container/bits: move bind bits

This allows referring to the bits without importing container. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-10-07 21:38:31 +09:00
parent 5d18af0007
commit 584ce3da68
12 changed files with 116 additions and 110 deletions
--- a/container/init_test.go
+++ b/container/init_test.go
@@ -350,7 +350,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(nil, nil, BindDevice),
+					Ops:            new(Ops).Bind(nil, nil, bits.BindDevice),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -388,7 +388,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -427,7 +427,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -466,7 +466,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -506,7 +506,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -547,7 +547,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -589,7 +589,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -632,7 +632,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -676,7 +676,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -721,7 +721,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -767,7 +767,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -822,7 +822,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -877,7 +877,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -933,7 +933,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -990,7 +990,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -1049,7 +1049,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -1109,7 +1109,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -1170,7 +1170,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -1232,7 +1232,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -1295,7 +1295,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -1359,7 +1359,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -1424,7 +1424,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -1490,7 +1490,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -1564,7 +1564,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -1671,7 +1671,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -1779,7 +1779,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,
@@ -1889,7 +1889,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 24,
 					Gid:            1 << 47,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompDisable: true,
 					ParentPerm:     0750,
@@ -2003,7 +2003,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 24,
 					Gid:            1 << 47,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompDisable: true,
 					ParentPerm:     0750,
@@ -2103,7 +2103,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 24,
 					Gid:            1 << 47,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompDisable: true,
 					ParentPerm:     0750,
@@ -2194,7 +2194,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 24,
 					Gid:            1 << 47,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompDisable: true,
 					ParentPerm:     0750,
@@ -2287,7 +2287,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 24,
 					Gid:            1 << 47,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompDisable: true,
 					ParentPerm:     0750,
@@ -2387,7 +2387,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 24,
 					Gid:            1 << 47,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompDisable: true,
 					ParentPerm:     0750,
@@ -2523,7 +2523,7 @@ func TestInitEntrypoint(t *testing.T) {
 					Uid:            1 << 32,
 					Gid:            1 << 31,
 					Hostname:       "hakurei-check",
-					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), BindDevice).Proc(check.MustAbs("/proc/")),
+					Ops:            new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
 					SeccompRules:   make([]seccomp.NativeRule, 0),
 					SeccompPresets: bits.PresetStrict,
 					RetainSession:  true,