[tor-bugs] #22605 [Core Tor/Tor]: sandbox_intern_string(): Bug: No interned sandbox parameter found for /etc/tor/torrc.d/
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Aug 3 23:37:52 UTC 2017
#22605: sandbox_intern_string(): Bug: No interned sandbox parameter found for
/etc/tor/torrc.d/
---------------------------------+------------------------------------
Reporter: toralf | Owner: dgoulet
Type: defect | Status: accepted
Priority: High | Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor | Version: Tor: 0.3.1.3-alpha
Severity: Normal | Resolution:
Keywords: sandbox, regression | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------------+------------------------------------
Comment (by yawning):
> I believe the reason my patch is not working is a bug in libseccomp.
No libseccomp is working exactly as expected. The reason your patch isn't
working is because seccomp-bfp does not work that way.
https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt
> A seccomp filter may return any of the following values. If multiple
> filters exist, the return value for the evaluation of a given system
> call will always use the highest precedent value. (For example,
> SECCOMP_RET_KILL will always take precedence.)
`SECCOMP_RET_ALLOW` has the lowest precedence out of all of the filter
actions. Essentially, "you can't loosen restrictions by installing an
additional filter".
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22605#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list