[tor-commits] [tor/maint-0.4.4] Allow unlinkat() in the seccomp2 sandbox

asn at torproject.org asn at torproject.org
Wed Jul 1 10:00:44 UTC 2020


commit c81cb588db6c5176c7423b1a2f98218a8989b5dd
Author: Nick Mathewson <nickm at torproject.org>
Date:   Wed Feb 26 15:17:12 2020 -0500

    Allow unlinkat() in the seccomp2 sandbox
    
    Closes ticket 33346.
---
 changes/ticket33346       | 3 +++
 src/lib/sandbox/sandbox.c | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/changes/ticket33346 b/changes/ticket33346
new file mode 100644
index 000000000..acbbae516
--- /dev/null
+++ b/changes/ticket33346
@@ -0,0 +1,3 @@
+  o Minor features (linux seccomp2 sandbox):
+    - Permit the unlinkat() syscall, which some Libc implementations
+      use to implement unlink(). Closes ticket 33346.
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
index 8f577b066..63d3e0b9a 100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -269,6 +269,9 @@ static int filter_nopar_gen[] = {
     SCMP_SYS(recvfrom),
     SCMP_SYS(sendto),
     SCMP_SYS(unlink),
+#ifdef __NR_unlinkat
+    SCMP_SYS(unlinkat),
+#endif
     SCMP_SYS(poll)
 };
 





More information about the tor-commits mailing list