1 files changed, 13 insertions, 3 deletions

diff --git a/executor/common_linux.h b/executor/common_linux.h
index 1411fe8e2..f74effbba 100644
--- a/executor/common_linux.h
+++ b/executor/common_linux.h
@@ -309,6 +309,13 @@ static void initialize_tun(int id)
 		return;
 #endif
 	}
+	// Remap tun onto higher fd number to hide it from fuzzer and to keep
+	// fd numbers stable regardless of whether tun is opened or not.
+	const int kTunFd = 252;
+	if (dup2(tunfd, kTunFd) < 0)
+		fail("dup2(tunfd, kTunFd) failed");
+	close(tunfd);
+	tunfd = kTunFd;
 
 	char iface[IFNAMSIZ];
 	snprintf_check(iface, sizeof(iface), "syz%d", id);
@@ -896,9 +903,12 @@ static int namespace_sandbox_proc(void* arg)
 		fail("mkdir failed");
 	// selinux mount used to be at /selinux, but then moved to /sys/fs/selinux.
 	const char* selinux_path = "./syz-tmp/newroot/selinux";
-	if (mount("/selinux", selinux_path, NULL, mount_flags, NULL) &&
-	    mount("/sys/fs/selinux", selinux_path, NULL, mount_flags, NULL))
-		fail("mount(selinuxfs) failed");
+	if (mount("/selinux", selinux_path, NULL, mount_flags, NULL)) {
+		if (errno != ENOENT)
+			fail("mount(/selinux) failed");
+		if (mount("/sys/fs/selinux", selinux_path, NULL, mount_flags, NULL) && errno != ENOENT)
+			fail("mount(/sys/fs/selinux) failed");
+	}
 	if (mkdir("./syz-tmp/pivot", 0777))
 		fail("mkdir failed");
 	if (syscall(SYS_pivot_root, "./syz-tmp", "./syz-tmp/pivot")) {