(Sandbox) Caught a bad syscall attempt (syscall time) (__NR_time not defined?)
I tried to run a Tor v0.2.8.0-alpha-dev mid relay in Linux 3.16.0-4-amd64 with the torrc option "Sandbox 1", but I only got this:
[warn] This version of Tor was built without support for sandboxing. To build with support for sandboxing on Linux, you must have libseccomp and its necessary header files (e.g. seccomp.h).Seccomp is a feature of the Linux kernel that is enabled in (most) contemporary Linux distributions. It restricts a thread to a small number of system calls: read(), write(), exit() and sigreturn() - If the thread calls any other system call, the entire process gets terminated. now Seccomp is deprecated.
Starting with Linux 3.16, the new seccomp.2 a.k.a. Seccomp-BPF has a Berkeley Packet Filter (BPF) with optional allowed syscalls other than the above mentioned four syscalls. At the developers choice and according with the application specific tasks.
http://man7.org/linux/man-pages/man2/seccomp.2.html
- I want to know if the tor code is updated and ready for using the Seccomp-BPF to make the "Sandbox 1" operational and what exactly prerequisites and additional compiling parameters are needed to compile tor with the support for sandboxing.
Thank you.
Trac:
Username: TORques