Sandbox: Don't preseed getaddrinfo(gethostname()) in client mode.

If we're a server with no address configured, resolve_my_hostname
will need this.  But not otherwise.  And the preseeding itself can
consume a few seconds if like tails we have no resolvers.

Fixes bug 18548.

3 files changed, 20 insertions, 0 deletions

diff --git a/changes/bug18548 b/changes/bug18548
new file mode 100644
index 0000000000..262d1d3615
--- /dev/null
+++ b/changes/bug18548
@@ -0,0 +1,12 @@
+  o Minor bugfixes (linux seccomp2 sandbox):
+    - Avoid a 10-second delay when starting as a client with Sandbox 1
+      enabled and no DNS resolvers configured.  This should help TAILS
+      start up faster. Fixes bug 18548; bugfix on 0.2.5.1-alpha.
+
+
+  o Minor features (linux seccomp2 sandbox):
+    - Detect and reject attempts to change our Address with Sandbox 1
+      enabled. Changing Address with Sandbox turned on would never
+      actually work, but previously it would fail in strange and
+      confusing ways.  Found while fixing 18548.
+
diff --git a/src/or/config.c b/src/or/config.c
index 0e15f9bb07..ed436f929f 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -4267,6 +4267,7 @@ options_transition_allowed(const or_options_t *old,
       }                                                                 \
     } while (0)
 
+    SB_NOCHANGE_STR(Address);
     SB_NOCHANGE_STR(PidFile);
     SB_NOCHANGE_STR(ServerDNSResolvConfFile);
     SB_NOCHANGE_STR(DirPortFrontPage);
diff --git a/src/or/main.c b/src/or/main.c
index 713816d9b7..f37c23c9f5 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -3312,6 +3312,13 @@ do_dump_config(void)
 static void
 init_addrinfo(void)
 {
+  if (! server_mode(get_options()) ||
+      (get_options()->Address && strlen(get_options()->Address) > 0)) {
+    /* We don't need to seed our own hostname, because we won't be calling
+     * resolve_my_address on it.
+     */
+    return;
+  }
   char hname[256];
 
   // host name to sandbox