diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2018-01-22 12:10:56 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2018-01-22 12:13:40 +0100 |
| commit | 6785f793478373cf21c27431c66bc4d20e835576 (patch) | |
| tree | 02f988937bf0ea9f36554df2172f1036b4b2becb /executor | |
| parent | aeb24072ff271c77f86d3bd98daae46e894e2f88 (diff) | |
executor: reshuffle namespace sandboxing sequence again
Now we create tun in the _outer_ net namespace,
which is tied to init user namespace. Thus fuzzer
does not have CAP_ADMIN in it.
In the end it seems that there is no sandboxing sequence,
which would give us everything we need.
Reshuffle sequences so that we have corrent namespace
hierarchy, but don't have IFF_NAPI_FRAGS.
Diffstat (limited to 'executor')
| -rw-r--r-- | executor/common_linux.h | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/executor/common_linux.h b/executor/common_linux.h index 8b8a5c3f8..9fe76d6bb 100644 --- a/executor/common_linux.h +++ b/executor/common_linux.h @@ -859,6 +859,18 @@ static int namespace_sandbox_proc(void* arg) if (!write_file("/proc/self/gid_map", "0 %d 1\n", real_gid)) fail("write of /proc/self/gid_map failed"); + // CLONE_NEWNET must always happen before tun setup, + // because we want the tun device in the test namespace. + if (unshare(CLONE_NEWNET)) + fail("unshare(CLONE_NEWNET)"); +#if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) + // We setup tun here as it needs to be in the test net namespace, + // which in turn needs to be in the test user namespace. + // However, IFF_NAPI_FRAGS will fail as we are not root already. + // There does not seem to be a call sequence that would satisfy all of that. + setup_tun((long)arg >> 1, (long)arg & 1); +#endif + if (mkdir("./syz-tmp", 0777)) fail("mkdir(syz-tmp) failed"); if (mount("", "./syz-tmp", "tmpfs", 0, NULL)) @@ -919,21 +931,12 @@ static int do_sandbox_namespace(int executor_pid, bool enable_tun) { int pid; - // CLONE_NEWNET must always happen before tun setup, - // because we want the tun device in the test namespace. - if (unshare(CLONE_NEWNET)) - fail("unshare(CLONE_NEWNET)"); -#if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) - // For sandbox namespace we setup tun before dropping privs, - // because IFF_NAPI_FRAGS requires root. - setup_tun(executor_pid, enable_tun); -#endif - real_uid = getuid(); real_gid = getgid(); mprotect(sandbox_stack, 4096, PROT_NONE); // to catch stack underflows + void* arg = (void*)(long)((executor_pid << 1) | enable_tun); pid = clone(namespace_sandbox_proc, &sandbox_stack[sizeof(sandbox_stack) - 64], - CLONE_NEWUSER | CLONE_NEWPID, NULL); + CLONE_NEWUSER | CLONE_NEWPID, arg); if (pid < 0) fail("sandbox clone failed"); return pid; |