From: Nick Mathewson Date: Wed, 24 Feb 2016 21:01:24 +0000 (-0500) Subject: Make the sandbox work again with chutney. X-Git-Tag: tor-0.2.8.2-alpha~92 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7a782820e92cef57afcea6c6936d102d6f4512fe;p=thirdparty%2Ftor.git Make the sandbox work again with chutney. Previously, we had a problem due to the check_private_dir() rewrite. Bug not in any released Tor. --- diff --git a/src/common/sandbox.c b/src/common/sandbox.c index d747a87563..c04ed5fe7c 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -427,7 +427,8 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open), - SCMP_CMP_MASKED(1, O_CLOEXEC|O_NONBLOCK|O_NOCTTY, O_RDONLY)); + SCMP_CMP_MASKED(1, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW, + O_RDONLY)); if (rc != 0) { log_err(LD_BUG,"(Sandbox) failed to add open syscall, received libseccomp " "error %d", rc); diff --git a/src/or/main.c b/src/or/main.c index 11caea5d89..0b45af9d5d 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -3300,6 +3300,8 @@ sandbox_init_filter(void) OPEN_DATADIR2(name, name2 suffix); \ } while (0) + OPEN(options->DataDirectory); + OPEN_DATADIR("keys"); OPEN_DATADIR_SUFFIX("cached-certs", ".tmp"); OPEN_DATADIR_SUFFIX("cached-consensus", ".tmp"); OPEN_DATADIR_SUFFIX("unverified-consensus", ".tmp");