sandbox: support logfile rotation

Fixes bug 12032; bugfix on 0.2.5.1-alpha

diff --git a/changes/bug12032 b/changes/bug12032
new file mode 100644 (file)
index 0000000..44fc6c7
--- /dev/null
+++ b/changes/bug12032
@@ -0,0 +1,4 @@
+  o Minor bugfixes (Linux syscall sandbox):
+    - When we receive a SIGHUP with the sandbox enabled, correctly
+      support rotating our log files. Fixes bug 12032; bugfix on
+      0.2.5.1-alpha.

diff --git a/src/common/log.c b/src/common/log.c
index 592dc2c5d466c15347822ec45d71e85e7e0447e0..517fa4faaa99e8e1d40e1df57dcd392f8c9aeb69 100644 (file)
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -562,6 +562,27 @@ tor_log_update_sigsafe_err_fds(void)
   UNLOCK_LOGS();
 }
 
+/** Add to <b>out</b> a copy of every currently configured log file name. Used
+ * to enable access to these filenames with the sandbox code. */
+void
+tor_log_get_logfile_names(smartlist_t *out)
+{
+  logfile_t *lf;
+  tor_assert(out);
+
+  LOCK_LOGS();
+
+  for (lf = logfiles; lf; lf = lf->next) {
+    if (lf->is_temporary || lf->is_syslog || lf->callback)
+      continue;
+    if (lf->filename == NULL)
+      continue;
+    smartlist_add(out, tor_strdup(lf->filename));
+  }
+
+  UNLOCK_LOGS();
+}
+
 /** Output a message to the log, prefixed with a function name <b>fn</b>. */
 #ifdef __GNUC__
 /** GCC-based implementation of the log_fn backend, used when we have

diff --git a/src/common/torlog.h b/src/common/torlog.h
index f6ddca5d460a706594be774455a52d1a57c2f9a0..34f70f3c0073b353265fa8b1254a325e74fda7c1 100644 (file)
--- a/src/common/torlog.h
+++ b/src/common/torlog.h
@@ -156,6 +156,9 @@ void tor_log_err_sigsafe(const char *m, ...);
 int tor_log_get_sigsafe_err_fds(const int **out);
 void tor_log_update_sigsafe_err_fds(void);
 
+struct smartlist_t;
+void tor_log_get_logfile_names(struct smartlist_t *out);
+
 extern int log_global_min_severity_;
 
 #if defined(__GNUC__) || defined(RUNNING_DOXYGEN)

diff --git a/src/or/config.c b/src/or/config.c
index b346f6648e3b045c40164c6005e9c4615717b1be..0f7b1d2a2e975a2047a7b88419f52fcc559e6c6d 100644 (file)
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1143,13 +1143,11 @@ options_act_reversible(const or_options_t *old_options, char **msg)
   if (!running_tor)
     goto commit;
 
-  if (!sandbox_is_active()) {
-    mark_logs_temp(); /* Close current logs once new logs are open. */
-    logs_marked = 1;
-    if (options_init_logs(options, 0)<0) { /* Configure the tor_log(s) */
-      *msg = tor_strdup("Failed to init Log options. See logs for details.");
-      goto rollback;
-    }
+  mark_logs_temp(); /* Close current logs once new logs are open. */
+  logs_marked = 1;
+  if (options_init_logs(options, 0)<0) { /* Configure the tor_log(s) */
+    *msg = tor_strdup("Failed to init Log options. See logs for details.");
+    goto rollback;
   }
 
  commit:

diff --git a/src/or/main.c b/src/or/main.c
index 3d109ec78c09a145626c969c01556946d7e4d9b9..7d114d9f68f47c8f70fa5bd2dc31fad48409f210 100644 (file)
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2822,6 +2822,15 @@ sandbox_init_filter(void)
       NULL, 0
   );
 
+  {
+    smartlist_t *logfiles = smartlist_new();
+    tor_log_get_logfile_names(logfiles);
+    SMARTLIST_FOREACH(logfiles, char *, logfile_name, {
+      sandbox_cfg_allow_open_filename(&cfg, logfile_name); /* steals reference */
+    });
+    smartlist_free(logfiles);
+  }
+
   // orport
   if (server_mode(get_options())) {
     sandbox_cfg_allow_open_filename_array(&cfg,