tor/changes/seccomp2_sandbox

  o Major features (security):
    - Use the seccomp2 syscall filtering facility on Linux to limit
      which system calls Tor can invoke. This is an experimental,
      Linux-only feature to provide defense-in-depth against unknown
      attacks. To try turning it on, set "Sandbox 1" in your torrc
      file. This is an experimental feature, however, and some things
      may break, so please be ready to report bugs. We hope to add
      support for better sandboxing in the future,
      including more fine-grained filters, better division of
      responsibility, and support for more platforms. This work has
      been done by Cristian-Matei Toader for Google Summer of Code.
Add a basic seccomp2 syscall filter on Linux It's controlled by the new Sandbox argument. Right now, it's rather coarse-grained, it's Linux-only, and it may break some features. 2013-06-17 12:07:14 +02:00			`o Major features (security):`
			`- Use the seccomp2 syscall filtering facility on Linux to limit`
			`which system calls Tor can invoke. This is an experimental,`
			`Linux-only feature to provide defense-in-depth against unknown`
			`attacks. To try turning it on, set "Sandbox 1" in your torrc`
			`file. This is an experimental feature, however, and some things`
			`may break, so please be ready to report bugs. We hope to add`
			`support for better sandboxing in the future,`
			`including more fine-grained filters, better division of`
			`responsibility, and support for more platforms. This work has`
			`been done by Cristian-Matei Toader for Google Summer of Code.`