Allow getsockopt(…, SOL_SOCKET, SO_ACCEPTCONN, …) in sandbox

SO_ACCEPTCONN checks whether socket listening is enabled and is used ever since 9369152aae9527cc3764 has been merged. Closes ticket #29150
author: Peter Gerber <peter@arbitrary.ch> 2019-01-22 21:47:43 +0000
committer: Peter Gerber <peter@arbitrary.ch> 2019-01-22 21:51:25 +0000
commit: db3ee1d862272a36fb23adb208bfe84013e4b8f7 (patch)
tree: 1e376279b5f2ea26f77a423f459b5d942477a69f
parent: 74e41155ffc3e295322904b5c85179db538d91f8 (diff)
download: tor-db3ee1d862272a36fb23adb208bfe84013e4b8f7.tar.gz
tor-db3ee1d862272a36fb23adb208bfe84013e4b8f7.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
index 1f0f5d858f..b652397f5a 100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -832,6 +832,12 @@ sb_getsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
   if (rc)
     return rc;
 
+  rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt),
+      SCMP_CMP(1, SCMP_CMP_EQ, SOL_SOCKET),
+      SCMP_CMP(2, SCMP_CMP_EQ, SO_ACCEPTCONN));
+  if (rc)
+    return rc;
+
 #ifdef HAVE_SYSTEMD
   rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt),
       SCMP_CMP(1, SCMP_CMP_EQ, SOL_SOCKET),
author	Peter Gerber <peter@arbitrary.ch>	2019-01-22 21:47:43 +0000
committer	Peter Gerber <peter@arbitrary.ch>	2019-01-22 21:51:25 +0000
commit	db3ee1d862272a36fb23adb208bfe84013e4b8f7 (patch)
tree	1e376279b5f2ea26f77a423f459b5d942477a69f
parent	74e41155ffc3e295322904b5c85179db538d91f8 (diff)
download	tor-db3ee1d862272a36fb23adb208bfe84013e4b8f7.tar.gz tor-db3ee1d862272a36fb23adb208bfe84013e4b8f7.zip