security/fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 35 Wiki Activity

test/sandbox: rename misleading bind destination
All checks were successful
Test / Create distribution (push) Successful in 25s
Details
Test / Fpkg (push) Successful in 34s
Details
Test / Fortify (push) Successful in 2m15s
Details
Test / Data race detector (push) Successful in 2m49s
Details
Test / Flake checks (push) Successful in 59s
Details

Browse Source 
Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra 2025-03-21 12:29:15 +09:00
parent a57a7a6a16
commit 632b18addd
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
3 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
test/configuration.nix
View File

@ -113,7 +113,7 @@
extraPaths = [ extraPaths = [
{ {
src = "/proc/mounts"; src = "/proc/mounts";
dst = "/.fortify/host-mounts"; dst = "/.fortify/mounts";
} }
]; ];
} }

2
test/sandbox/fs.nix
View File

@ -23,7 +23,7 @@ let
fortify = fs "16d" null null; fortify = fs "16d" null null;
init0 = fs "80001ff" null null; init0 = fs "80001ff" null null;
} null; } null;
host-mounts = fs "124" null null; mounts = fs "124" null null;
} null; } null;
bin = fs "800001ed" { sh = fs "80001ff" null null; } null; bin = fs "800001ed" { sh = fs "80001ff" null null; } null;
dev = fs "800001ed" { dev = fs "800001ed" {

4
test/sandbox/mount.nix
View File

@ -42,7 +42,7 @@ let
(ent "sysfs" "/sys/devices" "sysfs" "ro,nosuid,nodev,noexec,relatime" 0 0) (ent "sysfs" "/sys/devices" "sysfs" "ro,nosuid,nodev,noexec,relatime" 0 0)
(ent "overlay" "/run/opengl-driver" "overlay" "ro,nosuid,nodev,relatime,lowerdir=/mnt-root/nix/.ro-store,upperdir=/mnt-root/nix/.rw-store/upper,workdir=/mnt-root/nix/.rw-store/work,uuid=on" 0 0) (ent "overlay" "/run/opengl-driver" "overlay" "ro,nosuid,nodev,relatime,lowerdir=/mnt-root/nix/.ro-store,upperdir=/mnt-root/nix/.rw-store/upper,workdir=/mnt-root/nix/.rw-store/work,uuid=on" 0 0)
(ent "devtmpfs" "/dev/dri" "devtmpfs" "host_passthrough" 0 0) (ent "devtmpfs" "/dev/dri" "devtmpfs" "host_passthrough" 0 0)
(ent "proc" "/.fortify/host-mounts" "proc" "ro,nosuid,nodev,noexec,relatime" 0 0) (ent "proc" "/.fortify/mounts" "proc" "ro,nosuid,nodev,noexec,relatime" 0 0)
(ent "/dev/disk/by-label/nixos" "/.fortify/etc" "ext4" "ro,nosuid,nodev,relatime" 0 0) (ent "/dev/disk/by-label/nixos" "/.fortify/etc" "ext4" "ro,nosuid,nodev,relatime" 0 0)
(ent "tmpfs" "/run/user" "tmpfs" "rw,nosuid,nodev,relatime,size=1024k,mode=755,uid=1000001,gid=1000001" 0 0) (ent "tmpfs" "/run/user" "tmpfs" "rw,nosuid,nodev,relatime,size=1024k,mode=755,uid=1000001,gid=1000001" 0 0)
(ent "tmpfs" "/run/user/65534" "tmpfs" "rw,nosuid,nodev,relatime,size=8192k,mode=755,uid=1000001,gid=1000001" 0 0) (ent "tmpfs" "/run/user/65534" "tmpfs" "rw,nosuid,nodev,relatime,size=8192k,mode=755,uid=1000001,gid=1000001" 0 0)
@ -62,7 +62,7 @@ let
import "git.gensokyo.uk/security/fortify/test/sandbox" import "git.gensokyo.uk/security/fortify/test/sandbox"
func main() { sandbox.MustAssertMounts("", "/.fortify/host-mounts", "${writeText "want-mounts.json" (builtins.toJSON wantMounts)}") } func main() { sandbox.MustAssertMounts("", "/.fortify/mounts", "${writeText "want-mounts.json" (builtins.toJSON wantMounts)}") }
''; '';
in in
buildGoModule { buildGoModule {