Commit ab18e5e5 authored by Nick Mathewson's avatar Nick Mathewson 🤹
Browse files

Better error on failure to load seccomp2 sandbox 

There are two reasons this is likeliest to happen -- no kernel
support, and some bug in Tor.  We'll ask people to check the former
before they report. Closes 23090.
parent 9261f612

changes/feature23090

0 → 100644
+3 −0
Original line number Diff line number Diff line 
  o Minor features (linux seccomp2 sandbox):

    - If the sandbox filter fails to load, suggest to the user that their

      kernel might not support seccomp2. Closes ticket 23090.

src/common/sandbox.c

+3 −1
Original line number Diff line number Diff line
@@ -1638,7 +1638,9 @@ install_syscall_filter(sandbox_cfg_t* cfg) 


  // loading the seccomp2 filter

  if ((rc = seccomp_load(ctx))) {

    log_err(LD_BUG, "(Sandbox) failed to load: %d (%s)!", rc,

    log_err(LD_BUG, "(Sandbox) failed to load: %d (%s)! "

            "Are you sure that your kernel has seccomp2 support? The "

            "sandbox won't work without it.", rc,

            strerror(-rc));

    goto end;

  }