Tor 0.4.9.0-alpha-dev
|
Code to enable sandboxing. More...
#include "orconfig.h"
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <errno.h>
#include "lib/sandbox/sandbox.h"
#include "lib/container/map.h"
#include "lib/err/torerr.h"
#include "lib/log/log.h"
#include "lib/cc/torint.h"
#include "lib/malloc/malloc.h"
#include "lib/string/scanf.h"
#include "ext/tor_queue.h"
#include "ext/ht.h"
#include "ext/siphash.h"
Go to the source code of this file.
Macros | |
#define | _LARGEFILE64_SOURCE |
#define | MALLOC_MP_LIM (20*1024*1024) |
#define | DEBUGGING_CLOSE |
Functions | |
sandbox_cfg_t * | sandbox_cfg_new (void) |
int | sandbox_init (sandbox_cfg_t *cfg) |
int | sandbox_cfg_allow_open_filename (sandbox_cfg_t **cfg, char *file) |
int | sandbox_cfg_allow_openat_filename (sandbox_cfg_t **cfg, char *file) |
int | sandbox_cfg_allow_opendir_dirname (sandbox_cfg_t **cfg, char *dir) |
int | sandbox_cfg_allow_stat_filename (sandbox_cfg_t **cfg, char *file) |
int | sandbox_cfg_allow_chown_filename (sandbox_cfg_t **cfg, char *file) |
int | sandbox_cfg_allow_chmod_filename (sandbox_cfg_t **cfg, char *file) |
int | sandbox_cfg_allow_rename (sandbox_cfg_t **cfg, char *file1, char *file2) |
int | sandbox_is_active (void) |
Code to enable sandboxing.
Definition in file sandbox.c.
#define _LARGEFILE64_SOURCE |
#define MALLOC_MP_LIM (20*1024*1024) |
Malloc mprotect limit in bytes.
28/06/2017: This value was increased from 16 MB to 20 MB after we introduced LZMA support in Tor (0.3.1.1-alpha). We limit our LZMA coder to 16 MB, but liblzma have a small overhead that we need to compensate for to avoid being killed by the sandbox.
int sandbox_cfg_allow_chmod_filename | ( | sandbox_cfg_t ** | cfg, |
char * | file | ||
) |
int sandbox_cfg_allow_chown_filename | ( | sandbox_cfg_t ** | cfg, |
char * | file | ||
) |
int sandbox_cfg_allow_open_filename | ( | sandbox_cfg_t ** | cfg, |
char * | file | ||
) |
int sandbox_cfg_allow_openat_filename | ( | sandbox_cfg_t ** | cfg, |
char * | file | ||
) |
int sandbox_cfg_allow_opendir_dirname | ( | sandbox_cfg_t ** | cfg, |
char * | dir | ||
) |
int sandbox_cfg_allow_rename | ( | sandbox_cfg_t ** | cfg, |
char * | file1, | ||
char * | file2 | ||
) |
int sandbox_cfg_allow_stat_filename | ( | sandbox_cfg_t ** | cfg, |
char * | file | ||
) |
sandbox_cfg_t * sandbox_cfg_new | ( | void | ) |
int sandbox_init | ( | sandbox_cfg_t * | cfg | ) |
int sandbox_is_active | ( | void | ) |
Return true iff the sandbox is turned on.
Definition at line 2348 of file sandbox.c.
Referenced by routerparse_init().