syz-manager: detect sandbox namespace unsupported

Signed-off-by: Jess Frazelle <acidburn@google.com>

CONTRIBUTORS

@@ -10,6 +10,7 @@ Google Inc.
  Vishwath Mohan
  Billy Lau
  Michael Pratt
+ Jess Frazelle
 Baozeng Ding
 Lorenzo Stoakes
 Jeremy Huang

rpctype/rpctype.go

@@ -32,11 +32,12 @@ type ConnectRes struct {
 }
 
 type CheckArgs struct {
-	Name  string
-	Kcov  bool
-	Leak  bool
-	Fault bool
-	Calls []string
+	Name           string
+	Kcov           bool
+	Leak           bool
+	Fault          bool
+	UserNamespaces bool
+	Calls          []string
 }
 
 type NewInputArgs struct {

syz-fuzzer/fuzzer.go

@@ -161,7 +161,7 @@ func main() {
 	}
 
 	if r.NeedCheck {
-		a := &CheckArgs{Name: *flagName}
+		a := &CheckArgs{Name: *flagName, UserNamespaces: hasUserNamespaces()}
 		if fd, err := syscall.Open("/sys/kernel/debug/kcov", syscall.O_RDWR, 0); err == nil {
 			syscall.Close(fd)
 			a.Kcov = true
@@ -786,3 +786,14 @@ func kmemleakScan(report bool) {
 		panic(err)
 	}
 }
+
+func hasUserNamespaces() bool {
+	if _, err := os.Stat("/proc/self/ns/user"); err != nil {
+		// failed to stat /proc/self/ns/user this could be because
+		// 1) the file does not exist
+		// 2) we do not have permission
+		return false
+	}
+
+	return true
+}

syz-manager/manager.go

@@ -745,6 +745,9 @@ func (mgr *Manager) Check(a *CheckArgs, r *int) error {
 	if mgr.cfg.Cover && !a.Kcov {
 		Fatalf("/sys/kernel/debug/kcov is missing. Enable CONFIG_KCOV and mount debugfs")
 	}
+	if mgr.cfg.Sandbox == "namespace" && !a.UserNamespaces {
+		Fatalf("/proc/self/ns/user is missing or permission is denied. Requested namespace sandbox but user namespaces are not enabled. Enable CONFIG_USER_NS")
+	}
 	mgr.vmChecked = true
 	mgr.enabledCalls = a.Calls
 	return nil