diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-04-16 16:05:10 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-04-16 22:03:18 -0400 |
| commit | 619497076585c54dc80656cdd4e6181f1109ff53 (patch) | |
| tree | c393d36474eb5758d7c607fd5a195df148d96729 | |
| parent | 18f7f49a8c08a38c15de4b8e6413ed2ae0968639 (diff) | |
| download | tor-619497076585c54dc80656cdd4e6181f1109ff53.tar tor-619497076585c54dc80656cdd4e6181f1109ff53.tar.gz | |
Don't allow change to ConnLimit while sandbox is active
| -rw-r--r-- | src/common/sandbox.c | 11 | ||||
| -rw-r--r-- | src/common/sandbox.h | 3 | ||||
| -rw-r--r-- | src/or/config.c | 18 |
3 files changed, 26 insertions, 6 deletions
diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 5f9d625ef..072275174 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -1576,6 +1576,11 @@ initialise_libseccomp_sandbox(sandbox_cfg_t* cfg) return 0; } +int +sandbox_is_active(void) +{ + return sandbox_active != 0; +} #endif // USE_LIBSECCOMP sandbox_cfg_t* @@ -1672,5 +1677,11 @@ sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2) (void)cfg; (void)file1; (void)file2; return 0; } + +int +sandbox_is_active(void) +{ + return 0; +} #endif diff --git a/src/common/sandbox.h b/src/common/sandbox.h index c4144dbb2..c40f5e0d1 100644 --- a/src/common/sandbox.h +++ b/src/common/sandbox.h @@ -229,5 +229,8 @@ int sandbox_cfg_allow_stat_filename_array(sandbox_cfg_t **cfg, ...); /** Function used to initialise a sandbox configuration.*/ int sandbox_init(sandbox_cfg_t* cfg); +/** Return true iff the sandbox is turned on. */ +int sandbox_is_active(void); + #endif /* SANDBOX_H_ */ diff --git a/src/or/config.c b/src/or/config.c index c2eebf77a..881da3785 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1,4 +1,4 @@ - /* Copyright (c) 2001 Matej Pfajfar. +/* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. * Copyright (c) 2007-2013, The Tor Project, Inc. */ @@ -1043,12 +1043,18 @@ options_act_reversible(const or_options_t *old_options, char **msg) if (running_tor) { int n_ports=0; /* We need to set the connection limit before we can open the listeners. */ - if (set_max_file_descriptors((unsigned)options->ConnLimit, - &options->ConnLimit_) < 0) { - *msg = tor_strdup("Problem with ConnLimit value. See logs for details."); - goto rollback; + if (! sandbox_is_active()) { + if (set_max_file_descriptors((unsigned)options->ConnLimit, + &options->ConnLimit_) < 0) { + *msg = tor_strdup("Problem with ConnLimit value. " + "See logs for details."); + goto rollback; + } + set_conn_limit = 1; + } else { + tor_assert(old_options); + options->ConnLimit_ = old_options->ConnLimit_; } - set_conn_limit = 1; /* Set up libevent. (We need to do this before we can register the * listeners as listeners.) */ |