8aeb06f53c
app: share path setup on demand
...
This removes the unnecessary creation and destruction of share paths when none of the enablements making use of them are set.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-01 00:47:32 +09:00
297b444dfb
test: separate app and sandbox
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-30 22:09:46 +09:00
ff3cfbb437
test/sandbox: check seccomp outcome
...
This is as ugly as it is because it has to have CAP_SYS_ADMIN and not be in seccomp mode.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-28 02:24:27 +09:00
d613257841
sandbox/init: clear inheritable set
...
Inheritable should not be able to affect anything regardless of its value, due to no_new_privs.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-26 07:46:13 +09:00
52fcc48ac1
sandbox/init: drop capabilities
...
During development the syscall filter caused me to make an incorrect assumption about SysProcAttr.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-26 06:32:08 +09:00
4836d570ae
test: raise long timeout to 15 seconds
...
The race detector really slows down container tooling.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-26 01:59:05 +09:00
ee51320abf
test: check revert type selection
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-25 04:37:58 +09:00
5c4058d5ac
app: run in native sandbox
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-25 01:52:49 +09:00
61d86c5e10
test/sandbox: fix stdout tty check
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-24 16:23:50 +09:00
806ce18c0a
test/sandbox: check mapuid outcome
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-23 17:56:07 +09:00
b71d2bf534
test/sandbox: check tty outcome
...
This makes no difference currently but has different behaviour in the native sandbox.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-23 17:28:57 +09:00
d2c329bcea
test: format path aid offsets
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-23 17:21:14 +09:00
75e0c5d406
test/sandbox: parse full test case
...
This makes declaring multiple tests much cleaner.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-23 14:53:50 +09:00
5d3c8dcc92
test: raise timeout
...
Native container tooling is severely slowed down by race detector. Raise timeout so it reliably completes.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-16 23:51:17 +09:00
beb3918809
test: run go test under regular user
...
By default test vm commands run as root, this causes buildFHSEnv bwrap to cover some parts of /proc, making it impossible to mount proc in a mount namespace created under it. Running as a regular user gets around this issue.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-13 20:56:32 +09:00
2871426df2
test: print output of failed test
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-13 16:40:15 +09:00
61e58aa14d
helper/proc: expose setup file
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-09 17:22:31 +09:00
d8e9d71f87
test/sandbox: check mount outcome
...
Do this at the beginning of the test for early failure.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-28 15:56:15 +09:00
5de28800ad
test: verify fsu ppid check
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-26 16:51:57 +09:00
8e50293ab7
test: remove sway process check
...
This eliminates the race where systemd restarts sway too quick.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-26 13:52:44 +09:00
c62689e17f
nix: interrupt via tty
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-25 18:20:47 +09:00
b4549c72be
nix: verify silent signal exit
...
This catches errors in the cleanup process initiated by a signal.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-25 01:22:16 +09:00
b6af8caffe
nix: clean up directory structure
...
Tests for fpkg is going to be in ./cmd/fpkg, so this central tests directory is no longer necessary.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-23 18:48:01 +09:00
