Support sending with packet sockets

...through the loopback interface, only.

This change only supports sending on packet sockets through the loopback
interface as the loopback interface is the only interface used in packet
socket syscall tests - the other link endpoints are not excercised with
the existing test infrastructure.

Support for sending on packet sockets through the other interfaces will
be added as needed.

BUG: https://fxbug.dev/81592
PiperOrigin-RevId: 394368899

2 files changed, 4 insertions, 0 deletions

diff --git a/runsc/config/config.go b/runsc/config/config.go
index 2f52863ff..2ce8cc006 100644
--- a/runsc/config/config.go
+++ b/runsc/config/config.go
@@ -86,6 +86,9 @@ type Config struct {
 	// capabilities.
 	EnableRaw bool `flag:"net-raw"`
 
+	// AllowPacketEndpointWrite enables write operations on packet endpoints.
+	AllowPacketEndpointWrite bool `flag:"TESTONLY-allow-packet-endpoint-write"`
+
 	// HardwareGSO indicates that hardware segmentation offload is enabled.
 	HardwareGSO bool `flag:"gso"`
 
diff --git a/runsc/config/flags.go b/runsc/config/flags.go
index 85507902a..cc5aba474 100644
--- a/runsc/config/flags.go
+++ b/runsc/config/flags.go
@@ -92,6 +92,7 @@ func RegisterFlags() {
 		// Test flags, not to be used outside tests, ever.
 		flag.Bool("TESTONLY-unsafe-nonroot", false, "TEST ONLY; do not ever use! This skips many security measures that isolate the host from the sandbox.")
 		flag.String("TESTONLY-test-name-env", "", "TEST ONLY; do not ever use! Used for automated tests to improve logging.")
+		flag.Bool("TESTONLY-allow-packet-endpoint-write", false, "TEST ONLY; do not ever use! Used for tests to allow writes on packet sockets.")
 	})
 }