From 268a117cdf5e58da81fd9ece925c1b963f4c1ecb Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 20 May 2014 14:58:28 -0400
Subject: [PATCH] sandbox: tolerate reloading with DirPortFrontPage set

Also, don't tolerate changing DirPortFrontPage.

Fixes bug 12028; bugfix on 0.2.5.1-alpha.
---
 changes/bug12028 | 5 +++++
 src/or/config.c  | 5 +++++
 src/or/main.c    | 5 +++++
 3 files changed, 15 insertions(+)
 create mode 100644 changes/bug12028

diff --git a/changes/bug12028 b/changes/bug12028
new file mode 100644
index 0000000000..f88d4e5460
--- /dev/null
+++ b/changes/bug12028
@@ -0,0 +1,5 @@
+  o Minor bugfixes (linux syscall sandbox):
+    - When running with DirPortFrontPage and Sandbox both enabled, reload
+      the DirPortFrontPage correctly when restarting. Fixes bug 12028;
+      bugfix on 0.2.5.1-alpha.
+
diff --git a/src/or/config.c b/src/or/config.c
index aa4c0079bf..b346f6648e 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -3747,6 +3747,11 @@ options_transition_allowed(const or_options_t *old,
                         "Sandbox is active");
       return -1;
     }
+    if (! opt_streq(old->DirPortFrontPage, new_val->DirPortFrontPage)) {
+      *msg = tor_strdup("Can't change DirPortFrontPage"
+                        " while Sandbox is active");
+      return -1;
+    }
   }
 
   return 0;
diff --git a/src/or/main.c b/src/or/main.c
index dac178ade8..3d109ec78c 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2848,6 +2848,11 @@ sandbox_init_filter(void)
         NULL, 0
     );
 
+    if (options->DirPortFrontPage) {
+      sandbox_cfg_allow_open_filename(&cfg,
+                                      tor_strdup(options->DirPortFrontPage));
+    }
+
     RENAME_SUFFIX("fingerprint", ".tmp");
     RENAME_SUFFIX2("keys", "secret_onion_key_ntor", ".tmp");
     RENAME_SUFFIX2("keys", "secret_id_key", ".tmp");
-- 
GitLab