diff options
| author | David Goulet <dgoulet@torproject.org> | 2019-02-12 13:04:25 -0500 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2019-02-12 13:04:25 -0500 |
| commit | c320c52e89d0d950f0316d2c2f070f7adca66c80 (patch) | |
| tree | 452d3683c624a71cf20e86e089603e4bc2b22d9d | |
| parent | 95e5f8fe03e437f75a6b9af42b0e888f1b8b75ac (diff) | |
| parent | 83b1ca9b07195cc2f2ad514043eaebfaf9e85641 (diff) | |
| download | tor-c320c52e89d0d950f0316d2c2f070f7adca66c80.tar.gz tor-c320c52e89d0d950f0316d2c2f070f7adca66c80.zip | |
Merge branch 'tor-github/pr/690'
| -rw-r--r-- | changes/bug29150 | 3 | ||||
| -rw-r--r-- | src/lib/sandbox/sandbox.c | 6 |
2 files changed, 9 insertions, 0 deletions
diff --git a/changes/bug29150 b/changes/bug29150 new file mode 100644 index 0000000000..7696b90378 --- /dev/null +++ b/changes/bug29150 @@ -0,0 +1,3 @@ + o Minor bugfixes (linux seccomp sandbox): + - Fix startup crash when experimental sandbox support is enabled. + Fixes bug 29150; bugfix on 0.4.0.1-alpha. Patch by Peter Gerber. diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c index 1f0f5d858f..b652397f5a 100644 --- a/src/lib/sandbox/sandbox.c +++ b/src/lib/sandbox/sandbox.c @@ -832,6 +832,12 @@ sb_getsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter) if (rc) return rc; + rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt), + SCMP_CMP(1, SCMP_CMP_EQ, SOL_SOCKET), + SCMP_CMP(2, SCMP_CMP_EQ, SO_ACCEPTCONN)); + if (rc) + return rc; + #ifdef HAVE_SYSTEMD rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt), SCMP_CMP(1, SCMP_CMP_EQ, SOL_SOCKET), |