[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Make the sandbox work again with chutney.
commit 7a782820e92cef57afcea6c6936d102d6f4512fe
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Wed Feb 24 16:01:24 2016 -0500
Make the sandbox work again with chutney.
Previously, we had a problem due to the check_private_dir() rewrite.
Bug not in any released Tor.
---
src/common/sandbox.c | 3 ++-
src/or/main.c | 2 ++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index d747a87..c04ed5f 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -427,7 +427,8 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
}
rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open),
- SCMP_CMP_MASKED(1, O_CLOEXEC|O_NONBLOCK|O_NOCTTY, O_RDONLY));
+ SCMP_CMP_MASKED(1, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW,
+ O_RDONLY));
if (rc != 0) {
log_err(LD_BUG,"(Sandbox) failed to add open syscall, received libseccomp "
"error %d", rc);
diff --git a/src/or/main.c b/src/or/main.c
index 11caea5..0b45af9 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -3300,6 +3300,8 @@ sandbox_init_filter(void)
OPEN_DATADIR2(name, name2 suffix); \
} while (0)
+ OPEN(options->DataDirectory);
+ OPEN_DATADIR("keys");
OPEN_DATADIR_SUFFIX("cached-certs", ".tmp");
OPEN_DATADIR_SUFFIX("cached-consensus", ".tmp");
OPEN_DATADIR_SUFFIX("unverified-consensus", ".tmp");
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits