OPEN_DATADIR2(name, name2 suffix); \
} while (0)
+// KeyDirectory is a directory, but it is only opened in check_private_dir
+// which calls open instead of opendir
#define OPEN_KEY_DIRECTORY() \
- OPENDIR(options->KeyDirectory)
+ OPEN(options->KeyDirectory)
#define OPEN_CACHEDIR(name) \
sandbox_cfg_allow_open_filename(&cfg, get_cachedir_fname(name))
#define OPEN_CACHEDIR_SUFFIX(name, suffix) do { \
OPEN_KEYDIR(name suffix); \
} while (0)
- OPENDIR(options->DataDirectory);
+ // DataDirectory is a directory, but it is only opened in check_private_dir
+ // which calls open instead of opendir
+ OPEN(options->DataDirectory);
OPEN_KEY_DIRECTORY();
OPEN_CACHEDIR_SUFFIX("cached-certs", ".tmp");
if (param != NULL && param->prot == 1 && param->syscall
== PHONY_OPENDIR_SYSCALL) {
- if (libc_uses_openat_for_opendir()) {
- rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
- SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD),
- SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value),
- SCMP_CMP(2, SCMP_CMP_EQ, O_RDONLY|O_NONBLOCK|O_LARGEFILE|
- O_DIRECTORY|O_CLOEXEC));
- } else {
- rc = allow_file_open(ctx, 0, param->value);
- }
+ rc = allow_file_open(ctx, libc_uses_openat_for_opendir(), param->value);
if (rc != 0) {
log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received "
"libseccomp error %d", rc);
projects / thirdparty / tor.git / commitdiff
