{
int fd;
#ifdef O_CLOEXEC
- path = get_prot_param(path);
+ path = sandbox_intern_string(path);
fd = open(path, flags|O_CLOEXEC, mode);
if (fd >= 0)
return fd;
#endif
{SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGCHLD), 0},
{SCMP_SYS(time), PARAM_NUM, 0, 0, 0},
+
+#ifdef __NR_socketcall
+ {SCMP_SYS(socketcall), PARAM_NUM, 0, 18, 0}, // accept4 workaround
+#endif
};
/** Variable used for storing all syscall numbers that will be allowed with the
SCMP_SYS(exit),
// socket syscalls
- SCMP_SYS(accept4),
+// SCMP_SYS(accept4),
SCMP_SYS(bind),
SCMP_SYS(connect),
SCMP_SYS(getsockname),
SCMP_SYS(setsockopt),
SCMP_SYS(socket),
SCMP_SYS(socketpair),
-
-#ifdef __NR_socketcall
-// SCMP_SYS(socketcall),
-#endif
-
SCMP_SYS(recvfrom),
SCMP_SYS(unlink),
};
-char*
-get_prot_param(char *param)
+const char*
+sandbox_intern_string(char *param)
{
int i, filter_size;
sandbox_cfg_t *elem;
void sandbox_set_debugging_fd(int fd);
int tor_global_sandbox(void);
-char* get_prot_param(char *param);
+const char* sandbox_intern_string(char *param);
sandbox_cfg_t * sandbox_cfg_new();
int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file);
projects / thirdparty / tor.git / commitdiff
