Skip to content

Broken openat syscall in Sandbox mode

My version is 0.3.3.2-alpha (git-7b1d356bdb76607d).

If relevant, I am running under Debian buster/sid amd64 KVM VPS with a 4.14.24 kernel patched with grsecurity, and AppArmor enabled.

Mar 06 10:14:36.024 [notice] Tor 0.3.3.2-alpha (git-7b1d356bdb76607d) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.0g, Zlib 1.2.8, Liblzma 5.2.2, and Libzstd 1.3.3.
Mar 06 10:14:36.025 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Mar 06 10:14:36.025 [notice] This version is not a stable Tor release. Expect more bugs than usual.
Mar 06 10:14:36.025 [notice] Read configuration file "/etc/tor/torrc".
Mar 06 10:14:36.029 [notice] Scheduler type KIST has been enabled.
Mar 06 10:14:36.029 [notice] Opening Socks listener on 127.0.0.1:9050
Mar 06 10:14:36.029 [notice] Opening DNS listener on 127.0.0.1:5353
Mar 06 10:14:36.029 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9040
Mar 06 10:14:36.029 [notice] Opening Control listener on 127.0.0.1:9051

============================================================ T= 1520360077
(Sandbox) Caught a bad syscall attempt (syscall openat)
tor(+0x1a57ea)[0x20b99917ea]
/lib/x86_64-linux-gnu/libpthread.so.0(open64+0x4b)[0x38f248203ab]
/lib/x86_64-linux-gnu/libpthread.so.0(open64+0x4b)[0x38f248203ab]
tor(tor_open_cloexec+0x40)[0x20b9977a00]
tor(start_writing_to_file+0x17a)[0x20b998b2ea]
tor(+0x19f3cb)[0x20b998b3cb]
tor(+0x19f518)[0x20b998b518]
tor(or_state_save+0x15b)[0x20b98aa27b]
tor(+0x5488b)[0x20b984088b]
/usr/lib/x86_64-linux-gnu/libevent-2.1.so.6(+0x229ba)[0x38f25cbe9ba]
/usr/lib/x86_64-linux-gnu/libevent-2.1.so.6(event_base_loop+0x5a7)[0x38f25cbf537]
tor(do_main_loop+0x2b4)[0x20b9841604]
tor(tor_run_main+0x1025)[0x20b9843ad5]
tor(tor_main+0x3a)[0x20b983c09a]
tor(main+0x19)[0x20b983be29]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7)[0x38f24272a87]
tor(_start+0x2a)[0x20b983be7a]

It is possible this error is either due to Tor, or it could be security hardening applied to my server. Let me know in any case... Could commit ea8e9f17f52877cc795f1792acb81d7fdaff6baf be relevant?

Trac:
Username: ageisp0lis

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information