changes/seccomp2_sandbox


1
2
3
4
5
6
7
8
9
10
11
12

  o Major features (security):
    - Use the seccomp2 syscall filtering facility on Linux to limit
      which system calls Tor can invoke. This is an experimental,
      Linux-only feature to provide defense-in-depth against unknown
      attacks. To try turning it on, set "Sandbox 1" in your torrc
      file. This is an experimental feature, however, and some things
      may break, so please be ready to report bugs. We hope to add
      support for better sandboxing in the future,
      including more fine-grained filters, better division of
      responsibility, and support for more platforms. This work has
      been done by Cristian-Matei Toader for Google Summer of Code.