From edb2f5f1e1078040c6581ca7e343e3ea5a44e0da Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Wed, 29 Aug 2018 12:35:25 -0700
Subject: sys/linux: add ext4 ioctls and overlayfs

Update #533
---
 pkg/host/host_linux.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'pkg/host/host_linux.go')

diff --git a/pkg/host/host_linux.go b/pkg/host/host_linux.go
index 16be1d578..dd3e146c4 100644
--- a/pkg/host/host_linux.go
+++ b/pkg/host/host_linux.go
@@ -36,6 +36,10 @@ func isSupported(c *prog.Syscall, sandbox string) (bool, string) {
 	if strings.HasPrefix(c.Name, "mount$") {
 		return isSupportedMount(c, sandbox)
 	}
+	if c.Name == "ioctl$EXT4_IOC_SHUTDOWN" && sandbox == "none" {
+		// Don't shutdown root filesystem.
+		return false, "unsafe with sandbox=none"
+	}
 	// There are 3 possible strategies for detecting supported syscalls:
 	// 1. Executes all syscalls with presumably invalid arguments and check for ENOprog.
 	//    But not all syscalls are safe to execute. For example, pause will hang,
-- 
cgit mrf-deployment