For me, asan/ubsan require more syscalls.

author Nick Mathewson <nickm@torproject.org>

Mon, 5 Sep 2016 18:25:58 +0000 (14:25 -0400)

committer Nick Mathewson <nickm@torproject.org>

Mon, 5 Sep 2016 18:25:58 +0000 (14:25 -0400)
author Nick Mathewson <nickm@torproject.org>
Mon, 5 Sep 2016 18:25:58 +0000 (14:25 -0400)
committer Nick Mathewson <nickm@torproject.org>
Mon, 5 Sep 2016 18:25:58 +0000 (14:25 -0400)
diff --git a/changes/bug20063 b/changes/bug20063

new file mode 100644 (file)

index 0000000..aa9ec23
--- /dev/null
+++ b/changes/bug20063
@@ -0,0 +1,6 @@
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Add permission to run the sched_yield() and sigaltstack() system
+      calls, in order to support versions of Tor compiled with
+      asan or ubsan code that use these calls. Now "sandbox 1" and
+      "--enable-expensive-hardening" should be compatible.
+      Fixes bug 20063; bugfix on 0.2.5.1-alpha.
diff --git a/src/common/sandbox.c b/src/common/sandbox.c

index 37c1a9428f1f989ba21ba2699c70f376c153e1f7..24ba8a2997e1b141414729ab39f8570c21a8f71c 100644 (file)
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -184,11 +184,17 @@ static int filter_nopar_gen[] = {
      SCMP_SYS(read),
      SCMP_SYS(rt_sigreturn),
      SCMP_SYS(sched_getaffinity),
+#ifdef __NR_sched_yield
+    SCMP_SYS(sched_yield),
+#endif
      SCMP_SYS(sendmsg),
      SCMP_SYS(set_robust_list),
  #ifdef __NR_setrlimit
      SCMP_SYS(setrlimit),
  #endif
+#ifdef __NR_sigaltstack
+    SCMP_SYS(sigaltstack),
+#endif
  #ifdef __NR_sigreturn
      SCMP_SYS(sigreturn),
  #endif
author	Nick Mathewson <nickm@torproject.org>
	Mon, 5 Sep 2016 18:25:58 +0000 (14:25 -0400)
committer	Nick Mathewson <nickm@torproject.org>
	Mon, 5 Sep 2016 18:25:58 +0000 (14:25 -0400)
changes/bug20063	[new file with mode: 0644]	patch \| blob
src/common/sandbox.c		patch \| blob \| blame \| history