From b3a8c08a9217effb0065b9bc5769f18e120ca4d1 Mon Sep 17 00:00:00 2001 From: Cristian Toader Date: Wed, 7 Aug 2013 13:13:12 +0300 Subject: orport progress (not functional), nickm suggested fixes --- src/or/cpuworker.c | 2 ++ src/or/main.c | 49 +++++++++++++++++++++++++++++++------------------ 2 files changed, 33 insertions(+), 18 deletions(-) (limited to 'src/or') diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c index 61f9faa394..245f67e56a 100644 --- a/src/or/cpuworker.c +++ b/src/or/cpuworker.c @@ -571,6 +571,8 @@ spawn_enough_cpuworkers(void) if (num_cpuworkers_needed > MAX_CPUWORKERS) num_cpuworkers_needed = MAX_CPUWORKERS; + getchar(); + while (num_cpuworkers < num_cpuworkers_needed) { if (spawn_cpuworker() < 0) { log_warn(LD_GENERAL,"Cpuworker spawn failed. Will try again later."); diff --git a/src/or/main.c b/src/or/main.c index 3c9824677a..5b6b778ef5 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2645,23 +2645,18 @@ sandbox_init_filter() sandbox_cfg_t *cfg = sandbox_cfg_new(); // TODO: mem leak - sandbox_cfg_allow_openat_filename(&cfg, - get_datadir_fname("cached-status")); + sandbox_cfg_allow_openat_filename(&cfg, get_datadir_fname("cached-status")); - sandbox_cfg_allow_open_filename(&cfg, - get_datadir_fname("cached-certs")); - sandbox_cfg_allow_open_filename(&cfg, - get_datadir_fname("cached-certs.tmp")); - sandbox_cfg_allow_open_filename(&cfg, - get_datadir_fname("cached-consensus")); + sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-certs")); + sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-certs.tmp")); + sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-consensus")); sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("unverified-consensus")); sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-microdesc-consensus")); sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-microdesc-consensus.tmp")); - sandbox_cfg_allow_open_filename(&cfg, - get_datadir_fname("cached-microdescs")); + sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-microdescs")); sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-microdescs.tmp")); sandbox_cfg_allow_open_filename(&cfg, @@ -2670,18 +2665,36 @@ sandbox_init_filter() get_datadir_fname("cached-microdescs.new.tmp")); sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("unverified-microdesc-consensus")); - sandbox_cfg_allow_open_filename(&cfg, - get_datadir_fname("cached-descriptors")); + sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-descriptors")); sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-descriptors.new")); - sandbox_cfg_allow_open_filename(&cfg, - get_datadir_fname("cached-extrainfo")); - sandbox_cfg_allow_open_filename(&cfg, - get_datadir_fname("state.tmp")); + sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-extrainfo")); + sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("state.tmp")); sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("unparseable-desc.tmp")); - sandbox_cfg_allow_open_filename(&cfg, - get_datadir_fname("unparseable-desc")); + sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("unparseable-desc")); + + // orport + if (server_mode(get_options())) { + sandbox_cfg_allow_open_filename(&cfg, + get_datadir_fname2("keys", "secret_id_key")); + sandbox_cfg_allow_open_filename(&cfg, + get_datadir_fname2("keys", "secret_onion_key")); + sandbox_cfg_allow_open_filename(&cfg, + get_datadir_fname2("keys", "secret_onion_key_ntor")); + sandbox_cfg_allow_open_filename(&cfg, + get_datadir_fname2("keys", "secret_id_key.old")); + sandbox_cfg_allow_open_filename(&cfg, + get_datadir_fname2("keys", "secret_onion_key.old")); + sandbox_cfg_allow_open_filename(&cfg, + get_datadir_fname2("keys", "secret_onion_key_ntor.old")); + sandbox_cfg_allow_open_filename(&cfg, + get_datadir_fname2("keys", "secret_onion_key.tmp")); + + sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("fingerprint")); + + sandbox_cfg_allow_open_filename(&cfg, "/etc/resolv.conf"); + } sandbox_cfg_allow_execve(&cfg, "/usr/local/bin/tor"); -- cgit v1.2.3-54-g00ecf