diff options
| -rw-r--r-- | executor/common_linux.h | 5 | ||||
| -rw-r--r-- | pkg/csource/generated.go | 3 | ||||
| -rw-r--r-- | sys/linux/test/ping | 2 |
3 files changed, 8 insertions, 2 deletions
diff --git a/executor/common_linux.h b/executor/common_linux.h index 48236ce3b..f8731456c 100644 --- a/executor/common_linux.h +++ b/executor/common_linux.h @@ -3797,6 +3797,8 @@ static int do_sandbox_none(void) if (unshare(CLONE_NEWNET)) { debug("unshare(CLONE_NEWNET): %d\n", errno); } + // Enable access to IPPROTO_ICMP sockets, must be done after CLONE_NEWNET. + write_file("/proc/sys/net/ipv4/ping_group_range", "0 65535"); #if SYZ_EXECUTOR || SYZ_DEVLINK_PCI initialize_devlink_pci(); #endif @@ -3902,6 +3904,8 @@ static int namespace_sandbox_proc(void* arg) // because we want the tun device in the test namespace. if (unshare(CLONE_NEWNET)) fail("unshare(CLONE_NEWNET)"); + // Enable access to IPPROTO_ICMP sockets, must be done after CLONE_NEWNET. + write_file("/proc/sys/net/ipv4/ping_group_range", "0 65535"); #if SYZ_EXECUTOR || SYZ_DEVLINK_PCI initialize_devlink_pci(); #endif @@ -4732,7 +4736,6 @@ static void setup_sysctl() // Executor hits lots of SIGSEGVs, no point in logging them. {"/proc/sys/debug/exception-trace", "0"}, {"/proc/sys/kernel/printk", "7 4 1 3"}, - {"/proc/sys/net/ipv4/ping_group_range", "0 65535"}, // Faster gc (1 second) is intended to make tests more repeatable. {"/proc/sys/kernel/keys/gc_delay", "1"}, // We always want to prefer killing the allocating test process rather than somebody else diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go index bfd60f23e..e78362b29 100644 --- a/pkg/csource/generated.go +++ b/pkg/csource/generated.go @@ -8439,6 +8439,7 @@ static int do_sandbox_none(void) if (unshare(CLONE_NEWNET)) { debug("unshare(CLONE_NEWNET): %d\n", errno); } + write_file("/proc/sys/net/ipv4/ping_group_range", "0 65535"); #if SYZ_EXECUTOR || SYZ_DEVLINK_PCI initialize_devlink_pci(); #endif @@ -8535,6 +8536,7 @@ static int namespace_sandbox_proc(void* arg) #endif if (unshare(CLONE_NEWNET)) fail("unshare(CLONE_NEWNET)"); + write_file("/proc/sys/net/ipv4/ping_group_range", "0 65535"); #if SYZ_EXECUTOR || SYZ_DEVLINK_PCI initialize_devlink_pci(); #endif @@ -9834,7 +9836,6 @@ static void setup_sysctl() {"/proc/sys/vm/oom_dump_tasks", "0"}, {"/proc/sys/debug/exception-trace", "0"}, {"/proc/sys/kernel/printk", "7 4 1 3"}, - {"/proc/sys/net/ipv4/ping_group_range", "0 65535"}, {"/proc/sys/kernel/keys/gc_delay", "1"}, {"/proc/sys/vm/oom_kill_allocating_task", "1"}, {"/proc/sys/kernel/ctrl-alt-del", "0"}, diff --git a/sys/linux/test/ping b/sys/linux/test/ping new file mode 100644 index 000000000..631bd958e --- /dev/null +++ b/sys/linux/test/ping @@ -0,0 +1,2 @@ +r0 = socket$inet_icmp(AUTO, AUTO, AUTO) +close(r0) |