Allow unlinkat() in the seccomp2 sandbox

author Nick Mathewson <nickm@torproject.org>

Wed, 26 Feb 2020 20:17:12 +0000 (15:17 -0500)

committer Nick Mathewson <nickm@torproject.org>

Wed, 26 Feb 2020 20:17:12 +0000 (15:17 -0500)
author Nick Mathewson <nickm@torproject.org>
Wed, 26 Feb 2020 20:17:12 +0000 (15:17 -0500)
committer Nick Mathewson <nickm@torproject.org>
Wed, 26 Feb 2020 20:17:12 +0000 (15:17 -0500)
diff --git a/changes/ticket33346 b/changes/ticket33346

new file mode 100644 (file)

index 0000000..acbbae5
--- /dev/null
+++ b/changes/ticket33346
@@ -0,0 +1,3 @@
+  o Minor features (linux seccomp2 sandbox):
+    - Permit the unlinkat() syscall, which some Libc implementations
+      use to implement unlink(). Closes ticket 33346.
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c

index 8f577b066048e22fda3a54160e41d6ebbc95a0fc..63d3e0b9a3a530fa5ab9c2b80f22e72641a85c6d 100644 (file)
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -269,6 +269,9 @@ static int filter_nopar_gen[] = {
      SCMP_SYS(recvfrom),
      SCMP_SYS(sendto),
      SCMP_SYS(unlink),
+#ifdef __NR_unlinkat
+    SCMP_SYS(unlinkat),
+#endif
      SCMP_SYS(poll)
  };
author	Nick Mathewson <nickm@torproject.org>
	Wed, 26 Feb 2020 20:17:12 +0000 (15:17 -0500)
committer	Nick Mathewson <nickm@torproject.org>
	Wed, 26 Feb 2020 20:17:12 +0000 (15:17 -0500)
changes/ticket33346	[new file with mode: 0644]	patch \| blob
src/lib/sandbox/sandbox.c		patch \| blob \| blame \| history