From 8a85a48b9d0ed2b298bcc26dfeb96fa7e31c05c4 Mon Sep 17 00:00:00 2001 From: Cristian Toader Date: Mon, 12 Aug 2013 21:14:43 +0300 Subject: attempt to add stat64 filename filters; failed due to getaddrinfo.. --- src/or/dns.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/or/dns.c') diff --git a/src/or/dns.c b/src/or/dns.c index edcf92e5b3..6dc0c05f9c 100644 --- a/src/or/dns.c +++ b/src/or/dns.c @@ -24,6 +24,7 @@ #include "relay.h" #include "router.h" #include "ht.h" +#include "../common/sandbox.h" #ifdef HAVE_EVENT2_DNS_H #include #include @@ -1477,7 +1478,7 @@ configure_nameservers(int force) evdns_set_log_fn(evdns_log_cb); if (conf_fname) { - if (stat(conf_fname, &st)) { + if (stat(sandbox_intern_string(conf_fname), &st)) { log_warn(LD_EXIT, "Unable to stat resolver configuration in '%s': %s", conf_fname, strerror(errno)); goto err; -- cgit v1.2.3-54-g00ecf From a9910d89f170933a7730798c98ebbb1d743a1c46 Mon Sep 17 00:00:00 2001 From: Cristian Toader Date: Mon, 19 Aug 2013 11:41:46 +0300 Subject: finalised fix on libevent open string issue --- src/common/sandbox.c | 9 --------- src/or/dns.c | 12 +++++++++--- 2 files changed, 9 insertions(+), 12 deletions(-) (limited to 'src/or/dns.c') diff --git a/src/common/sandbox.c b/src/common/sandbox.c index c5e12311c2..210aa7c860 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -261,15 +261,6 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } } - // todo remove when libevent fix - rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 1, - SCMP_CMP(1, SCMP_CMP_EQ, O_RDONLY|O_LARGEFILE|O_CLOEXEC)); - if (rc != 0) { - log_err(LD_BUG,"(Sandbox) failed to add open syscall, received libseccomp " - "error %d", rc); - return rc; - } - // problem: required by getaddrinfo rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 1, SCMP_CMP(1, SCMP_CMP_EQ, O_RDONLY|O_CLOEXEC)); diff --git a/src/or/dns.c b/src/or/dns.c index 6dc0c05f9c..09601e9cb1 100644 --- a/src/or/dns.c +++ b/src/or/dns.c @@ -1444,13 +1444,14 @@ configure_nameservers(int force) const or_options_t *options; const char *conf_fname; struct stat st; - int r; + int r, flags; options = get_options(); conf_fname = options->ServerDNSResolvConfFile; #ifndef _WIN32 if (!conf_fname) conf_fname = "/etc/resolv.conf"; #endif + flags = DNS_OPTIONS_ALL; if (!the_evdns_base) { if (!(the_evdns_base = evdns_base_new(tor_libevent_get_base(), 0))) { @@ -1492,9 +1493,14 @@ configure_nameservers(int force) evdns_base_search_clear(the_evdns_base); evdns_base_clear_nameservers_and_suspend(the_evdns_base); } + if (flags & DNS_OPTION_HOSTSFILE) { + flags ^= DNS_OPTION_HOSTSFILE; + evdns_base_load_hosts(the_evdns_base, + sandbox_intern_string("/etc/resolv.conf")); + } log_info(LD_EXIT, "Parsing resolver configuration in '%s'", conf_fname); - if ((r = evdns_base_resolv_conf_parse(the_evdns_base, - DNS_OPTIONS_ALL, conf_fname))) { + if ((r = evdns_base_resolv_conf_parse(the_evdns_base, flags, + sandbox_intern_string(conf_fname)))) { log_warn(LD_EXIT, "Unable to parse '%s', or no nameservers in '%s' (%d)", conf_fname, conf_fname, r); goto err; -- cgit v1.2.3-54-g00ecf