syz-cluster: simplify shared git repo mounting code

Instead of a complicated overlayfs setup, do a lightweight git clone in
a way that the cloned local copy keeps on referencing the git object
storage on the NFS.

It's simpler code-wise and hopefully will be less susceptible to
failures when local git operations coincide with a git fetch on the
shared repository.

1 files changed, 6 insertions, 0 deletions

diff --git a/syz-cluster/workflow/build-step/Dockerfile b/syz-cluster/workflow/build-step/Dockerfile
index 074c91a25..c3f2fb037 100644
--- a/syz-cluster/workflow/build-step/Dockerfile
+++ b/syz-cluster/workflow/build-step/Dockerfile
@@ -19,11 +19,17 @@ FROM gcr.io/syzkaller/syzbot:latest
 RUN mkdir -p /disk-images
 ADD https://storage.googleapis.com/syzkaller/images/buildroot_amd64_2024.09.gz /disk-images/buildroot_amd64_2024.09.gz
 RUN gzip -d /disk-images/buildroot_amd64_2024.09.gz
+RUN chmod 644 /disk-images/*
 
 # Download base kernel configs.
 RUN mkdir -p /kernel-configs
 ADD https://raw.githubusercontent.com/google/syzkaller/refs/heads/master/dashboard/config/linux/upstream-apparmor-kasan.config /kernel-configs/upstream-apparmor-kasan.config
 ADD https://raw.githubusercontent.com/google/syzkaller/refs/heads/master/dashboard/config/linux/upstream-kmsan.config /kernel-configs/upstream-kmsan.config
+RUN chmod 644 /kernel-configs/*
+
+# Prevent "fatal: detected dubious ownership in repository" errors.
+RUN git config --system --add safe.directory /workdir
+RUN git config --system --add safe.directory /kernel-repo
 
 COPY --from=build-step-builder /build/build-step-bin /bin/build-step