[tor-commits] [sandboxed-tor-browser/master] Bug #20773: Don't mount /proc in the tor container when no PTs.

yawning at torproject.org yawning at torproject.org
Sat Nov 26 08:39:02 UTC 2016 

commit f5dbc78776f413829085aa3fba2611214cc469ad
Author: Yawning Angel <yawning at schwanenlied.me>
Date:   Sat Nov 26 08:37:25 2016 +0000

    Bug #20773: Don't mount /proc in the tor container when no PTs.
    
    While I'm being overly cautious about obfs4proxy, at least when bridges
    aren't in use, the tor container can do without /proc.
---
 src/cmd/sandboxed-tor-browser/internal/sandbox/application.go | 8 ++++++++
 src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go      | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
index e676955..1e38adc 100644
--- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
+++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
@@ -458,6 +458,14 @@ func RunTor(cfg *config.Config, torrc []byte) (cmd *exec.Cmd, err error) {
 	h.stderr = logger
 	if !cfg.Tor.UseBridges {
 		h.seccompFn = installTorSeccompProfile
+
+		// The tor daemon only uses this to calculate MaxMemInQueues,
+		// which is a relay thing, so this can safely be disabled.
+		//
+		// Not sure about what to do wrt pluggable transports yet,
+		// obfs4proxy seems to function fine, and the reads it does
+		// look innocent enough, but more investigation is needed.
+		h.mountProc = false
 	} else {
 		h.seccompFn = installBasicSeccompBlacklist
 	}
diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go
index a0b614b..2877d45 100644
--- a/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go
+++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go
@@ -265,7 +265,7 @@ func (h *hugbox) run() (*exec.Cmd, error) {
 	pendingWrites := [][]byte{argsBuf}
 	pendingWrites = append(pendingWrites, h.fileData...)
 
-	Debugf("sandbox: fdArgs: %v", h.args)
+	Debugf("sandbox: fdArgs: %v", fdArgs)
 
 	// Fork/exec.
 	cmd.Start()

More information about the tor-commits mailing list