Skip to content

sandbox: Fix issues on i386

Simon South requested to merge ssouth/tor:sandbox-i386-fixes into main

These changes address issues uncovered with the sandbox implementation on i386, reported in #40505 (closed).

They prevent failures in the sandbox unit tests by modifying the implementation to

  • Filter the chown32 system call on i386 in place of chown, matching glibc's implementation for this architecture;

  • Allow the clock_gettime64 system call without restriction in place of clock_gettime when the former is available, again matching glibc and preventing failures in Tor's monotonic-time routines (see src/lib/time/compat_time.c) on 32-bit machines when the sandbox is active; and

  • Skip the sandbox/stat_filename unit test when the stat64 system call is defined (and therefore likely to be used by glibc), as like stat it must be allowed without restriction by the sandbox and the test will always fail.

Note we cannot assume chown32 is used whenever it is available as some 64-bit systems provide this system call as well (for backwards compatibility, I assume), including most of those in the CI cluster.

I've tested these on a virtualized i686 system using glibc 2.31 and am working to prepare a system with glibc 2.33 to re-test there.

Merge request reports

Loading