Shutdown host sockets on internal shutdown

This is required to make the shutdown visible to peers outside the sandbox. The readClosed / writeClosed fields were dropped, as they were preventing a shutdown socket from reading the remainder of queued bytes. The host syscalls will return the appropriate errors for shutdown. The control message tests have been split out of socket_unix.cc to make the (few) remaining tests accessible to testing inherited host UDS, which don't support sending control messages. Updates #273 PiperOrigin-RevId: 251763060
author: Michael Pratt <mpratt@google.com> 2019-06-05 18:39:30 -0700
committer: Shentubot <shentubot@google.com> 2019-06-05 18:40:37 -0700
commit: 57772db2e7351511de422baeecf807785709ee5d (patch)
tree: 6a20895b96b580dbfe76a9d8eeda67da71f58808 /runsc/boot
parent: a12848ffebcc2e123f55d8ac805c5248d03a9055 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go
index 652da1cef..ef2dbfad2 100644
--- a/runsc/boot/filter/config.go
+++ b/runsc/boot/filter/config.go
@@ -246,6 +246,10 @@ var allowedSyscalls = seccomp.SyscallRules{
 	},
 	syscall.SYS_SETITIMER: {},
 	syscall.SYS_SHUTDOWN: []seccomp.Rule{
+		// Used by fs/host to shutdown host sockets.
+		{seccomp.AllowAny{}, seccomp.AllowValue(syscall.SHUT_RD)},
+		{seccomp.AllowAny{}, seccomp.AllowValue(syscall.SHUT_WR)},
+		// Used by unet to shutdown connections.
 		{seccomp.AllowAny{}, seccomp.AllowValue(syscall.SHUT_RDWR)},
 	},
 	syscall.SYS_SIGALTSTACK:     {},
author	Michael Pratt <mpratt@google.com>	2019-06-05 18:39:30 -0700
committer	Shentubot <shentubot@google.com>	2019-06-05 18:40:37 -0700
commit	57772db2e7351511de422baeecf807785709ee5d (patch)
tree	6a20895b96b580dbfe76a9d8eeda67da71f58808 /runsc/boot
parent	a12848ffebcc2e123f55d8ac805c5248d03a9055 (diff)