status and indeed found "Seccomp: 2"
indicating that seccomp filtering was enabled.
I tried the same with strace, but never encountered a crash. The problem
only seems to occur when I try to start/restart the _service_ using
systemctl/systemd. Perhaps an issue with the unit file?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18397#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list