From 749a2779f5ba8b2c575d1459db04c9209d914627 Mon Sep 17 00:00:00 2001 From: Ophestra Date: Wed, 9 Jul 2025 04:45:54 +0900 Subject: [PATCH] test/sandbox: add arm64 constants Most of these are differences in qemu. Signed-off-by: Ophestra --- container/seccomp/hash_arm64_test.go | 2 + test/sandbox/case/default.nix | 1 + test/sandbox/case/device.nix | 44 ++++++++++++++------ test/sandbox/case/mapuid.nix | 62 ++++++++++++++++++---------- test/sandbox/case/pdlike.nix | 62 ++++++++++++++++++---------- test/sandbox/case/preset.nix | 62 ++++++++++++++++++---------- test/sandbox/case/tty.nix | 62 ++++++++++++++++++---------- 7 files changed, 198 insertions(+), 97 deletions(-) diff --git a/container/seccomp/hash_arm64_test.go b/container/seccomp/hash_arm64_test.go index eb464c8..d8ffa18 100644 --- a/container/seccomp/hash_arm64_test.go +++ b/container/seccomp/hash_arm64_test.go @@ -19,4 +19,6 @@ var bpfExpected = bpfLookup{ "228286c2f5df8e44463be0a57b91977b7f38b63b09e5d98dfabe5c61545b8f9ac3e5ea3d86df55d7edf2ce61875f0a5a85c0ab82800bef178c42533e8bdc9a6c"), {0, PresetExt | PresetDenyDevel}: toHash( "433ce9b911282d6dcc8029319fb79b816b60d5a795ec8fc94344dd027614d68f023166a91bb881faaeeedd26e3d89474e141e5a69a97e93b8984ca8f14999980"), + {0, PresetExt | PresetDenyNS | PresetDenyDevel}: toHash( + "cf1f4dc87436ba8ec95d268b663a6397bb0b4a5ac64d8557e6cc529d8b0f6f65dad3a92b62ed29d85eee9c6dde1267757a4d0f86032e8a45ca1bceadfa34cf5e"), } diff --git a/test/sandbox/case/default.nix b/test/sandbox/case/default.nix index 6c7cf12..fa5cca5 100644 --- a/test/sandbox/case/default.nix +++ b/test/sandbox/case/default.nix @@ -31,6 +31,7 @@ let fs ent ignore + system ; }; in diff --git a/test/sandbox/case/device.nix b/test/sandbox/case/device.nix index cba608f..f879f0c 100644 --- a/test/sandbox/case/device.nix +++ b/test/sandbox/case/device.nix @@ -2,7 +2,22 @@ fs, ent, ignore, + system, }: +let + extraPaths = { + x86_64-linux = { + fd = "fd0"; + sr = { + sr0 = fs "80001ff" null null; + }; + }; + aarch64-linux = { + fd = "mtdblock0"; + sr = { }; + }; + }; +in { name = "device"; tty = false; @@ -14,6 +29,7 @@ # 0, PresetStrict expectedFilter = { x86_64-linux = "e880298df2bd6751d0040fc21bc0ed4c00f95dc0d7ba506c244d8b8cf6866dba8ef4a33296f287b66cccc1d78e97026597f84cc7dec1573e148960fbd35cd735"; + aarch64-linux = "79318538a3dc851314b6bd96f10d5861acb2aa7e13cb8de0619d0f6a76709d67f01ef3fd67e195862b02f9711e5b769bc4d1eb4fc0dfc41a723c89c968a93297"; }; want = { @@ -119,19 +135,21 @@ } null; } null; sys = fs "800001c0" { - block = fs "800001ed" { - fd0 = fs "80001ff" null null; - loop0 = fs "80001ff" null null; - loop1 = fs "80001ff" null null; - loop2 = fs "80001ff" null null; - loop3 = fs "80001ff" null null; - loop4 = fs "80001ff" null null; - loop5 = fs "80001ff" null null; - loop6 = fs "80001ff" null null; - loop7 = fs "80001ff" null null; - sr0 = fs "80001ff" null null; - vda = fs "80001ff" null null; - } null; + block = fs "800001ed" ( + { + ${extraPaths.${system}.fd} = fs "80001ff" null null; + loop0 = fs "80001ff" null null; + loop1 = fs "80001ff" null null; + loop2 = fs "80001ff" null null; + loop3 = fs "80001ff" null null; + loop4 = fs "80001ff" null null; + loop5 = fs "80001ff" null null; + loop6 = fs "80001ff" null null; + loop7 = fs "80001ff" null null; + vda = fs "80001ff" null null; + } + // extraPaths.${system}.sr + ) null; bus = fs "800001ed" null null; class = fs "800001ed" null null; dev = fs "800001ed" { diff --git a/test/sandbox/case/mapuid.nix b/test/sandbox/case/mapuid.nix index 78f23dc..f5e3b4d 100644 --- a/test/sandbox/case/mapuid.nix +++ b/test/sandbox/case/mapuid.nix @@ -2,7 +2,31 @@ fs, ent, ignore, + system, }: +let + extraPaths = { + x86_64-linux = { + fd = "fd0"; + "/dev/dri" = { + by-path = fs "800001ed" { + "pci-0000:00:09.0-card" = fs "80001ff" null null; + "pci-0000:00:09.0-render" = fs "80001ff" null null; + } null; + card0 = fs "42001b0" null null; + renderD128 = fs "42001b6" null null; + }; + sr = { + sr0 = fs "80001ff" null null; + }; + }; + aarch64-linux = { + fd = "mtdblock0"; + "/dev/dri" = null; + sr = { }; + }; + }; +in { name = "mapuid"; tty = false; @@ -14,6 +38,7 @@ # 0, PresetStrict expectedFilter = { x86_64-linux = "e880298df2bd6751d0040fc21bc0ed4c00f95dc0d7ba506c244d8b8cf6866dba8ef4a33296f287b66cccc1d78e97026597f84cc7dec1573e148960fbd35cd735"; + aarch64-linux = "79318538a3dc851314b6bd96f10d5861acb2aa7e13cb8de0619d0f6a76709d67f01ef3fd67e195862b02f9711e5b769bc4d1eb4fc0dfc41a723c89c968a93297"; }; want = { @@ -35,14 +60,7 @@ bin = fs "800001ed" { sh = fs "80001ff" null null; } null; dev = fs "800001ed" { core = fs "80001ff" null null; - dri = fs "800001ed" { - by-path = fs "800001ed" { - "pci-0000:00:09.0-card" = fs "80001ff" null null; - "pci-0000:00:09.0-render" = fs "80001ff" null null; - } null; - card0 = fs "42001b0" null null; - renderD128 = fs "42001b6" null null; - } null; + dri = fs "800001ed" extraPaths.${system}."/dev/dri" null; fd = fs "80001ff" null null; full = fs "42001b6" null null; mqueue = fs "801001ff" { } null; @@ -143,19 +161,21 @@ } null; } null; sys = fs "800001c0" { - block = fs "800001ed" { - fd0 = fs "80001ff" null null; - loop0 = fs "80001ff" null null; - loop1 = fs "80001ff" null null; - loop2 = fs "80001ff" null null; - loop3 = fs "80001ff" null null; - loop4 = fs "80001ff" null null; - loop5 = fs "80001ff" null null; - loop6 = fs "80001ff" null null; - loop7 = fs "80001ff" null null; - sr0 = fs "80001ff" null null; - vda = fs "80001ff" null null; - } null; + block = fs "800001ed" ( + { + ${extraPaths.${system}.fd} = fs "80001ff" null null; + loop0 = fs "80001ff" null null; + loop1 = fs "80001ff" null null; + loop2 = fs "80001ff" null null; + loop3 = fs "80001ff" null null; + loop4 = fs "80001ff" null null; + loop5 = fs "80001ff" null null; + loop6 = fs "80001ff" null null; + loop7 = fs "80001ff" null null; + vda = fs "80001ff" null null; + } + // extraPaths.${system}.sr + ) null; bus = fs "800001ed" null null; class = fs "800001ed" null null; dev = fs "800001ed" { diff --git a/test/sandbox/case/pdlike.nix b/test/sandbox/case/pdlike.nix index 6c42e9d..01b5fe1 100644 --- a/test/sandbox/case/pdlike.nix +++ b/test/sandbox/case/pdlike.nix @@ -2,7 +2,31 @@ fs, ent, ignore, + system, }: +let + extraPaths = { + x86_64-linux = { + fd = "fd0"; + "/dev/dri" = { + by-path = fs "800001ed" { + "pci-0000:00:09.0-card" = fs "80001ff" null null; + "pci-0000:00:09.0-render" = fs "80001ff" null null; + } null; + card0 = fs "42001b0" null null; + renderD128 = fs "42001b6" null null; + }; + sr = { + sr0 = fs "80001ff" null null; + }; + }; + aarch64-linux = { + fd = "mtdblock0"; + "/dev/dri" = null; + sr = { }; + }; + }; +in { name = "pdlike"; tty = true; @@ -14,6 +38,7 @@ # 0, PresetExt | PresetDenyDevel expectedFilter = { x86_64-linux = "c698b081ff957afe17a6d94374537d37f2a63f6f9dd75da7546542407a9e32476ebda3312ba7785d7f618542bcfaf27ca27dcc2dddba852069d28bcfe8cad39a"; + aarch64-linux = "433ce9b911282d6dcc8029319fb79b816b60d5a795ec8fc94344dd027614d68f023166a91bb881faaeeedd26e3d89474e141e5a69a97e93b8984ca8f14999980"; }; want = { @@ -36,14 +61,7 @@ dev = fs "800001ed" { console = fs "4200190" null null; core = fs "80001ff" null null; - dri = fs "800001ed" { - by-path = fs "800001ed" { - "pci-0000:00:09.0-card" = fs "80001ff" null null; - "pci-0000:00:09.0-render" = fs "80001ff" null null; - } null; - card0 = fs "42001b0" null null; - renderD128 = fs "42001b6" null null; - } null; + dri = fs "800001ed" extraPaths.${system}."/dev/dri" null; fd = fs "80001ff" null null; full = fs "42001b6" null null; mqueue = fs "801001ff" { } null; @@ -144,19 +162,21 @@ } null; } null; sys = fs "800001c0" { - block = fs "800001ed" { - fd0 = fs "80001ff" null null; - loop0 = fs "80001ff" null null; - loop1 = fs "80001ff" null null; - loop2 = fs "80001ff" null null; - loop3 = fs "80001ff" null null; - loop4 = fs "80001ff" null null; - loop5 = fs "80001ff" null null; - loop6 = fs "80001ff" null null; - loop7 = fs "80001ff" null null; - sr0 = fs "80001ff" null null; - vda = fs "80001ff" null null; - } null; + block = fs "800001ed" ( + { + ${extraPaths.${system}.fd} = fs "80001ff" null null; + loop0 = fs "80001ff" null null; + loop1 = fs "80001ff" null null; + loop2 = fs "80001ff" null null; + loop3 = fs "80001ff" null null; + loop4 = fs "80001ff" null null; + loop5 = fs "80001ff" null null; + loop6 = fs "80001ff" null null; + loop7 = fs "80001ff" null null; + vda = fs "80001ff" null null; + } + // extraPaths.${system}.sr + ) null; bus = fs "800001ed" null null; class = fs "800001ed" null null; dev = fs "800001ed" { diff --git a/test/sandbox/case/preset.nix b/test/sandbox/case/preset.nix index ded3175..78b1ea9 100644 --- a/test/sandbox/case/preset.nix +++ b/test/sandbox/case/preset.nix @@ -2,7 +2,31 @@ fs, ent, ignore, + system, }: +let + extraPaths = { + x86_64-linux = { + fd = "fd0"; + "/dev/dri" = { + by-path = fs "800001ed" { + "pci-0000:00:09.0-card" = fs "80001ff" null null; + "pci-0000:00:09.0-render" = fs "80001ff" null null; + } null; + card0 = fs "42001b0" null null; + renderD128 = fs "42001b6" null null; + }; + sr = { + sr0 = fs "80001ff" null null; + }; + }; + aarch64-linux = { + fd = "mtdblock0"; + "/dev/dri" = null; + sr = { }; + }; + }; +in { name = "preset"; tty = false; @@ -14,6 +38,7 @@ # 0, PresetStrict expectedFilter = { x86_64-linux = "e880298df2bd6751d0040fc21bc0ed4c00f95dc0d7ba506c244d8b8cf6866dba8ef4a33296f287b66cccc1d78e97026597f84cc7dec1573e148960fbd35cd735"; + aarch64-linux = "79318538a3dc851314b6bd96f10d5861acb2aa7e13cb8de0619d0f6a76709d67f01ef3fd67e195862b02f9711e5b769bc4d1eb4fc0dfc41a723c89c968a93297"; }; want = { @@ -35,14 +60,7 @@ bin = fs "800001ed" { sh = fs "80001ff" null null; } null; dev = fs "800001ed" { core = fs "80001ff" null null; - dri = fs "800001ed" { - by-path = fs "800001ed" { - "pci-0000:00:09.0-card" = fs "80001ff" null null; - "pci-0000:00:09.0-render" = fs "80001ff" null null; - } null; - card0 = fs "42001b0" null null; - renderD128 = fs "42001b6" null null; - } null; + dri = fs "800001ed" extraPaths.${system}."/dev/dri" null; fd = fs "80001ff" null null; full = fs "42001b6" null null; mqueue = fs "801001ff" { } null; @@ -143,19 +161,21 @@ } null; } null; sys = fs "800001c0" { - block = fs "800001ed" { - fd0 = fs "80001ff" null null; - loop0 = fs "80001ff" null null; - loop1 = fs "80001ff" null null; - loop2 = fs "80001ff" null null; - loop3 = fs "80001ff" null null; - loop4 = fs "80001ff" null null; - loop5 = fs "80001ff" null null; - loop6 = fs "80001ff" null null; - loop7 = fs "80001ff" null null; - sr0 = fs "80001ff" null null; - vda = fs "80001ff" null null; - } null; + block = fs "800001ed" ( + { + ${extraPaths.${system}.fd} = fs "80001ff" null null; + loop0 = fs "80001ff" null null; + loop1 = fs "80001ff" null null; + loop2 = fs "80001ff" null null; + loop3 = fs "80001ff" null null; + loop4 = fs "80001ff" null null; + loop5 = fs "80001ff" null null; + loop6 = fs "80001ff" null null; + loop7 = fs "80001ff" null null; + vda = fs "80001ff" null null; + } + // extraPaths.${system}.sr + ) null; bus = fs "800001ed" null null; class = fs "800001ed" null null; dev = fs "800001ed" { diff --git a/test/sandbox/case/tty.nix b/test/sandbox/case/tty.nix index 55de7e9..2ddb54a 100644 --- a/test/sandbox/case/tty.nix +++ b/test/sandbox/case/tty.nix @@ -2,7 +2,31 @@ fs, ent, ignore, + system, }: +let + extraPaths = { + x86_64-linux = { + fd = "fd0"; + "/dev/dri" = { + by-path = fs "800001ed" { + "pci-0000:00:09.0-card" = fs "80001ff" null null; + "pci-0000:00:09.0-render" = fs "80001ff" null null; + } null; + card0 = fs "42001b0" null null; + renderD128 = fs "42001b6" null null; + }; + sr = { + sr0 = fs "80001ff" null null; + }; + }; + aarch64-linux = { + fd = "mtdblock0"; + "/dev/dri" = null; + sr = { }; + }; + }; +in { name = "tty"; tty = true; @@ -14,6 +38,7 @@ # 0, PresetExt | PresetDenyNS | PresetDenyDevel expectedFilter = { x86_64-linux = "0b76007476c1c9e25dbf674c29fdf609a1656a70063e49327654e1b5360ad3da06e1a3e32bf80e961c5516ad83d4b9e7e9bde876a93797e27627d2555c25858b"; + aarch64-linux = "cf1f4dc87436ba8ec95d268b663a6397bb0b4a5ac64d8557e6cc529d8b0f6f65dad3a92b62ed29d85eee9c6dde1267757a4d0f86032e8a45ca1bceadfa34cf5e"; }; want = { @@ -36,14 +61,7 @@ dev = fs "800001ed" { console = fs "4200190" null null; core = fs "80001ff" null null; - dri = fs "800001ed" { - by-path = fs "800001ed" { - "pci-0000:00:09.0-card" = fs "80001ff" null null; - "pci-0000:00:09.0-render" = fs "80001ff" null null; - } null; - card0 = fs "42001b0" null null; - renderD128 = fs "42001b6" null null; - } null; + dri = fs "800001ed" extraPaths.${system}."/dev/dri" null; fd = fs "80001ff" null null; full = fs "42001b6" null null; mqueue = fs "801001ff" { } null; @@ -144,19 +162,21 @@ } null; } null; sys = fs "800001c0" { - block = fs "800001ed" { - fd0 = fs "80001ff" null null; - loop0 = fs "80001ff" null null; - loop1 = fs "80001ff" null null; - loop2 = fs "80001ff" null null; - loop3 = fs "80001ff" null null; - loop4 = fs "80001ff" null null; - loop5 = fs "80001ff" null null; - loop6 = fs "80001ff" null null; - loop7 = fs "80001ff" null null; - sr0 = fs "80001ff" null null; - vda = fs "80001ff" null null; - } null; + block = fs "800001ed" ( + { + ${extraPaths.${system}.fd} = fs "80001ff" null null; + loop0 = fs "80001ff" null null; + loop1 = fs "80001ff" null null; + loop2 = fs "80001ff" null null; + loop3 = fs "80001ff" null null; + loop4 = fs "80001ff" null null; + loop5 = fs "80001ff" null null; + loop6 = fs "80001ff" null null; + loop7 = fs "80001ff" null null; + vda = fs "80001ff" null null; + } + // extraPaths.${system}.sr + ) null; bus = fs "800001ed" null null; class = fs "800001ed" null null; dev = fs "800001ed" {