Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 546906 Details for
Bug 665698
net-vpn/tor-0.3.4.7_rc sandbox not working anymore
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch fixing sandbox openat regression from 0.3.4.7_rc
sandbox-bad-syscall-openat.patch (text/plain), 1.12 KB, created by
Kai Damm
on 2018-09-14 11:59:47 UTC
(
hide
)
Description:
patch fixing sandbox openat regression from 0.3.4.7_rc
Filename:
MIME Type:
Creator:
Kai Damm
Created:
2018-09-14 11:59:47 UTC
Size:
1.12 KB
patch
obsolete
>diff --git a/src/common/sandbox.c b/src/common/sandbox.c >index 48e37ba12..904bf33c1 100644 >--- a/src/common/sandbox.c >+++ b/src/common/sandbox.c >@@ -454,9 +454,18 @@ static int > allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file) > { > if (use_openat) { >- return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), >- SCMP_CMP(0, SCMP_CMP_EQ, (unsigned int)AT_FDCWD), >- SCMP_CMP_STR(1, SCMP_CMP_EQ, file)); >+ int ret; >+ ret = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), >+ SCMP_CMP(0, SCMP_CMP_EQ, (unsigned int)AT_FDCWD), >+ SCMP_CMP_STR(1, SCMP_CMP_EQ, file)); >+ if (ret != 0) { >+ return ret; >+ } >+ >+ ret = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), >+ SCMP_CMP_STR(0, SCMP_CMP_EQ, AT_FDCWD), >+ SCMP_CMP_STR(1, SCMP_CMP_EQ, file)); >+ return ret; > } else { > return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), > SCMP_CMP_STR(0, SCMP_CMP_EQ, file));
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=546906">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 665698
: 546906
