Merge branch 'tor-github/pr/690'

author: David Goulet <dgoulet@torproject.org> 2019-02-12 13:04:25 -0500
committer: David Goulet <dgoulet@torproject.org> 2019-02-12 13:04:25 -0500
commit: c320c52e89d0d950f0316d2c2f070f7adca66c80 (patch)
tree: 452d3683c624a71cf20e86e089603e4bc2b22d9d /src
parent: 95e5f8fe03e437f75a6b9af42b0e888f1b8b75ac (diff)
parent: 83b1ca9b07195cc2f2ad514043eaebfaf9e85641 (diff)
download: tor-c320c52e89d0d950f0316d2c2f070f7adca66c80.tar.gz
tor-c320c52e89d0d950f0316d2c2f070f7adca66c80.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
index 1f0f5d858f..b652397f5a 100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -832,6 +832,12 @@ sb_getsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
   if (rc)
     return rc;
 
+  rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt),
+      SCMP_CMP(1, SCMP_CMP_EQ, SOL_SOCKET),
+      SCMP_CMP(2, SCMP_CMP_EQ, SO_ACCEPTCONN));
+  if (rc)
+    return rc;
+
 #ifdef HAVE_SYSTEMD
   rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt),
       SCMP_CMP(1, SCMP_CMP_EQ, SOL_SOCKET),
author	David Goulet <dgoulet@torproject.org>	2019-02-12 13:04:25 -0500
committer	David Goulet <dgoulet@torproject.org>	2019-02-12 13:04:25 -0500
commit	c320c52e89d0d950f0316d2c2f070f7adca66c80 (patch)
tree	452d3683c624a71cf20e86e089603e4bc2b22d9d /src
parent	95e5f8fe03e437f75a6b9af42b0e888f1b8b75ac (diff)
parent	83b1ca9b07195cc2f2ad514043eaebfaf9e85641 (diff)
download	tor-c320c52e89d0d950f0316d2c2f070f7adca66c80.tar.gz tor-c320c52e89d0d950f0316d2c2f070f7adca66c80.zip