Let bridge authorities run under the sandbox

(found thanks to teor's chutney haxx)
author: Nick Mathewson <nickm@torproject.org> 2015-09-02 09:59:22 -0400
committer: Nick Mathewson <nickm@torproject.org> 2015-09-02 09:59:22 -0400
commit: 910e25358a148268815a23ff2040599291100a97 (patch)
tree: 971381deabd5f9fbbcd0404f96edc17536e96331 /src/or
parent: b637bda91f3df4ae5621206a5ccd0015595c98ac (diff)
download: tor-910e25358a148268815a23ff2040599291100a97.tar.gz
tor-910e25358a148268815a23ff2040599291100a97.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/src/or/main.c b/src/or/main.c
index 0b0207b975..915b3e23ca 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -3040,6 +3040,12 @@ sandbox_init_filter(void)
   OPEN("/etc/hosts");
   OPEN("/proc/meminfo");
 
+  if (options->BridgeAuthoritativeDir)
+    OPEN_DATADIR_SUFFIX("networkstatus-bridges", ".tmp");
+
+  if (authdir_mode_handles_descs(options, -1))
+    OPEN_DATADIR("approved-routers");
+
   if (options->ServerDNSResolvConfFile)
     sandbox_cfg_allow_open_filename(&cfg,
                                 tor_strdup(options->ServerDNSResolvConfFile));
@@ -3080,6 +3086,9 @@ sandbox_init_filter(void)
   RENAME_SUFFIX("unparseable-desc", ".tmp");
   RENAME_SUFFIX("v3-status-votes", ".tmp");
 
+  if (options->BridgeAuthoritativeDir)
+    RENAME_SUFFIX("networkstatus-bridges", ".tmp");
+
 #define STAT_DATADIR(name)                      \
   sandbox_cfg_allow_stat_filename(&cfg, get_datadir_fname(name))
author	Nick Mathewson <nickm@torproject.org>	2015-09-02 09:59:22 -0400
committer	Nick Mathewson <nickm@torproject.org>	2015-09-02 09:59:22 -0400
commit	910e25358a148268815a23ff2040599291100a97 (patch)
tree	971381deabd5f9fbbcd0404f96edc17536e96331 /src/or
parent	b637bda91f3df4ae5621206a5ccd0015595c98ac (diff)
download	tor-910e25358a148268815a23ff2040599291100a97.tar.gz tor-910e25358a148268815a23ff2040599291100a97.zip