From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 18 Mar 2025 12:41:49 +0000 (-0400)
Subject: Make sandbox work with family id keys.
X-Git-Tag: tor-0.4.9.2-alpha~29^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=114642da9e5e934586557671683c0e3b83eabd29;p=thirdparty%2Ftor.git

Make sandbox work with family id keys.

Closes #41022.

Bug not in any released version of Tor.
---

diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt
index 0b09c7741b..1b8625dda3 100644
--- a/doc/man/tor.1.txt
+++ b/doc/man/tor.1.txt
@@ -2498,6 +2498,9 @@ is non-zero):
     But for now, relay families should configure
     both this option _and_ MyFamily, so older clients
     will still recognize the relays' family membership.
+      +
+    (Note that if the seccomp2 Sandbox feature is enabled,
+    it is not possible to change the key filenames while Tor is running.)
 
 [[Nickname]] **Nickname** __name__::
     Set the server's nickname to \'name'. Nicknames must be between 1 and 19
diff --git a/src/app/main/main.c b/src/app/main/main.c
index 01db726f00..7d73e40343 100644
--- a/src/app/main/main.c
+++ b/src/app/main/main.c
@@ -957,6 +957,17 @@ sandbox_init_filter(void)
   OPEN("/etc/hosts");
   OPEN("/proc/meminfo");
 
+  {
+    smartlist_t *family_id_files =
+      list_family_key_files(options, options->KeyDirectory);
+
+    SMARTLIST_FOREACH(family_id_files, const char *, fn,
+                      OPEN(fn));
+
+    SMARTLIST_FOREACH(family_id_files, char *, cp, tor_free(cp));
+    smartlist_free(family_id_files);
+  }
+
   if (options->BridgeAuthoritativeDir)
     OPEN_DATADIR_SUFFIX("networkstatus-bridges", ".tmp");