fst: rename device field
All checks were successful
Test / Create distribution (push) Successful in 26s
Test / Sandbox (push) Successful in 1m46s
Test / Fortify (push) Successful in 2m39s
Test / Sandbox (race detector) (push) Successful in 3m1s
Test / Fpkg (push) Successful in 3m38s
Test / Fortify (race detector) (push) Successful in 4m10s
Test / Flake checks (push) Successful in 1m5s
All checks were successful
Test / Create distribution (push) Successful in 26s
Test / Sandbox (push) Successful in 1m46s
Test / Fortify (push) Successful in 2m39s
Test / Sandbox (race detector) (push) Successful in 3m1s
Test / Fpkg (push) Successful in 3m38s
Test / Fortify (race detector) (push) Successful in 4m10s
Test / Flake checks (push) Successful in 1m5s
Dev is very ambiguous. Rename it here alongside upcoming config changes. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
parent
9967909460
commit
2f4f21fb18
SSH Key Fingerprint:
SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
@ -29,7 +29,7 @@ type appInfo struct {
|
|||||||
// passed through to [fst.Config]
|
// passed through to [fst.Config]
|
||||||
Net bool `json:"net,omitempty"`
|
Net bool `json:"net,omitempty"`
|
||||||
// passed through to [fst.Config]
|
// passed through to [fst.Config]
|
||||||
Dev bool `json:"dev,omitempty"`
|
Device bool `json:"dev,omitempty"`
|
||||||
// passed through to [fst.Config]
|
// passed through to [fst.Config]
|
||||||
Tty bool `json:"tty,omitempty"`
|
Tty bool `json:"tty,omitempty"`
|
||||||
// passed through to [fst.Config]
|
// passed through to [fst.Config]
|
||||||
@ -79,7 +79,7 @@ func (app *appInfo) toFst(pathSet *appPathSet, argv []string, flagDropShell bool
|
|||||||
Devel: app.Devel,
|
Devel: app.Devel,
|
||||||
Userns: app.Userns,
|
Userns: app.Userns,
|
||||||
Net: app.Net,
|
Net: app.Net,
|
||||||
Dev: app.Dev,
|
Device: app.Device,
|
||||||
Tty: app.Tty || flagDropShell,
|
Tty: app.Tty || flagDropShell,
|
||||||
MapRealUID: app.MapRealUID,
|
MapRealUID: app.MapRealUID,
|
||||||
DirectWayland: app.DirectWayland,
|
DirectWayland: app.DirectWayland,
|
||||||
|
|||||||
@ -105,7 +105,7 @@ func Template() *Config {
|
|||||||
Devel: true,
|
Devel: true,
|
||||||
Userns: true,
|
Userns: true,
|
||||||
Net: true,
|
Net: true,
|
||||||
Dev: true,
|
Device: true,
|
||||||
Seccomp: seccomp.FilterMultiarch,
|
Seccomp: seccomp.FilterMultiarch,
|
||||||
Tty: true,
|
Tty: true,
|
||||||
Multiarch: true,
|
Multiarch: true,
|
||||||
|
|||||||
@ -39,7 +39,7 @@ type (
|
|||||||
MapRealUID bool `json:"map_real_uid"`
|
MapRealUID bool `json:"map_real_uid"`
|
||||||
|
|
||||||
// expose all devices
|
// expose all devices
|
||||||
Dev bool `json:"dev,omitempty"`
|
Device bool `json:"device,omitempty"`
|
||||||
// container host filesystem bind mounts
|
// container host filesystem bind mounts
|
||||||
Filesystem []*FilesystemConfig `json:"filesystem"`
|
Filesystem []*FilesystemConfig `json:"filesystem"`
|
||||||
// create symlinks inside container filesystem
|
// create symlinks inside container filesystem
|
||||||
@ -135,7 +135,7 @@ func (s *SandboxConfig) ToContainer(sys SandboxSys, uid, gid *int) (*sandbox.Par
|
|||||||
Proc("/proc").
|
Proc("/proc").
|
||||||
Tmpfs(Tmp, 1<<12, 0755)
|
Tmpfs(Tmp, 1<<12, 0755)
|
||||||
|
|
||||||
if !s.Dev {
|
if !s.Device {
|
||||||
container.Dev("/dev").Mqueue("/dev/mqueue")
|
container.Dev("/dev").Mqueue("/dev/mqueue")
|
||||||
} else {
|
} else {
|
||||||
container.Bind("/dev", "/dev", sandbox.BindDevice)
|
container.Bind("/dev", "/dev", sandbox.BindDevice)
|
||||||
|
|||||||
@ -108,7 +108,7 @@ in
|
|||||||
devel
|
devel
|
||||||
userns
|
userns
|
||||||
net
|
net
|
||||||
dev
|
device
|
||||||
tty
|
tty
|
||||||
multiarch
|
multiarch
|
||||||
env
|
env
|
||||||
|
|||||||
@ -177,7 +177,7 @@ in
|
|||||||
|
|
||||||
nix = mkEnableOption "nix daemon access";
|
nix = mkEnableOption "nix daemon access";
|
||||||
mapRealUid = mkEnableOption "mapping to priv-user uid";
|
mapRealUid = mkEnableOption "mapping to priv-user uid";
|
||||||
dev = mkEnableOption "access to all devices";
|
device = mkEnableOption "access to all devices";
|
||||||
insecureWayland = mkEnableOption "direct access to the Wayland socket";
|
insecureWayland = mkEnableOption "direct access to the Wayland socket";
|
||||||
|
|
||||||
gpu = mkOption {
|
gpu = mkOption {
|
||||||
|
|||||||
3
print.go
3
print.go
@ -92,8 +92,9 @@ func printShowInstance(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
writeFlag("userns", sandbox.Userns)
|
writeFlag("userns", sandbox.Userns)
|
||||||
|
writeFlag("devel", sandbox.Devel)
|
||||||
writeFlag("net", sandbox.Net)
|
writeFlag("net", sandbox.Net)
|
||||||
writeFlag("dev", sandbox.Dev)
|
writeFlag("device", sandbox.Device)
|
||||||
writeFlag("tty", sandbox.Tty)
|
writeFlag("tty", sandbox.Tty)
|
||||||
writeFlag("mapuid", sandbox.MapRealUID)
|
writeFlag("mapuid", sandbox.MapRealUID)
|
||||||
writeFlag("directwl", sandbox.DirectWayland)
|
writeFlag("directwl", sandbox.DirectWayland)
|
||||||
|
|||||||
@ -41,7 +41,7 @@ func Test_printShowInstance(t *testing.T) {
|
|||||||
Groups: ["video"]
|
Groups: ["video"]
|
||||||
Directory: /var/lib/persist/home/org.chromium.Chromium
|
Directory: /var/lib/persist/home/org.chromium.Chromium
|
||||||
Hostname: "localhost"
|
Hostname: "localhost"
|
||||||
Flags: userns net dev tty mapuid autoetc
|
Flags: userns devel net device tty mapuid autoetc
|
||||||
Etc: /etc
|
Etc: /etc
|
||||||
Cover: /var/run/nscd
|
Cover: /var/run/nscd
|
||||||
Path: /run/current-system/sw/bin/chromium
|
Path: /run/current-system/sw/bin/chromium
|
||||||
@ -120,7 +120,7 @@ App
|
|||||||
Groups: ["video"]
|
Groups: ["video"]
|
||||||
Directory: /var/lib/persist/home/org.chromium.Chromium
|
Directory: /var/lib/persist/home/org.chromium.Chromium
|
||||||
Hostname: "localhost"
|
Hostname: "localhost"
|
||||||
Flags: userns net dev tty mapuid autoetc
|
Flags: userns devel net device tty mapuid autoetc
|
||||||
Etc: /etc
|
Etc: /etc
|
||||||
Cover: /var/run/nscd
|
Cover: /var/run/nscd
|
||||||
Path: /run/current-system/sw/bin/chromium
|
Path: /run/current-system/sw/bin/chromium
|
||||||
@ -217,7 +217,7 @@ App
|
|||||||
"GOOGLE_DEFAULT_CLIENT_SECRET": "OTJgUOQcT7lO7GsGZq2G4IlT"
|
"GOOGLE_DEFAULT_CLIENT_SECRET": "OTJgUOQcT7lO7GsGZq2G4IlT"
|
||||||
},
|
},
|
||||||
"map_real_uid": true,
|
"map_real_uid": true,
|
||||||
"dev": true,
|
"device": true,
|
||||||
"filesystem": [
|
"filesystem": [
|
||||||
{
|
{
|
||||||
"src": "/nix/store"
|
"src": "/nix/store"
|
||||||
@ -342,7 +342,7 @@ App
|
|||||||
"GOOGLE_DEFAULT_CLIENT_SECRET": "OTJgUOQcT7lO7GsGZq2G4IlT"
|
"GOOGLE_DEFAULT_CLIENT_SECRET": "OTJgUOQcT7lO7GsGZq2G4IlT"
|
||||||
},
|
},
|
||||||
"map_real_uid": true,
|
"map_real_uid": true,
|
||||||
"dev": true,
|
"device": true,
|
||||||
"filesystem": [
|
"filesystem": [
|
||||||
{
|
{
|
||||||
"src": "/nix/store"
|
"src": "/nix/store"
|
||||||
@ -521,7 +521,7 @@ func Test_printPs(t *testing.T) {
|
|||||||
"GOOGLE_DEFAULT_CLIENT_SECRET": "OTJgUOQcT7lO7GsGZq2G4IlT"
|
"GOOGLE_DEFAULT_CLIENT_SECRET": "OTJgUOQcT7lO7GsGZq2G4IlT"
|
||||||
},
|
},
|
||||||
"map_real_uid": true,
|
"map_real_uid": true,
|
||||||
"dev": true,
|
"device": true,
|
||||||
"filesystem": [
|
"filesystem": [
|
||||||
{
|
{
|
||||||
"src": "/nix/store"
|
"src": "/nix/store"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user