summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorCristian Toader <cristian.matei.toader@gmail.com>2013-07-23 14:22:31 +0300
committerCristian Toader <cristian.matei.toader@gmail.com>2013-07-23 14:22:31 +0300
commite1410f20d749e3e76a28b7db0e99f51b863100ef (patch)
treea37a3c60ed0c554b802a5b59b8d68117953f98cd /src
parentc15d09293bdfc90e94ef34369205cc6db9882607 (diff)
downloadtor-e1410f20d749e3e76a28b7db0e99f51b863100ef.tar.gz
tor-e1410f20d749e3e76a28b7db0e99f51b863100ef.zip
added support for multiple parameters
Diffstat (limited to 'src')
-rw-r--r--src/common/sandbox.c48
-rw-r--r--src/common/sandbox.h1
2 files changed, 25 insertions, 24 deletions
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 143995d294..377ac062f3 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -35,44 +35,44 @@
static ParFilter param_filter[] = {
// Example entries
- {SCMP_SYS(execve), PARAM_PTR, (intptr_t)("/usr/local/bin/tor"), 0},
- {SCMP_SYS(rt_sigaction), PARAM_NUM, (intptr_t)(SIGINT), 0},
- {SCMP_SYS(rt_sigaction), PARAM_NUM, (intptr_t)(SIGTERM), 0},
- {SCMP_SYS(rt_sigaction), PARAM_NUM, (intptr_t)(SIGPIPE), 0},
- {SCMP_SYS(rt_sigaction), PARAM_NUM, (intptr_t)(SIGUSR1), 0},
- {SCMP_SYS(rt_sigaction), PARAM_NUM, (intptr_t)(SIGUSR2), 0},
- {SCMP_SYS(rt_sigaction), PARAM_NUM, (intptr_t)(SIGHUP), 0},
+ {SCMP_SYS(execve), PARAM_PTR, 0, (intptr_t)("/usr/local/bin/tor"), 0},
+ {SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGINT), 0},
+ {SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGTERM), 0},
+ {SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGPIPE), 0},
+ {SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGUSR1), 0},
+ {SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGUSR2), 0},
+ {SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGHUP), 0},
#ifdef SIGXFSZ
- {SCMP_SYS(rt_sigaction), PARAM_NUM, (intptr_t)(SIGXFSZ), 0},
+ {SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGXFSZ), 0},
#endif
- {SCMP_SYS(rt_sigaction), PARAM_NUM, (intptr_t)(SIGCHLD), 0},
- {SCMP_SYS(open), PARAM_PTR,
+ {SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGCHLD), 0},
+ {SCMP_SYS(open), PARAM_PTR, 0,
(intptr_t)("/home/cristi/.tor/cached-certs"), 0},
- {SCMP_SYS(open), PARAM_PTR,
+ {SCMP_SYS(open), PARAM_PTR, 0,
(intptr_t)("/home/cristi/.tor/cached-consensus"), 0},
- {SCMP_SYS(open), PARAM_PTR,
+ {SCMP_SYS(open), PARAM_PTR, 0,
(intptr_t)("/home/cristi/.tor/unverified-consensus"), 0},
- {SCMP_SYS(open), PARAM_PTR,
+ {SCMP_SYS(open), PARAM_PTR, 0,
(intptr_t)("/home/cristi/.tor/cached-microdesc-consensus"), 0},
- {SCMP_SYS(open), PARAM_PTR,
+ {SCMP_SYS(open), PARAM_PTR, 0,
(intptr_t)("/home/cristi/.tor/cached-microdesc-consensus.tmp"), 0},
- {SCMP_SYS(open), PARAM_PTR,
+ {SCMP_SYS(open), PARAM_PTR, 0,
(intptr_t)("/home/cristi/.tor/cached-microdescs"), 0},
- {SCMP_SYS(open), PARAM_PTR,
+ {SCMP_SYS(open), PARAM_PTR, 0,
(intptr_t)("/home/cristi/.tor/cached-microdescs.new"), 0},
- {SCMP_SYS(open), PARAM_PTR,
+ {SCMP_SYS(open), PARAM_PTR, 0,
(intptr_t)("/home/cristi/.tor/unverified-microdesc-consensus"), 0},
- {SCMP_SYS(open), PARAM_PTR,
+ {SCMP_SYS(open), PARAM_PTR, 0,
(intptr_t)("/home/cristi/.tor/cached-descriptors"), 0},
- {SCMP_SYS(open), PARAM_PTR,
+ {SCMP_SYS(open), PARAM_PTR, 0,
(intptr_t)("/home/cristi/.tor/cached-descriptors.new"), 0},
- {SCMP_SYS(open), PARAM_PTR,
+ {SCMP_SYS(open), PARAM_PTR, 0,
(intptr_t)("/home/cristi/.tor/cached-extrainfo"), 0},
- {SCMP_SYS(open), PARAM_PTR,
+ {SCMP_SYS(open), PARAM_PTR, 0,
(intptr_t)("/home/cristi/.tor/state.tmp"), 0},
- {SCMP_SYS(open), PARAM_PTR,
+ {SCMP_SYS(open), PARAM_PTR, 0,
(intptr_t)("/home/cristi/.tor/unparseable-desc.tmp"), 0},
- {SCMP_SYS(open), PARAM_PTR,
+ {SCMP_SYS(open), PARAM_PTR, 0,
(intptr_t)("/home/cristi/.tor/unparseable-desc"), 0},
};
@@ -253,7 +253,7 @@ add_param_filter(scmp_filter_ctx ctx)
param_filter[i].prot = 1;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, param_filter[i].syscall, 1,
- SCMP_A0(SCMP_CMP_EQ, param_filter[i].param));
+ SCMP_CMP(param_filter[i].pindex, SCMP_CMP_EQ, param_filter[i].param));
if (rc != 0) {
log_err(LD_BUG,"(Sandbox) failed to add syscall index %d, "
"received libseccomp error %d", i, rc);
diff --git a/src/common/sandbox.h b/src/common/sandbox.h
index b973d9716e..b80c19808e 100644
--- a/src/common/sandbox.h
+++ b/src/common/sandbox.h
@@ -41,6 +41,7 @@ typedef struct {
int syscall;
char ptype;
+ char pindex;
intptr_t param;
char prot;