[tor-commits] [tor/master] Fix running with the seccomp2 sandbox
nickm at torproject.org
nickm at torproject.org
Mon Feb 23 18:04:08 UTC 2015
commit f1fa85ea7325269fdb9f2d82257104d51f58b6a6
Author: Nick Mathewson <nickm at torproject.org>
Date: Mon Feb 23 12:16:08 2015 -0500
Fix running with the seccomp2 sandbox
We had a regression in 0.2.6.3-alpha when we stopped saying
IPPROTO_TCP to socket(). Fixes bug 14989, bugfix on 0.2.6.3-alpha.
---
changes/bug14989 | 4 ++++
src/or/connection.c | 9 +++++----
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/changes/bug14989 b/changes/bug14989
new file mode 100644
index 0000000..f4432d4
--- /dev/null
+++ b/changes/bug14989
@@ -0,0 +1,4 @@
+ o Major bugfixes (Linux seccomp2 sandbox):
+ - Pass IPPROTO_TCP rather than 0 to socket(), so that the
+ Linux seccomp2 sandbox doesn't fail. Fixes bug 14989;
+ bugfix on 0.2.6.3-alpha.
diff --git a/src/or/connection.c b/src/or/connection.c
index 79ae178..7db0238 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1612,7 +1612,6 @@ connection_connect_sockaddr(connection_t *conn,
tor_socket_t s;
int inprogress = 0;
const or_options_t *options = get_options();
- int protocol_family;
tor_assert(conn);
tor_assert(sa);
@@ -1624,8 +1623,6 @@ connection_connect_sockaddr(connection_t *conn,
return -1;
}
- protocol_family = sa->sa_family;
-
if (get_options()->DisableNetwork) {
/* We should never even try to connect anyplace if DisableNetwork is set.
* Warn if we do, and refuse to make the connection. */
@@ -1637,7 +1634,11 @@ connection_connect_sockaddr(connection_t *conn,
return -1;
}
- s = tor_open_socket_nonblocking(protocol_family, SOCK_STREAM, 0);
+ const int protocol_family = sa->sa_family;
+ const int proto = (sa->sa_family == AF_INET6 ||
+ sa->sa_family == AF_INET) ? IPPROTO_TCP : 0;
+
+ s = tor_open_socket_nonblocking(protocol_family, SOCK_STREAM, proto);
if (! SOCKET_OK(s)) {
*socket_error = tor_socket_errno(-1);
log_warn(LD_NET,"Error creating network socket: %s",
More information about the tor-commits
mailing list