commit 114642da9e5e934586557671683c0e3b83eabd29
parent 81214da72f37eef009e67ecbdb72279356ebe43f
Author: Nick Mathewson <nickm@torproject.org>
Date: Tue, 18 Mar 2025 08:41:49 -0400
Make sandbox work with family id keys.
Closes #41022.
Bug not in any released version of Tor.
Diffstat:
2 files changed, 14 insertions(+), 0 deletions(-)
diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt
@@ -2498,6 +2498,9 @@ is non-zero):
But for now, relay families should configure
both this option _and_ MyFamily, so older clients
will still recognize the relays' family membership.
+ +
+ (Note that if the seccomp2 Sandbox feature is enabled,
+ it is not possible to change the key filenames while Tor is running.)
[[Nickname]] **Nickname** __name__::
Set the server's nickname to \'name'. Nicknames must be between 1 and 19
diff --git a/src/app/main/main.c b/src/app/main/main.c
@@ -957,6 +957,17 @@ sandbox_init_filter(void)
OPEN("/etc/hosts");
OPEN("/proc/meminfo");
+ {
+ smartlist_t *family_id_files =
+ list_family_key_files(options, options->KeyDirectory);
+
+ SMARTLIST_FOREACH(family_id_files, const char *, fn,
+ OPEN(fn));
+
+ SMARTLIST_FOREACH(family_id_files, char *, cp, tor_free(cp));
+ smartlist_free(family_id_files);
+ }
+
if (options->BridgeAuthoritativeDir)
OPEN_DATADIR_SUFFIX("networkstatus-bridges", ".tmp");
