diff options
| author | David Goulet <dgoulet@torproject.org> | 2024-06-18 13:10:19 +0000 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2024-06-18 13:10:19 +0000 |
| commit | 7ce17c6c40d6a92272bad482603ee3c392e2e799 (patch) | |
| tree | a912edb15cd308beb6a3abb223950e31d55f09db | |
| parent | c7514b96641f2be180238a78fea961c11e671663 (diff) | |
| parent | 48b354e038eeaa0c4879275b4a539d4d52d49b4a (diff) | |
| download | tor-7ce17c6c40d6a92272bad482603ee3c392e2e799.tar.gz tor-7ce17c6c40d6a92272bad482603ee3c392e2e799.zip | |
Merge branch 'sandbox-bwauth' into 'main'
fix sandbox for bandwidth authority
Closes #40933
See merge request tpo/core/tor!821
| -rw-r--r-- | changes/bug40933 | 3 | ||||
| -rw-r--r-- | src/app/main/main.c | 5 | ||||
| -rw-r--r-- | src/lib/fs/files.c | 3 |
3 files changed, 10 insertions, 1 deletions
diff --git a/changes/bug40933 b/changes/bug40933 new file mode 100644 index 0000000000..c4f9eb085f --- /dev/null +++ b/changes/bug40933 @@ -0,0 +1,3 @@ + o Minor bugfixes (sandbox, bwauth): + - Fix sandbox to work for bandwidth authority. Fixes bug 40933; bugfix on + 0.2.2.1-alpha diff --git a/src/app/main/main.c b/src/app/main/main.c index a50a0aad6f..6d05bd1f5e 100644 --- a/src/app/main/main.c +++ b/src/app/main/main.c @@ -926,6 +926,11 @@ sandbox_init_filter(void) OPEN_DATADIR("approved-routers"); OPEN_DATADIR_SUFFIX("my-consensus-microdesc", ".tmp"); OPEN_DATADIR_SUFFIX("my-consensus-ns", ".tmp"); + if (options->V3BandwidthsFile) { + log_notice(LD_GENERAL, "Adding V3BandwidthsFile %s to sandboxing set.", + options->V3BandwidthsFile); + OPEN(options->V3BandwidthsFile); + } } if (options->ServerDNSResolvConfFile) diff --git a/src/lib/fs/files.c b/src/lib/fs/files.c index df59222913..914a8b8e72 100644 --- a/src/lib/fs/files.c +++ b/src/lib/fs/files.c @@ -85,7 +85,8 @@ tor_open_cloexec(const char *path, int flags, unsigned mode) FILE * tor_fopen_cloexec(const char *path, const char *mode) { - FILE *result = fopen(path, mode); + const char *p = sandbox_intern_string(path); + FILE *result = fopen(p, mode); #ifdef FD_CLOEXEC if (result != NULL) { if (fcntl(fileno(result), F_SETFD, FD_CLOEXEC) == -1) { |