diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2018-01-15 19:09:16 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2018-01-15 19:09:16 +0100 |
| commit | b705c0226334d8763a9f1b9ee06fe7a78a5558e7 (patch) | |
| tree | ceaf2e9b9bd72b53b6884d09407c6edfcf46c4e6 /pkg/csource/linux_common.go | |
| parent | b75f5cb3cb6145796e39a799e4b4c83d7d4b4237 (diff) | |
executor: fix tun/device setup for sandbox=namespace
For sandbox=namespace we first create network devices
and then do CLONE_NEWNS, which brings us into a new
namespace which actually does not have any of these devices.
Tun mostly worked, because we hold fd to the tun device.
However, even for tun we could not see the "syz0" device.
Diffstat (limited to 'pkg/csource/linux_common.go')
| -rw-r--r-- | pkg/csource/linux_common.go | 35 |
1 files changed, 27 insertions, 8 deletions
diff --git a/pkg/csource/linux_common.go b/pkg/csource/linux_common.go index c8841d4ec..4d3a2b820 100644 --- a/pkg/csource/linux_common.go +++ b/pkg/csource/linux_common.go @@ -1793,19 +1793,30 @@ static void sandbox_common() #define CLONE_NEWCGROUP 0x02000000 #endif - unshare(CLONE_NEWNS); - unshare(CLONE_NEWIPC); - unshare(CLONE_NEWCGROUP); - unshare(CLONE_NEWNET); - unshare(CLONE_NEWUTS); - unshare(CLONE_SYSVSEM); + if (unshare(CLONE_NEWNS)) { + debug("unshare(CLONE_NEWNS): %d\n", errno); + } + if (unshare(CLONE_NEWIPC)) { + debug("unshare(CLONE_NEWIPC): %d\n", errno); + } + if (unshare(CLONE_NEWCGROUP)) { + debug("unshare(CLONE_NEWCGROUP): %d\n", errno); + } + if (unshare(CLONE_NEWUTS)) { + debug("unshare(CLONE_NEWUTS): %d\n", errno); + } + if (unshare(CLONE_SYSVSEM)) { + debug("unshare(CLONE_SYSVSEM): %d\n", errno); + } } #endif #if defined(SYZ_EXECUTOR) || defined(SYZ_SANDBOX_NONE) static int do_sandbox_none(int executor_pid, bool enable_tun) { - unshare(CLONE_NEWPID); + if (unshare(CLONE_NEWPID)) { + debug("unshare(CLONE_NEWPID): %d\n", errno); + } int pid = fork(); if (pid < 0) fail("sandbox fork failed"); @@ -1813,6 +1824,9 @@ static int do_sandbox_none(int executor_pid, bool enable_tun) return pid; sandbox_common(); + if (unshare(CLONE_NEWNET)) { + debug("unshare(CLONE_NEWNET): %d\n", errno); + } #if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) setup_tun(executor_pid, enable_tun); #endif @@ -1825,7 +1839,8 @@ static int do_sandbox_none(int executor_pid, bool enable_tun) #if defined(SYZ_EXECUTOR) || defined(SYZ_SANDBOX_SETUID) static int do_sandbox_setuid(int executor_pid, bool enable_tun) { - unshare(CLONE_NEWPID); + if (unshare(CLONE_NEWPID)) + fail("unshare(CLONE_NEWPID)"); int pid = fork(); if (pid < 0) fail("sandbox fork failed"); @@ -1833,6 +1848,8 @@ static int do_sandbox_setuid(int executor_pid, bool enable_tun) return pid; sandbox_common(); + if (unshare(CLONE_NEWNET)) + fail("unshare(CLONE_NEWNET)"); #if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) setup_tun(executor_pid, enable_tun); #endif @@ -1941,6 +1958,8 @@ static int do_sandbox_namespace(int executor_pid, bool enable_tun) { int pid; + if (unshare(CLONE_NEWNET)) + fail("unshare(CLONE_NEWNET)"); #if defined(SYZ_EXECUTOR) || defined(SYZ_TUN_ENABLE) setup_tun(executor_pid, enable_tun); #endif |