I suspect these interfere in some way with AFL instrumentation. The
instrumented binary deadlocks without this patch, but it's hard to
understand why just looking at strace output.
---
conf.c | 2 +-
passt.c | 6 ++++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/conf.c b/conf.c
index 9ec346f..fcc5664 100644
--- a/conf.c
+++ b/conf.c
@@ -1655,7 +1655,7 @@ void conf(struct ctx *c, int argc, char **argv)
usage(argv[0]);
}
- isolate_user(uid, gid, !netns_only, userns, c->mode);
+ //isolate_user(uid, gid, !netns_only, userns, c->mode);
if (c->pasta_conf_ns)
c->no_ra = 1;
diff --git a/passt.c b/passt.c
index 8b2c50d..2a4e65a 100644
--- a/passt.c
+++ b/passt.c
@@ -185,7 +185,7 @@ int main(int argc, char **argv)
arch_avx2_exec(argv);
- isolate_initial();
+ //isolate_initial();
c.pasta_netns_fd = c.fd_tap = c.fd_tap_listen = -1;
@@ -291,17 +291,19 @@ int main(int argc, char **argv)
}
}
+#if 0
if (isolate_prefork(&c)) {
err("Failed to sandbox process, exiting\n");
exit(EXIT_FAILURE);
}
+#endif
if (!c.foreground)
__daemon(pidfile_fd, devnull_fd);
else
write_pidfile(pidfile_fd, getpid());
- isolate_postfork(&c);
+ //isolate_postfork(&c);
timer_init(&c, &now);
--
2.37.0.rc2