Cannot SAVECONF when the seccomp sandbox is enabled
View options
Summary
Issuing a SAVECONF to tor when the seccomp sandbox is enabled fails.
Steps to reproduce:
- Start
torwithSandbox 1set and controller access - Send
SAVECONFvia the controller
What is the current bug behavior?
Sending a SAVECONF currently results in this answer:
250 OK
551 Unable to write configuration to disk.
250 closing connectionand tor logs:
Mar 05 11:31:28.000 [warn] sandbox_intern_string(): Bug: No interned sandbox parameter found for /etc/tor/torrc.orig.1 (on Tor 0.4.5.6 )
Mar 05 11:31:28.000 [notice] Renaming old configuration file to "/etc/tor/torrc.orig.1"
Mar 05 11:31:28.000 [warn] sandbox_intern_string(): Bug: No interned sandbox parameter found for /etc/tor/torrc.orig.1 (on Tor 0.4.5.6 )
Mar 05 11:31:28.000 [warn] Couldn't rename configuration file "/etc/tor/torrc" to "/etc/tor/torrc.orig.1": Operation not permittedand unsurprisingly the current tor configuration was not saved to torrc.
What is the expected behavior?
SAVECONF should work even when the seccomp sandbox is enabled.
Environment
I tried with both tor 0.4.4.6 and 0.4.5.6 on an Debian Buster, using your .deb:s.
Relevant logs and/or screenshots
Except the log I posted above, sometimes I saw this instead but I don't know why it's different:
Mar 05 12:06:00.000 [warn] sandbox_intern_string(): Bug: No interned sandbox parameter found for /etc/tor/torrc.tmp (on Tor 0.4.4.6 )
Mar 05 12:06:00.000 [warn] Couldn't open "/etc/tor/torrc.tmp" (/etc/tor/torrc) for writing: Operation not permitted