#22605: sandbox_intern_string(): Bug: No interned sandbox parameter found for /etc/tor/torrc.d/ ---------------------------------+------------------------------------ Reporter: toralf | Owner: dgoulet Type: defect | Status: accepted Priority: High | Milestone: Tor: 0.3.1.x-final Component: Core Tor/Tor | Version: Tor: 0.3.1.3-alpha Severity: Normal | Resolution: Keywords: sandbox, regression | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: ---------------------------------+------------------------------------
Comment (by Jigsaw52): I'm having some problems fixing this one. I tried to change the sandbox code to allow adding more filters at runtime but it seems that the rules added after the initial seccomp initialization are being ignored. More specifically, the problem I am having is the following (I am using the example in the above comments): 1. When the config is reloaded, the filter that allows opening /etc/tor/torrc.d/ appears to be installed correctly (sb_open adds the filter to the context and seccomp_load returns 0 when loading the context) 2. However, when open is called with /etc/tor/torrc.d/, the process is still killed 3. I've checked the value of the pointer to the "/etc/tor/torrc.d/" string and it is the same on sb_open when the rule is added and on the tor_listdir function, where opendir is called, which then calls the open syscall. I believe the problem is related to adding filters after the initial seccomp initialization. It would be great if someone who has some understanding of the sandbox code and libseccomp could take a look at this too. My code is in this branch: https://github.com/Jigsaw52/tor/tree/fix- torrcd-sandbox-22605 -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22605#comment:6> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs