diff options
author | Cristian Toader <cristian.matei.toader@gmail.com> | 2013-07-29 14:46:47 +0300 |
---|---|---|
committer | Cristian Toader <cristian.matei.toader@gmail.com> | 2013-07-29 14:46:47 +0300 |
commit | 6d5b0367f6e0035f99570b5bb76a75322ae9a85e (patch) | |
tree | 480293232f6d1801a7b7c0f4374f953fb4319159 | |
parent | 8f9d3da19447f138bc451937b20537810926ff30 (diff) | |
download | tor-6d5b0367f6e0035f99570b5bb76a75322ae9a85e.tar.gz tor-6d5b0367f6e0035f99570b5bb76a75322ae9a85e.zip |
Changes as suggested by nickm
- char* to const char* and name refactoring
- workaround for accept4 syscall
-rw-r--r-- | src/common/compat.c | 2 | ||||
-rw-r--r-- | src/common/sandbox.c | 15 | ||||
-rw-r--r-- | src/common/sandbox.h | 2 |
3 files changed, 9 insertions, 10 deletions
diff --git a/src/common/compat.c b/src/common/compat.c index 5b153674ef..47b65d3560 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -125,7 +125,7 @@ tor_open_cloexec(const char *path, int flags, unsigned mode) { int fd; #ifdef O_CLOEXEC - path = get_prot_param(path); + path = sandbox_intern_string(path); fd = open(path, flags|O_CLOEXEC, mode); if (fd >= 0) return fd; diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 4a3faa47cd..2e8467d7c1 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -49,6 +49,10 @@ static sandbox_static_cfg_t filter_static[] = { #endif {SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGCHLD), 0}, {SCMP_SYS(time), PARAM_NUM, 0, 0, 0}, + +#ifdef __NR_socketcall + {SCMP_SYS(socketcall), PARAM_NUM, 0, 18, 0}, // accept4 workaround +#endif }; /** Variable used for storing all syscall numbers that will be allowed with the @@ -136,7 +140,7 @@ static int filter_nopar_gen[] = { SCMP_SYS(exit), // socket syscalls - SCMP_SYS(accept4), +// SCMP_SYS(accept4), SCMP_SYS(bind), SCMP_SYS(connect), SCMP_SYS(getsockname), @@ -149,17 +153,12 @@ static int filter_nopar_gen[] = { SCMP_SYS(setsockopt), SCMP_SYS(socket), SCMP_SYS(socketpair), - -#ifdef __NR_socketcall -// SCMP_SYS(socketcall), -#endif - SCMP_SYS(recvfrom), SCMP_SYS(unlink), }; -char* -get_prot_param(char *param) +const char* +sandbox_intern_string(char *param) { int i, filter_size; sandbox_cfg_t *elem; diff --git a/src/common/sandbox.h b/src/common/sandbox.h index c6d80659e3..9acf8c4a97 100644 --- a/src/common/sandbox.h +++ b/src/common/sandbox.h @@ -80,7 +80,7 @@ typedef struct pfd_elem sandbox_cfg_t; void sandbox_set_debugging_fd(int fd); int tor_global_sandbox(void); -char* get_prot_param(char *param); +const char* sandbox_intern_string(char *param); sandbox_cfg_t * sandbox_cfg_new(); int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file); |