blob: dd168c9b133a19a44f03ec2edefe81a6e59b7cd2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
@dir /lib/sandbox
@brief lib/sandbox: Linux seccomp2-based sandbox.
This module uses Linux's seccomp2 facility via the
[`libseccomp` library](https://github.com/seccomp/libseccomp), to restrict
the set of system calls that Tor is allowed to invoke while it is running.
Because there are many libc versions that invoke different system calls, and
because handling strings is quite complex, this module is more complex and
less portable than it needs to be.
A better architecture would put the responsibility for invoking tricky system
calls (like open()) in another, less restricted process, and give that
process responsibility for enforcing our sandbox rules.
|
