Is there a reason why seccomp sandboxing for Tor isn't enabled by default?

As the wiki says “Consider enabling secomp”, I was wondering why this feature isn’t enabled by default in whonix? All I could find out is that this feature is still experimental but the worst thing that could happen is that the Tor process gets killed by the kernel if the seccomp ruleset is violated.

1 Like

Because it’s up to the Tor [and Debian] developers to enable seccomp by
default. They’ll hopefully do that once it’s no longer considered
experimental. If Whonix had by default enabled experimental features
enabled that could lead to some condition where connectivity breaks for
many users at many times leading to loads of support requests and overhead.

Can you check please, that The Tor Project has a ticket about enabling
seccomp by default?

Ah, okay that makes Sense. Better use time for more important things than features that might lead to lots of support requests.

I have searched a bit more and read some tickets but couldn’t find one about enabling it by default.

Created a ticket.

enable seccomp by default

1 Like