Merge branch 'tor-gitlab/mr/714' into maint-0.4.7

author: David Goulet <dgoulet@torproject.org> 2023-05-31 14:28:44 -0400
committer: David Goulet <dgoulet@torproject.org> 2023-05-31 14:28:44 -0400
commit: d77f1e7aea12e39b0aa2214d63c5a90be07f2d68 (patch)
tree: b2a651ca94a2bc4623580225181dd8ed67f42076 /src
parent: 33d5a7da9e8401bf8af15d4fb4811f6c469ae40c (diff)
parent: 3036bedf30d413e8236ec962b9c91b66988c2204 (diff)
download: tor-d77f1e7aea12e39b0aa2214d63c5a90be07f2d68.tar.gz
tor-d77f1e7aea12e39b0aa2214d63c5a90be07f2d68.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
index 6800fa062b..5dace3a8a2 100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -220,6 +220,10 @@ static int filter_nopar_gen[] = {
 #endif
     // glob uses this..
     SCMP_SYS(lstat),
+#ifdef __NR_membarrier
+    /* Inter-processor synchronization, needed for tracing support */
+    SCMP_SYS(membarrier),
+#endif
     SCMP_SYS(mkdir),
     SCMP_SYS(mlockall),
 #ifdef __NR_mmap
@@ -1165,7 +1169,8 @@ sb_rt_sigprocmask(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
   int rc = 0;
   (void) filter;
 
-#ifdef ENABLE_FRAGILE_HARDENING
+#if defined(ENABLE_FRAGILE_HARDENING) || \
+    defined(USE_TRACING_INSTRUMENTATION_LTTNG)
   rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask),
       SCMP_CMP(0, SCMP_CMP_EQ, SIG_BLOCK));
   if (rc)
author	David Goulet <dgoulet@torproject.org>	2023-05-31 14:28:44 -0400
committer	David Goulet <dgoulet@torproject.org>	2023-05-31 14:28:44 -0400
commit	d77f1e7aea12e39b0aa2214d63c5a90be07f2d68 (patch)
tree	b2a651ca94a2bc4623580225181dd8ed67f42076 /src
parent	33d5a7da9e8401bf8af15d4fb4811f6c469ae40c (diff)
parent	3036bedf30d413e8236ec962b9c91b66988c2204 (diff)
download	tor-d77f1e7aea12e39b0aa2214d63c5a90be07f2d68.tar.gz tor-d77f1e7aea12e39b0aa2214d63c5a90be07f2d68.zip