Permit setrlimit, prlimit, prlimit64 calls.

We call setrlimit under some circumstances, and it can call prlimit and prlimit64 under the hood. Fixes bug 15221.
author: Nick Mathewson <nickm@torproject.org> 2016-03-14 13:21:16 -0400
committer: Nick Mathewson <nickm@torproject.org> 2016-03-14 13:21:16 -0400
commit: 725e0c76e3df9d3ea4b861b3ff5279b23def4ef9 (patch)
tree: 8abc842c82a86ab3bf22301c4bafa03287579b9b /src/common/sandbox.c
parent: 17cfdb358cae63477a120182784599dae0538cd7 (diff)
download: tor-725e0c76e3df9d3ea4b861b3ff5279b23def4ef9.tar.gz
tor-725e0c76e3df9d3ea4b861b3ff5279b23def4ef9.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 950a92fbb3..bcbb3ce3fa 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -177,11 +177,20 @@ static int filter_nopar_gen[] = {
     SCMP_SYS(mmap),
 #endif
     SCMP_SYS(munmap),
+#ifdef __NR_prlimit
+    SCMP_SYS(prlimit),
+#endif
+#ifdef __NR_prlimit64
+    SCMP_SYS(prlimit64),
+#endif
     SCMP_SYS(read),
     SCMP_SYS(rt_sigreturn),
     SCMP_SYS(sched_getaffinity),
     SCMP_SYS(sendmsg),
     SCMP_SYS(set_robust_list),
+#ifdef __NR_setrlimit
+    SCMP_SYS(setrlimit),
+#endif
 #ifdef __NR_sigreturn
     SCMP_SYS(sigreturn),
 #endif
author	Nick Mathewson <nickm@torproject.org>	2016-03-14 13:21:16 -0400
committer	Nick Mathewson <nickm@torproject.org>	2016-03-14 13:21:16 -0400
commit	725e0c76e3df9d3ea4b861b3ff5279b23def4ef9 (patch)
tree	8abc842c82a86ab3bf22301c4bafa03287579b9b /src/common/sandbox.c
parent	17cfdb358cae63477a120182784599dae0538cd7 (diff)
download	tor-725e0c76e3df9d3ea4b861b3ff5279b23def4ef9.tar.gz tor-725e0c76e3df9d3ea4b861b3ff5279b23def4ef9.zip