Use a seccomp whitelist when the tor daemon is configured to use Bridges.
The seccomp whitelist for the tor sandbox only has the system calls required for the tor daemon itself (based off tor's UseSandbox implementation). This causes obfs4proxy to not work, so when Bridges are enabled, a rudimentary blacklist is installed instead.
The proper thing to do would be to figure out what systemcalls obfs4proxy needs in addition to the ones in the current whitelist and selective expand the whitelist at runtime based on configuration.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information