diff options
| author | Cristian Toader <cristian.matei.toader@gmail.com> | 2013-06-17 13:07:14 +0300 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2013-07-11 09:13:13 -0400 |
| commit | f9c1ba6493478d227c202e4d3444283b2c840a6a (patch) | |
| tree | c79191a86be32416dd1de5ead221b15e776e6114 /src/or/config.c | |
| parent | bcdc0022693c75ea1523468e783bf03832e0a358 (diff) | |
| download | tor-f9c1ba6493478d227c202e4d3444283b2c840a6a.tar.gz tor-f9c1ba6493478d227c202e4d3444283b2c840a6a.zip | |
Add a basic seccomp2 syscall filter on Linux
It's controlled by the new Sandbox argument. Right now, it's rather
coarse-grained, it's Linux-only, and it may break some features.
Diffstat (limited to 'src/or/config.c')
| -rw-r--r-- | src/or/config.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/or/config.c b/src/or/config.c index 2cdf5b2078..2cdc49f109 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -40,6 +40,7 @@ #include "rendservice.h" #include "rephist.h" #include "router.h" +#include "sandbox.h" #include "util.h" #include "routerlist.h" #include "routerset.h" @@ -369,6 +370,7 @@ static config_var_t option_vars_[] = { V(RunAsDaemon, BOOL, "0"), // V(RunTesting, BOOL, "0"), OBSOLETE("RunTesting"), // currently unused + V(Sandbox, BOOL, "0"), V(SafeLogging, STRING, "1"), V(SafeSocks, BOOL, "0"), V(ServerDNSAllowBrokenConfig, BOOL, "1"), @@ -1140,6 +1142,8 @@ options_act_reversible(const or_options_t *old_options, char **msg) goto rollback; } + sandbox_set_debugging_fd(get_err_logging_fd()); + commit: r = 0; if (logs_marked) { |