orport progress (not functional), nickm suggested fixes

2 files changed, 33 insertions, 18 deletions

diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c
index 61f9faa394..245f67e56a 100644
--- a/src/or/cpuworker.c
+++ b/src/or/cpuworker.c
@@ -571,6 +571,8 @@ spawn_enough_cpuworkers(void)
   if (num_cpuworkers_needed > MAX_CPUWORKERS)
     num_cpuworkers_needed = MAX_CPUWORKERS;
 
+  getchar();
+
   while (num_cpuworkers < num_cpuworkers_needed) {
     if (spawn_cpuworker() < 0) {
       log_warn(LD_GENERAL,"Cpuworker spawn failed. Will try again later.");
diff --git a/src/or/main.c b/src/or/main.c
index 3c9824677a..5b6b778ef5 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2645,23 +2645,18 @@ sandbox_init_filter()
   sandbox_cfg_t *cfg = sandbox_cfg_new();
 
   // TODO: mem leak
-  sandbox_cfg_allow_openat_filename(&cfg,
-      get_datadir_fname("cached-status"));
+  sandbox_cfg_allow_openat_filename(&cfg, get_datadir_fname("cached-status"));
 
-  sandbox_cfg_allow_open_filename(&cfg,
-      get_datadir_fname("cached-certs"));
-  sandbox_cfg_allow_open_filename(&cfg,
-      get_datadir_fname("cached-certs.tmp"));
-  sandbox_cfg_allow_open_filename(&cfg,
-      get_datadir_fname("cached-consensus"));
+  sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-certs"));
+  sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-certs.tmp"));
+  sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-consensus"));
   sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("unverified-consensus"));
   sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("cached-microdesc-consensus"));
   sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("cached-microdesc-consensus.tmp"));
-  sandbox_cfg_allow_open_filename(&cfg,
-      get_datadir_fname("cached-microdescs"));
+  sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-microdescs"));
   sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("cached-microdescs.tmp"));
   sandbox_cfg_allow_open_filename(&cfg,
@@ -2670,18 +2665,36 @@ sandbox_init_filter()
       get_datadir_fname("cached-microdescs.new.tmp"));
   sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("unverified-microdesc-consensus"));
-  sandbox_cfg_allow_open_filename(&cfg,
-      get_datadir_fname("cached-descriptors"));
+  sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-descriptors"));
   sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("cached-descriptors.new"));
-  sandbox_cfg_allow_open_filename(&cfg,
-      get_datadir_fname("cached-extrainfo"));
-  sandbox_cfg_allow_open_filename(&cfg,
-      get_datadir_fname("state.tmp"));
+  sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-extrainfo"));
+  sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("state.tmp"));
   sandbox_cfg_allow_open_filename(&cfg,
       get_datadir_fname("unparseable-desc.tmp"));
-  sandbox_cfg_allow_open_filename(&cfg,
-      get_datadir_fname("unparseable-desc"));
+  sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("unparseable-desc"));
+
+  // orport
+  if (server_mode(get_options())) {
+    sandbox_cfg_allow_open_filename(&cfg,
+        get_datadir_fname2("keys", "secret_id_key"));
+    sandbox_cfg_allow_open_filename(&cfg,
+        get_datadir_fname2("keys", "secret_onion_key"));
+    sandbox_cfg_allow_open_filename(&cfg,
+        get_datadir_fname2("keys", "secret_onion_key_ntor"));
+    sandbox_cfg_allow_open_filename(&cfg,
+        get_datadir_fname2("keys", "secret_id_key.old"));
+    sandbox_cfg_allow_open_filename(&cfg,
+        get_datadir_fname2("keys", "secret_onion_key.old"));
+    sandbox_cfg_allow_open_filename(&cfg,
+        get_datadir_fname2("keys", "secret_onion_key_ntor.old"));
+    sandbox_cfg_allow_open_filename(&cfg,
+        get_datadir_fname2("keys", "secret_onion_key.tmp"));
+
+    sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("fingerprint"));
+
+    sandbox_cfg_allow_open_filename(&cfg, "/etc/resolv.conf");
+  }
 
   sandbox_cfg_allow_execve(&cfg, "/usr/local/bin/tor");