diff options
| author | Alexander Potapenko <glider@google.com> | 2024-07-02 10:17:57 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2024-07-02 08:52:31 +0000 |
| commit | 4b42962bfebc45ea22f9a5af63b49aa5ed418749 (patch) | |
| tree | f79ed765235db3bce5e4cbc42dfe596a994bafc1 /sys/linux | |
| parent | 3160a12dd1047174becc935fbaae965b3d00ea59 (diff) | |
sys/linux: re-enable EXT4_IOC_SHUTDOWN and EXT4_IOC_RESIZE_FS
Now that we chroot into tmpfs with sandbox=none, it should be safe to allow
using these ioctls, because they won't break the whole VM.
Update #971.
Diffstat (limited to 'sys/linux')
| -rw-r--r-- | sys/linux/init.go | 14 | ||||
| -rw-r--r-- | sys/linux/init_test.go | 4 |
2 files changed, 0 insertions, 18 deletions
diff --git a/sys/linux/init.go b/sys/linux/init.go index 55953eee0..8b18c2c1f 100644 --- a/sys/linux/init.go +++ b/sys/linux/init.go @@ -23,8 +23,6 @@ func InitTarget(target *prog.Target) { FITHAW: target.GetConst("FITHAW"), SNAPSHOT_FREEZE: target.GetConst("SNAPSHOT_FREEZE"), SNAPSHOT_POWER_OFF: target.GetConst("SNAPSHOT_POWER_OFF"), - EXT4_IOC_SHUTDOWN: target.GetConst("EXT4_IOC_SHUTDOWN"), - EXT4_IOC_RESIZE_FS: target.GetConst("EXT4_IOC_RESIZE_FS"), EXT4_IOC_MIGRATE: target.GetConst("EXT4_IOC_MIGRATE"), FAN_OPEN_PERM: target.GetConst("FAN_OPEN_PERM"), FAN_ACCESS_PERM: target.GetConst("FAN_ACCESS_PERM"), @@ -125,8 +123,6 @@ type arch struct { FITHAW uint64 SNAPSHOT_FREEZE uint64 SNAPSHOT_POWER_OFF uint64 - EXT4_IOC_SHUTDOWN uint64 - EXT4_IOC_RESIZE_FS uint64 EXT4_IOC_MIGRATE uint64 FAN_OPEN_PERM uint64 FAN_ACCESS_PERM uint64 @@ -308,16 +304,6 @@ func (arch *arch) neutralizeIoctl(c *prog.Call) { case arch.SNAPSHOT_POWER_OFF: // SNAPSHOT_POWER_OFF shuts down the machine. cmd.Val = arch.FITHAW - case arch.EXT4_IOC_SHUTDOWN: - // EXT4_IOC_SHUTDOWN on root fs effectively brings the machine down in weird ways. - // Fortunately, the value does not conflict with any other ioctl commands for now. - cmd.Val = arch.EXT4_IOC_MIGRATE - case arch.EXT4_IOC_RESIZE_FS: - // EXT4_IOC_RESIZE_FS on root fs can shrink it to 0 (or whatever is the minimum size) - // and then creation of new temp dirs for tests will fail. - // TODO: not necessary for sandbox=namespace as it tests in a tmpfs - // and/or if we mount tmpfs for sandbox=none (#971). - cmd.Val = arch.EXT4_IOC_MIGRATE case arch.TIOCSSERIAL: // TIOCSSERIAL can do nasty things under root, like causing writes to random memory // pretty much like /dev/mem, but this is also working as intended. diff --git a/sys/linux/init_test.go b/sys/linux/init_test.go index 7379f74c0..74642f6c9 100644 --- a/sys/linux/init_test.go +++ b/sys/linux/init_test.go @@ -48,10 +48,6 @@ func TestNeutralize(t *testing.T) { Out: `ioctl(0x0, 0xc0045878, 0x0)`, }, { - In: `ioctl$int_in(0x0, 0x2000008004587d, 0x0)`, - Out: `ioctl$int_in(0x0, 0x6609, 0x0)`, - }, - { In: `fanotify_mark(0x1, 0x2, 0x407fe029, 0x3, 0x0)`, Out: `fanotify_mark(0x1, 0x2, 0x4078e029, 0x3, 0x0)`, }, |