[tor-commits] [tor/master] Let bridge authorities run under the sandbox
nickm at torproject.org
nickm at torproject.org
Wed Sep 2 14:00:19 UTC 2015
commit 910e25358a148268815a23ff2040599291100a97
Author: Nick Mathewson <nickm at torproject.org>
Date: Wed Sep 2 09:59:22 2015 -0400
Let bridge authorities run under the sandbox
(found thanks to teor's chutney haxx)
---
changes/bug16964 | 4 ++++
src/or/main.c | 9 +++++++++
2 files changed, 13 insertions(+)
diff --git a/changes/bug16964 b/changes/bug16964
new file mode 100644
index 0000000..46ff565
--- /dev/null
+++ b/changes/bug16964
@@ -0,0 +1,4 @@
+ o Minor bugfixes (linux seccomp2 sandbox):
+ - Allow bridge authorities to run correctly under the seccomp2
+ sandbox. Fixes bug 16964; bugfix on 0.2.5.1-alpha.
+
diff --git a/src/or/main.c b/src/or/main.c
index 0b0207b..915b3e2 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -3040,6 +3040,12 @@ sandbox_init_filter(void)
OPEN("/etc/hosts");
OPEN("/proc/meminfo");
+ if (options->BridgeAuthoritativeDir)
+ OPEN_DATADIR_SUFFIX("networkstatus-bridges", ".tmp");
+
+ if (authdir_mode_handles_descs(options, -1))
+ OPEN_DATADIR("approved-routers");
+
if (options->ServerDNSResolvConfFile)
sandbox_cfg_allow_open_filename(&cfg,
tor_strdup(options->ServerDNSResolvConfFile));
@@ -3080,6 +3086,9 @@ sandbox_init_filter(void)
RENAME_SUFFIX("unparseable-desc", ".tmp");
RENAME_SUFFIX("v3-status-votes", ".tmp");
+ if (options->BridgeAuthoritativeDir)
+ RENAME_SUFFIX("networkstatus-bridges", ".tmp");
+
#define STAT_DATADIR(name) \
sandbox_cfg_allow_stat_filename(&cfg, get_datadir_fname(name))
More information about the tor-commits
mailing list