mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 04:13:28 +01:00
Fix sandbox use with systemd. bug 16212.
This commit is contained in:
parent
8ca3773f68
commit
97330ced0c
5
changes/bug16212
Normal file
5
changes/bug16212
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
o Minor bugfixes (sandbox, systemd):
|
||||||
|
- Allow systemd connections to work with the Linux seccomp2 sandbox
|
||||||
|
code. Fixes bug 16212; bugfix on 0.2.6.2-alpha.
|
||||||
|
Patch by Peter Palfrader.
|
||||||
|
|
@ -170,6 +170,7 @@ static int filter_nopar_gen[] = {
|
|||||||
SCMP_SYS(read),
|
SCMP_SYS(read),
|
||||||
SCMP_SYS(rt_sigreturn),
|
SCMP_SYS(rt_sigreturn),
|
||||||
SCMP_SYS(sched_getaffinity),
|
SCMP_SYS(sched_getaffinity),
|
||||||
|
SCMP_SYS(sendmsg),
|
||||||
SCMP_SYS(set_robust_list),
|
SCMP_SYS(set_robust_list),
|
||||||
#ifdef __NR_sigreturn
|
#ifdef __NR_sigreturn
|
||||||
SCMP_SYS(sigreturn),
|
SCMP_SYS(sigreturn),
|
||||||
@ -547,6 +548,15 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
|
|||||||
SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX),
|
SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX),
|
||||||
SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_STREAM),
|
SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_STREAM),
|
||||||
SCMP_CMP(2, SCMP_CMP_EQ, 0));
|
SCMP_CMP(2, SCMP_CMP_EQ, 0));
|
||||||
|
if (rc)
|
||||||
|
return rc;
|
||||||
|
|
||||||
|
rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
|
||||||
|
SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX),
|
||||||
|
SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_DGRAM),
|
||||||
|
SCMP_CMP(2, SCMP_CMP_EQ, 0));
|
||||||
|
if (rc)
|
||||||
|
return rc;
|
||||||
|
|
||||||
rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
|
rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
|
||||||
SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK),
|
SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK),
|
||||||
|
Loading…
Reference in New Issue
Block a user