[tor-commits] [tor/master] Block certain option transitions while sandbox enabled

nickm at torproject.org nickm at torproject.org
Thu Apr 17 03:48:08 UTC 2014


commit 2ae47d3c3ad7121b3ebfa8aa47cd67336218163e
Author: Nick Mathewson <nickm at torproject.org>
Date:   Wed Apr 16 21:57:45 2014 -0400

    Block certain option transitions while sandbox enabled
---
 src/or/config.c |   32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/src/or/config.c b/src/or/config.c
index 77dcd16..b686b66 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -3584,6 +3584,12 @@ options_transition_allowed(const or_options_t *old,
     return -1;
   }
 
+  if (old->Sandbox != new_val->Sandbox) {
+    *msg = tor_strdup("While Tor is running, changing Sandbox "
+                      "is not allowed.");
+    return -1;
+  }
+
   if (strcmp(old->DataDirectory,new_val->DataDirectory)!=0) {
     tor_asprintf(msg,
                "While Tor is running, changing DataDirectory "
@@ -3636,6 +3642,32 @@ options_transition_allowed(const or_options_t *old,
     return -1;
   }
 
+  if (sandbox_is_active()) {
+    if (! opt_streq(old->PidFile, new_val->PidFile)) {
+      *msg = tor_strdup("Can't change PidFile while Sandbox is active");
+      return -1;
+    }
+    if (! config_lines_eq(old->Logs, new_val->Logs)) {
+      *msg = tor_strdup("Can't change Logs while Sandbox is active");
+      return -1;
+    }
+    if (old->ConnLimit != new_val->ConnLimit) {
+      *msg = tor_strdup("Can't change ConnLimit while Sandbox is active");
+      return -1;
+    }
+    if (! opt_streq(old->ServerDNSResolvConfFile,
+                    new_val->ServerDNSResolvConfFile)) {
+      *msg = tor_strdup("Can't change ServerDNSResolvConfFile"
+                        " while Sandbox is active");
+      return -1;
+    }
+    if (server_mode(old) != server_mode(new_val)) {
+      *msg = tor_strdup("Can't start/stop being a server while "
+                        "Sandbox is active");
+      return -1;
+    }
+  }
+
   return 0;
 }
 





More information about the tor-commits mailing list