Nick Mathewson
|
973661394a
Merge branch '10267_plus_10896_rebased_twice'
|
10 years ago |
Nick Mathewson
|
f9719b0781
Changes file for 10896
|
10 years ago |
Nick Mathewson
|
89e520e2a7
Call pf-divert openbsd-specific, not no-linux
|
10 years ago |
Nick Mathewson
|
c00c45fee1
Fix OSX compilation.
|
10 years ago |
Nick Mathewson
|
db8259c230
Whitespace, doc fixes
|
10 years ago |
dana koch
|
f680d0fdd2
Educate tor on OpenBSD's use of divert-to rules with the pf firewall.
|
10 years ago |
Nick Mathewson
|
08ef8c0958
tor_addr_from_sockaddr() is applicable in ipfw code, so use it.
|
10 years ago |
Nick Mathewson
|
3e4680f312
ipfw TransPort support on FreeBSD (10267)
|
10 years ago |
Nick Mathewson
|
506c890440
add a changes file for the sandbox fixes series
|
10 years ago |
Nick Mathewson
|
f41491816c
Log the name of the failing syscall on failure
|
10 years ago |
Nick Mathewson
|
2ae47d3c3a
Block certain option transitions while sandbox enabled
|
10 years ago |
Nick Mathewson
|
f70cf9982a
Sandbox: permit O_NONBLOCK and O_NOCTTY for files we refuse
|
10 years ago |
Nick Mathewson
|
c80a6bd9d5
Don't reload logs or rewrite pidfile while sandbox is active
|
10 years ago |
Nick Mathewson
|
6194970765
Don't allow change to ConnLimit while sandbox is active
|
10 years ago |
Nick Mathewson
|
18f7f49a8c
Allow reloading torrc and writing to router-stability
|
10 years ago |
Nick Mathewson
|
69eb278830
Use SCMP_CMP_MASKED_EQ to allow flags, not force them
|
10 years ago |
Nick Mathewson
|
ce776cf270
Add a couple of missing renames so the server sandbox works again
|
10 years ago |
Nick Mathewson
|
e6785ee16d
Get Libevent's PRNG functioning under the linux sandbox
|
10 years ago |
Nick Mathewson
|
156eefca45
Make sure everything using an interned string is preceded by a log
|
10 years ago |
Nick Mathewson
|
8dc6755f6d
Introduce arg-counting macros to wrap seccomp_rule_add()
|
10 years ago |
Nick Mathewson
|
12028c29e6
Fix sandbox protection for rename
|
10 years ago |
Nick Mathewson
|
739a52592b
Upgrade warning about missing interned string for sandbox
|
10 years ago |
Nick Mathewson
|
5aaac938a9
Have sandbox string protection include multi-valued parmeters.
|
10 years ago |
Nick Mathewson
|
f268101a61
Clean up sandbox structures a bit
|
10 years ago |
Nick Mathewson
|
6807b76a5e
Add missing rename function for non-linux platforms
|
10 years ago |
Nick Mathewson
|
71eaebd971
Drop 'fr' parameter from sandbox code.
|
10 years ago |
Nick Mathewson
|
e051e192a8
Remove nonsensical exec permission from sandbox code.
|
10 years ago |
Nick Mathewson
|
cbfb8e703e
Add 'rename' to the sandboxed syscalls
|
10 years ago |
Nick Mathewson
|
3802e32c7d
Only intern one copy of each magic string for the sandbox
|
10 years ago |
Nick Mathewson
|
ae9d6d73f5
Fix some initial sandbox issues.
|
10 years ago |