tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit de3872656a8d3a79ca3d5fc55f1b64c4862b4c8a
parent 421ce94395ecf9cea65ab6c3841df8bcf0a48cbb
Author: Nick Mathewson <nickm@torproject.org>
Date:   Sun, 27 Mar 2022 18:34:25 -0400

Sandbox: Permit the clone3 system call

Apparently glibc-2.34 uses clone3, when previously it just used
clone.

Closes ticket #40590.

Diffstat:

Achanges/clone3-sandbox | 3+++


Msrc/lib/sandbox/sandbox.c | 3+++


2 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/changes/clone3-sandbox b/changes/clone3-sandbox
@@ -0,0 +1,3 @@
+  o Minor features (linux seccomp2 sandbox):
+    - Permit the clone3 syscall, which is apparently used in glibc-2.34 and
+      later. Closes ticket 40590.
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
@@ -144,6 +144,9 @@ static int filter_nopar_gen[] = {
     SCMP_SYS(clock_gettime),
     SCMP_SYS(close),
     SCMP_SYS(clone),
+#ifdef __NR_clone3
+    SCMP_SYS(clone3),
+#endif
     SCMP_SYS(epoll_create),
     SCMP_SYS(epoll_wait),
 #ifdef __NR_epoll_pwait