Permit setrlimit, prlimit, prlimit64 calls.

author Nick Mathewson <nickm@torproject.org>

Mon, 14 Mar 2016 17:21:16 +0000 (13:21 -0400)

committer Nick Mathewson <nickm@torproject.org>

Mon, 14 Mar 2016 17:21:16 +0000 (13:21 -0400)
author Nick Mathewson <nickm@torproject.org>
Mon, 14 Mar 2016 17:21:16 +0000 (13:21 -0400)
committer Nick Mathewson <nickm@torproject.org>
Mon, 14 Mar 2016 17:21:16 +0000 (13:21 -0400)
diff --git a/changes/bug15221 b/changes/bug15221

new file mode 100644 (file)

index 0000000..ed72309
--- /dev/null
+++ b/changes/bug15221
@@ -0,0 +1,4 @@
+  o Minor bugfixes (sandbox):
+    - Allow the setrlimit syscall, and the prlimit and prlimit64 syscalls,
+      which some libc implementations
+      use under the hood.  Fixes bug 15221.  Bugfix on 0.2.5.1-alpha.
diff --git a/src/common/sandbox.c b/src/common/sandbox.c

index 950a92fbb32387fe78a97743e84b6aa3ac8c5819..bcbb3ce3fa5e62a1130685956a591669d369cf5f 100644 (file)
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -177,11 +177,20 @@ static int filter_nopar_gen[] = {
      SCMP_SYS(mmap),
  #endif
      SCMP_SYS(munmap),
+#ifdef __NR_prlimit
+    SCMP_SYS(prlimit),
+#endif
+#ifdef __NR_prlimit64
+    SCMP_SYS(prlimit64),
+#endif
      SCMP_SYS(read),
      SCMP_SYS(rt_sigreturn),
      SCMP_SYS(sched_getaffinity),
      SCMP_SYS(sendmsg),
      SCMP_SYS(set_robust_list),
+#ifdef __NR_setrlimit
+    SCMP_SYS(setrlimit),
+#endif
  #ifdef __NR_sigreturn
      SCMP_SYS(sigreturn),
  #endif
author	Nick Mathewson <nickm@torproject.org>
	Mon, 14 Mar 2016 17:21:16 +0000 (13:21 -0400)
committer	Nick Mathewson <nickm@torproject.org>
	Mon, 14 Mar 2016 17:21:16 +0000 (13:21 -0400)
changes/bug15221	[new file with mode: 0644]	patch \| blob
src/common/sandbox.c		patch \| blob \| blame \| history