Fix some initial sandbox issues.

author Nick Mathewson <nickm@torproject.org>

Fri, 28 Mar 2014 05:52:08 +0000 (01:52 -0400)

committer Nick Mathewson <nickm@torproject.org>

Thu, 17 Apr 2014 02:03:07 +0000 (22:03 -0400)
author Nick Mathewson <nickm@torproject.org>
Fri, 28 Mar 2014 05:52:08 +0000 (01:52 -0400)
committer Nick Mathewson <nickm@torproject.org>
Thu, 17 Apr 2014 02:03:07 +0000 (22:03 -0400)
diff --git a/src/common/sandbox.c b/src/common/sandbox.c

index 0548f3edd43c315745f2fff2d8fb801fdb5e6453..299c6f20bd108ea7f82dc850d6949ae894664d25 100644 (file)
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -124,6 +124,7 @@ static int filter_nopar_gen[] = {
      SCMP_SYS(rename),
      SCMP_SYS(rt_sigreturn),
      SCMP_SYS(set_robust_list),
+    SCMP_SYS(_sysctl),
  #ifdef __NR_sigreturn
      SCMP_SYS(sigreturn),
  #endif
@@ -249,6 +250,11 @@ sb_accept4(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
    if (rc) {
      return rc;
    }
+  rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(accept4), 1,
+      SCMP_CMP(3, SCMP_CMP_EQ, SOCK_CLOEXEC|SOCK_NONBLOCK));
+  if (rc) {
+    return rc;
+  }
  
    return 0;
  }
diff --git a/src/or/main.c b/src/or/main.c

index 0264064edcc7428a11d62d0ce2ef73b84ea4979c..16149544bfbf31d87c64b26309dda42babe6c74d 100644 (file)
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2732,8 +2732,11 @@ sandbox_init_filter(void)
        get_datadir_fname("cached-certs"), 1,
        get_datadir_fname("cached-certs.tmp"), 1,
        get_datadir_fname("cached-consensus"), 1,
+      get_datadir_fname("cached-consensus.tmp"), 1,
        get_datadir_fname("unverified-consensus"), 1,
        get_datadir_fname("unverified-consensus.tmp"), 1,
+      get_datadir_fname("unverified-microdesc-consensus"), 1,
+      get_datadir_fname("unverified-microdesc-consensus.tmp"), 1,
        get_datadir_fname("cached-microdesc-consensus"), 1,
        get_datadir_fname("cached-microdesc-consensus.tmp"), 1,
        get_datadir_fname("cached-microdescs"), 1,
@@ -2747,9 +2750,15 @@ sandbox_init_filter(void)
        get_datadir_fname("cached-descriptors.new.tmp"), 1,
        get_datadir_fname("cached-descriptors.tmp.tmp"), 1,
        get_datadir_fname("cached-extrainfo"), 1,
+      get_datadir_fname("cached-extrainfo.new"), 1,
+      get_datadir_fname("cached-extrainfo.tmp"), 1,
+      get_datadir_fname("cached-extrainfo.new.tmp"), 1,
+      get_datadir_fname("cached-extrainfo.tmp.tmp"), 1,
        get_datadir_fname("state.tmp"), 1,
        get_datadir_fname("unparseable-desc.tmp"), 1,
        get_datadir_fname("unparseable-desc"), 1,
+      get_datadir_fname("v3-status-votes"), 1,
+      get_datadir_fname("v3-status-votes.tmp"), 1,
        "/dev/srandom", 0,
        "/dev/urandom", 0,
        "/dev/random", 0,
author	Nick Mathewson <nickm@torproject.org>
	Fri, 28 Mar 2014 05:52:08 +0000 (01:52 -0400)
committer	Nick Mathewson <nickm@torproject.org>
	Thu, 17 Apr 2014 02:03:07 +0000 (22:03 -0400)
src/common/sandbox.c		patch \| blob \| blame \| history
src/or/main.c		patch \| blob \| blame \| history