container: move seccomp preset bits
All checks were successful
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m13s
Test / Hpkg (push) Successful in 4m2s
Test / Hakurei (race detector) (push) Successful in 5m16s
Test / Sandbox (race detector) (push) Successful in 2m5s
Test / Hakurei (push) Successful in 2m16s
Test / Flake checks (push) Successful in 1m33s
All checks were successful
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m13s
Test / Hpkg (push) Successful in 4m2s
Test / Hakurei (race detector) (push) Successful in 5m16s
Test / Sandbox (race detector) (push) Successful in 2m5s
Test / Hakurei (push) Successful in 2m16s
Test / Flake checks (push) Successful in 1m33s
This allows holding the bits without cgo. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -6,6 +6,7 @@ import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"hakurei.app/container/bits"
|
||||
"hakurei.app/container/seccomp"
|
||||
"hakurei.app/container/stub"
|
||||
)
|
||||
@@ -67,7 +68,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(79), nil),
|
||||
@@ -92,7 +93,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(78), nil),
|
||||
@@ -120,7 +121,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(76), nil),
|
||||
@@ -149,7 +150,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(74), nil),
|
||||
@@ -179,7 +180,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(72), nil),
|
||||
@@ -210,7 +211,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(70), nil),
|
||||
@@ -242,7 +243,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(68), nil),
|
||||
@@ -276,7 +277,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(66), nil),
|
||||
@@ -312,7 +313,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(64), nil),
|
||||
@@ -350,7 +351,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(nil, nil, BindDevice),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(63), nil),
|
||||
@@ -388,7 +389,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(62), nil),
|
||||
@@ -427,7 +428,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(60), nil),
|
||||
@@ -466,7 +467,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(59), nil),
|
||||
@@ -506,7 +507,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(57), nil),
|
||||
@@ -547,7 +548,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(55), nil),
|
||||
@@ -589,7 +590,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(53), nil),
|
||||
@@ -632,7 +633,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(51), nil),
|
||||
@@ -676,7 +677,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(49), nil),
|
||||
@@ -721,7 +722,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(47), nil),
|
||||
@@ -767,7 +768,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(45), nil),
|
||||
@@ -822,7 +823,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(43), nil),
|
||||
@@ -877,7 +878,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(42), nil),
|
||||
@@ -933,7 +934,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(40), nil),
|
||||
@@ -990,7 +991,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(38), nil),
|
||||
@@ -1049,7 +1050,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(36), nil),
|
||||
@@ -1109,7 +1110,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(34), nil),
|
||||
@@ -1170,7 +1171,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(32), nil),
|
||||
@@ -1232,7 +1233,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(30), nil),
|
||||
@@ -1295,7 +1296,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(28), nil),
|
||||
@@ -1359,7 +1360,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(26), nil),
|
||||
@@ -1424,7 +1425,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(24), nil),
|
||||
@@ -1490,7 +1491,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(22), nil),
|
||||
@@ -1564,7 +1565,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(20), nil),
|
||||
@@ -1671,7 +1672,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(18), nil),
|
||||
@@ -1779,7 +1780,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(16), nil),
|
||||
@@ -1866,7 +1867,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
call("capBoundingSetDrop", stub.ExpectArgs{uintptr(0x28)}, nil, nil),
|
||||
call("capAmbientRaise", stub.ExpectArgs{uintptr(0x15)}, nil, nil),
|
||||
call("capset", stub.ExpectArgs{&capHeader{_LINUX_CAPABILITY_VERSION_3, 0}, &[2]capData{{0, 0x200000, 0x200000}, {0, 0, 0}}}, nil, nil),
|
||||
call("verbosef", stub.ExpectArgs{"resolving presets %#x", []any{seccomp.FilterPreset(0xf)}}, nil, nil),
|
||||
call("verbosef", stub.ExpectArgs{"resolving presets %#x", []any{bits.FilterPreset(0xf)}}, nil, nil),
|
||||
call("seccompLoad", stub.ExpectArgs{seccomp.Preset(0xf, 0), seccomp.ExportFlag(0)}, nil, stub.UniqueError(15)),
|
||||
call("fatalf", stub.ExpectArgs{"cannot load syscall filter: %v", []any{stub.UniqueError(15)}}, nil, nil),
|
||||
},
|
||||
@@ -2523,7 +2524,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(MustAbs("/"), MustAbs("/"), BindDevice).Proc(MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: seccomp.PresetStrict,
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(0), nil),
|
||||
@@ -2610,7 +2611,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
call("capBoundingSetDrop", stub.ExpectArgs{uintptr(0x28)}, nil, nil),
|
||||
call("capAmbientRaise", stub.ExpectArgs{uintptr(0x15)}, nil, nil),
|
||||
call("capset", stub.ExpectArgs{&capHeader{_LINUX_CAPABILITY_VERSION_3, 0}, &[2]capData{{0, 0x200000, 0x200000}, {0, 0, 0}}}, nil, nil),
|
||||
call("verbosef", stub.ExpectArgs{"resolving presets %#x", []any{seccomp.FilterPreset(0xf)}}, nil, nil),
|
||||
call("verbosef", stub.ExpectArgs{"resolving presets %#x", []any{bits.FilterPreset(0xf)}}, nil, nil),
|
||||
call("seccompLoad", stub.ExpectArgs{seccomp.Preset(0xf, 0), seccomp.ExportFlag(0)}, nil, nil),
|
||||
call("verbosef", stub.ExpectArgs{"%d filter rules loaded", []any{73}}, nil, nil),
|
||||
call("newFile", stub.ExpectArgs{uintptr(10), "extra file 0"}, (*os.File)(nil), nil),
|
||||
|
||||
Reference in New Issue
Block a user