diff options
| author | Alexander Potapenko <glider@google.com> | 2024-07-02 10:17:57 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2024-07-02 08:52:31 +0000 |
| commit | 4b42962bfebc45ea22f9a5af63b49aa5ed418749 (patch) | |
| tree | f79ed765235db3bce5e4cbc42dfe596a994bafc1 /sys/linux/init.go | |
| parent | 3160a12dd1047174becc935fbaae965b3d00ea59 (diff) | |
sys/linux: re-enable EXT4_IOC_SHUTDOWN and EXT4_IOC_RESIZE_FS
Now that we chroot into tmpfs with sandbox=none, it should be safe to allow
using these ioctls, because they won't break the whole VM.
Update #971.
Diffstat (limited to 'sys/linux/init.go')
| -rw-r--r-- | sys/linux/init.go | 14 |
1 files changed, 0 insertions, 14 deletions
diff --git a/sys/linux/init.go b/sys/linux/init.go index 55953eee0..8b18c2c1f 100644 --- a/sys/linux/init.go +++ b/sys/linux/init.go @@ -23,8 +23,6 @@ func InitTarget(target *prog.Target) { FITHAW: target.GetConst("FITHAW"), SNAPSHOT_FREEZE: target.GetConst("SNAPSHOT_FREEZE"), SNAPSHOT_POWER_OFF: target.GetConst("SNAPSHOT_POWER_OFF"), - EXT4_IOC_SHUTDOWN: target.GetConst("EXT4_IOC_SHUTDOWN"), - EXT4_IOC_RESIZE_FS: target.GetConst("EXT4_IOC_RESIZE_FS"), EXT4_IOC_MIGRATE: target.GetConst("EXT4_IOC_MIGRATE"), FAN_OPEN_PERM: target.GetConst("FAN_OPEN_PERM"), FAN_ACCESS_PERM: target.GetConst("FAN_ACCESS_PERM"), @@ -125,8 +123,6 @@ type arch struct { FITHAW uint64 SNAPSHOT_FREEZE uint64 SNAPSHOT_POWER_OFF uint64 - EXT4_IOC_SHUTDOWN uint64 - EXT4_IOC_RESIZE_FS uint64 EXT4_IOC_MIGRATE uint64 FAN_OPEN_PERM uint64 FAN_ACCESS_PERM uint64 @@ -308,16 +304,6 @@ func (arch *arch) neutralizeIoctl(c *prog.Call) { case arch.SNAPSHOT_POWER_OFF: // SNAPSHOT_POWER_OFF shuts down the machine. cmd.Val = arch.FITHAW - case arch.EXT4_IOC_SHUTDOWN: - // EXT4_IOC_SHUTDOWN on root fs effectively brings the machine down in weird ways. - // Fortunately, the value does not conflict with any other ioctl commands for now. - cmd.Val = arch.EXT4_IOC_MIGRATE - case arch.EXT4_IOC_RESIZE_FS: - // EXT4_IOC_RESIZE_FS on root fs can shrink it to 0 (or whatever is the minimum size) - // and then creation of new temp dirs for tests will fail. - // TODO: not necessary for sandbox=namespace as it tests in a tmpfs - // and/or if we mount tmpfs for sandbox=none (#971). - cmd.Val = arch.EXT4_IOC_MIGRATE case arch.TIOCSSERIAL: // TIOCSSERIAL can do nasty things under root, like causing writes to random memory // pretty much like /dev/mem, but this is also working as intended. |