mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-09-21 05:26:20 +02:00
Merge branch 'maint-0.3.2' into maint-0.3.3
This commit is contained in:
commit
00536254b7
5
changes/bug25440
Normal file
5
changes/bug25440
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
o Minor bugfixes (linux seccomp2 sandbox):
|
||||||
|
- Fix a bug in out sandboxing rules for the openat() syscall.
|
||||||
|
Previously, no openat() call would be permitted, which would break
|
||||||
|
filesystem operations on recent glibc versions. Fixes bug 25440;
|
||||||
|
bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto.
|
@ -450,7 +450,7 @@ allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file)
|
|||||||
{
|
{
|
||||||
if (use_openat) {
|
if (use_openat) {
|
||||||
return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
|
return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
|
||||||
SCMP_CMP_STR(0, SCMP_CMP_EQ, AT_FDCWD),
|
SCMP_CMP(0, SCMP_CMP_EQ, (unsigned int)AT_FDCWD),
|
||||||
SCMP_CMP_STR(1, SCMP_CMP_EQ, file));
|
SCMP_CMP_STR(1, SCMP_CMP_EQ, file));
|
||||||
} else {
|
} else {
|
||||||
return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),
|
return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),
|
||||||
|
Loading…
Reference in New Issue
Block a user