Commit acad89a4 authored by anonym's avatar anonym
Browse files

Temporarily workaround tor bug by always disabling the seccomp sandbox.

NOTE: This commit should be reverted/dropped before merging this
branch into production!

There is a bug in tor that prevents SAVECONF from working when the
seccomp sandbox is enabled:

  https://gitlab.torproject.org/tpo/core/tor/-/issues/40317

At the moment this breaks pretty much the whole automated test suite:
we successfully create the with-network-logged-in snapshot, but due to
the bug torrc is not updated, so it still has "DisableNetwork" set. So
when we restore the snapshot, and as a consequence restart tor, it
looses the configuration set by Tor Launcher. And since it is not
committed to torrc either they won't be restored, so "DisableNetwork"
is still on and tor won't bootstrap.

More details:

  !326 (comment 166438)
parent 92e8c5e9
......@@ -21,7 +21,7 @@ TransPort 127.0.0.1:9040
## tor-sandox-helper script) if we configure any pluggable transport
## in Tor Launcher; note that old-school "simple" bridges will still
## have the sandbox enabled.
Sandbox 1
#Sandbox 1
## Misc
AvoidDiskWrites 1
......
......@@ -7,7 +7,7 @@
systemctl stop tor@default.service
tor_set_in_torrc Sandbox "${1}"
#tor_set_in_torrc Sandbox "${1}"
sed -i '/^ClientTransportPlugin /d' /etc/tor/torrc
if [ "${1}" = 0 ]; then
tor_set_in_torrc ClientTransportPlugin 'obfs2,obfs3,obfs4,meek_lite exec /usr/bin/obfs4proxy managed'
......
......@@ -457,8 +457,8 @@ Given /^Tor is ready$/ do
step 'the time has synced'
if @tor_is_using_pluggable_transports
step 'Tor is not confined with Seccomp'
else
step 'Tor is confined with Seccomp'
#else
# step 'Tor is confined with Seccomp'
end
# When we test for ASP upgrade failure the following tests would fail,
# so let's skip them in this case.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment