diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2018-01-23 12:56:00 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2018-01-23 12:56:00 +0100 |
| commit | a5b7566c4a75cf70b3714f8dd2edc772174f28f9 (patch) | |
| tree | 028fbac2c634c0485227f24fcdf1a3e04965cc74 | |
| parent | 3d76cc40d99e9f984db1ecc9310a8ea2004ec901 (diff) | |
executor: handle old and new selinux mount points
| -rw-r--r-- | executor/common_linux.h | 8 | ||||
| -rw-r--r-- | pkg/csource/linux_common.go | 7 |
2 files changed, 11 insertions, 4 deletions
diff --git a/executor/common_linux.h b/executor/common_linux.h index 9fe76d6bb..c971801fe 100644 --- a/executor/common_linux.h +++ b/executor/common_linux.h @@ -879,7 +879,8 @@ static int namespace_sandbox_proc(void* arg) fail("mkdir failed"); if (mkdir("./syz-tmp/newroot/dev", 0700)) fail("mkdir failed"); - if (mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND | MS_REC | MS_PRIVATE, NULL)) + unsigned mount_flags = MS_BIND | MS_REC | MS_PRIVATE; + if (mount("/dev", "./syz-tmp/newroot/dev", NULL, mount_flags, NULL)) fail("mount(dev) failed"); if (mkdir("./syz-tmp/newroot/proc", 0700)) fail("mkdir failed"); @@ -887,7 +888,10 @@ static int namespace_sandbox_proc(void* arg) fail("mount(proc) failed"); if (mkdir("./syz-tmp/newroot/selinux", 0700)) fail("mkdir failed"); - if (mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND | MS_REC | MS_PRIVATE, NULL)) + // selinux mount used to be at /selinux, but then moved to /sys/fs/selinux. + const char* selinux_path = "./syz-tmp/newroot/selinux"; + if (mount("/selinux", selinux_path, NULL, mount_flags, NULL) && + mount("/sys/fs/selinux", selinux_path, NULL, mount_flags, NULL)) fail("mount(selinuxfs) failed"); if (mkdir("./syz-tmp/pivot", 0777)) fail("mkdir failed"); diff --git a/pkg/csource/linux_common.go b/pkg/csource/linux_common.go index d9d8efaa6..c44bc68a6 100644 --- a/pkg/csource/linux_common.go +++ b/pkg/csource/linux_common.go @@ -1921,7 +1921,8 @@ static int namespace_sandbox_proc(void* arg) fail("mkdir failed"); if (mkdir("./syz-tmp/newroot/dev", 0700)) fail("mkdir failed"); - if (mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND | MS_REC | MS_PRIVATE, NULL)) + unsigned mount_flags = MS_BIND | MS_REC | MS_PRIVATE; + if (mount("/dev", "./syz-tmp/newroot/dev", NULL, mount_flags, NULL)) fail("mount(dev) failed"); if (mkdir("./syz-tmp/newroot/proc", 0700)) fail("mkdir failed"); @@ -1929,7 +1930,9 @@ static int namespace_sandbox_proc(void* arg) fail("mount(proc) failed"); if (mkdir("./syz-tmp/newroot/selinux", 0700)) fail("mkdir failed"); - if (mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND | MS_REC | MS_PRIVATE, NULL)) + const char* selinux_path = "./syz-tmp/newroot/selinux"; + if (mount("/selinux", selinux_path, NULL, mount_flags, NULL) && + mount("/sys/fs/selinux", selinux_path, NULL, mount_flags, NULL)) fail("mount(selinuxfs) failed"); if (mkdir("./syz-tmp/pivot", 0777)) fail("mkdir failed"); |