[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Let bridge authorities run under the sandbox



commit 910e25358a148268815a23ff2040599291100a97
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Wed Sep 2 09:59:22 2015 -0400

    Let bridge authorities run under the sandbox
    
    (found thanks to teor's chutney haxx)
---
 changes/bug16964 |    4 ++++
 src/or/main.c    |    9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/changes/bug16964 b/changes/bug16964
new file mode 100644
index 0000000..46ff565
--- /dev/null
+++ b/changes/bug16964
@@ -0,0 +1,4 @@
+  o Minor bugfixes (linux seccomp2 sandbox):
+    - Allow bridge authorities to run correctly under the seccomp2
+      sandbox. Fixes bug 16964; bugfix on 0.2.5.1-alpha.
+
diff --git a/src/or/main.c b/src/or/main.c
index 0b0207b..915b3e2 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -3040,6 +3040,12 @@ sandbox_init_filter(void)
   OPEN("/etc/hosts");
   OPEN("/proc/meminfo");
 
+  if (options->BridgeAuthoritativeDir)
+    OPEN_DATADIR_SUFFIX("networkstatus-bridges", ".tmp");
+
+  if (authdir_mode_handles_descs(options, -1))
+    OPEN_DATADIR("approved-routers");
+
   if (options->ServerDNSResolvConfFile)
     sandbox_cfg_allow_open_filename(&cfg,
                                 tor_strdup(options->ServerDNSResolvConfFile));
@@ -3080,6 +3086,9 @@ sandbox_init_filter(void)
   RENAME_SUFFIX("unparseable-desc", ".tmp");
   RENAME_SUFFIX("v3-status-votes", ".tmp");
 
+  if (options->BridgeAuthoritativeDir)
+    RENAME_SUFFIX("networkstatus-bridges", ".tmp");
+
 #define STAT_DATADIR(name)                      \
   sandbox_cfg_allow_stat_filename(&cfg, get_datadir_fname(name))
 



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits