[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor/master] Allow getsockopt(…, SOL_SOCKET, SO_ACCEPTCONN, …) in sandbox
commit db3ee1d862272a36fb23adb208bfe84013e4b8f7
Author: Peter Gerber <peter@xxxxxxxxxxxx>
Date: Tue Jan 22 21:47:43 2019 +0000
Allow getsockopt(â?¦, SOL_SOCKET, SO_ACCEPTCONN, â?¦) in sandbox
SO_ACCEPTCONN checks whether socket listening is enabled and is
used ever since 9369152aae9527cc3764 has been merged.
Closes ticket #29150
---
src/lib/sandbox/sandbox.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
index 1f0f5d858..b652397f5 100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -832,6 +832,12 @@ sb_getsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
if (rc)
return rc;
+ rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt),
+ SCMP_CMP(1, SCMP_CMP_EQ, SOL_SOCKET),
+ SCMP_CMP(2, SCMP_CMP_EQ, SO_ACCEPTCONN));
+ if (rc)
+ return rc;
+
#ifdef HAVE_SYSTEMD
rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt),
SCMP_CMP(1, SCMP_CMP_EQ, SOL_SOCKET),
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits