diff options
| author | Nick Mathewson <nickm@torproject.org> | 2016-02-24 16:01:24 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-02-24 16:01:24 -0500 |
| commit | 7a782820e92cef57afcea6c6936d102d6f4512fe (patch) | |
| tree | d07d08beb981c5e1063e682bf1f0ad380564cee0 | |
| parent | 040ec4d0347235da4fd5696b3eb063e609047024 (diff) | |
| download | tor-7a782820e92cef57afcea6c6936d102d6f4512fe.tar.gz tor-7a782820e92cef57afcea6c6936d102d6f4512fe.zip | |
Make the sandbox work again with chutney.
Previously, we had a problem due to the check_private_dir() rewrite.
Bug not in any released Tor.
| -rw-r--r-- | src/common/sandbox.c | 3 | ||||
| -rw-r--r-- | src/or/main.c | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/src/common/sandbox.c b/src/common/sandbox.c index d747a87563..c04ed5fe7c 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -427,7 +427,8 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open), - SCMP_CMP_MASKED(1, O_CLOEXEC|O_NONBLOCK|O_NOCTTY, O_RDONLY)); + SCMP_CMP_MASKED(1, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW, + O_RDONLY)); if (rc != 0) { log_err(LD_BUG,"(Sandbox) failed to add open syscall, received libseccomp " "error %d", rc); diff --git a/src/or/main.c b/src/or/main.c index 11caea5d89..0b45af9d5d 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -3300,6 +3300,8 @@ sandbox_init_filter(void) OPEN_DATADIR2(name, name2 suffix); \ } while (0) + OPEN(options->DataDirectory); + OPEN_DATADIR("keys"); OPEN_DATADIR_SUFFIX("cached-certs", ".tmp"); OPEN_DATADIR_SUFFIX("cached-consensus", ".tmp"); OPEN_DATADIR_SUFFIX("unverified-consensus", ".tmp"); |