| commit | 67aefd5520c7d9b3004ee25b860e5b54b3401188 | |
| author | Alexander Færøy <ahf@torproject.org> | |
| Thu, 4 Feb 2021 23:11:11 +0000 (4 23:11 +0000) | ||
| committer | Alexander Færøy <ahf@torproject.org> | |
| Fri, 5 Feb 2021 16:04:21 +0000 (5 16:04 +0000) | ||
| tree | d9e440c4da5b8cd5e0621e3e32061c7e7861ce7d | treesnapshot (tar.gz zip) |
| parent | 21317c92296f0c08176c8788f8f2bcf501e78032 | commitdiff |
Only check for bindable ports if we are unsure if it will fail.
We currently assume that the only way for Tor to listen on ports in the
privileged port range (1 to 1023), on Linux, is if we are granted the
NET_BIND_SERVICE capability. Today on Linux, it's possible to specify
the beginning of the unprivileged port range using a sysctl
configuration option. Docker (and thus the CI service Tor uses) recently
changed this sysctl value to 0, which causes our tests to fail as they
assume that we should NOT be able to bind to a privileged port *without*
the NET_BIND_SERVICE capability.
In this patch, we read the value of the sysctl value via the /proc/sys/
filesystem iff it's present, otherwise we assume the default
unprivileged port range begins at port 1024.
See: tor#40275
We currently assume that the only way for Tor to listen on ports in the
privileged port range (1 to 1023), on Linux, is if we are granted the
NET_BIND_SERVICE capability. Today on Linux, it's possible to specify
the beginning of the unprivileged port range using a sysctl
configuration option. Docker (and thus the CI service Tor uses) recently
changed this sysctl value to 0, which causes our tests to fail as they
assume that we should NOT be able to bind to a privileged port *without*
the NET_BIND_SERVICE capability.
In this patch, we read the value of the sysctl value via the /proc/sys/
filesystem iff it's present, otherwise we assume the default
unprivileged port range begins at port 1024.
See: tor#40275
| src/test/test_switch_id.c | diffblobblamehistory |