aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2014-05-20 15:21:27 -0400
committerNick Mathewson <nickm@torproject.org>2014-05-20 15:21:48 -0400
commitc21377e7bcc70d2a456409225d8b2d91990a14cd (patch)
treed8d55aa4d85929f1631fc487e9ed2e7991d2dd3b
parent29f2f7ce9af19f22187098fad6d002a6e5a46479 (diff)
downloadtor-c21377e7bcc70d2a456409225d8b2d91990a14cd.tar
tor-c21377e7bcc70d2a456409225d8b2d91990a14cd.tar.gz
sandbox: support logfile rotation
Fixes bug 12032; bugfix on 0.2.5.1-alpha
-rw-r--r--changes/bug120324
-rw-r--r--src/common/log.c21
-rw-r--r--src/common/torlog.h3
-rw-r--r--src/or/config.c12
-rw-r--r--src/or/main.c9
5 files changed, 42 insertions, 7 deletions
diff --git a/changes/bug12032 b/changes/bug12032
new file mode 100644
index 000000000..44fc6c756
--- /dev/null
+++ b/changes/bug12032
@@ -0,0 +1,4 @@
+ o Minor bugfixes (Linux syscall sandbox):
+ - When we receive a SIGHUP with the sandbox enabled, correctly
+ support rotating our log files. Fixes bug 12032; bugfix on
+ 0.2.5.1-alpha.
diff --git a/src/common/log.c b/src/common/log.c
index 592dc2c5d..517fa4faa 100644
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -562,6 +562,27 @@ tor_log_update_sigsafe_err_fds(void)
UNLOCK_LOGS();
}
+/** Add to <b>out</b> a copy of every currently configured log file name. Used
+ * to enable access to these filenames with the sandbox code. */
+void
+tor_log_get_logfile_names(smartlist_t *out)
+{
+ logfile_t *lf;
+ tor_assert(out);
+
+ LOCK_LOGS();
+
+ for (lf = logfiles; lf; lf = lf->next) {
+ if (lf->is_temporary || lf->is_syslog || lf->callback)
+ continue;
+ if (lf->filename == NULL)
+ continue;
+ smartlist_add(out, tor_strdup(lf->filename));
+ }
+
+ UNLOCK_LOGS();
+}
+
/** Output a message to the log, prefixed with a function name <b>fn</b>. */
#ifdef __GNUC__
/** GCC-based implementation of the log_fn backend, used when we have
diff --git a/src/common/torlog.h b/src/common/torlog.h
index f6ddca5d4..34f70f3c0 100644
--- a/src/common/torlog.h
+++ b/src/common/torlog.h
@@ -156,6 +156,9 @@ void tor_log_err_sigsafe(const char *m, ...);
int tor_log_get_sigsafe_err_fds(const int **out);
void tor_log_update_sigsafe_err_fds(void);
+struct smartlist_t;
+void tor_log_get_logfile_names(struct smartlist_t *out);
+
extern int log_global_min_severity_;
#if defined(__GNUC__) || defined(RUNNING_DOXYGEN)
diff --git a/src/or/config.c b/src/or/config.c
index b346f6648..0f7b1d2a2 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1143,13 +1143,11 @@ options_act_reversible(const or_options_t *old_options, char **msg)
if (!running_tor)
goto commit;
- if (!sandbox_is_active()) {
- mark_logs_temp(); /* Close current logs once new logs are open. */
- logs_marked = 1;
- if (options_init_logs(options, 0)<0) { /* Configure the tor_log(s) */
- *msg = tor_strdup("Failed to init Log options. See logs for details.");
- goto rollback;
- }
+ mark_logs_temp(); /* Close current logs once new logs are open. */
+ logs_marked = 1;
+ if (options_init_logs(options, 0)<0) { /* Configure the tor_log(s) */
+ *msg = tor_strdup("Failed to init Log options. See logs for details.");
+ goto rollback;
}
commit:
diff --git a/src/or/main.c b/src/or/main.c
index 3d109ec78..7d114d9f6 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2822,6 +2822,15 @@ sandbox_init_filter(void)
NULL, 0
);
+ {
+ smartlist_t *logfiles = smartlist_new();
+ tor_log_get_logfile_names(logfiles);
+ SMARTLIST_FOREACH(logfiles, char *, logfile_name, {
+ sandbox_cfg_allow_open_filename(&cfg, logfile_name); /* steals reference */
+ });
+ smartlist_free(logfiles);
+ }
+
// orport
if (server_mode(get_options())) {
sandbox_cfg_allow_open_filename_array(&cfg,