|
Tor 0.4.9.3-alpha-dev
|
Code to enable sandboxing. More...
#include "orconfig.h"#include <stdio.h>#include <string.h>#include <stdlib.h>#include <errno.h>#include "lib/sandbox/sandbox.h"#include "lib/container/map.h"#include "lib/err/torerr.h"#include "lib/log/log.h"#include "lib/cc/torint.h"#include "lib/malloc/malloc.h"#include "lib/string/scanf.h"#include "ext/tor_queue.h"#include "ext/ht.h"#include "ext/siphash.h"Go to the source code of this file.
Macros | |
| #define | _LARGEFILE64_SOURCE |
| #define | MALLOC_MP_LIM (20*1024*1024) |
| #define | DEBUGGING_CLOSE |
Functions | |
| sandbox_cfg_t * | sandbox_cfg_new (void) |
| int | sandbox_init (sandbox_cfg_t *cfg) |
| int | sandbox_cfg_allow_open_filename (sandbox_cfg_t **cfg, char *file) |
| int | sandbox_cfg_allow_openat_filename (sandbox_cfg_t **cfg, char *file) |
| int | sandbox_cfg_allow_opendir_dirname (sandbox_cfg_t **cfg, char *dir) |
| int | sandbox_cfg_allow_stat_filename (sandbox_cfg_t **cfg, char *file) |
| int | sandbox_cfg_allow_chown_filename (sandbox_cfg_t **cfg, char *file) |
| int | sandbox_cfg_allow_chmod_filename (sandbox_cfg_t **cfg, char *file) |
| int | sandbox_cfg_allow_rename (sandbox_cfg_t **cfg, char *file1, char *file2) |
| int | sandbox_is_active (void) |
Code to enable sandboxing.
Definition in file sandbox.c.
| #define _LARGEFILE64_SOURCE |
| #define MALLOC_MP_LIM (20*1024*1024) |
Malloc mprotect limit in bytes.
28/06/2017: This value was increased from 16 MB to 20 MB after we introduced LZMA support in Tor (0.3.1.1-alpha). We limit our LZMA coder to 16 MB, but liblzma have a small overhead that we need to compensate for to avoid being killed by the sandbox.
| int sandbox_cfg_allow_chmod_filename | ( | sandbox_cfg_t ** | cfg, |
| char * | file | ||
| ) |
| int sandbox_cfg_allow_chown_filename | ( | sandbox_cfg_t ** | cfg, |
| char * | file | ||
| ) |
| int sandbox_cfg_allow_open_filename | ( | sandbox_cfg_t ** | cfg, |
| char * | file | ||
| ) |
Function used to add a open allowed filename to a supplied configuration. The (char*) specifies the path to the allowed file; we take ownership of the pointer.
Definition at line 2322 of file sandbox.c.
Referenced by storage_dir_register_with_sandbox().
| int sandbox_cfg_allow_openat_filename | ( | sandbox_cfg_t ** | cfg, |
| char * | file | ||
| ) |
| int sandbox_cfg_allow_opendir_dirname | ( | sandbox_cfg_t ** | cfg, |
| char * | dir | ||
| ) |
| int sandbox_cfg_allow_rename | ( | sandbox_cfg_t ** | cfg, |
| char * | file1, | ||
| char * | file2 | ||
| ) |
| int sandbox_cfg_allow_stat_filename | ( | sandbox_cfg_t ** | cfg, |
| char * | file | ||
| ) |
Function used to add a stat/stat64 allowed filename to a configuration. The (char*) specifies the path to the allowed file; that pointer is stolen.
Definition at line 2343 of file sandbox.c.
Referenced by storage_dir_register_with_sandbox().
| sandbox_cfg_t * sandbox_cfg_new | ( | void | ) |
| int sandbox_init | ( | sandbox_cfg_t * | cfg | ) |
Function used to initialise a sandbox configuration.
Definition at line 2298 of file sandbox.c.
Referenced by tor_run_main().
| int sandbox_is_active | ( | void | ) |
Return true iff the sandbox is turned on.
Definition at line 2371 of file sandbox.c.
Referenced by dump_desc(), options_act(), options_check_transition_cb(), options_start_listener_transaction(), and routerparse_init().
1.9.8