diff options
Diffstat (limited to 'src/or/main.c')
-rw-r--r-- | src/or/main.c | 71 |
1 files changed, 58 insertions, 13 deletions
diff --git a/src/or/main.c b/src/or/main.c index f665f87b1..f406e852e 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -1231,7 +1231,8 @@ run_scheduled_events(time_t now) router_upload_dir_desc_to_dirservers(0); } - if (!options->DisableNetwork && time_to_try_getting_descriptors < now) { + if (!should_delay_dir_fetches(options, NULL) && + time_to_try_getting_descriptors < now) { update_all_descriptor_downloads(now); update_extrainfo_downloads(now); if (router_have_minimum_dir_info()) @@ -1246,7 +1247,7 @@ run_scheduled_events(time_t now) now + DESCRIPTOR_FAILURE_RESET_INTERVAL; } - if (options->UseBridges) + if (options->UseBridges && !options->DisableNetwork) fetch_bridge_descriptors(options, now); /* 1b. Every MAX_SSL_KEY_LIFETIME_INTERNAL seconds, we change our @@ -1461,7 +1462,8 @@ run_scheduled_events(time_t now) * documents? */ #define networkstatus_dl_check_interval(o) ((o)->TestingTorNetwork ? 1 : 60) - if (time_to_download_networkstatus < now && !options->DisableNetwork) { + if (!should_delay_dir_fetches(options, NULL) && + time_to_download_networkstatus < now) { time_to_download_networkstatus = now + networkstatus_dl_check_interval(options); update_networkstatus_downloads(now); @@ -2830,13 +2832,48 @@ sandbox_init_filter(void) ); { - smartlist_t *logfiles = smartlist_new(); - tor_log_get_logfile_names(logfiles); - SMARTLIST_FOREACH(logfiles, char *, logfile_name, { + smartlist_t *files = smartlist_new(); + tor_log_get_logfile_names(files); + SMARTLIST_FOREACH(files, char *, file_name, { /* steals reference */ - sandbox_cfg_allow_open_filename(&cfg, logfile_name); + sandbox_cfg_allow_open_filename(&cfg, file_name); }); - smartlist_free(logfiles); + smartlist_free(files); + } + + { + smartlist_t *files = smartlist_new(); + smartlist_t *dirs = smartlist_new(); + rend_services_add_filenames_to_lists(files, dirs); + SMARTLIST_FOREACH(files, char *, file_name, { + char *tmp_name = NULL; + tor_asprintf(&tmp_name, "%s.tmp", file_name); + sandbox_cfg_allow_rename(&cfg, + tor_strdup(tmp_name), tor_strdup(file_name)); + /* steals references */ + sandbox_cfg_allow_open_filename_array(&cfg, file_name, tmp_name, NULL); + }); + SMARTLIST_FOREACH(dirs, char *, dir, { + /* steals reference */ + sandbox_cfg_allow_stat_filename(&cfg, dir); + }); + smartlist_free(files); + smartlist_free(dirs); + } + + { + char *fname; + if ((fname = get_controller_cookie_file_name())) { + sandbox_cfg_allow_open_filename(&cfg, fname); + } + if ((fname = get_ext_or_auth_cookie_file_name())) { + sandbox_cfg_allow_open_filename(&cfg, fname); + } + } + + if (options->DirPortFrontPage) { + sandbox_cfg_allow_open_filename(&cfg, + tor_strdup(options->DirPortFrontPage)); } // orport @@ -2855,6 +2892,15 @@ sandbox_init_filter(void) get_datadir_fname2("stats", "bridge-stats.tmp"), get_datadir_fname2("stats", "dirreq-stats"), get_datadir_fname2("stats", "dirreq-stats.tmp"), + get_datadir_fname2("stats", "entry-stats"), + get_datadir_fname2("stats", "entry-stats.tmp"), + get_datadir_fname2("stats", "exit-stats"), + get_datadir_fname2("stats", "exit-stats.tmp"), + get_datadir_fname2("stats", "buffer-stats"), + get_datadir_fname2("stats", "buffer-stats.tmp"), + get_datadir_fname2("stats", "conn-stats"), + get_datadir_fname2("stats", "conn-stats.tmp"), + get_datadir_fname("approved-routers"), get_datadir_fname("fingerprint"), get_datadir_fname("fingerprint.tmp"), get_datadir_fname("hashed-fingerprint"), @@ -2865,11 +2911,6 @@ sandbox_init_filter(void) NULL, 0 ); - if (options->DirPortFrontPage) { - sandbox_cfg_allow_open_filename(&cfg, - tor_strdup(options->DirPortFrontPage)); - } - RENAME_SUFFIX("fingerprint", ".tmp"); RENAME_SUFFIX2("keys", "secret_onion_key_ntor", ".tmp"); RENAME_SUFFIX2("keys", "secret_id_key", ".tmp"); @@ -2878,6 +2919,10 @@ sandbox_init_filter(void) RENAME_SUFFIX2("keys", "secret_onion_key.old", ".tmp"); RENAME_SUFFIX2("stats", "bridge-stats", ".tmp"); RENAME_SUFFIX2("stats", "dirreq-stats", ".tmp"); + RENAME_SUFFIX2("stats", "entry-stats", ".tmp"); + RENAME_SUFFIX2("stats", "exit-stats", ".tmp"); + RENAME_SUFFIX2("stats", "buffer-stats", ".tmp"); + RENAME_SUFFIX2("stats", "conn-stats", ".tmp"); RENAME_SUFFIX("hashed-fingerprint", ".tmp"); RENAME_SUFFIX("router-stability", ".tmp"); |