diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 43 |
1 files changed, 22 insertions, 21 deletions
@@ -92,40 +92,41 @@ To build additional syzkaller tools run `make all-tools`. The operation of the syzkaller `syz-manager` process is governed by a configuration file, passed at invocation time with the `-config` option. This configuration can be based on the -[syz-manager/example.cfg](syz-manager/example.cfg); the file is in JSON format with the +[example](syz-manager/config/testdata/qemu.cfg); the file is in JSON format with the following keys in its top-level object: - `http`: URL that will display information about the running `syz-manager` process. - `workdir`: Location of a working directory for the `syz-manager` process. Outputs here include: - - `<workdir>/instance-x`: per VM instance temporary files - `<workdir>/crashes/*`: crash output files (see [Crash Reports](#crash-reports)) - - `<workdir>/corpus/*`: corpus with interesting programs + - `<workdir>/corpus.db`: corpus with interesting programs + - `<workdir>/instance-x`: per VM instance temporary files - `syzkaller`: Location of the `syzkaller` checkout. - `vmlinux`: Location of the `vmlinux` file that corresponds to the kernel being tested. - - `type`: Type of virtual machine to use, e.g. `qemu` or `kvm`. - - `count`: Number of VMs to run in parallel. - `procs`: Number of parallel test processes in each VM (4 or 8 would be a reasonable number). - - `leak`: Detect memory leaks with kmemleak (very slow). - - `kernel`: Location of the `bzImage` file for the kernel to be tested; this is passed as the - `-kernel` option to `qemu-system-x86_64`. - - `cmdline`: Additional command line options for the booting kernel, for example `root=/dev/sda1`. + - `leak`: Detect memory leaks with kmemleak. - `image`: Location of the disk image file for the QEMU instance; a copy of this file is passed as the `-hda` option to `qemu-system-x86_64`. - - `sshkey`: Location (on the host machine) of an SSH identity to use for communicating with - the virtual machine. - - `cpu`: Number of CPUs to simulate in the VM (*not currently used*). - - `mem`: Amount of memory (in MiB) for the VM; this is passed as the `-m` option to `qemu-system-x86_64`. - - `sandbox` : Sandboxing mode, one of "none", "setuid", "namespace". - "none": don't do anything special (has false positives, e.g. due to killing init) - "setuid": impersonate into user nobody (65534), default - "namespace": use namespaces to drop privileges, - (requires a kernel built with `CONFIG_NAMESPACES`, `CONFIG_UTS_NS`, - `CONFIG_USER_NS`, `CONFIG_PID_NS` and `CONFIG_NET_NS`). + - `sandbox` : Sandboxing mode, the following modes are supported: + - "none": don't do anything special (has false positives, e.g. due to killing init) + - "setuid": impersonate into user nobody (65534), default + - "namespace": use namespaces to drop privileges + (requires a kernel built with `CONFIG_NAMESPACES`, `CONFIG_UTS_NS`, + `CONFIG_USER_NS`, `CONFIG_PID_NS` and `CONFIG_NET_NS`) - `enable_syscalls`: List of syscalls to test (optional). - `disable_syscalls`: List of system calls that should be treated as disabled (optional). - `suppressions`: List of regexps for known bugs. - -See also [config/config.go](config/config.go) for all config parameters. + - `type`: Type of virtual machine to use, e.g. `qemu` or `adb`. + - `vm`: object with VM-type-specific parameters; for example, for `qemu` type paramters include: + - `count`: Number of VMs to run in parallel. + - `kernel`: Location of the `bzImage` file for the kernel to be tested; + this is passed as the `-kernel` option to `qemu-system-x86_64`. + - `cmdline`: Additional command line options for the booting kernel, for example `root=/dev/sda1`. + - `sshkey`: Location (on the host machine) of an SSH identity to use for communicating with + the virtual machine. + - `cpu`: Number of CPUs to simulate in the VM (*not currently used*). + - `mem`: Amount of memory (in MiB) for the VM; this is passed as the `-m` option to `qemu-system-x86_64`. + +See also [config.go](syz-manager/config/config.go) for all config parameters. ## Running syzkaller |