diff options
| -rw-r--r-- | changes/bug16964 | 4 | ||||
| -rw-r--r-- | src/or/main.c | 9 |
2 files changed, 13 insertions, 0 deletions
diff --git a/changes/bug16964 b/changes/bug16964 new file mode 100644 index 0000000000..46ff565fc6 --- /dev/null +++ b/changes/bug16964 @@ -0,0 +1,4 @@ + o Minor bugfixes (linux seccomp2 sandbox): + - Allow bridge authorities to run correctly under the seccomp2 + sandbox. Fixes bug 16964; bugfix on 0.2.5.1-alpha. + diff --git a/src/or/main.c b/src/or/main.c index 0b0207b975..915b3e23ca 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -3040,6 +3040,12 @@ sandbox_init_filter(void) OPEN("/etc/hosts"); OPEN("/proc/meminfo"); + if (options->BridgeAuthoritativeDir) + OPEN_DATADIR_SUFFIX("networkstatus-bridges", ".tmp"); + + if (authdir_mode_handles_descs(options, -1)) + OPEN_DATADIR("approved-routers"); + if (options->ServerDNSResolvConfFile) sandbox_cfg_allow_open_filename(&cfg, tor_strdup(options->ServerDNSResolvConfFile)); @@ -3080,6 +3086,9 @@ sandbox_init_filter(void) RENAME_SUFFIX("unparseable-desc", ".tmp"); RENAME_SUFFIX("v3-status-votes", ".tmp"); + if (options->BridgeAuthoritativeDir) + RENAME_SUFFIX("networkstatus-bridges", ".tmp"); + #define STAT_DATADIR(name) \ sandbox_cfg_allow_stat_filename(&cfg, get_datadir_fname(name)) |