commit 910e25358a148268815a23ff2040599291100a97 Author: Nick Mathewson nickm@torproject.org Date: Wed Sep 2 09:59:22 2015 -0400

Let bridge authorities run under the sandbox

(found thanks to teor's chutney haxx) --- changes/bug16964 | 4 ++++ src/or/main.c | 9 +++++++++ 2 files changed, 13 insertions(+)

diff --git a/changes/bug16964 b/changes/bug16964 new file mode 100644 index 0000000..46ff565 --- /dev/null +++ b/changes/bug16964 @@ -0,0 +1,4 @@ + o Minor bugfixes (linux seccomp2 sandbox): + - Allow bridge authorities to run correctly under the seccomp2 + sandbox. Fixes bug 16964; bugfix on 0.2.5.1-alpha. + diff --git a/src/or/main.c b/src/or/main.c index 0b0207b..915b3e2 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -3040,6 +3040,12 @@ sandbox_init_filter(void) OPEN("/etc/hosts"); OPEN("/proc/meminfo");

+ if (options->BridgeAuthoritativeDir) + OPEN_DATADIR_SUFFIX("networkstatus-bridges", ".tmp"); + + if (authdir_mode_handles_descs(options, -1)) + OPEN_DATADIR("approved-routers"); + if (options->ServerDNSResolvConfFile) sandbox_cfg_allow_open_filename(&cfg, tor_strdup(options->ServerDNSResolvConfFile)); @@ -3080,6 +3086,9 @@ sandbox_init_filter(void) RENAME_SUFFIX("unparseable-desc", ".tmp"); RENAME_SUFFIX("v3-status-votes", ".tmp");

+ if (options->BridgeAuthoritativeDir) + RENAME_SUFFIX("networkstatus-bridges", ".tmp"); + #define STAT_DATADIR(name) \ sandbox_cfg_allow_stat_filename(&cfg, get_datadir_fname(name))