mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 23:53:32 +01:00
Merge branch 'maint-0.2.9' into maint-0.3.2
This commit is contained in:
commit
8e68fe7e1c
5
changes/bug25440
Normal file
5
changes/bug25440
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
o Minor bugfixes (linux seccomp2 sandbox):
|
||||||
|
- Fix a bug in out sandboxing rules for the openat() syscall.
|
||||||
|
Previously, no openat() call would be permitted, which would break
|
||||||
|
filesystem operations on recent glibc versions. Fixes bug 25440;
|
||||||
|
bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto.
|
@ -449,7 +449,7 @@ allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file)
|
|||||||
{
|
{
|
||||||
if (use_openat) {
|
if (use_openat) {
|
||||||
return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
|
return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
|
||||||
SCMP_CMP_STR(0, SCMP_CMP_EQ, AT_FDCWD),
|
SCMP_CMP(0, SCMP_CMP_EQ, (unsigned int)AT_FDCWD),
|
||||||
SCMP_CMP_STR(1, SCMP_CMP_EQ, file));
|
SCMP_CMP_STR(1, SCMP_CMP_EQ, file));
|
||||||
} else {
|
} else {
|
||||||
return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),
|
return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),
|
||||||
|
Loading…
Reference in New Issue
Block a user