diff options
| author | Nick Mathewson <nickm@torproject.org> | 2015-05-28 14:06:01 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2015-05-28 14:06:01 -0400 |
| commit | b66f4cfc9dfdde9e233424ba4c9c25127adc3435 (patch) | |
| tree | 1fdf2703d437127b28db51ca1bdd6a98b67d637f | |
| parent | 5dce1829bf8615f78975e1b7d651e97c266b509a (diff) | |
| parent | 97330ced0c2e0eeae9bb2bc576bb72190237819d (diff) | |
| download | tor-b66f4cfc9dfdde9e233424ba4c9c25127adc3435.tar.gz tor-b66f4cfc9dfdde9e233424ba4c9c25127adc3435.zip | |
Merge remote-tracking branch 'origin/maint-0.2.6'
| -rw-r--r-- | changes/bug16030 | 3 | ||||
| -rw-r--r-- | changes/bug16212 | 5 | ||||
| -rw-r--r-- | src/common/sandbox.c | 10 | ||||
| -rw-r--r-- | src/test/test_channel.c | 2 |
4 files changed, 19 insertions, 1 deletions
diff --git a/changes/bug16030 b/changes/bug16030 new file mode 100644 index 0000000000..c14fd62303 --- /dev/null +++ b/changes/bug16030 @@ -0,0 +1,3 @@ + o Minor bugfixes (tests): + - Fix a crash in the unit tests on MSVC2013. Fixes bug 16030; bugfix on + 0.2.6.2-alpha. Patch from "NewEraCracker".
\ No newline at end of file diff --git a/changes/bug16212 b/changes/bug16212 new file mode 100644 index 0000000000..bc1246376d --- /dev/null +++ b/changes/bug16212 @@ -0,0 +1,5 @@ + o Minor bugfixes (sandbox, systemd): + - Allow systemd connections to work with the Linux seccomp2 sandbox + code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. + Patch by Peter Palfrader. + diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 49316c6193..a32bd0d901 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -170,6 +170,7 @@ static int filter_nopar_gen[] = { SCMP_SYS(read), SCMP_SYS(rt_sigreturn), SCMP_SYS(sched_getaffinity), + SCMP_SYS(sendmsg), SCMP_SYS(set_robust_list), #ifdef __NR_sigreturn SCMP_SYS(sigreturn), @@ -547,6 +548,15 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter) SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX), SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_STREAM), SCMP_CMP(2, SCMP_CMP_EQ, 0)); + if (rc) + return rc; + + rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), + SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX), + SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_DGRAM), + SCMP_CMP(2, SCMP_CMP_EQ, 0)); + if (rc) + return rc; rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK), diff --git a/src/test/test_channel.c b/src/test/test_channel.c index 6cf66493a8..e11ac3f3cc 100644 --- a/src/test/test_channel.c +++ b/src/test/test_channel.c @@ -420,6 +420,7 @@ new_fake_channel(void) chan->close = chan_test_close; chan->get_overhead_estimate = chan_test_get_overhead_estimate; + chan->get_remote_descr = chan_test_get_remote_descr; chan->num_bytes_queued = chan_test_num_bytes_queued; chan->num_cells_writeable = chan_test_num_cells_writeable; chan->write_cell = chan_test_write_cell; @@ -615,7 +616,6 @@ test_channel_dumpstats(void *arg) /* Test channel_dump_statistics */ ch->describe_transport = chan_test_describe_transport; ch->dumpstats = chan_test_dumpstats; - ch->get_remote_descr = chan_test_get_remote_descr; ch->is_canonical = chan_test_is_canonical; old_count = test_dumpstats_calls; channel_dump_statistics(ch, LOG_DEBUG); |