diff options
| -rw-r--r-- | executor/common_linux.h | 12 | ||||
| -rw-r--r-- | pkg/csource/generated.go | 6 |
2 files changed, 18 insertions, 0 deletions
diff --git a/executor/common_linux.h b/executor/common_linux.h index 85e19cf84..eea0fd2cf 100644 --- a/executor/common_linux.h +++ b/executor/common_linux.h @@ -3328,6 +3328,13 @@ static void checkpoint_iptables(struct ipt_table_desc* tables, int num_tables, i switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: + // ENOENT can be returned if smack lsm is used. Smack tried to aplly netlbl to created sockets, + // but the fuzzer can manage to remove netlbl entry for SOCK_STREAM/IPPROTO_TCP using + // NLBL_MGMT_C_REMOVE, which is unfortunately global (not part of net namespace). In this state + // creation of such sockets will fail all the time in all processes (so in some sense the machine + // is indeed broken), but ignoring the error is still probably the best option given we allow + // the fuzzer to invoke NLBL_MGMT_C_REMOVE in the first place. + case ENOENT: return; } failmsg("iptable checkpoint: socket(SOCK_STREAM, IPPROTO_TCP) failed", "family=%d", family); @@ -3381,6 +3388,7 @@ static void reset_iptables(struct ipt_table_desc* tables, int num_tables, int fa switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: + case ENOENT: return; } failmsg("iptable: socket(SOCK_STREAM, IPPROTO_TCP) failed", "family=%d", family); @@ -3427,6 +3435,7 @@ static void checkpoint_arptables(void) switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: + case ENOENT: return; } fail("arptable checkpoint: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) failed"); @@ -3477,6 +3486,7 @@ static void reset_arptables() switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: + case ENOENT: return; } fail("arptable: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); @@ -3570,6 +3580,7 @@ static void checkpoint_ebtables(void) switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: + case ENOENT: return; } fail("ebtable checkpoint: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); @@ -3611,6 +3622,7 @@ static void reset_ebtables() switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: + case ENOENT: return; } fail("ebtable: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go index 2c33e7a29..c198c43ba 100644 --- a/pkg/csource/generated.go +++ b/pkg/csource/generated.go @@ -8728,6 +8728,7 @@ static void checkpoint_iptables(struct ipt_table_desc* tables, int num_tables, i switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: + case ENOENT: return; } failmsg("iptable checkpoint: socket(SOCK_STREAM, IPPROTO_TCP) failed", "family=%d", family); @@ -8781,6 +8782,7 @@ static void reset_iptables(struct ipt_table_desc* tables, int num_tables, int fa switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: + case ENOENT: return; } failmsg("iptable: socket(SOCK_STREAM, IPPROTO_TCP) failed", "family=%d", family); @@ -8827,6 +8829,7 @@ static void checkpoint_arptables(void) switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: + case ENOENT: return; } fail("arptable checkpoint: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) failed"); @@ -8877,6 +8880,7 @@ static void reset_arptables() switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: + case ENOENT: return; } fail("arptable: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); @@ -8966,6 +8970,7 @@ static void checkpoint_ebtables(void) switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: + case ENOENT: return; } fail("ebtable checkpoint: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); @@ -9007,6 +9012,7 @@ static void reset_ebtables() switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: + case ENOENT: return; } fail("ebtable: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); |