Avoid sandbox bug warning when unglobbing patterns #40094

Adds a more user-friendly error message when the configuration is
reloaded and a new %include is added that makes its unglobbing
access files/folders not allowed by the seccomp sandbox.

diff --git a/src/lib/fs/conffile.c b/src/lib/fs/conffile.c
index acd8dfb8cc3ae73c8b42e6aa7499214ecc2b746e..0d0bdf09a60b797cbecea869175e0fde40146037 100644 (file)
--- a/src/lib/fs/conffile.c
+++ b/src/lib/fs/conffile.c
@@ -23,6 +23,7 @@
 #include "lib/string/printf.h"
 
 #include <stdbool.h>
+#include <errno.h>
 
 static smartlist_t *config_get_file_list(const char *path,
                                          smartlist_t *opened_files);
@@ -68,6 +69,11 @@ expand_glob(const char *pattern, smartlist_t *opened_files)
 
   smartlist_t *matches = tor_glob(pattern);
   if (!matches) {
+    if (errno == EPERM) {
+      log_err(LD_CONFIG, "Sandbox is active, but the configuration pattern "
+              "\"%s\" listed with %%include would access files or folders not "
+              "allowed by it. Cannot proceed.", pattern);
+    }
     return NULL;
   }
 

diff --git a/src/lib/fs/path.c b/src/lib/fs/path.c
index 2eef4bded7347c04fb3603cf4c234b66050868b1..af421d0413ee61fac29451c5c59c27f01fb71716 100644 (file)
--- a/src/lib/fs/path.c
+++ b/src/lib/fs/path.c
@@ -537,6 +537,10 @@ unglob_win32(const char *pattern, int prev_sep, int next_sep)
 static DIR *
 prot_opendir(const char *name)
 {
+  if (sandbox_interned_string_is_missing(name)) {
+    errno = EPERM;
+    return NULL;
+  }
   return opendir(sandbox_intern_string(name));
 }
 
@@ -544,6 +548,10 @@ prot_opendir(const char *name)
 static int
 prot_stat(const char *pathname, struct stat *buf)
 {
+  if (sandbox_interned_string_is_missing(pathname)) {
+    errno = EPERM;
+    return -1;
+  }
   return stat(sandbox_intern_string(pathname), buf);
 }
 
@@ -551,6 +559,10 @@ prot_stat(const char *pathname, struct stat *buf)
 static int
 prot_lstat(const char *pathname, struct stat *buf)
 {
+  if (sandbox_interned_string_is_missing(pathname)) {
+    errno = EPERM;
+    return -1;
+  }
   return lstat(sandbox_intern_string(pathname), buf);
 }
 /** As closedir, but has the right type for gl_closedir */
@@ -563,7 +575,8 @@ wrap_closedir(void *arg)
 
 /** Return a new list containing the paths that match the pattern
  * <b>pattern</b>. Return NULL on error. On POSIX systems, errno is set by the
- * glob function.
+ * glob function or is set to EPERM if glob tried to access a file not allowed
+ * by the seccomp sandbox.
  */
 struct smartlist_t *
 tor_glob(const char *pattern)