diff options
| author | Peter Palfrader <peter@palfrader.org> | 2015-06-02 20:06:49 +0200 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2015-06-02 14:20:01 -0400 |
| commit | a68e5323f809056cae9fcefc06357f9646595d89 (patch) | |
| tree | 2706e23ccaa578ef508ef2ed7c26150a607ae73c /src | |
| parent | 97330ced0c2e0eeae9bb2bc576bb72190237819d (diff) | |
| download | tor-a68e5323f809056cae9fcefc06357f9646595d89.tar.gz tor-a68e5323f809056cae9fcefc06357f9646595d89.zip | |
Fix sandboxing to work when running as a relay
This includes correctly allowing renaming secret_id_key and allowing the
eventfd2 and futex syscalls. Fixes bug 16244; bugfix on 0.2.6.1-alpha.
Diffstat (limited to 'src')
| -rw-r--r-- | src/common/sandbox.c | 2 | ||||
| -rw-r--r-- | src/or/main.c | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/src/common/sandbox.c b/src/common/sandbox.c index a32bd0d901..cdb4521c82 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -129,11 +129,13 @@ static int filter_nopar_gen[] = { SCMP_SYS(clone), SCMP_SYS(epoll_create), SCMP_SYS(epoll_wait), + SCMP_SYS(eventfd2), SCMP_SYS(fcntl), SCMP_SYS(fstat), #ifdef __NR_fstat64 SCMP_SYS(fstat64), #endif + SCMP_SYS(futex), SCMP_SYS(getdents64), SCMP_SYS(getegid), #ifdef __NR_getegid32 diff --git a/src/or/main.c b/src/or/main.c index d0fe8cbc00..8aa9a15fc5 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2984,7 +2984,7 @@ sandbox_init_filter(void) // orport if (server_mode(get_options())) { - OPEN_DATADIR2_SUFFIX("keys", "secret_id_key", "tmp"); + OPEN_DATADIR2_SUFFIX("keys", "secret_id_key", ".tmp"); OPEN_DATADIR2_SUFFIX("keys", "secret_onion_key", ".tmp"); OPEN_DATADIR2_SUFFIX("keys", "secret_onion_key_ntor", ".tmp"); OPEN_DATADIR2("keys", "secret_id_key.old"); |