diff options
| author | Nick Mathewson <nickm@torproject.org> | 2018-01-31 15:51:58 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2018-01-31 15:51:58 -0500 |
| commit | 8b0b850efa0f77b627f31e9907acc6d29482f362 (patch) | |
| tree | 1d0f20b189d1efd75c9f5f19ebc914813dd182fb /src/common | |
| parent | a846fd267edf5a457d6647b37ad7ef2ac62a1612 (diff) | |
| parent | 9a06282546418b2e9d21559d4853bcf124b953f4 (diff) | |
| download | tor-8b0b850efa0f77b627f31e9907acc6d29482f362.tar.gz tor-8b0b850efa0f77b627f31e9907acc6d29482f362.zip | |
Merge remote-tracking branch 'public/bug16106_02_nm'
Diffstat (limited to 'src/common')
| -rw-r--r-- | src/common/sandbox.c | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 37f582048c..043b8bf14f 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -481,18 +481,14 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } } - rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open), - SCMP_CMP_MASKED(1, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW, - O_RDONLY)); + rc = seccomp_rule_add_0(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open)); if (rc != 0) { log_err(LD_BUG,"(Sandbox) failed to add open syscall, received libseccomp " "error %d", rc); return rc; } - rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(openat), - SCMP_CMP_MASKED(2, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW, - O_RDONLY)); + rc = seccomp_rule_add_0(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(openat)); if (rc != 0) { log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received " "libseccomp error %d", rc); |