nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-12-01 08:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

removed open flags (postponed), added mmap2 flags

Browse Source
This commit is contained in:
Cristian Toader 2013-07-30 19:37:28 +03:00
parent 871e5b35a8
commit 5baea85189
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/common/sandbox.c
View File

@ -58,7 +58,13 @@ static sandbox_static_cfg_t filter_static[] = {
{SCMP_SYS(socketcall), PARAM_NUM, 0, 18, 0}, {SCMP_SYS(socketcall), PARAM_NUM, 0, 18, 0},
#endif #endif
{SCMP_SYS(open), PARAM_NUM, 1, O_RDONLY | O_CLOEXEC, 0} #ifdef __NR_mmap2
{SCMP_SYS(mmap2), PARAM_NUM, 2, PROT_READ, 0},
{SCMP_SYS(mmap2), PARAM_NUM, 2, PROT_READ|PROT_WRITE, 0},
{SCMP_SYS(mmap2), PARAM_NUM, 3, MAP_PRIVATE|MAP_ANONYMOUS, 0},
{SCMP_SYS(mmap2), PARAM_NUM, 3, MAP_PRIVATE, 0},
#endif
}; };
/** Variable used for storing all syscall numbers that will be allowed with the /** Variable used for storing all syscall numbers that will be allowed with the
@ -111,9 +117,6 @@ static int filter_nopar_gen[] = {
SCMP_SYS(mkdir), SCMP_SYS(mkdir),
SCMP_SYS(mlockall), SCMP_SYS(mlockall),
SCMP_SYS(mmap), SCMP_SYS(mmap),
#ifdef __NR_mmap2
SCMP_SYS(mmap2),
#endif
SCMP_SYS(mprotect), SCMP_SYS(mprotect),
SCMP_SYS(mremap), SCMP_SYS(mremap),
SCMP_SYS(munmap), SCMP_SYS(munmap),