Changes as suggested by nickm

- char* to const char* and name refactoring
- workaround for accept4 syscall

src/common/compat.c

@@ -125,7 +125,7 @@ tor_open_cloexec(const char *path, int flags, unsigned mode)
 {
   int fd;
 #ifdef O_CLOEXEC
-  path = get_prot_param(path);
+  path = sandbox_intern_string(path);
   fd = open(path, flags|O_CLOEXEC, mode);
   if (fd >= 0)
     return fd;

src/common/sandbox.c

@@ -49,6 +49,10 @@ static sandbox_static_cfg_t filter_static[] = {
 #endif
     {SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGCHLD), 0},
     {SCMP_SYS(time), PARAM_NUM, 0, 0, 0},
+
+#ifdef __NR_socketcall
+    {SCMP_SYS(socketcall), PARAM_NUM, 0, 18, 0}, // accept4 workaround
+#endif
 };
 
 /** Variable used for storing all syscall numbers that will be allowed with the
@@ -136,7 +140,7 @@ static int filter_nopar_gen[] = {
     SCMP_SYS(exit),
 
     // socket syscalls
-    SCMP_SYS(accept4),
+//    SCMP_SYS(accept4),
     SCMP_SYS(bind),
     SCMP_SYS(connect),
     SCMP_SYS(getsockname),
@@ -149,17 +153,12 @@ static int filter_nopar_gen[] = {
     SCMP_SYS(setsockopt),
     SCMP_SYS(socket),
     SCMP_SYS(socketpair),
-
-#ifdef __NR_socketcall
-//    SCMP_SYS(socketcall),
-#endif
-
     SCMP_SYS(recvfrom),
     SCMP_SYS(unlink),
 };
 
-char*
-get_prot_param(char *param)
+const char*
+sandbox_intern_string(char *param)
 {
   int i, filter_size;
   sandbox_cfg_t *elem;

src/common/sandbox.h

@@ -80,7 +80,7 @@ typedef struct pfd_elem sandbox_cfg_t;
 
 void sandbox_set_debugging_fd(int fd);
 int tor_global_sandbox(void);
-char* get_prot_param(char *param);
+const char* sandbox_intern_string(char *param);
 
 sandbox_cfg_t * sandbox_cfg_new();
 int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file);