From 619497076585c54dc80656cdd4e6181f1109ff53 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 16 Apr 2014 16:05:10 -0400
Subject: [PATCH] Don't allow change to ConnLimit while sandbox is active

---
 src/common/sandbox.c | 11 +++++++++++
 src/common/sandbox.h |  3 +++
 src/or/config.c      | 18 ++++++++++++------
 3 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 5f9d625ef3..0722751745 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -1576,6 +1576,11 @@ initialise_libseccomp_sandbox(sandbox_cfg_t* cfg)
   return 0;
 }
 
+int
+sandbox_is_active(void)
+{
+  return sandbox_active != 0;
+}
 #endif // USE_LIBSECCOMP
 
 sandbox_cfg_t*
@@ -1672,5 +1677,11 @@ sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2)
   (void)cfg; (void)file1; (void)file2;
   return 0;
 }
+
+int
+sandbox_is_active(void)
+{
+  return 0;
+}
 #endif
 
diff --git a/src/common/sandbox.h b/src/common/sandbox.h
index c4144dbb2e..c40f5e0d1f 100644
--- a/src/common/sandbox.h
+++ b/src/common/sandbox.h
@@ -229,5 +229,8 @@ int sandbox_cfg_allow_stat_filename_array(sandbox_cfg_t **cfg, ...);
 /** Function used to initialise a sandbox configuration.*/
 int sandbox_init(sandbox_cfg_t* cfg);
 
+/** Return true iff the sandbox is turned on. */
+int sandbox_is_active(void);
+
 #endif /* SANDBOX_H_ */
 
diff --git a/src/or/config.c b/src/or/config.c
index c2eebf77a6..881da37855 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1,4 +1,4 @@
- /* Copyright (c) 2001 Matej Pfajfar.
+/* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  * Copyright (c) 2007-2013, The Tor Project, Inc. */
@@ -1043,12 +1043,18 @@ options_act_reversible(const or_options_t *old_options, char **msg)
   if (running_tor) {
     int n_ports=0;
     /* We need to set the connection limit before we can open the listeners. */
-    if (set_max_file_descriptors((unsigned)options->ConnLimit,
-                                 &options->ConnLimit_) < 0) {
-      *msg = tor_strdup("Problem with ConnLimit value. See logs for details.");
-      goto rollback;
+    if (! sandbox_is_active()) {
+      if (set_max_file_descriptors((unsigned)options->ConnLimit,
+                                   &options->ConnLimit_) < 0) {
+        *msg = tor_strdup("Problem with ConnLimit value. "
+                          "See logs for details.");
+        goto rollback;
+      }
+      set_conn_limit = 1;
+    } else {
+      tor_assert(old_options);
+      options->ConnLimit_ = old_options->ConnLimit_;
     }
-    set_conn_limit = 1;
 
     /* Set up libevent.  (We need to do this before we can register the
      * listeners as listeners.) */