commit 84c13336c410ac218c70d6ce2ce6216f9b24e796
parent 848ba26c188c43cb97a22d5911fceb3714a97272
Author: Nick Mathewson <nickm@torproject.org>
Date: Sun, 11 Feb 2018 18:10:59 -0500
Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9
Diffstat:
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/changes/bug24198 b/changes/bug24198
@@ -0,0 +1,4 @@
+ o Minor bugfixes (controller, linux seccomp2 sandbox):
+ - Avoid a crash when attempting to use the seccomp2 sandbox
+ together with the OwningControllerProcess feature.
+ Fixes bug 24198; bugfix on 0.2.5.1-alpha.
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
@@ -1112,6 +1112,19 @@ sb_stat64(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
}
#endif
+static int
+sb_kill(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+ (void) filter;
+#ifdef __NR_kill
+ /* Allow killing anything with signal 0 -- it isn't really a kill. */
+ return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(kill),
+ SCMP_CMP(1, SCMP_CMP_EQ, 0));
+#else
+ return 0;
+#endif
+}
+
/**
* Array of function pointers responsible for filtering different syscalls at
* a parameter level.
@@ -1150,7 +1163,8 @@ static sandbox_filter_func_t filter_func[] = {
sb_socket,
sb_setsockopt,
sb_getsockopt,
- sb_socketpair
+ sb_socketpair,
+ sb_kill
};
const char *
