diff options
| author | Simon South <simon@simonsouth.net> | 2021-09-24 14:08:58 -0400 |
|---|---|---|
| committer | Simon South <simon@simonsouth.net> | 2021-09-28 11:06:50 -0400 |
| commit | fbf2e7e9218b8e0ffabcd59fab2322d7c2c7178c (patch) | |
| tree | eca67220a5d7c14cf787698cb8d0c534a4382081 /src/app | |
| parent | 352677556e14480753f75e8abe1f584f1580f1b2 (diff) | |
| download | tor-fbf2e7e9218b8e0ffabcd59fab2322d7c2c7178c.tar.gz tor-fbf2e7e9218b8e0ffabcd59fab2322d7c2c7178c.zip | |
sandbox: Allow use with fragile hardening
When building with --enable-fragile-hardening, add or relax Linux
seccomp rules to allow AddressSanitizer to execute normally if the
process terminates with the sandbox active.
Further resolves issue 11477.
Diffstat (limited to 'src/app')
| -rw-r--r-- | src/app/main/main.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/app/main/main.c b/src/app/main/main.c index 89564490e6..0959b0db71 100644 --- a/src/app/main/main.c +++ b/src/app/main/main.c @@ -1343,6 +1343,13 @@ tor_run_main(const tor_main_configuration_t *tor_cfg) pubsub_connect(); if (get_options()->Sandbox && get_options()->command == CMD_RUN_TOR) { +#ifdef ENABLE_FRAGILE_HARDENING + log_warn(LD_CONFIG, "Sandbox is enabled but this Tor was built using " + "fragile compiler hardening. The sandbox may be unable to filter " + "requests to open files and directories and its overall " + "effectiveness will be reduced."); +#endif + sandbox_cfg_t* cfg = sandbox_init_filter(); if (sandbox_init(cfg)) { |