commit a68e5323f809056cae9fcefc06357f9646595d89
Author: Peter Palfrader <peter(a)palfrader.org>
Date: Tue Jun 2 20:06:49 2015 +0200
Fix sandboxing to work when running as a relay
This includes correctly allowing renaming secret_id_key and allowing the
eventfd2 and futex syscalls. Fixes bug 16244; bugfix on 0.2.6.1-alpha.
---
changes/bug16244 | 7 +++++++
src/common/sandbox.c | 2 ++
src/or/main.c | 2 +-
3 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/changes/bug16244 b/changes/bug16244
new file mode 100644
index 0000000..00bc557
--- /dev/null
+++ b/changes/bug16244
@@ -0,0 +1,7 @@
+ o Minor bugfixes (sandbox, relay):
+ - Fix sandboxing to work when running as a relay again. This
+ includes correctly allowing renaming secret_id_key and
+ allowing the eventfd2 and futex syscalls.
+ Fixes bug 16244; bugfix on 0.2.6.1-alpha.
+ Patch by Peter Palfrader.
+
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index a32bd0d..cdb4521 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -129,11 +129,13 @@ static int filter_nopar_gen[] = {
SCMP_SYS(clone),
SCMP_SYS(epoll_create),
SCMP_SYS(epoll_wait),
+ SCMP_SYS(eventfd2),
SCMP_SYS(fcntl),
SCMP_SYS(fstat),
#ifdef __NR_fstat64
SCMP_SYS(fstat64),
#endif
+ SCMP_SYS(futex),
SCMP_SYS(getdents64),
SCMP_SYS(getegid),
#ifdef __NR_getegid32
diff --git a/src/or/main.c b/src/or/main.c
index d0fe8cb..8aa9a15 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2984,7 +2984,7 @@ sandbox_init_filter(void)
// orport
if (server_mode(get_options())) {
- OPEN_DATADIR2_SUFFIX("keys", "secret_id_key", "tmp");
+ OPEN_DATADIR2_SUFFIX("keys", "secret_id_key", ".tmp");
OPEN_DATADIR2_SUFFIX("keys", "secret_onion_key", ".tmp");
OPEN_DATADIR2_SUFFIX("keys", "secret_onion_key_ntor", ".tmp");
OPEN_DATADIR2("keys", "secret_id_key.old");