From f9c1ba6493478d227c202e4d3444283b2c840a6a Mon Sep 17 00:00:00 2001
From: Cristian Toader <cristian.matei.toader@gmail.com>
Date: Mon, 17 Jun 2013 13:07:14 +0300
Subject: Add a basic seccomp2 syscall filter on Linux

It's controlled by the new Sandbox argument.  Right now, it's rather
coarse-grained, it's Linux-only, and it may break some features.
---
 doc/tor.1.txt | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'doc')

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 72f75ebcd..eab10271a 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -423,6 +423,11 @@ GENERAL OPTIONS
     proxy authentication that Tor supports; feel free to submit a patch if you
     want it to support others.
 
+**Sandbox** **0**|**1**::
+    If set to 1, Tor will run securely through the use of a syscall sandbox.
+    Otherwise the sandbox will be disabled. The option is currently an 
+    experimental feature. (Default: 0)
+
 **Socks4Proxy** __host__[:__port__]::
     Tor will make all OR connections through the SOCKS 4 proxy at host:port
     (or host:1080 if port is not specified).
-- 
cgit v1.2.3