Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Tor Tor
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 325
    • Issues 325
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 30
    • Merge requests 30
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Core
  • TorTor
  • Issues
  • #17391
Closed
Open
Issue created Oct 20, 2015 by Trac@tracbot

(Sandbox) Caught a bad syscall attempt (syscall time) (__NR_time not defined?)

I tried to run a Tor v0.2.8.0-alpha-dev mid relay in Linux 3.16.0-4-amd64 with the torrc option "Sandbox 1", but I only got this:

[warn] This version of Tor was built without support for sandboxing. To build with support for sandboxing on Linux, you must have libseccomp and its necessary header files (e.g. seccomp.h).

Seccomp is a feature of the Linux kernel that is enabled in (most) contemporary Linux distributions. It restricts a thread to a small number of system calls: read(), write(), exit() and sigreturn() - If the thread calls any other system call, the entire process gets terminated. now Seccomp is deprecated.

Starting with Linux 3.16, the new seccomp.2 a.k.a. Seccomp-BPF has a Berkeley Packet Filter (BPF) with optional allowed syscalls other than the above mentioned four syscalls. At the developers choice and according with the application specific tasks.

http://man7.org/linux/man-pages/man2/seccomp.2.html

  1. I want to know if the tor code is updated and ready for using the Seccomp-BPF to make the "Sandbox 1" operational and what exactly prerequisites and additional compiling parameters are needed to compile tor with the support for sandboxing.

Thank you.

Trac:
Username: TORques

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking