diff --git a/docs/unmnaged-nodes.md b/docs/unmnaged-nodes.md index 0850fb0c6..cab116814 100644 --- a/docs/unmnaged-nodes.md +++ b/docs/unmnaged-nodes.md @@ -68,6 +68,16 @@ Run the agent with the following command. If you need more nodes use a different onefuzz-agent run --machine_id -c --reset_lock ``` +Alternatively, the agent folder contains a Dockerfile which provide the configuration of a docker container. +you can use it by first building the container +```cmd +docker build --t . +``` +Then start the agent inside the container +```cmd +docker run --machine_id --reset_lock +``` + ### Verify that the agent is registered to OneFuzz Using the OneFuzz CLI run the following command: diff --git a/src/ApiService/ApiService/onefuzzlib/Config.cs b/src/ApiService/ApiService/onefuzzlib/Config.cs index be5fea0fc..f04465195 100644 --- a/src/ApiService/ApiService/onefuzzlib/Config.cs +++ b/src/ApiService/ApiService/onefuzzlib/Config.cs @@ -320,6 +320,10 @@ public class Config : IConfig { return ResultVoid.Error(new TaskConfigError($"invalid pool: {config.Pool.PoolName}")); } + if ((config.Task.RebootAfterSetup ?? false) && !pool.OkV.Managed) { + return ResultVoid.Error(new TaskConfigError("reboot_after_setup is not supported for unmanaged pools")); + } + var checkTarget = await CheckTargetExe(config, definition); if (!checkTarget.IsOk) { return checkTarget; diff --git a/src/runtime-tools/linux/.dockerignore b/src/runtime-tools/linux/.dockerignore new file mode 100644 index 000000000..1d1fe94df --- /dev/null +++ b/src/runtime-tools/linux/.dockerignore @@ -0,0 +1 @@ +Dockerfile \ No newline at end of file diff --git a/src/runtime-tools/linux/Dockerfile b/src/runtime-tools/linux/Dockerfile new file mode 100644 index 000000000..11b4dc7b5 --- /dev/null +++ b/src/runtime-tools/linux/Dockerfile @@ -0,0 +1,20 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +FROM mcr.microsoft.com/oss/mirror/docker.io/library/ubuntu:20.04 +# creating a dummy sudo command to allow the setup script to run +RUN echo "#!/bin/bash\n\$@" > /usr/bin/sudo && chmod +x /usr/bin/sudo +RUN mkdir /onefuzz +COPY . /onefuzz +RUN chmod +x /onefuzz/setup.sh +RUN chmod +x /onefuzz/tools/linux/run.sh +RUN export DEBIAN_FRONTEND=noninteractive && export DOCKER_BUILD=1 && cd /onefuzz && ./setup.sh +RUN export DEBIAN_FRONTEND=noninteractive \ + && apt-get -y install --no-install-recommends \ + libunwind-dev build-essential libssl-dev \ + pkg-config lldb ca-certificates +RUN mkdir -p /onefuzz/tools/linux \ + && mv /onefuzz/downloaded/* /onefuzz/tools/linux +WORKDIR /onefuzz + +ENTRYPOINT ["./tools/linux/run.sh"] \ No newline at end of file diff --git a/src/runtime-tools/linux/run.sh b/src/runtime-tools/linux/run.sh index d224efce6..9c2e8e803 100755 --- a/src/runtime-tools/linux/run.sh +++ b/src/runtime-tools/linux/run.sh @@ -9,17 +9,29 @@ export DOTNET_ROOT=/onefuzz/tools/dotnet export ONEFUZZ_TOOLS=/onefuzz/tools export ONEFUZZ_ROOT=/onefuzz export RUST_BACKTRACE=full -export RUST_LOG=info +export RUST_LOG="${RUST_LOG:=info}" export LLVM_SYMBOLIZER_PATH=/onefuzz/bin/llvm-symbolizer logger "onefuzz: starting up onefuzz" -# use core files, not external crash handler -echo core | sudo tee /proc/sys/kernel/core_pattern -# disable ASLR -echo 0 | sudo tee /proc/sys/kernel/randomize_va_space -# set core dumping to default behavior -echo 1 | sudo tee /proc/sys/fs/suid_dumpable +#check if we are running in docker +if [ -f /.dockerenv ]; then + echo "Running in docker: + to optimize the experience make sure the host os is setup properly. with the following command + # use core files, not external crash handler + echo core | sudo tee /proc/sys/kernel/core_pattern + # disable ASLR + echo 0 | sudo tee /proc/sys/kernel/randomize_va_space + # set core dumping to default behavior + echo 1 | sudo tee /proc/sys/fs/suid_dumpable" +else + # use core files, not external crash handler + echo core | sudo tee /proc/sys/kernel/core_pattern + # disable ASLR + echo 0 | sudo tee /proc/sys/kernel/randomize_va_space + # set core dumping to default behavior + echo 1 | sudo tee /proc/sys/fs/suid_dumpable +fi cd /onefuzz MODE=$(cat /onefuzz/etc/mode) @@ -32,7 +44,11 @@ case ${MODE} in "fuzz") logger "onefuzz: starting fuzzing" echo fuzzing - onefuzz-agent run --config /onefuzz/config.json --redirect-output /onefuzz/logs/ + if [ -f /.dockerenv ]; then + onefuzz-agent run --config /onefuzz/config.json "$@" + else + onefuzz-agent run --config /onefuzz/config.json --redirect-output /onefuzz/logs/ + fi ;; "repro") logger "onefuzz: starting repro" @@ -40,5 +56,5 @@ case ${MODE} in export ASAN_OPTIONS=abort_on_error=1 repro.sh ;; - *) logger "onefuzz: unknown command $1"; exit 1 ;; + *) logger "onefuzz: unknown command $MODE"; exit 1 ;; esac diff --git a/src/runtime-tools/linux/setup.sh b/src/runtime-tools/linux/setup.sh index 524650f6a..39d3c2afb 100755 --- a/src/runtime-tools/linux/setup.sh +++ b/src/runtime-tools/linux/setup.sh @@ -110,7 +110,7 @@ fi chmod -R a+rx /onefuzz/tools/linux if type apt > /dev/null 2> /dev/null; then - + # Install updated Microsoft Open Management Infrastructure - github.com/microsoft/omi curl -sSL https://packages.microsoft.com/keys/microsoft.asc | sudo tee /etc/apt/trusted.gpg.d/microsoft.asc 2>&1 | logger -s -i -t 'onefuzz-OMI-add-MS-repo-key' sudo apt-add-repository https://packages.microsoft.com/ubuntu/20.04/prod 2>&1 | logger -s -i -t 'onefuzz-OMI-add-MS-repo' @@ -159,7 +159,9 @@ if type apt > /dev/null 2> /dev/null; then popd fi -if [ -d /etc/systemd/system ]; then +if [ -v DOCKER_BUILD ]; then + echo "building for docker" +elif [ -d /etc/systemd/system ]; then logger "onefuzz: setting up systemd" sudo chmod 644 /onefuzz/tools/linux/onefuzz.service sudo chown root /onefuzz/tools/linux/onefuzz.service diff --git a/src/runtime-tools/win64/.dockerignore b/src/runtime-tools/win64/.dockerignore new file mode 100644 index 000000000..1d1fe94df --- /dev/null +++ b/src/runtime-tools/win64/.dockerignore @@ -0,0 +1 @@ +Dockerfile \ No newline at end of file diff --git a/src/runtime-tools/win64/Dockerfile b/src/runtime-tools/win64/Dockerfile new file mode 100644 index 000000000..94ec037a4 --- /dev/null +++ b/src/runtime-tools/win64/Dockerfile @@ -0,0 +1,18 @@ +# escape=` +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +FROM mcr.microsoft.com/windows:ltsc2019 as base_onefuzz + +SHELL ["powershell.exe", "-ExecutionPolicy", "Unrestricted", "-Command"] + +RUN dir + +COPY . c:\onefuzz\tools\win64\ +COPY . c:\downloads\ +RUN New-LocalUser -Name 'onefuzz' -Description 'onefuzz account' -NoPassword +RUN cd c:\downloads; & .\setup.ps1 -docker + +WORKDIR "c:\onefuzz" + +ENTRYPOINT & .\onefuzz-run.ps1 -docker \ No newline at end of file diff --git a/src/runtime-tools/win64/onefuzz-run.ps1 b/src/runtime-tools/win64/onefuzz-run.ps1 index 28ccf4654..658131be8 100644 --- a/src/runtime-tools/win64/onefuzz-run.ps1 +++ b/src/runtime-tools/win64/onefuzz-run.ps1 @@ -1,6 +1,11 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. +param([switch]$docker, + [Parameter(Position = 0, ValueFromRemainingArguments = $true)] + [string] $onefuzzArgs="" +) + $env:RUST_BACKTRACE = "full" Start-Transcript -Append -Path c:\onefuzz-run.log @@ -18,16 +23,30 @@ log "onefuzz: starting" Set-Location C:\onefuzz -Enable-SSH +if (!$docker){ + Enable-SSH +} $config = Get-OnefuzzConfig while ($true) { switch ($config.mode) { "fuzz" { log "onefuzz: fuzzing" - $arglist = "run --config config.json --redirect-output c:\onefuzz\logs\" - Start-Process "c:\onefuzz\tools\win64\onefuzz-agent.exe" -ArgumentList $arglist -WindowStyle Hidden -Wait + if ($docker){ + $arglist = "run --config config.json $onefuzzArgs" + try{ + Invoke-Expression "c:\onefuzz\tools\win64\onefuzz-agent.exe $arglist" + } catch { + "Error while running onefuzz agent" + } + } + else { + $arglist = "run --config config.json --redirect-output c:\onefuzz\logs\" + Start-Process "c:\onefuzz\tools\win64\onefuzz-agent.exe" -ArgumentList $arglist -WindowStyle Hidden -Wait + } + + } "repro" { log "onefuzz: starting repro" diff --git a/src/runtime-tools/win64/onefuzz.ps1 b/src/runtime-tools/win64/onefuzz.ps1 index 734c08173..f0cfbc76c 100644 --- a/src/runtime-tools/win64/onefuzz.ps1 +++ b/src/runtime-tools/win64/onefuzz.ps1 @@ -5,7 +5,9 @@ $env:Path += ";C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\;C:\onefuzz\ $env:ONEFUZZ_ROOT = "C:\onefuzz" $env:ONEFUZZ_TOOLS = "C:\onefuzz\tools" $env:LLVM_SYMBOLIZER_PATH = "C:\Program Files\LLVM\bin\llvm-symbolizer.exe" -$env:RUST_LOG = "info" +if (!$env:RUST_LOG){ + $env:RUST_LOG = "info" +} $env:DOTNET_VERSIONS = "7.0.100;6.0.403" # Set a session and machine scoped env var $env:DOTNET_ROOT = "c:\onefuzz\tools\dotnet" @@ -118,7 +120,7 @@ function Enable-SSHTrafic { function Install-OnBoot { log "adding onboot: starting" - schtasks /create /sc onstart /tn onefuzz /tr "powershell.exe -ExecutionPolicy Unrestricted -File c:\onefuzz\tools\win64\onefuzz-run.ps1 -WindowStyle Hidden" /ru SYSTEM + schtasks /create /sc onstart /tn onefuzz /tr "powershell.exe -ExecutionPolicy Unrestricted -WindowStyle Hidden -File c:\onefuzz\tools\win64\onefuzz-run.ps1" /ru SYSTEM log "adding onboot: done" } diff --git a/src/runtime-tools/win64/setup.ps1 b/src/runtime-tools/win64/setup.ps1 index e23f88530..c02eaee5b 100644 --- a/src/runtime-tools/win64/setup.ps1 +++ b/src/runtime-tools/win64/setup.ps1 @@ -3,7 +3,8 @@ param ( [string]$mode = "fuzz", - [string]$restart = "false" + [string]$restart = "false", + [switch]$docker ) Start-Transcript -Path c:\onefuzz-setup.log @@ -63,14 +64,18 @@ function Install-OnefuzzSetup { log "onefuzz: executing user-setup" ./setup/setup.ps1 } - Optimize-VM Install-Debugger Install-LLVM - Enable-SSH - Install-OnBoot Install-VCRedist Install-Dotnet -Version $env:DOTNET_VERSIONS -InstallDir $env:DOTNET_ROOT -ToolsDir $env:ONEFUZZ_TOOLS - Setup-Silent-Notification + + if (!$docker){ + Enable-SSH + Optimize-VM + Install-OnBoot + Setup-Silent-Notification + } + log "onefuzz: setup done" } @@ -79,14 +84,16 @@ $config = @{'mode' = $mode; 'restart' = $restart}; Write-OnefuzzConfig($config) Install-OnefuzzSetup -$config = Get-OnefuzzConfig -if ($config.restart -eq 'true') { - log "onefuzz: restarting" - Restart-Computer -Force -} -else { - log "onefuzz: launching" +if (!$docker){ + $config = Get-OnefuzzConfig + if ($config.restart -eq 'true') { + log "onefuzz: restarting" + Restart-Computer -Force + } + else { + log "onefuzz: launching" - # Task created in `Install-OnBoot`. - schtasks /run /tn onefuzz -} + # Task created in `Install-OnBoot`. + schtasks /run /tn onefuzz + } +} \ No newline at end of file