aboutsummaryrefslogtreecommitdiffstats
path: root/executor/common_linux.h
diff options
context:
space:
mode:
Diffstat (limited to 'executor/common_linux.h')
-rw-r--r--executor/common_linux.h12
1 files changed, 12 insertions, 0 deletions
diff --git a/executor/common_linux.h b/executor/common_linux.h
index 85e19cf84..eea0fd2cf 100644
--- a/executor/common_linux.h
+++ b/executor/common_linux.h
@@ -3328,6 +3328,13 @@ static void checkpoint_iptables(struct ipt_table_desc* tables, int num_tables, i
switch (errno) {
case EAFNOSUPPORT:
case ENOPROTOOPT:
+ // ENOENT can be returned if smack lsm is used. Smack tried to aplly netlbl to created sockets,
+ // but the fuzzer can manage to remove netlbl entry for SOCK_STREAM/IPPROTO_TCP using
+ // NLBL_MGMT_C_REMOVE, which is unfortunately global (not part of net namespace). In this state
+ // creation of such sockets will fail all the time in all processes (so in some sense the machine
+ // is indeed broken), but ignoring the error is still probably the best option given we allow
+ // the fuzzer to invoke NLBL_MGMT_C_REMOVE in the first place.
+ case ENOENT:
return;
}
failmsg("iptable checkpoint: socket(SOCK_STREAM, IPPROTO_TCP) failed", "family=%d", family);
@@ -3381,6 +3388,7 @@ static void reset_iptables(struct ipt_table_desc* tables, int num_tables, int fa
switch (errno) {
case EAFNOSUPPORT:
case ENOPROTOOPT:
+ case ENOENT:
return;
}
failmsg("iptable: socket(SOCK_STREAM, IPPROTO_TCP) failed", "family=%d", family);
@@ -3427,6 +3435,7 @@ static void checkpoint_arptables(void)
switch (errno) {
case EAFNOSUPPORT:
case ENOPROTOOPT:
+ case ENOENT:
return;
}
fail("arptable checkpoint: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) failed");
@@ -3477,6 +3486,7 @@ static void reset_arptables()
switch (errno) {
case EAFNOSUPPORT:
case ENOPROTOOPT:
+ case ENOENT:
return;
}
fail("arptable: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)");
@@ -3570,6 +3580,7 @@ static void checkpoint_ebtables(void)
switch (errno) {
case EAFNOSUPPORT:
case ENOPROTOOPT:
+ case ENOENT:
return;
}
fail("ebtable checkpoint: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)");
@@ -3611,6 +3622,7 @@ static void reset_ebtables()
switch (errno) {
case EAFNOSUPPORT:
case ENOPROTOOPT:
+ case ENOENT:
return;
}
fail("ebtable: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)");
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-11 23:35:26 +0000