Nick Mathewson
|
a6688f9cbb
sandbox: allow enough setsockopt to make ConstrainedSockets work
|
10 gadi atpakaļ |
Nick Mathewson
|
a056ffabbb
sandbox: permit listen(2)
|
10 gadi atpakaļ |
Nick Mathewson
|
f0945ac270
Log the errno value if seccomp_load() fails.
|
10 gadi atpakaļ |
Nick Mathewson
|
b0c1c70011
Make sandbox.c compile on arm
|
10 gadi atpakaļ |
Nick Mathewson
|
e425fc7804
sandbox: revamp sandbox_getaddrinfo cacheing
|
10 gadi atpakaļ |
Nick Mathewson
|
fef65fa643
sandbox: permit gettid, sched_getaffinity
|
10 gadi atpakaļ |
Nick Mathewson
|
465982012c
sandbox: Disallow options which would make us call exec()
|
10 gadi atpakaļ |
Nick Mathewson
|
9735ca6e30
resolve a typo: sanboxing->sandboxing.
|
10 gadi atpakaļ |
Nick Mathewson
|
b8fe8ee748
Improved message when running sandbox on Linux without libseccomp
|
10 gadi atpakaļ |
Nick Mathewson
|
9c3f7a6d35
Remove spurious libevent include in sandbox.c
|
10 gadi atpakaļ |
Nick Mathewson
|
f41491816c
Log the name of the failing syscall on failure
|
10 gadi atpakaļ |
Nick Mathewson
|
f70cf9982a
Sandbox: permit O_NONBLOCK and O_NOCTTY for files we refuse
|
10 gadi atpakaļ |
Nick Mathewson
|
6194970765
Don't allow change to ConnLimit while sandbox is active
|
10 gadi atpakaļ |
Nick Mathewson
|
69eb278830
Use SCMP_CMP_MASKED_EQ to allow flags, not force them
|
10 gadi atpakaļ |
Nick Mathewson
|
e6785ee16d
Get Libevent's PRNG functioning under the linux sandbox
|
10 gadi atpakaļ |
Nick Mathewson
|
8dc6755f6d
Introduce arg-counting macros to wrap seccomp_rule_add()
|
10 gadi atpakaļ |
Nick Mathewson
|
12028c29e6
Fix sandbox protection for rename
|
10 gadi atpakaļ |
Nick Mathewson
|
739a52592b
Upgrade warning about missing interned string for sandbox
|
10 gadi atpakaļ |
Nick Mathewson
|
5aaac938a9
Have sandbox string protection include multi-valued parmeters.
|
10 gadi atpakaļ |
Nick Mathewson
|
f268101a61
Clean up sandbox structures a bit
|
10 gadi atpakaļ |
Nick Mathewson
|
6807b76a5e
Add missing rename function for non-linux platforms
|
10 gadi atpakaļ |
Nick Mathewson
|
71eaebd971
Drop 'fr' parameter from sandbox code.
|
10 gadi atpakaļ |
Nick Mathewson
|
cbfb8e703e
Add 'rename' to the sandboxed syscalls
|
10 gadi atpakaļ |
Nick Mathewson
|
3802e32c7d
Only intern one copy of each magic string for the sandbox
|
10 gadi atpakaļ |
Nick Mathewson
|
ae9d6d73f5
Fix some initial sandbox issues.
|
10 gadi atpakaļ |
Nick Mathewson
|
cc9e86db61
Log a backtrace when the sandbox finds a failure
|
10 gadi atpakaļ |
Nick Mathewson
|
196895ed7e
Make the sandbox code allow the writev() syscall.
|
10 gadi atpakaļ |
Nick Mathewson
|
119896cd43
Fix some leaks/missed checks in the unit tests
|
10 gadi atpakaļ |
Nick Mathewson
|
25f0eb4512
Add a sandbox rule to allow IP_TRANSPARENT
|
10 gadi atpakaļ |
Nick Mathewson
|
9be105f94b
whitespace fixes
|
10 gadi atpakaļ |