diff options
| author | David Goulet <dgoulet@torproject.org> | 2023-05-31 14:32:07 -0400 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2023-05-31 14:32:07 -0400 |
| commit | 97008526db53ce77cc65fbf93a4f5760c242082b (patch) | |
| tree | 84e3ab5266f70251a0697108db1ce39dfabc0478 /src/lib/sandbox | |
| parent | 925201c946accdc322279f09b311326479d5461c (diff) | |
| parent | 066da91521946fa45c637e6006f4e397fc65ee90 (diff) | |
| download | tor-97008526db53ce77cc65fbf93a4f5760c242082b.tar.gz tor-97008526db53ce77cc65fbf93a4f5760c242082b.zip | |
Merge branch 'maint-0.4.7'
Diffstat (limited to 'src/lib/sandbox')
| -rw-r--r-- | src/lib/sandbox/sandbox.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c index 3340eda892..8ac07abfc9 100644 --- a/src/lib/sandbox/sandbox.c +++ b/src/lib/sandbox/sandbox.c @@ -222,6 +222,10 @@ static int filter_nopar_gen[] = { #endif // glob uses this.. SCMP_SYS(lstat), +#ifdef __NR_membarrier + /* Inter-processor synchronization, needed for tracing support */ + SCMP_SYS(membarrier), +#endif SCMP_SYS(mkdir), SCMP_SYS(mlockall), #ifdef __NR_mmap @@ -1251,7 +1255,8 @@ sb_rt_sigprocmask(scmp_filter_ctx ctx, sandbox_cfg_t *filter) int rc = 0; (void) filter; -#ifdef ENABLE_FRAGILE_HARDENING +#if defined(ENABLE_FRAGILE_HARDENING) || \ + defined(USE_TRACING_INSTRUMENTATION_LTTNG) rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask), SCMP_CMP(0, SCMP_CMP_EQ, SIG_BLOCK)); if (rc) |