commit 686cf4c0fffa5af63bf989eb53af9a962692670a Author: Cristian Toader cristian.matei.toader@gmail.com Date: Tue Jul 30 23:43:42 2013 +0300
clean stable version --- src/common/sandbox.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/src/common/sandbox.c b/src/common/sandbox.c index d13938d..8a31ce0 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -127,6 +127,7 @@ static int filter_nopar_gen[] = { SCMP_SYS(sendto), SCMP_SYS(send), SCMP_SYS(setsockopt), + SCMP_SYS(socket), SCMP_SYS(socketpair), SCMP_SYS(recvfrom), SCMP_SYS(unlink), @@ -142,10 +143,10 @@ sb_rt_sigaction(scmp_filter_ctx ctx) #endif };
- for(i = 0; i < LENGHT(param); i++) { + for (i = 0; i < LENGHT(param); i++) { rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigaction), 1, SCMP_CMP(0, SCMP_CMP_EQ, param[i])); - if(rc) + if (rc) break; }
@@ -198,14 +199,14 @@ sb_mmap2(scmp_filter_ctx ctx) rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap2), 2, SCMP_CMP(2, SCMP_CMP_EQ, PROT_READ), SCMP_CMP(3, SCMP_CMP_EQ, MAP_PRIVATE)); - if(rc) { + if (rc) { return rc; }
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap2), 2, SCMP_CMP(2, SCMP_CMP_EQ, PROT_READ|PROT_WRITE), SCMP_CMP(3, SCMP_CMP_EQ, MAP_PRIVATE|MAP_ANONYMOUS)); - if(rc) { + if (rc) { return rc; }
@@ -398,7 +399,7 @@ add_param_filter(scmp_filter_ctx ctx, sandbox_cfg_t* cfg) int i, rc = 0;
// function pointer - for(i = 0; i < LENGHT(filter_func); i++) { + for (i = 0; i < LENGHT(filter_func); i++) { if ((filter_func[i])(ctx)) { log_err(LD_BUG,"(Sandbox) failed to add syscall, received libseccomp " "error %d", rc); @@ -576,7 +577,8 @@ initialise_libseccomp_sandbox(sandbox_cfg_t* cfg) #endif // USE_LIBSECCOMP
sandbox_cfg_t* -sandbox_cfg_new() { +sandbox_cfg_new() +{ return NULL; }
tor-commits@lists.torproject.org