Tor seccomp2 sandboxing bug fixed

Seems this bug that prevented enabling seccomp is now fixed according to the changelog. Let’s see if it works for the next release.


Minor bugfixes (Linux seccomp2 sandbox):

Fix a bug in our sandboxing rules for the openat() syscall. Previously, no openat() call would be permitted, which would break filesystem operations on recent glibc versions. Fixes bug 25440; bugfix on Diagnosis and patch from Daniel Pinto.


Tor seccomp fixed. This time for reals.

Major bugfixes (linux seccomp sandbox):

Correct how we use libseccomp. Particularly, stop assuming that rules are applied in a particular order or that more rules are processed after the first match. Neither is the case! In libseccomp <2.4.0 this lead to some rules having no effect. libseccomp 2.4.0 changed how rules are generated, leading to a different ordering, which in turn led to a fatal crash during startup. Fixes bug 29819; bugfix on Patch by Peter Gerber.
Fix crash when reloading logging configuration while the experimental sandbox is enabled. Fixes bug 32841; bugfix on Patch by Peter Gerber.



Here’s a (probably) foolish question I have
Does this concern the “Sandbox 1” option that can be set in the torrc file, or is this something else entirely?

That’s the one

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]