Tor's seccomp sandbox does not know about the syscall epoll_pwait
I was playing with the seccomp sandbox with tor 3.2.1-alpha.
The system in question uses Musl as the standard C library. When adding "Sandbox 1" to a minimal torrc (attached at the end), this results in an error, saying "(Sandbox) Caught a bad syscall attempt (syscall epoll_pwait)".
The operating system is Gentoo, and the kernel version is 4.9.24-grsec. It is reproducible on Alpine Linux (which also uses Musl as standard C library), but not on Debian, which suggests this is due to Musl exposing an extra system call to Tor that the sandbox does not recognize.
It's also reproducible on tor-0.3.1.7, which suggests this is not a new defect for the 3.2.x series.
The minimal torrc for which this is reproducible is as follows:
User tor Log debug file /var/log/tor/tor.log DataDirectory /var/lib/tor/data Sandbox 1