Make the sandbox work again with chutney.

Previously, we had a problem due to the check_private_dir() rewrite. Bug not in any released Tor.
author: Nick Mathewson <nickm@torproject.org> 2016-02-24 16:01:24 -0500
committer: Nick Mathewson <nickm@torproject.org> 2016-02-24 16:01:24 -0500
commit: 7a782820e92cef57afcea6c6936d102d6f4512fe (patch)
tree: d07d08beb981c5e1063e682bf1f0ad380564cee0 /src/common/sandbox.c
parent: 040ec4d0347235da4fd5696b3eb063e609047024 (diff)
download: tor-7a782820e92cef57afcea6c6936d102d6f4512fe.tar.gz
tor-7a782820e92cef57afcea6c6936d102d6f4512fe.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index d747a87563..c04ed5fe7c 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -427,7 +427,8 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
   }
 
   rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open),
-                SCMP_CMP_MASKED(1, O_CLOEXEC|O_NONBLOCK|O_NOCTTY, O_RDONLY));
+                SCMP_CMP_MASKED(1, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW,
+                                O_RDONLY));
   if (rc != 0) {
     log_err(LD_BUG,"(Sandbox) failed to add open syscall, received libseccomp "
         "error %d", rc);
author	Nick Mathewson <nickm@torproject.org>	2016-02-24 16:01:24 -0500
committer	Nick Mathewson <nickm@torproject.org>	2016-02-24 16:01:24 -0500
commit	7a782820e92cef57afcea6c6936d102d6f4512fe (patch)
tree	d07d08beb981c5e1063e682bf1f0ad380564cee0 /src/common/sandbox.c
parent	040ec4d0347235da4fd5696b3eb063e609047024 (diff)
download	tor-7a782820e92cef57afcea6c6936d102d6f4512fe.tar.gz tor-7a782820e92cef57afcea6c6936d102d6f4512fe.zip