 Nick Mathewson
|
7f3563058d
Fix a 32-big conversion warning in 11970 fix
|
10 years ago |
|
Nick Mathewson
|
6f20dd7bfc
Merge remote-tracking branch 'public/bug11970'
|
10 years ago |
|
Nick Mathewson
|
b883b8d1a5
Yield a real error in the bug case of sandbox_getaddrinfo()
|
10 years ago |
|
Nick Mathewson
|
307aa7eb43
Spell getrlimit correctly.
|
10 years ago |
|
Nick Mathewson
|
a6688f9cbb
sandbox: allow enough setsockopt to make ConstrainedSockets work
|
10 years ago |
|
Nick Mathewson
|
a056ffabbb
sandbox: permit listen(2)
|
10 years ago |
|
Nick Mathewson
|
f0945ac270
Log the errno value if seccomp_load() fails.
|
10 years ago |
|
Nick Mathewson
|
b0c1c70011
Make sandbox.c compile on arm
|
10 years ago |
|
Nick Mathewson
|
e425fc7804
sandbox: revamp sandbox_getaddrinfo cacheing
|
10 years ago |
|
Nick Mathewson
|
fef65fa643
sandbox: permit gettid, sched_getaffinity
|
10 years ago |
|
Nick Mathewson
|
465982012c
sandbox: Disallow options which would make us call exec()
|
10 years ago |
|
Nick Mathewson
|
9735ca6e30
resolve a typo: sanboxing->sandboxing.
|
10 years ago |
|
Nick Mathewson
|
b8fe8ee748
Improved message when running sandbox on Linux without libseccomp
|
10 years ago |
|
Nick Mathewson
|
9c3f7a6d35
Remove spurious libevent include in sandbox.c
|
10 years ago |
|
Nick Mathewson
|
f41491816c
Log the name of the failing syscall on failure
|
10 years ago |
|
Nick Mathewson
|
f70cf9982a
Sandbox: permit O_NONBLOCK and O_NOCTTY for files we refuse
|
10 years ago |
|
Nick Mathewson
|
6194970765
Don't allow change to ConnLimit while sandbox is active
|
10 years ago |
|
Nick Mathewson
|
69eb278830
Use SCMP_CMP_MASKED_EQ to allow flags, not force them
|
10 years ago |
|
Nick Mathewson
|
e6785ee16d
Get Libevent's PRNG functioning under the linux sandbox
|
10 years ago |
|
Nick Mathewson
|
8dc6755f6d
Introduce arg-counting macros to wrap seccomp_rule_add()
|
10 years ago |
|
Nick Mathewson
|
12028c29e6
Fix sandbox protection for rename
|
10 years ago |
|
Nick Mathewson
|
739a52592b
Upgrade warning about missing interned string for sandbox
|
10 years ago |
|
Nick Mathewson
|
5aaac938a9
Have sandbox string protection include multi-valued parmeters.
|
10 years ago |
|
Nick Mathewson
|
f268101a61
Clean up sandbox structures a bit
|
10 years ago |
|
Nick Mathewson
|
6807b76a5e
Add missing rename function for non-linux platforms
|
10 years ago |
|
Nick Mathewson
|
71eaebd971
Drop 'fr' parameter from sandbox code.
|
10 years ago |
|
Nick Mathewson
|
cbfb8e703e
Add 'rename' to the sandboxed syscalls
|
10 years ago |
|
Nick Mathewson
|
3802e32c7d
Only intern one copy of each magic string for the sandbox
|
10 years ago |
|
Nick Mathewson
|
ae9d6d73f5
Fix some initial sandbox issues.
|
10 years ago |
|
Nick Mathewson
|
cc9e86db61
Log a backtrace when the sandbox finds a failure
|
10 years ago |
