diff options
author | Nick Mathewson <nickm@torproject.org> | 2021-05-17 09:09:49 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2021-05-17 09:09:49 -0400 |
commit | debede5e501667bc20666e3c2f5d62d7bc888c8b (patch) | |
tree | 3b671ad5f2c443ef9515610ae6ca6c17dfc4315a /src/app/main | |
parent | fbd47a50783c79a553510091df09dce7632e02f6 (diff) | |
parent | 97b61e21a9a713ecd672ff106428286238ae05e4 (diff) | |
download | tor-debede5e501667bc20666e3c2f5d62d7bc888c8b.tar.gz tor-debede5e501667bc20666e3c2f5d62d7bc888c8b.zip |
Merge branch 'maint-0.4.5' into maint-0.4.6
Diffstat (limited to 'src/app/main')
-rw-r--r-- | src/app/main/main.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/src/app/main/main.c b/src/app/main/main.c index c113e0183d..89564490e6 100644 --- a/src/app/main/main.c +++ b/src/app/main/main.c @@ -852,7 +852,6 @@ sandbox_init_filter(void) { const or_options_t *options = get_options(); sandbox_cfg_t *cfg = sandbox_cfg_new(); - int i; sandbox_cfg_allow_openat_filename(&cfg, get_cachedir_fname("cached-status")); @@ -938,10 +937,23 @@ sandbox_init_filter(void) else sandbox_cfg_allow_open_filename(&cfg, tor_strdup("/etc/resolv.conf")); - for (i = 0; i < 2; ++i) { - if (get_torrc_fname(i)) { - sandbox_cfg_allow_open_filename(&cfg, tor_strdup(get_torrc_fname(i))); - } + const char *torrc_defaults_fname = get_torrc_fname(1); + if (torrc_defaults_fname) { + sandbox_cfg_allow_open_filename(&cfg, tor_strdup(torrc_defaults_fname)); + } + const char *torrc_fname = get_torrc_fname(0); + if (torrc_fname) { + sandbox_cfg_allow_open_filename(&cfg, tor_strdup(torrc_fname)); + // allow torrc backup and torrc.tmp to make SAVECONF work + char *torrc_bck = NULL; + tor_asprintf(&torrc_bck, CONFIG_BACKUP_PATTERN, torrc_fname); + sandbox_cfg_allow_rename(&cfg, tor_strdup(torrc_fname), torrc_bck); + char *torrc_tmp = NULL; + tor_asprintf(&torrc_tmp, "%s.tmp", torrc_fname); + sandbox_cfg_allow_rename(&cfg, torrc_tmp, tor_strdup(torrc_fname)); + sandbox_cfg_allow_open_filename(&cfg, tor_strdup(torrc_tmp)); + // we need to stat the existing backup file + sandbox_cfg_allow_stat_filename(&cfg, tor_strdup(torrc_bck)); } SMARTLIST_FOREACH(options->FilesOpenedByIncludes, char *, f, { |