Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9

author: Nick Mathewson <nickm@torproject.org> 2018-02-11 18:10:59 -0500
committer: Nick Mathewson <nickm@torproject.org> 2018-02-11 18:10:59 -0500
commit: 84c13336c410ac218c70d6ce2ce6216f9b24e796 (patch)
tree: 56a077a167136dcba5280a69332e926d076df5d8 /src
parent: 848ba26c188c43cb97a22d5911fceb3714a97272 (diff)
parent: 7461cd30676da62324271ddd7b7d347eeff40266 (diff)
download: tor-84c13336c410ac218c70d6ce2ce6216f9b24e796.tar.gz
tor-84c13336c410ac218c70d6ce2ce6216f9b24e796.zip
1 files changed, 15 insertions, 1 deletions
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index d0ead2caec..b90ae02578 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -1112,6 +1112,19 @@ sb_stat64(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 }
 #endif
 
+static int
+sb_kill(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+  (void) filter;
+#ifdef __NR_kill
+  /* Allow killing anything with signal 0 -- it isn't really a kill. */
+  return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(kill),
+       SCMP_CMP(1, SCMP_CMP_EQ, 0));
+#else
+  return 0;
+#endif
+}
+
 /**
  * Array of function pointers responsible for filtering different syscalls at
  * a parameter level.
@@ -1150,7 +1163,8 @@ static sandbox_filter_func_t filter_func[] = {
     sb_socket,
     sb_setsockopt,
     sb_getsockopt,
-    sb_socketpair
+    sb_socketpair,
+    sb_kill
 };
 
 const char *
author	Nick Mathewson <nickm@torproject.org>	2018-02-11 18:10:59 -0500
committer	Nick Mathewson <nickm@torproject.org>	2018-02-11 18:10:59 -0500
commit	84c13336c410ac218c70d6ce2ce6216f9b24e796 (patch)
tree	56a077a167136dcba5280a69332e926d076df5d8 /src
parent	848ba26c188c43cb97a22d5911fceb3714a97272 (diff)
parent	7461cd30676da62324271ddd7b7d347eeff40266 (diff)
download	tor-84c13336c410ac218c70d6ce2ce6216f9b24e796.tar.gz tor-84c13336c410ac218c70d6ce2ce6216f9b24e796.zip