diff options
author | Micah Elizabeth Scott <beth@torproject.org> | 2023-05-30 09:53:09 -0700 |
---|---|---|
committer | Micah Elizabeth Scott <beth@torproject.org> | 2023-05-31 11:08:27 -0700 |
commit | 3036bedf30d413e8236ec962b9c91b66988c2204 (patch) | |
tree | 8974d9c21c660729ec0e43ee056ad48852893323 /src/lib/sandbox/sandbox.c | |
parent | e390a7cdee2dab0abcbaf06fad9d03b028377a70 (diff) | |
download | tor-3036bedf30d413e8236ec962b9c91b66988c2204.tar.gz tor-3036bedf30d413e8236ec962b9c91b66988c2204.zip |
Update CI builds to Debian Bullseye, fix associated compatibility bugs
This is a change intended for 0.4.7 maintenance as well as main.
The CI builds use Debian Buster which is now end of life, and I was
experiencing inconsistent CI failures with accessing its security update
server. I wanted to update CI to a distro that isn't EOL, and Bullseye
is the current stable release of Debian.
This opened up a small can of worms that this commit also deals with.
In particular there's a docker engine bug that we work around by
removing the docker-specific apt cleanup script if it exists, and
there's a new incompatibility between tracing and sandbox support.
The tracing/sandbox incompatibility itself had two parts:
- The membarrier() syscall is used to deliver inter-processor
synchronization events, and the external "userspace-rcu"
data structure library would make assumptions that if membarrier
is available at initialization it always will be. This caused
segfaults in some cases when running trace + sandbox. Resolved this
by allowing membarrier entirely, in the sandbox.
- userspace-rcu also assumes it can block signals, and fails
hard if this can't be done. We already include a similar carveout
to allow this in the sandbox for fragile-hardening, so I extended
that to cover tracing as well.
Addresses issue #40799
Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
Diffstat (limited to 'src/lib/sandbox/sandbox.c')
-rw-r--r-- | src/lib/sandbox/sandbox.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c index 6800fa062b..5dace3a8a2 100644 --- a/src/lib/sandbox/sandbox.c +++ b/src/lib/sandbox/sandbox.c @@ -220,6 +220,10 @@ static int filter_nopar_gen[] = { #endif // glob uses this.. SCMP_SYS(lstat), +#ifdef __NR_membarrier + /* Inter-processor synchronization, needed for tracing support */ + SCMP_SYS(membarrier), +#endif SCMP_SYS(mkdir), SCMP_SYS(mlockall), #ifdef __NR_mmap @@ -1165,7 +1169,8 @@ sb_rt_sigprocmask(scmp_filter_ctx ctx, sandbox_cfg_t *filter) int rc = 0; (void) filter; -#ifdef ENABLE_FRAGILE_HARDENING +#if defined(ENABLE_FRAGILE_HARDENING) || \ + defined(USE_TRACING_INSTRUMENTATION_LTTNG) rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask), SCMP_CMP(0, SCMP_CMP_EQ, SIG_BLOCK)); if (rc) |