diff options
| author | Daniel Pinto <danielpinto52@gmail.com> | 2020-07-01 23:51:39 +0100 |
|---|---|---|
| committer | Daniel Pinto <danielpinto52@gmail.com> | 2020-07-20 22:30:13 +0100 |
| commit | d28bfb2cd5665c38bd14d6a72848209dcd66faf9 (patch) | |
| tree | ff8a5439840bea058a23ae26236b91926023d7af /src/lib/sandbox/sandbox.h | |
| parent | c79b4397d3839b77e85ceccc5a948f58c9fe37e6 (diff) | |
| download | tor-d28bfb2cd5665c38bd14d6a72848209dcd66faf9.tar.gz tor-d28bfb2cd5665c38bd14d6a72848209dcd66faf9.zip | |
Fix seccomp sandbox rules for opening directories #40020
Different versions of glibc use either open or openat for the
opendir function. This commit adds logic to use the correct rule
for each glibc version, namely:
- Until 2.14 open is used
- From 2.15 to to 2.21 openat is used
- From 2.22 to 2.26 open is used
- From 2.27 onwards openat is used
Diffstat (limited to 'src/lib/sandbox/sandbox.h')
| -rw-r--r-- | src/lib/sandbox/sandbox.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/lib/sandbox/sandbox.h b/src/lib/sandbox/sandbox.h index 5bec09a36a..8542b57f9c 100644 --- a/src/lib/sandbox/sandbox.h +++ b/src/lib/sandbox/sandbox.h @@ -136,6 +136,13 @@ int sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2); int sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file); /** + * Function used to add a opendir allowed filename to a supplied configuration. + * The (char*) specifies the path to the allowed dir; we steal the pointer to + * that dir. + */ +int sandbox_cfg_allow_opendir_dirname(sandbox_cfg_t **cfg, char *dir); + +/** * Function used to add a stat/stat64 allowed filename to a configuration. * The (char*) specifies the path to the allowed file; that pointer is stolen. */ |