diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-05-20 15:21:27 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-05-20 15:21:48 -0400 |
| commit | c21377e7bcc70d2a456409225d8b2d91990a14cd (patch) | |
| tree | d8d55aa4d85929f1631fc487e9ed2e7991d2dd3b | |
| parent | 29f2f7ce9af19f22187098fad6d002a6e5a46479 (diff) | |
| download | tor-c21377e7bcc70d2a456409225d8b2d91990a14cd.tar tor-c21377e7bcc70d2a456409225d8b2d91990a14cd.tar.gz | |
sandbox: support logfile rotation
Fixes bug 12032; bugfix on 0.2.5.1-alpha
| -rw-r--r-- | changes/bug12032 | 4 | ||||
| -rw-r--r-- | src/common/log.c | 21 | ||||
| -rw-r--r-- | src/common/torlog.h | 3 | ||||
| -rw-r--r-- | src/or/config.c | 12 | ||||
| -rw-r--r-- | src/or/main.c | 9 |
5 files changed, 42 insertions, 7 deletions
diff --git a/changes/bug12032 b/changes/bug12032 new file mode 100644 index 000000000..44fc6c756 --- /dev/null +++ b/changes/bug12032 @@ -0,0 +1,4 @@ + o Minor bugfixes (Linux syscall sandbox): + - When we receive a SIGHUP with the sandbox enabled, correctly + support rotating our log files. Fixes bug 12032; bugfix on + 0.2.5.1-alpha. diff --git a/src/common/log.c b/src/common/log.c index 592dc2c5d..517fa4faa 100644 --- a/src/common/log.c +++ b/src/common/log.c @@ -562,6 +562,27 @@ tor_log_update_sigsafe_err_fds(void) UNLOCK_LOGS(); } +/** Add to <b>out</b> a copy of every currently configured log file name. Used + * to enable access to these filenames with the sandbox code. */ +void +tor_log_get_logfile_names(smartlist_t *out) +{ + logfile_t *lf; + tor_assert(out); + + LOCK_LOGS(); + + for (lf = logfiles; lf; lf = lf->next) { + if (lf->is_temporary || lf->is_syslog || lf->callback) + continue; + if (lf->filename == NULL) + continue; + smartlist_add(out, tor_strdup(lf->filename)); + } + + UNLOCK_LOGS(); +} + /** Output a message to the log, prefixed with a function name <b>fn</b>. */ #ifdef __GNUC__ /** GCC-based implementation of the log_fn backend, used when we have diff --git a/src/common/torlog.h b/src/common/torlog.h index f6ddca5d4..34f70f3c0 100644 --- a/src/common/torlog.h +++ b/src/common/torlog.h @@ -156,6 +156,9 @@ void tor_log_err_sigsafe(const char *m, ...); int tor_log_get_sigsafe_err_fds(const int **out); void tor_log_update_sigsafe_err_fds(void); +struct smartlist_t; +void tor_log_get_logfile_names(struct smartlist_t *out); + extern int log_global_min_severity_; #if defined(__GNUC__) || defined(RUNNING_DOXYGEN) diff --git a/src/or/config.c b/src/or/config.c index b346f6648..0f7b1d2a2 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1143,13 +1143,11 @@ options_act_reversible(const or_options_t *old_options, char **msg) if (!running_tor) goto commit; - if (!sandbox_is_active()) { - mark_logs_temp(); /* Close current logs once new logs are open. */ - logs_marked = 1; - if (options_init_logs(options, 0)<0) { /* Configure the tor_log(s) */ - *msg = tor_strdup("Failed to init Log options. See logs for details."); - goto rollback; - } + mark_logs_temp(); /* Close current logs once new logs are open. */ + logs_marked = 1; + if (options_init_logs(options, 0)<0) { /* Configure the tor_log(s) */ + *msg = tor_strdup("Failed to init Log options. See logs for details."); + goto rollback; } commit: diff --git a/src/or/main.c b/src/or/main.c index 3d109ec78..7d114d9f6 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2822,6 +2822,15 @@ sandbox_init_filter(void) NULL, 0 ); + { + smartlist_t *logfiles = smartlist_new(); + tor_log_get_logfile_names(logfiles); + SMARTLIST_FOREACH(logfiles, char *, logfile_name, { + sandbox_cfg_allow_open_filename(&cfg, logfile_name); /* steals reference */ + }); + smartlist_free(logfiles); + } + // orport if (server_mode(get_options())) { sandbox_cfg_allow_open_filename_array(&cfg, |