sandbox: Allow use with fragile hardening on AArch64 and elsewhere

Update the sandbox implementation to allow its use with fragile hardening
enabled on AArch64 (ARM64) and other architectures that use Linux's generic
syscall interface.  Note that in this configuration the sandbox is completely
unable to filter requests to open files and directories.

Update the sandbox unit tests to match.

1 files changed, 4 insertions, 4 deletions

diff --git a/src/test/test_sandbox.c b/src/test/test_sandbox.c
index 7ec08a3546..28b60e9f3e 100644
--- a/src/test/test_sandbox.c
+++ b/src/test/test_sandbox.c
@@ -310,22 +310,22 @@ test_sandbox_stat_filename(void *arg)
 struct testcase_t sandbox_tests[] = {
   SANDBOX_TEST(is_active, TT_FORK),
 
-/* When Tor is built with fragile compiler-hardening the sandbox is unable to
- * filter requests to open files or directories (on systems where glibc uses
- * the "open" system call to provide this functionality), as doing so would
+/* When Tor is built with fragile compiler-hardening the sandbox is usually
+ * unable to filter requests to open files or directories, as doing so would
  * interfere with the address sanitizer as it retrieves information about the
  * running process via the filesystem.  Skip these tests in that case as the
  * corresponding functions are likely to have no effect and this will cause the
  * tests to fail. */
 #ifdef ENABLE_FRAGILE_HARDENING
   SANDBOX_TEST_SKIPPED(open_filename),
+  SANDBOX_TEST_SKIPPED(openat_filename),
   SANDBOX_TEST_SKIPPED(opendir_dirname),
 #else
   SANDBOX_TEST_IN_SANDBOX(open_filename),
+  SANDBOX_TEST_IN_SANDBOX(openat_filename),
   SANDBOX_TEST_IN_SANDBOX(opendir_dirname),
 #endif /* defined(ENABLE_FRAGILE_HARDENING) */
 
-  SANDBOX_TEST_IN_SANDBOX(openat_filename),
   SANDBOX_TEST_IN_SANDBOX(chmod_filename),
   SANDBOX_TEST_IN_SANDBOX(chown_filename),
   SANDBOX_TEST_IN_SANDBOX(rename_filename),