Let AF_UNIX connections through the sandbox

Fixes bug 15003; bugfix on 0.2.6.3-alpha.
author: Nick Mathewson <nickm@torproject.org> 2015-02-23 12:33:58 -0500
committer: Nick Mathewson <nickm@torproject.org> 2015-02-23 12:35:20 -0500
commit: 21ac0cd2afb2275bfe89237c3aeb545fb7de537e (patch)
tree: 7ccb35e915e183b771ae4c904427fb4a77452339 /src/common/sandbox.c
parent: 7a1a0a4cd7d8ccdc5c9a327762f736a4e8d0d6a9 (diff)
download: tor-21ac0cd2afb2275bfe89237c3aeb545fb7de537e.tar.gz
tor-21ac0cd2afb2275bfe89237c3aeb545fb7de537e.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 57847e1376..fe97af309e 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -543,6 +543,11 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
   }
 
   rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
+      SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX),
+      SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_STREAM),
+      SCMP_CMP(2, SCMP_CMP_EQ, 0));
+
+  rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
       SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK),
       SCMP_CMP(1, SCMP_CMP_EQ, SOCK_RAW),
       SCMP_CMP(2, SCMP_CMP_EQ, 0));
author	Nick Mathewson <nickm@torproject.org>	2015-02-23 12:33:58 -0500
committer	Nick Mathewson <nickm@torproject.org>	2015-02-23 12:35:20 -0500
commit	21ac0cd2afb2275bfe89237c3aeb545fb7de537e (patch)
tree	7ccb35e915e183b771ae4c904427fb4a77452339 /src/common/sandbox.c
parent	7a1a0a4cd7d8ccdc5c9a327762f736a4e8d0d6a9 (diff)
download	tor-21ac0cd2afb2275bfe89237c3aeb545fb7de537e.tar.gz tor-21ac0cd2afb2275bfe89237c3aeb545fb7de537e.zip