[tor-commits] [tor/master] Merge branch 'bug11396_v2_squashed'
nickm at torproject.org
nickm at torproject.org
Thu Apr 24 14:32:26 UTC 2014
commit 67aa3685e7321322cbbc2bef7f87c9a885819af8
Merge: aa1ad30 e3af726
Author: Nick Mathewson <nickm at torproject.org>
Date: Thu Apr 24 10:31:38 2014 -0400
Merge branch 'bug11396_v2_squashed'
Conflicts:
src/or/main.c
changes/bug11396 | 11 +++++
configure.ac | 2 +
doc/tor.1.txt | 3 +-
src/common/compat.c | 119 ++++++++++++++++++++++++++++++++++++++++++++++++++
src/common/compat.h | 2 +
src/or/config.c | 74 ++++++++++++++++++++++++++++---
src/or/control.c | 4 ++
src/or/main.c | 1 +
src/or/or.h | 5 ++-
src/test/test_util.c | 29 ++++++++++++
10 files changed, 242 insertions(+), 8 deletions(-)
diff --cc src/or/control.c
index 2815b79,4d41e10..d571900
mode 100755,100644..100755
--- a/src/or/control.c
+++ b/src/or/control.c
diff --cc src/or/main.c
index 4770b7e,8c75a3b..6713d80
--- a/src/or/main.c
+++ b/src/or/main.c
@@@ -2726,95 -2721,46 +2726,96 @@@ init_addrinfo(void
static sandbox_cfg_t*
sandbox_init_filter(void)
{
+ const or_options_t *options = get_options();
sandbox_cfg_t *cfg = sandbox_cfg_new();
+ int i;
sandbox_cfg_allow_openat_filename(&cfg,
- get_datadir_fname("cached-status"), 1);
+ get_datadir_fname("cached-status"));
sandbox_cfg_allow_open_filename_array(&cfg,
- get_datadir_fname("cached-certs"), 1,
- get_datadir_fname("cached-certs.tmp"), 1,
- get_datadir_fname("cached-consensus"), 1,
- get_datadir_fname("unverified-consensus"), 1,
- get_datadir_fname("unverified-consensus.tmp"), 1,
- get_datadir_fname("cached-microdesc-consensus"), 1,
- get_datadir_fname("cached-microdesc-consensus.tmp"), 1,
- get_datadir_fname("cached-microdescs"), 1,
- get_datadir_fname("cached-microdescs.tmp"), 1,
- get_datadir_fname("cached-microdescs.new"), 1,
- get_datadir_fname("cached-microdescs.new.tmp"), 1,
- get_datadir_fname("unverified-microdesc-consensus"), 1,
- get_datadir_fname("cached-descriptors"), 1,
- get_datadir_fname("cached-descriptors.new"), 1,
- get_datadir_fname("cached-descriptors.tmp"), 1,
- get_datadir_fname("cached-descriptors.new.tmp"), 1,
- get_datadir_fname("cached-descriptors.tmp.tmp"), 1,
- get_datadir_fname("cached-extrainfo"), 1,
- get_datadir_fname("state.tmp"), 1,
- get_datadir_fname("unparseable-desc.tmp"), 1,
- get_datadir_fname("unparseable-desc"), 1,
- "/dev/srandom", 0,
- "/dev/urandom", 0,
- "/dev/random", 0,
- "/proc/meminfo", 0,
+ get_datadir_fname("cached-certs"),
+ get_datadir_fname("cached-certs.tmp"),
+ get_datadir_fname("cached-consensus"),
+ get_datadir_fname("cached-consensus.tmp"),
+ get_datadir_fname("unverified-consensus"),
+ get_datadir_fname("unverified-consensus.tmp"),
+ get_datadir_fname("unverified-microdesc-consensus"),
+ get_datadir_fname("unverified-microdesc-consensus.tmp"),
+ get_datadir_fname("cached-microdesc-consensus"),
+ get_datadir_fname("cached-microdesc-consensus.tmp"),
+ get_datadir_fname("cached-microdescs"),
+ get_datadir_fname("cached-microdescs.tmp"),
+ get_datadir_fname("cached-microdescs.new"),
+ get_datadir_fname("cached-microdescs.new.tmp"),
+ get_datadir_fname("cached-descriptors"),
+ get_datadir_fname("cached-descriptors.new"),
+ get_datadir_fname("cached-descriptors.tmp"),
+ get_datadir_fname("cached-descriptors.new.tmp"),
+ get_datadir_fname("cached-descriptors.tmp.tmp"),
+ get_datadir_fname("cached-extrainfo"),
+ get_datadir_fname("cached-extrainfo.new"),
+ get_datadir_fname("cached-extrainfo.tmp"),
+ get_datadir_fname("cached-extrainfo.new.tmp"),
+ get_datadir_fname("cached-extrainfo.tmp.tmp"),
+ get_datadir_fname("state.tmp"),
+ get_datadir_fname("unparseable-desc.tmp"),
+ get_datadir_fname("unparseable-desc"),
+ get_datadir_fname("v3-status-votes"),
+ get_datadir_fname("v3-status-votes.tmp"),
+ tor_strdup("/dev/srandom"),
+ tor_strdup("/dev/urandom"),
+ tor_strdup("/dev/random"),
+ tor_strdup("/etc/hosts"),
++ tor_strdup("/proc/meminfo"),
NULL, 0
);
+ if (options->ServerDNSResolvConfFile)
+ sandbox_cfg_allow_open_filename(&cfg,
+ tor_strdup(options->ServerDNSResolvConfFile));
+ else
+ sandbox_cfg_allow_open_filename(&cfg, tor_strdup("/etc/resolv.conf"));
+
+ for (i = 0; i < 2; ++i) {
+ if (get_torrc_fname(i)) {
+ sandbox_cfg_allow_open_filename(&cfg, tor_strdup(get_torrc_fname(i)));
+ }
+ }
+
+#define RENAME_SUFFIX(name, suffix) \
+ sandbox_cfg_allow_rename(&cfg, \
+ get_datadir_fname(name suffix), \
+ get_datadir_fname(name))
+
+#define RENAME_SUFFIX2(prefix, name, suffix) \
+ sandbox_cfg_allow_rename(&cfg, \
+ get_datadir_fname2(prefix, name suffix), \
+ get_datadir_fname2(prefix, name))
+
+ RENAME_SUFFIX("cached-certs", ".tmp");
+ RENAME_SUFFIX("cached-consensus", ".tmp");
+ RENAME_SUFFIX("unverified-consensus", ".tmp");
+ RENAME_SUFFIX("unverified-microdesc-consensus", ".tmp");
+ RENAME_SUFFIX("cached-microdesc-consensus", ".tmp");
+ RENAME_SUFFIX("cached-microdescs", ".tmp");
+ RENAME_SUFFIX("cached-microdescs", ".new");
+ RENAME_SUFFIX("cached-microdescs.new", ".tmp");
+ RENAME_SUFFIX("cached-descriptors", ".tmp");
+ RENAME_SUFFIX("cached-descriptors", ".new");
+ RENAME_SUFFIX("cached-descriptors.new", ".tmp");
+ RENAME_SUFFIX("cached-extrainfo", ".tmp");
+ RENAME_SUFFIX("cached-extrainfo", ".new");
+ RENAME_SUFFIX("cached-extrainfo.new", ".tmp");
+ RENAME_SUFFIX("state", ".tmp");
+ RENAME_SUFFIX("unparseable-desc", ".tmp");
+ RENAME_SUFFIX("v3-status-votes", ".tmp");
sandbox_cfg_allow_stat_filename_array(&cfg,
- get_datadir_fname(NULL), 1,
- get_datadir_fname("lock"), 1,
- get_datadir_fname("state"), 1,
- get_datadir_fname("router-stability"), 1,
- get_datadir_fname("cached-extrainfo.new"), 1,
+ get_datadir_fname(NULL),
+ get_datadir_fname("lock"),
+ get_datadir_fname("state"),
+ get_datadir_fname("router-stability"),
+ get_datadir_fname("cached-extrainfo.new"),
NULL, 0
);
More information about the tor-commits
mailing list