summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2015-05-28 14:06:01 -0400
committerNick Mathewson <nickm@torproject.org>2015-05-28 14:06:01 -0400
commitb66f4cfc9dfdde9e233424ba4c9c25127adc3435 (patch)
tree1fdf2703d437127b28db51ca1bdd6a98b67d637f
parent5dce1829bf8615f78975e1b7d651e97c266b509a (diff)
parent97330ced0c2e0eeae9bb2bc576bb72190237819d (diff)
downloadtor-b66f4cfc9dfdde9e233424ba4c9c25127adc3435.tar.gz
tor-b66f4cfc9dfdde9e233424ba4c9c25127adc3435.zip
Merge remote-tracking branch 'origin/maint-0.2.6'
-rw-r--r--changes/bug160303
-rw-r--r--changes/bug162125
-rw-r--r--src/common/sandbox.c10
-rw-r--r--src/test/test_channel.c2
4 files changed, 19 insertions, 1 deletions
diff --git a/changes/bug16030 b/changes/bug16030
new file mode 100644
index 0000000000..c14fd62303
--- /dev/null
+++ b/changes/bug16030
@@ -0,0 +1,3 @@
+ o Minor bugfixes (tests):
+ - Fix a crash in the unit tests on MSVC2013. Fixes bug 16030; bugfix on
+ 0.2.6.2-alpha. Patch from "NewEraCracker". \ No newline at end of file
diff --git a/changes/bug16212 b/changes/bug16212
new file mode 100644
index 0000000000..bc1246376d
--- /dev/null
+++ b/changes/bug16212
@@ -0,0 +1,5 @@
+ o Minor bugfixes (sandbox, systemd):
+ - Allow systemd connections to work with the Linux seccomp2 sandbox
+ code. Fixes bug 16212; bugfix on 0.2.6.2-alpha.
+ Patch by Peter Palfrader.
+
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 49316c6193..a32bd0d901 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -170,6 +170,7 @@ static int filter_nopar_gen[] = {
SCMP_SYS(read),
SCMP_SYS(rt_sigreturn),
SCMP_SYS(sched_getaffinity),
+ SCMP_SYS(sendmsg),
SCMP_SYS(set_robust_list),
#ifdef __NR_sigreturn
SCMP_SYS(sigreturn),
@@ -547,6 +548,15 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX),
SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_STREAM),
SCMP_CMP(2, SCMP_CMP_EQ, 0));
+ if (rc)
+ return rc;
+
+ rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
+ SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX),
+ SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_DGRAM),
+ SCMP_CMP(2, SCMP_CMP_EQ, 0));
+ if (rc)
+ return rc;
rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK),
diff --git a/src/test/test_channel.c b/src/test/test_channel.c
index 6cf66493a8..e11ac3f3cc 100644
--- a/src/test/test_channel.c
+++ b/src/test/test_channel.c
@@ -420,6 +420,7 @@ new_fake_channel(void)
chan->close = chan_test_close;
chan->get_overhead_estimate = chan_test_get_overhead_estimate;
+ chan->get_remote_descr = chan_test_get_remote_descr;
chan->num_bytes_queued = chan_test_num_bytes_queued;
chan->num_cells_writeable = chan_test_num_cells_writeable;
chan->write_cell = chan_test_write_cell;
@@ -615,7 +616,6 @@ test_channel_dumpstats(void *arg)
/* Test channel_dump_statistics */
ch->describe_transport = chan_test_describe_transport;
ch->dumpstats = chan_test_dumpstats;
- ch->get_remote_descr = chan_test_get_remote_descr;
ch->is_canonical = chan_test_is_canonical;
old_count = test_dumpstats_calls;
channel_dump_statistics(ch, LOG_DEBUG);