Code to enable sandboxing.
More...
#include "orconfig.h"
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <errno.h>
#include "lib/sandbox/sandbox.h"
#include "lib/container/map.h"
#include "lib/err/torerr.h"
#include "lib/log/log.h"
#include "lib/cc/torint.h"
#include "lib/malloc/malloc.h"
#include "lib/string/scanf.h"
#include "ext/tor_queue.h"
#include "ext/ht.h"
#include "ext/siphash.h"
Go to the source code of this file.
Code to enable sandboxing.
Definition in file sandbox.c.
◆ _LARGEFILE64_SOURCE
#define _LARGEFILE64_SOURCE |
Temporarily required for O_LARGEFILE flag. Needs to be removed with the libevent fix.
Definition at line 19 of file sandbox.c.
◆ MALLOC_MP_LIM
#define MALLOC_MP_LIM (20*1024*1024) |
Malloc mprotect limit in bytes.
28/06/2017: This value was increased from 16 MB to 20 MB after we introduced LZMA support in Tor (0.3.1.1-alpha). We limit our LZMA coder to 16 MB, but liblzma have a small overhead that we need to compensate for to avoid being killed by the sandbox.
Definition at line 29 of file sandbox.c.
◆ sandbox_cfg_allow_open_filename()
int sandbox_cfg_allow_open_filename |
( |
sandbox_cfg_t ** |
cfg, |
|
|
char * |
file |
|
) |
| |
Function used to add a open allowed filename to a supplied configuration. The (char*) specifies the path to the allowed file; we take ownership of the pointer.
Definition at line 1904 of file sandbox.c.
◆ sandbox_cfg_allow_openat_filename()
int sandbox_cfg_allow_openat_filename |
( |
sandbox_cfg_t ** |
cfg, |
|
|
char * |
file |
|
) |
| |
Function used to add a openat allowed filename to a supplied configuration. The (char*) specifies the path to the allowed file; we steal the pointer to that file.
Definition at line 1911 of file sandbox.c.
◆ sandbox_cfg_allow_opendir_dirname()
int sandbox_cfg_allow_opendir_dirname |
( |
sandbox_cfg_t ** |
cfg, |
|
|
char * |
dir |
|
) |
| |
Function used to add a opendir allowed filename to a supplied configuration. The (char*) specifies the path to the allowed dir; we steal the pointer to that dir.
Definition at line 1918 of file sandbox.c.
◆ sandbox_cfg_allow_stat_filename()
int sandbox_cfg_allow_stat_filename |
( |
sandbox_cfg_t ** |
cfg, |
|
|
char * |
file |
|
) |
| |
Function used to add a stat/stat64 allowed filename to a configuration. The (char*) specifies the path to the allowed file; that pointer is stolen.
Definition at line 1925 of file sandbox.c.
◆ sandbox_cfg_new()
Creates an empty sandbox configuration file.
Definition at line 1874 of file sandbox.c.
◆ sandbox_init()
Function used to initialise a sandbox configuration.
Definition at line 1880 of file sandbox.c.
◆ sandbox_is_active()
int sandbox_is_active |
( |
void |
| ) |
|