executor: don't checkpoint/reset net namespace with setuid sandbox

After setuid the process won't have rights to reset net namespace, but it should not be able to change it during fuzzing too. So just skip that part.
author: Dmitry Vyukov <dvyukov@google.com> 2018-08-08 11:16:54 +0200
committer: Dmitry Vyukov <dvyukov@google.com> 2018-08-08 11:16:54 +0200
commit: ddeb9f8d8828ea4f297656445164e17a9f4c2591 (patch)
tree: 7cf3dd75e03f4ddd9177aa0ffa53f1c293c063d3 /pkg/csource
parent: 14f8a76fe729bddfcc96913fa4f7821f163144ac (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go
index ee719dc65..f25ee1998 100644
--- a/pkg/csource/generated.go
+++ b/pkg/csource/generated.go
@@ -2862,6 +2862,10 @@ static void reset_ebtables()
 
 static void checkpoint_net_namespace(void)
 {
+#if SYZ_EXECUTOR
+	if (flag_sandbox == sandbox_setuid)
+		return;
+#endif
 	checkpoint_ebtables();
 	checkpoint_arptables();
 	checkpoint_iptables(ipv4_tables, sizeof(ipv4_tables) / sizeof(ipv4_tables[0]), AF_INET, SOL_IP);
@@ -2870,6 +2874,10 @@ static void checkpoint_net_namespace(void)
 
 static void reset_net_namespace(void)
 {
+#if SYZ_EXECUTOR
+	if (flag_sandbox == sandbox_setuid)
+		return;
+#endif
 	reset_ebtables();
 	reset_arptables();
 	reset_iptables(ipv4_tables, sizeof(ipv4_tables) / sizeof(ipv4_tables[0]), AF_INET, SOL_IP);
author	Dmitry Vyukov <dvyukov@google.com>	2018-08-08 11:16:54 +0200
committer	Dmitry Vyukov <dvyukov@google.com>	2018-08-08 11:16:54 +0200
commit	ddeb9f8d8828ea4f297656445164e17a9f4c2591 (patch)
tree	7cf3dd75e03f4ddd9177aa0ffa53f1c293c063d3 /pkg/csource
parent	14f8a76fe729bddfcc96913fa4f7821f163144ac (diff)