The new manager config argument workdir_template refers to a directory. Optional.
Each VM will get a recursive copy of the files that are present in workdir_template.
VM config can then use these private copies as needed. The copy directory
can be referenced with "{{TEMPLATE}}" string. This is different from using
the files directly in that each instance will get own clean, private,
scratch copy of the files. Currently supported only for qemu_args argument
of qemu VM type. Use example:
Create a template dir with necessary files:
$ mkdir /mytemplatedir
$ truncate -s 64K /mytemplatedir/fd
Then specify the dir in the manager config:
"workdir_template": "/mytemplatedir"
Then use these files in VM config:
"qemu_args": "-fda {{TEMPLATE}}/fd"
syz-symbolize did not use the common mgrconfig logic
to calculate kernel dirs. Thus KernelBuildSrc ended up empty,
+dirs were not extended to absolute paths.
Use the common mgrconfig logic to calculate kernel dirs.
Currently we have them duplicated in docs/configuration.md
and the actual source in pkg/mgrconfig/config.go.
Documentation is missing in one place or another,
some is outdated, some is phrased slightly differently.
Move all docs to pkg/mgrconfig/config.go and reference it
from docs/configuration.md instead.
executor: add support for android_untrusted_app sandbox
This adds a new sandbox type, 'android_untrusted_app', which restricts
syz-executor to the privileges which are available to third-party applications,
e.g. those installed from the Google Play store.
In particular, this uses the UID space reserved for applications (instead of
the 'setuid' sandbox, which uses the traditional 'nobody' user / 65534)
as well as a set of groups which the Android-specific kernels are aware of,
and finally ensures that the SELinux context is set appropriately.
Dependencies on libselinux are avoided by manually implementing the few
functions that are needed to change the context of the current process,
and arbitrary files. The underlying mechanisms are relatively simple.
Fixesgoogle/syzkaller#643
Test: make presubmit
Bug: http://b/112900774
mgrconfig was used only by syz-manager initially,
but now it's used by a dozen of packages and it's
weird to import from under a binary dir.
pkg/ is much more reasonable dir for a widely used
helper package.
