diff options
| author | Nick Mathewson <nickm@torproject.org> | 2015-09-02 09:59:22 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2015-09-02 09:59:22 -0400 |
| commit | 910e25358a148268815a23ff2040599291100a97 (patch) | |
| tree | 971381deabd5f9fbbcd0404f96edc17536e96331 | |
| parent | b637bda91f3df4ae5621206a5ccd0015595c98ac (diff) | |
| download | tor-910e25358a148268815a23ff2040599291100a97.tar.gz tor-910e25358a148268815a23ff2040599291100a97.zip | |
Let bridge authorities run under the sandbox
(found thanks to teor's chutney haxx)
| -rw-r--r-- | changes/bug16964 | 4 | ||||
| -rw-r--r-- | src/or/main.c | 9 |
2 files changed, 13 insertions, 0 deletions
diff --git a/changes/bug16964 b/changes/bug16964 new file mode 100644 index 0000000000..46ff565fc6 --- /dev/null +++ b/changes/bug16964 @@ -0,0 +1,4 @@ + o Minor bugfixes (linux seccomp2 sandbox): + - Allow bridge authorities to run correctly under the seccomp2 + sandbox. Fixes bug 16964; bugfix on 0.2.5.1-alpha. + diff --git a/src/or/main.c b/src/or/main.c index 0b0207b975..915b3e23ca 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -3040,6 +3040,12 @@ sandbox_init_filter(void) OPEN("/etc/hosts"); OPEN("/proc/meminfo"); + if (options->BridgeAuthoritativeDir) + OPEN_DATADIR_SUFFIX("networkstatus-bridges", ".tmp"); + + if (authdir_mode_handles_descs(options, -1)) + OPEN_DATADIR("approved-routers"); + if (options->ServerDNSResolvConfFile) sandbox_cfg_allow_open_filename(&cfg, tor_strdup(options->ServerDNSResolvConfFile)); @@ -3080,6 +3086,9 @@ sandbox_init_filter(void) RENAME_SUFFIX("unparseable-desc", ".tmp"); RENAME_SUFFIX("v3-status-votes", ".tmp"); + if (options->BridgeAuthoritativeDir) + RENAME_SUFFIX("networkstatus-bridges", ".tmp"); + #define STAT_DATADIR(name) \ sandbox_cfg_allow_stat_filename(&cfg, get_datadir_fname(name)) |