sys/linux: add ext4 ioctls and overlayfs

Update #533
author: Dmitry Vyukov <dvyukov@google.com> 2018-08-29 12:35:25 -0700
committer: Dmitry Vyukov <dvyukov@google.com> 2018-08-29 15:59:16 -0700
commit: edb2f5f1e1078040c6581ca7e343e3ea5a44e0da (patch)
tree: e1fecaff14e87a23bdf5dfa9c69b2e9309e86e2a /pkg/host/host_linux.go
parent: 14b78b9701cd103c1946aec8b6b1c9da0186a0b1 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/pkg/host/host_linux.go b/pkg/host/host_linux.go
index 16be1d578..dd3e146c4 100644
--- a/pkg/host/host_linux.go
+++ b/pkg/host/host_linux.go
@@ -36,6 +36,10 @@ func isSupported(c *prog.Syscall, sandbox string) (bool, string) {
 	if strings.HasPrefix(c.Name, "mount$") {
 		return isSupportedMount(c, sandbox)
 	}
+	if c.Name == "ioctl$EXT4_IOC_SHUTDOWN" && sandbox == "none" {
+		// Don't shutdown root filesystem.
+		return false, "unsafe with sandbox=none"
+	}
 	// There are 3 possible strategies for detecting supported syscalls:
 	// 1. Executes all syscalls with presumably invalid arguments and check for ENOprog.
 	//    But not all syscalls are safe to execute. For example, pause will hang,
author	Dmitry Vyukov <dvyukov@google.com>	2018-08-29 12:35:25 -0700
committer	Dmitry Vyukov <dvyukov@google.com>	2018-08-29 15:59:16 -0700
commit	edb2f5f1e1078040c6581ca7e343e3ea5a44e0da (patch)
tree	e1fecaff14e87a23bdf5dfa9c69b2e9309e86e2a /pkg/host/host_linux.go
parent	14b78b9701cd103c1946aec8b6b1c9da0186a0b1 (diff)