Draft: Only check for bindable ports if we are unsure if it will fail. (!292) · Merge requests · The Tor Project / Core / Tor

Alexander Færøy requested to merge ahf/tor:ahf/40257_035 into maint-0.3.5 Feb 04, 2021

We currently assume that the only way for Tor to listen on ports in the privileged port range (1 to 1023), on Linux, is if we are granted the NET_BIND_SERVICE capability. Today on Linux, it's possible to specify the beginning of the unprivileged port range using a sysctl configuration option. Docker (and thus the CI service Tor uses) recently changed this sysctl value to 0, which causes our tests to fail as they assume that we should NOT be able to bind to a privileged port without the NET_BIND_SERVICE capability.

In this patch, we read the value of the sysctl value via the /proc/sys/ filesystem iff it's present, otherwise we assume the default unprivileged port range begins at port 1024.

See: #40275 (closed)

Edited Feb 05, 2021 by Alexander Færøy

Draft: Only check for bindable ports if we are unsure if it will fail.

Merge request reports