mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-11 05:33:47 +01:00
Don't allow change to ConnLimit while sandbox is active
This commit is contained in:
parent
18f7f49a8c
commit
6194970765
@ -1576,6 +1576,11 @@ initialise_libseccomp_sandbox(sandbox_cfg_t* cfg)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
sandbox_is_active(void)
|
||||||
|
{
|
||||||
|
return sandbox_active != 0;
|
||||||
|
}
|
||||||
#endif // USE_LIBSECCOMP
|
#endif // USE_LIBSECCOMP
|
||||||
|
|
||||||
sandbox_cfg_t*
|
sandbox_cfg_t*
|
||||||
@ -1672,5 +1677,11 @@ sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2)
|
|||||||
(void)cfg; (void)file1; (void)file2;
|
(void)cfg; (void)file1; (void)file2;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
sandbox_is_active(void)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -229,5 +229,8 @@ int sandbox_cfg_allow_stat_filename_array(sandbox_cfg_t **cfg, ...);
|
|||||||
/** Function used to initialise a sandbox configuration.*/
|
/** Function used to initialise a sandbox configuration.*/
|
||||||
int sandbox_init(sandbox_cfg_t* cfg);
|
int sandbox_init(sandbox_cfg_t* cfg);
|
||||||
|
|
||||||
|
/** Return true iff the sandbox is turned on. */
|
||||||
|
int sandbox_is_active(void);
|
||||||
|
|
||||||
#endif /* SANDBOX_H_ */
|
#endif /* SANDBOX_H_ */
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
/* Copyright (c) 2001 Matej Pfajfar.
|
/* Copyright (c) 2001 Matej Pfajfar.
|
||||||
* Copyright (c) 2001-2004, Roger Dingledine.
|
* Copyright (c) 2001-2004, Roger Dingledine.
|
||||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||||
* Copyright (c) 2007-2013, The Tor Project, Inc. */
|
* Copyright (c) 2007-2013, The Tor Project, Inc. */
|
||||||
@ -1043,12 +1043,18 @@ options_act_reversible(const or_options_t *old_options, char **msg)
|
|||||||
if (running_tor) {
|
if (running_tor) {
|
||||||
int n_ports=0;
|
int n_ports=0;
|
||||||
/* We need to set the connection limit before we can open the listeners. */
|
/* We need to set the connection limit before we can open the listeners. */
|
||||||
|
if (! sandbox_is_active()) {
|
||||||
if (set_max_file_descriptors((unsigned)options->ConnLimit,
|
if (set_max_file_descriptors((unsigned)options->ConnLimit,
|
||||||
&options->ConnLimit_) < 0) {
|
&options->ConnLimit_) < 0) {
|
||||||
*msg = tor_strdup("Problem with ConnLimit value. See logs for details.");
|
*msg = tor_strdup("Problem with ConnLimit value. "
|
||||||
|
"See logs for details.");
|
||||||
goto rollback;
|
goto rollback;
|
||||||
}
|
}
|
||||||
set_conn_limit = 1;
|
set_conn_limit = 1;
|
||||||
|
} else {
|
||||||
|
tor_assert(old_options);
|
||||||
|
options->ConnLimit_ = old_options->ConnLimit_;
|
||||||
|
}
|
||||||
|
|
||||||
/* Set up libevent. (We need to do this before we can register the
|
/* Set up libevent. (We need to do this before we can register the
|
||||||
* listeners as listeners.) */
|
* listeners as listeners.) */
|
||||||
|
Loading…
Reference in New Issue
Block a user