Tor  0.4.7.0-alpha-dev
Macros | Functions
sandbox.c File Reference

Code to enable sandboxing. More...

#include "orconfig.h"
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <errno.h>
#include "lib/sandbox/sandbox.h"
#include "lib/container/map.h"
#include "lib/err/torerr.h"
#include "lib/log/log.h"
#include "lib/cc/torint.h"
#include "lib/malloc/malloc.h"
#include "lib/string/scanf.h"
#include "ext/tor_queue.h"
#include "ext/ht.h"
#include "ext/siphash.h"

Go to the source code of this file.

Macros

#define _LARGEFILE64_SOURCE
 
#define MALLOC_MP_LIM   (20*1024*1024)
 
#define DEBUGGING_CLOSE
 

Functions

sandbox_cfg_tsandbox_cfg_new (void)
 
int sandbox_init (sandbox_cfg_t *cfg)
 
int sandbox_cfg_allow_open_filename (sandbox_cfg_t **cfg, char *file)
 
int sandbox_cfg_allow_openat_filename (sandbox_cfg_t **cfg, char *file)
 
int sandbox_cfg_allow_opendir_dirname (sandbox_cfg_t **cfg, char *dir)
 
int sandbox_cfg_allow_stat_filename (sandbox_cfg_t **cfg, char *file)
 
int sandbox_cfg_allow_chown_filename (sandbox_cfg_t **cfg, char *file)
 
int sandbox_cfg_allow_chmod_filename (sandbox_cfg_t **cfg, char *file)
 
int sandbox_cfg_allow_rename (sandbox_cfg_t **cfg, char *file1, char *file2)
 
int sandbox_is_active (void)
 

Detailed Description

Code to enable sandboxing.

Definition in file sandbox.c.

Macro Definition Documentation

◆ _LARGEFILE64_SOURCE

#define _LARGEFILE64_SOURCE

Temporarily required for O_LARGEFILE flag. Needs to be removed with the libevent fix.

Definition at line 19 of file sandbox.c.

◆ MALLOC_MP_LIM

#define MALLOC_MP_LIM   (20*1024*1024)

Malloc mprotect limit in bytes.

28/06/2017: This value was increased from 16 MB to 20 MB after we introduced LZMA support in Tor (0.3.1.1-alpha). We limit our LZMA coder to 16 MB, but liblzma have a small overhead that we need to compensate for to avoid being killed by the sandbox.

Definition at line 29 of file sandbox.c.

Function Documentation

◆ sandbox_cfg_allow_open_filename()

int sandbox_cfg_allow_open_filename ( sandbox_cfg_t **  cfg,
char *  file 
)

Function used to add a open allowed filename to a supplied configuration. The (char*) specifies the path to the allowed file; we take ownership of the pointer.

Definition at line 1904 of file sandbox.c.

◆ sandbox_cfg_allow_openat_filename()

int sandbox_cfg_allow_openat_filename ( sandbox_cfg_t **  cfg,
char *  file 
)

Function used to add a openat allowed filename to a supplied configuration. The (char*) specifies the path to the allowed file; we steal the pointer to that file.

Definition at line 1911 of file sandbox.c.

◆ sandbox_cfg_allow_opendir_dirname()

int sandbox_cfg_allow_opendir_dirname ( sandbox_cfg_t **  cfg,
char *  dir 
)

Function used to add a opendir allowed filename to a supplied configuration. The (char*) specifies the path to the allowed dir; we steal the pointer to that dir.

Definition at line 1918 of file sandbox.c.

◆ sandbox_cfg_allow_stat_filename()

int sandbox_cfg_allow_stat_filename ( sandbox_cfg_t **  cfg,
char *  file 
)

Function used to add a stat/stat64 allowed filename to a configuration. The (char*) specifies the path to the allowed file; that pointer is stolen.

Definition at line 1925 of file sandbox.c.

◆ sandbox_cfg_new()

sandbox_cfg_t* sandbox_cfg_new ( void  )

Creates an empty sandbox configuration file.

Definition at line 1874 of file sandbox.c.

◆ sandbox_init()

int sandbox_init ( sandbox_cfg_t cfg)

Function used to initialise a sandbox configuration.

Definition at line 1880 of file sandbox.c.

◆ sandbox_is_active()

int sandbox_is_active ( void  )

Return true iff the sandbox is turned on.

Definition at line 1953 of file sandbox.c.

Referenced by routerparse_init().