-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
executor: linux: chroot into tmpfs with sandbox=none #4959
Conversation
Please check how many syscalls got enabled with sandbox=none before/after this change with syzbot kernel. |
I assume we can not re-enable EXT4_IOC_SHUTDOWN and EXT4_IOC_RESIZE_FS in sys/linux/init.go. If so, please add a commit that does it. |
68d7e04
to
28d76c2
Compare
On x86, the numbers of enabled syscalls with sandbox=none (3862) and sandbox=namespace (3492) didn't change. |
Also should be fixing #2933 |
That's good! |
Nit: we set up sandboxes once per proc and those procs will execute many programs before they restart. But, as I understand, it will work fine anyway since it'll just restart the proc once the proc starts encountering problems with writing to the disk. |
To prevent the executor from accidentally making the whole root file system immutable (which breaks fuzzing), modify sandbox=none to create a tmpfs mount and chroot into it before executing programs in a process. According to `syz-manager -mode=smoke-test`, the number of enabled syscalls on x86 doesn't change with this patch. Fixes google#4939, google#2933, google#971.
Updated the description according to your comments, added a patch to re-enable EXT4_IOC_SHUTDOWN and EXT4_IOC_RESIZE_FS. |
28d76c2
to
b89a9f9
Compare
b89a9f9
to
025d143
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice!
Now that we chroot into tmpfs with sandbox=none, it should be safe to allow using these ioctls, because they won't break the whole VM. Update google#971.
These two constants are not used anywhere. No functional change.
84966f7
to
681c369
Compare
To prevent the executor from accidentally making the whole root file system immutable (which breaks fuzzing), modify sandbox=none to create a tmpfs mount and chroot into it before executing a program.
Fixes #4939.
Before sending a pull request, please review Contribution Guidelines:
https://github.com/google/syzkaller/blob/master/docs/contributing.md