diff options
| author | Nick Mathewson <nickm@torproject.org> | 2013-07-12 17:12:43 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2013-07-12 17:12:43 -0400 |
| commit | aac732322ae132a1659ecbd4039c7d017ddc3d20 (patch) | |
| tree | c3d31d970fb2ce4ffd458e4d415c9f6ce44a29ec /src/or | |
| parent | 14d5e7f85e343a48e27c3b8f2b560c4d1aff5315 (diff) | |
| parent | f9c1ba6493478d227c202e4d3444283b2c840a6a (diff) | |
| download | tor-aac732322ae132a1659ecbd4039c7d017ddc3d20.tar.gz tor-aac732322ae132a1659ecbd4039c7d017ddc3d20.zip | |
Merge remote-tracking branch 'public/gsoc-ctoader-cap-phase1-squashed'
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/config.c | 4 | ||||
| -rw-r--r-- | src/or/main.c | 9 | ||||
| -rw-r--r-- | src/or/or.h | 1 |
3 files changed, 14 insertions, 0 deletions
diff --git a/src/or/config.c b/src/or/config.c index a47f349c25..e53c2888f1 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -40,6 +40,7 @@ #include "rendservice.h" #include "rephist.h" #include "router.h" +#include "sandbox.h" #include "util.h" #include "routerlist.h" #include "routerset.h" @@ -370,6 +371,7 @@ static config_var_t option_vars_[] = { V(RunAsDaemon, BOOL, "0"), // V(RunTesting, BOOL, "0"), OBSOLETE("RunTesting"), // currently unused + V(Sandbox, BOOL, "0"), V(SafeLogging, STRING, "1"), V(SafeSocks, BOOL, "0"), V(ServerDNSAllowBrokenConfig, BOOL, "1"), @@ -1144,6 +1146,8 @@ options_act_reversible(const or_options_t *old_options, char **msg) goto rollback; } + sandbox_set_debugging_fd(get_err_logging_fd()); + commit: r = 0; if (logs_marked) { diff --git a/src/or/main.c b/src/or/main.c index 85aa97f5a1..618ee6e13e 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -57,6 +57,7 @@ #include <openssl/crypto.h> #endif #include "memarea.h" +#include "../common/sandbox.h" #ifdef HAVE_EVENT2_EVENT_H #include <event2/event.h> @@ -2704,6 +2705,14 @@ tor_main(int argc, char *argv[]) #endif if (tor_init(argc, argv)<0) return -1; + + if (get_options()->Sandbox) { + if (tor_global_sandbox()) { + log_err(LD_BUG,"Failed to create syscall sandbox filter"); + return -1; + } + } + switch (get_options()->command) { case CMD_RUN_TOR: #ifdef NT_SERVICE diff --git a/src/or/or.h b/src/or/or.h index 67478a183f..5849c620ca 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3759,6 +3759,7 @@ typedef struct { SAFELOG_SCRUB_ALL, SAFELOG_SCRUB_RELAY, SAFELOG_SCRUB_NONE } SafeLogging_; + int Sandbox; /** < Boolean: should sandboxing be enabled? */ int SafeSocks; /**< Boolean: should we outright refuse application * connections that use socks4 or socks5-with-local-dns? */ #define LOG_PROTOCOL_WARN (get_options()->ProtocolWarnings ? \ |