Make unix sockets work with the linux seccomp2 sandbox again

I didn't want to grant blanket permissions for chmod() and chown(),
so here's what I had to do:
   * Grant open() on all parent directories of a unix socket
   * Write code to allow chmod() and chown() on a given file only.
   * Grant chmod() and chown() on the unix socket.

1 files changed, 14 insertions, 0 deletions

diff --git a/src/or/main.c b/src/or/main.c
index cfd11696ec..5ba97a5ec5 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -3474,6 +3474,20 @@ sandbox_init_filter(void)
     }
   }
 
+  SMARTLIST_FOREACH_BEGIN(get_configured_ports(), port_cfg_t *, port) {
+    if (!port->is_unix_addr)
+      continue;
+    /* When we open an AF_UNIX address, we want permission to open the
+     * directory that holds it. */
+    char *dirname = tor_strdup(port->unix_addr);
+    if (get_parent_directory(dirname) == 0) {
+      OPEN(dirname);
+    }
+    tor_free(dirname);
+    sandbox_cfg_allow_chmod_filename(&cfg, tor_strdup(port->unix_addr));
+    sandbox_cfg_allow_chown_filename(&cfg, tor_strdup(port->unix_addr));
+  } SMARTLIST_FOREACH_END(port);
+
   if (options->DirPortFrontPage) {
     sandbox_cfg_allow_open_filename(&cfg,
                                     tor_strdup(options->DirPortFrontPage));