For me, asan/ubsan require more syscalls.

Permit sched_yield() and sigaltstack() in the sandbox.

Closes ticket 20063

changes/bug20063

@@ -0,0 +1,6 @@
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Add permission to run the sched_yield() and sigaltstack() system
+      calls, in order to support versions of Tor compiled with
+      asan or ubsan code that use these calls. Now "sandbox 1" and
+      "--enable-expensive-hardening" should be compatible.
+      Fixes bug 20063; bugfix on 0.2.5.1-alpha.

src/common/sandbox.c

@@ -184,11 +184,17 @@ static int filter_nopar_gen[] = {
     SCMP_SYS(read),
     SCMP_SYS(rt_sigreturn),
     SCMP_SYS(sched_getaffinity),
+#ifdef __NR_sched_yield
+    SCMP_SYS(sched_yield),
+#endif
     SCMP_SYS(sendmsg),
     SCMP_SYS(set_robust_list),
 #ifdef __NR_setrlimit
     SCMP_SYS(setrlimit),
 #endif
+#ifdef __NR_sigaltstack
+    SCMP_SYS(sigaltstack),
+#endif
 #ifdef __NR_sigreturn
     SCMP_SYS(sigreturn),
 #endif