Better error on failure to load seccomp2 sandbox

There are two reasons this is likeliest to happen -- no kernel support, and some bug in Tor. We'll ask people to check the former before they report. Closes 23090.
author: Nick Mathewson <nickm@torproject.org> 2017-09-06 14:23:47 -0400
committer: Nick Mathewson <nickm@torproject.org> 2017-09-06 14:23:47 -0400
commit: ab18e5e5fcff7fbdbf0905e6dd2585b7e4a10108 (patch)
tree: 5d5f4474344b193895a2c3fae21c205007a76e79
parent: 9261f612ad7ea66580bc5f95d9c9b609e125da3a (diff)
download: tor-ab18e5e5fcff7fbdbf0905e6dd2585b7e4a10108.tar.gz
tor-ab18e5e5fcff7fbdbf0905e6dd2585b7e4a10108.zip
2 files changed, 6 insertions, 1 deletions
diff --git a/changes/feature23090 b/changes/feature23090
new file mode 100644
index 0000000000..44cdac5ca1
--- /dev/null
+++ b/changes/feature23090
@@ -0,0 +1,3 @@
+  o Minor features (linux seccomp2 sandbox):
+    - If the sandbox filter fails to load, suggest to the user that their
+      kernel might not support seccomp2. Closes ticket 23090.
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 18beaabe14..a85b1406fa 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -1638,7 +1638,9 @@ install_syscall_filter(sandbox_cfg_t* cfg)
 
   // loading the seccomp2 filter
   if ((rc = seccomp_load(ctx))) {
-    log_err(LD_BUG, "(Sandbox) failed to load: %d (%s)!", rc,
+    log_err(LD_BUG, "(Sandbox) failed to load: %d (%s)! "
+            "Are you sure that your kernel has seccomp2 support? The "
+            "sandbox won't work without it.", rc,
             strerror(-rc));
     goto end;
   }
author	Nick Mathewson <nickm@torproject.org>	2017-09-06 14:23:47 -0400
committer	Nick Mathewson <nickm@torproject.org>	2017-09-06 14:23:47 -0400
commit	ab18e5e5fcff7fbdbf0905e6dd2585b7e4a10108 (patch)
tree	5d5f4474344b193895a2c3fae21c205007a76e79
parent	9261f612ad7ea66580bc5f95d9c9b609e125da3a (diff)
download	tor-ab18e5e5fcff7fbdbf0905e6dd2585b7e4a10108.tar.gz tor-ab18e5e5fcff7fbdbf0905e6dd2585b7e4a10108.zip