Skip to content

Commit 97362b9

Browse files
randyquayeclaude
andcommitted
fix(fuzzing): chmod a+rx /home/fuzzer so UID 65534 can traverse home dir
Platform runs containers as nobody (UID 65534). /home/fuzzer was 750 owned by fuzzer:fuzzer, blocking llvm-cov from reading source files (coverage) and the binary from statting CRS (fuzz crash loop). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 64d6741 commit 97362b9

File tree

2 files changed

+4
-1
lines changed

2 files changed

+4
-1
lines changed

container-builds/fuzzing-container/src/Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -112,7 +112,7 @@ ENV CRS_PATH=/home/fuzzer/aztec-packages/.bb-crs
112112
# Source files, build artifacts, and CRS must be world-readable so llvm-cov
113113
# can read them when generating HTML coverage reports. Without this, llvm-cov
114114
# emits "Permission denied" for every source file and produces empty reports.
115-
RUN chmod -R a+rX /home/fuzzer/aztec-packages/
115+
RUN chmod a+rx /home/fuzzer && chmod -R a+rX /home/fuzzer/aztec-packages/
116116

117117
# Copy flattened target binaries
118118
COPY --from=builder /targets/ /targets/

container-builds/fuzzing-container/src/Dockerfile.private

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -113,6 +113,9 @@ COPY --from=builder /root/.bb-crs /opt/bb-crs
113113
RUN chmod -R 755 /opt/bb-crs
114114
ENV CRS_PATH=/opt/bb-crs
115115

116+
# Ensure UID 65534 (nobody) can traverse /home/fuzzer for coverage & fuzz runs
117+
RUN chmod a+rx /home/fuzzer && chmod -R a+rX /home/fuzzer/aztec-packages/
118+
116119
# Copy flattened target binaries
117120
COPY --from=builder /targets/ /targets/
118121

0 commit comments

Comments
 (0)