Change root FS for fuzzed target

[Christopher Schwardt]

Hi all,

I would like to perform fuzzing on a target for a different architecture than the host via qemuafl with its own file system as there are a lot of dependencies (not only libraries, but also device files, FIFOs, configs, etc), which should and partially cannot be part of the base system.

I am not sure how to approach this best.

One intuition was to introduce the capability to change the mount namespace for the target in afl-fuzz.

Would that work based on the internal setup or are there dependencies within the process, which would not allow changing the namespace?

If you think this could be possible, do you have pointers on where in the code this functionality should be located, as I am not really familiar with the code base yet?

Or is there another, possibly simpler, solution on how to approach such a scenario?

At least in the flags and env variables I did not see anything that might help here.

Thanks

Cheers

Chris