Allow unlinkat() in the seccomp2 sandbox

Closes ticket 33346.
author: Nick Mathewson <nickm@torproject.org> 2020-02-26 15:17:12 -0500
committer: Nick Mathewson <nickm@torproject.org> 2020-02-26 15:17:12 -0500
commit: c81cb588db6c5176c7423b1a2f98218a8989b5dd (patch)
tree: 1077133b55547c213b1320cc2cc0d3597ff9b703
parent: b9c7c61ea5233854ff83257a8bc530b7e0a50351 (diff)
download: tor-c81cb588db6c5176c7423b1a2f98218a8989b5dd.tar.gz
tor-c81cb588db6c5176c7423b1a2f98218a8989b5dd.zip
2 files changed, 6 insertions, 0 deletions
diff --git a/changes/ticket33346 b/changes/ticket33346
new file mode 100644
index 0000000000..acbbae5169
--- /dev/null
+++ b/changes/ticket33346
@@ -0,0 +1,3 @@
+  o Minor features (linux seccomp2 sandbox):
+    - Permit the unlinkat() syscall, which some Libc implementations
+      use to implement unlink(). Closes ticket 33346.
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
index 8f577b0660..63d3e0b9a3 100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -269,6 +269,9 @@ static int filter_nopar_gen[] = {
     SCMP_SYS(recvfrom),
     SCMP_SYS(sendto),
     SCMP_SYS(unlink),
+#ifdef __NR_unlinkat
+    SCMP_SYS(unlinkat),
+#endif
     SCMP_SYS(poll)
 };
author	Nick Mathewson <nickm@torproject.org>	2020-02-26 15:17:12 -0500
committer	Nick Mathewson <nickm@torproject.org>	2020-02-26 15:17:12 -0500
commit	c81cb588db6c5176c7423b1a2f98218a8989b5dd (patch)
tree	1077133b55547c213b1320cc2cc0d3597ff9b703
parent	b9c7c61ea5233854ff83257a8bc530b7e0a50351 (diff)
download	tor-c81cb588db6c5176c7423b1a2f98218a8989b5dd.tar.gz tor-c81cb588db6c5176c7423b1a2f98218a8989b5dd.zip