diff options
-rw-r--r-- | pkg/sentry/socket/hostinet/socket_unsafe.go | 18 | ||||
-rw-r--r-- | runsc/boot/filter/config.go | 4 |
2 files changed, 21 insertions, 1 deletions
diff --git a/pkg/sentry/socket/hostinet/socket_unsafe.go b/pkg/sentry/socket/hostinet/socket_unsafe.go index d3be2d825..86dc879d5 100644 --- a/pkg/sentry/socket/hostinet/socket_unsafe.go +++ b/pkg/sentry/socket/hostinet/socket_unsafe.go @@ -67,7 +67,23 @@ func ioctl(ctx context.Context, fd int, io usermem.IO, args arch.SyscallArgument AddressSpaceActive: true, }) return 0, err - + case unix.SIOCGIFFLAGS: + cc := &usermem.IOCopyContext{ + Ctx: ctx, + IO: io, + Opts: usermem.IOOpts{ + AddressSpaceActive: true, + }, + } + var ifr linux.IFReq + if _, err := ifr.CopyIn(cc, args[2].Pointer()); err != nil { + return 0, err + } + if _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), cmd, uintptr(unsafe.Pointer(&ifr))); errno != 0 { + return 0, translateIOSyscallError(errno) + } + _, err := ifr.CopyOut(cc, args[2].Pointer()) + return 0, err default: return 0, syserror.ENOTTY } diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go index 752fea0e1..33e738efc 100644 --- a/runsc/boot/filter/config.go +++ b/runsc/boot/filter/config.go @@ -459,6 +459,10 @@ func hostInetFilters() seccomp.SyscallRules { seccomp.MatchAny{}, seccomp.EqualTo(unix.TIOCINQ), }, + { + seccomp.MatchAny{}, + seccomp.EqualTo(unix.SIOCGIFFLAGS), + }, }, unix.SYS_LISTEN: {}, unix.SYS_READV: {}, |