reactos/syzkaller
1
0
Fork 0
mirror of https://github.com/reactos/syzkaller.git synced 2024-11-28 05:40:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

pkg/build: use sandbox to build fuchsia.

Browse Source 
We have noticed that the build process was being invoked as root. This
change modifies the calls to use osutil.Sandbox before invoking cmds to
build fuchsia.

This is required for the process to use goma, as goma is running under
the syzkaller user.
This commit is contained in:
Marco Vanotti 2019-08-20 17:08:41 -07:00 committed by Dmitry Vyukov
parent 6b8391d069
commit 4ea67ff893
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
pkg/build/fuchsia.go
View File

@ -14,6 +14,15 @@ import (
type fuchsia struct{}
func runSandboxed(timeout time.Duration, dir, command string, arg ...string) ([]byte, error) {
cmd := osutil.Command(command, arg...)
cmd.Dir = dir
if err := osutil.Sandbox(cmd, true, false); err != nil {
return nil, err
}
return osutil.Run(timeout, cmd)
}
func (fu fuchsia) build(targetArch, vmType, kernelDir, outputDir, compiler, userspaceDir,
cmdlineFile, sysctlFile string, config []byte) error {
sysTarget := targets.Get("fuchsia", targetArch)
@ -22,11 +31,11 @@ func (fu fuchsia) build(targetArch, vmType, kernelDir, outputDir, compiler, user
}
arch := sysTarget.KernelHeaderArch
product := fmt.Sprintf("%s.%s", "core", arch)
if _, err := osutil.RunCmd(time.Hour, kernelDir, "scripts/fx", "--dir", "out/"+arch,
if _, err := runSandboxed(time.Hour, kernelDir, "scripts/fx", "--dir", "out/"+arch,
"set", product, "--with-base", "//bundles:tools"); err != nil {
return err
}
if _, err := osutil.RunCmd(time.Hour*2, kernelDir, "scripts/fx", "clean-build"); err != nil {
if _, err := runSandboxed(time.Hour*2, kernelDir, "scripts/fx", "clean-build"); err != nil {
return err
}
@ -34,7 +43,7 @@ func (fu fuchsia) build(targetArch, vmType, kernelDir, outputDir, compiler, user
sshZBI := filepath.Join(kernelDir, "out", arch, "fuchsia-ssh.zbi")
kernelZBI := filepath.Join(kernelDir, "out", arch, "fuchsia.zbi")
authorizedKeys := fmt.Sprintf("data/ssh/authorized_keys=%s", filepath.Join(kernelDir, ".ssh", "authorized_keys"))
if _, err := osutil.RunCmd(time.Minute, kernelDir, "out/"+arch+".zircon/tools/zbi",
if _, err := runSandboxed(time.Minute, kernelDir, "out/"+arch+".zircon/tools/zbi",
"-o", sshZBI, kernelZBI, "--entry", authorizedKeys); err != nil {
return err
}