diff options
| author | Cristian Toader <cristian.matei.toader@gmail.com> | 2013-06-17 13:07:14 +0300 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2013-07-11 09:13:13 -0400 |
| commit | f9c1ba6493478d227c202e4d3444283b2c840a6a (patch) | |
| tree | c79191a86be32416dd1de5ead221b15e776e6114 /src/common/sandbox.h | |
| parent | bcdc0022693c75ea1523468e783bf03832e0a358 (diff) | |
| download | tor-f9c1ba6493478d227c202e4d3444283b2c840a6a.tar tor-f9c1ba6493478d227c202e4d3444283b2c840a6a.tar.gz | |
Add a basic seccomp2 syscall filter on Linux
It's controlled by the new Sandbox argument. Right now, it's rather
coarse-grained, it's Linux-only, and it may break some features.
Diffstat (limited to 'src/common/sandbox.h')
| -rw-r--r-- | src/common/sandbox.h | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/src/common/sandbox.h b/src/common/sandbox.h new file mode 100644 index 000000000..bd6f0cfb4 --- /dev/null +++ b/src/common/sandbox.h @@ -0,0 +1,55 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2013, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file sandbox.h + * \brief Header file for sandbox.c. + **/ + +#ifndef SANDBOX_H_ +#define SANDBOX_H_ + +#ifndef SYS_SECCOMP + +/** + * Used by SIGSYS signal handler to check if the signal was issued due to a + * seccomp2 filter violation. + */ +#define SYS_SECCOMP 1 + +#endif + +/** + * Linux definitions + */ +#ifdef __linux__ + +#define __USE_GNU +#include <sys/ucontext.h> + +/** + * Linux 32 bit definitions + */ +#if defined(__i386__) + +#define REG_SYSCALL REG_EAX + +/** + * Linux 64 bit definitions + */ +#elif defined(__x86_64__) + +#define REG_SYSCALL REG_RAX + +#endif + +#endif // __linux__ + +void sandbox_set_debugging_fd(int fd); +int tor_global_sandbox(void); + +#endif /* SANDBOX_H_ */ + |