sandbox: tolerate reloading with DirPortFrontPage set

Also, don't tolerate changing DirPortFrontPage.

Fixes bug 12028; bugfix on 0.2.5.1-alpha.

3 files changed, 15 insertions, 0 deletions

diff --git a/changes/bug12028 b/changes/bug12028
new file mode 100644
index 000000000..f88d4e546
--- /dev/null
+++ b/changes/bug12028
@@ -0,0 +1,5 @@
+  o Minor bugfixes (linux syscall sandbox):
+    - When running with DirPortFrontPage and Sandbox both enabled, reload
+      the DirPortFrontPage correctly when restarting. Fixes bug 12028;
+      bugfix on 0.2.5.1-alpha.
+
diff --git a/src/or/config.c b/src/or/config.c
index aa4c0079b..b346f6648 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -3747,6 +3747,11 @@ options_transition_allowed(const or_options_t *old,
                         "Sandbox is active");
       return -1;
     }
+    if (! opt_streq(old->DirPortFrontPage, new_val->DirPortFrontPage)) {
+      *msg = tor_strdup("Can't change DirPortFrontPage"
+                        " while Sandbox is active");
+      return -1;
+    }
   }
 
   return 0;
diff --git a/src/or/main.c b/src/or/main.c
index dac178ade..3d109ec78 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2848,6 +2848,11 @@ sandbox_init_filter(void)
         NULL, 0
     );
 
+    if (options->DirPortFrontPage) {
+      sandbox_cfg_allow_open_filename(&cfg,
+                                      tor_strdup(options->DirPortFrontPage));
+    }
+
     RENAME_SUFFIX("fingerprint", ".tmp");
     RENAME_SUFFIX2("keys", "secret_onion_key_ntor", ".tmp");
     RENAME_SUFFIX2("keys", "secret_id_key", ".tmp");