[tor-relays] Did 'Sandbox 1' break Tor for anyone else on

Peter Gerber tor-lists at arbitrary.ch
Tue Mar 16 07:12:28 UTC 2021

Hi William

William Kane:
> Hi everyone,
> Ever since I upgraded to tor version, enabling tor's built-in
> seccomp sandbox completely breaks tor, i.e. it gets killed by the
> kernel on start for a seccomp violation (fstat(..)) - sandboxing
> worked fine on, my system configuration did not change between
> the updates.

Tor itself usually fails with a Permission Denied error when a syscall
fails due to seccomp. So, this is rather odd.

> I figured this was happening because I do not grant the
> CAP_DAC_READ_SEARCH capability, but I'm not so sure anymore if that's
> the reason.

You should simply see a Permission Denied if the capability is the problem.

Would be great if you could get details about the failing call. If
seccomp is involved, you should be able to get details like this:

• install package auditd
• make sure auditd is running
• crash Tor
• find the syscall with `ausearch -ts recent -i`


More information about the tor-relays mailing list