container: use more reliable nonexistence
All checks were successful
Test / Create distribution (push) Successful in 45s
Test / Sandbox (push) Successful in 2m21s
Test / Hakurei (push) Successful in 3m8s
Test / Planterette (push) Successful in 3m55s
Test / Sandbox (race detector) (push) Successful in 4m6s
Test / Hakurei (race detector) (push) Successful in 4m41s
Test / Flake checks (push) Successful in 1m18s
All checks were successful
Test / Create distribution (push) Successful in 45s
Test / Sandbox (push) Successful in 2m21s
Test / Hakurei (push) Successful in 3m8s
Test / Planterette (push) Successful in 3m55s
Test / Sandbox (race detector) (push) Successful in 4m6s
Test / Hakurei (race detector) (push) Successful in 4m41s
Test / Flake checks (push) Successful in 1m18s
Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
parent
6ba19a7ba5
commit
9d7a19d162
SSH Key Fingerprint:
SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
@ -17,6 +17,12 @@ import (
|
|||||||
"hakurei.app/container/seccomp"
|
"hakurei.app/container/seccomp"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
// Nonexistent is a path that cannot exist.
|
||||||
|
// /proc is chosen because a system with covered /proc is unsupported by this package.
|
||||||
|
Nonexistent = "/proc/nonexistent"
|
||||||
|
)
|
||||||
|
|
||||||
type (
|
type (
|
||||||
// Container represents a container environment being prepared or run.
|
// Container represents a container environment being prepared or run.
|
||||||
// None of [Container] methods are safe for concurrent use.
|
// None of [Container] methods are safe for concurrent use.
|
||||||
|
|||||||
@ -79,7 +79,7 @@ func TestExport(t *testing.T) {
|
|||||||
|
|
||||||
func BenchmarkExport(b *testing.B) {
|
func BenchmarkExport(b *testing.B) {
|
||||||
buf := make([]byte, 8)
|
buf := make([]byte, 8)
|
||||||
for i := 0; i < b.N; i++ {
|
for b.Loop() {
|
||||||
e := New(
|
e := New(
|
||||||
Preset(PresetExt|PresetDenyNS|PresetDenyTTY|PresetDenyDevel|PresetLinux32,
|
Preset(PresetExt|PresetDenyNS|PresetDenyTTY|PresetDenyDevel|PresetLinux32,
|
||||||
AllowMultiarch|AllowCAN|AllowBluetooth),
|
AllowMultiarch|AllowCAN|AllowBluetooth),
|
||||||
|
|||||||
@ -8,12 +8,13 @@ import (
|
|||||||
"os/exec"
|
"os/exec"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"hakurei.app/container"
|
||||||
"hakurei.app/helper"
|
"hakurei.app/helper"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestCmd(t *testing.T) {
|
func TestCmd(t *testing.T) {
|
||||||
t.Run("start non-existent helper path", func(t *testing.T) {
|
t.Run("start non-existent helper path", func(t *testing.T) {
|
||||||
h := helper.NewDirect(t.Context(), "/proc/nonexistent", argsWt, false, argF, nil, nil)
|
h := helper.NewDirect(t.Context(), container.Nonexistent, argsWt, false, argF, nil, nil)
|
||||||
|
|
||||||
if err := h.Start(); !errors.Is(err, os.ErrNotExist) {
|
if err := h.Start(); !errors.Is(err, os.ErrNotExist) {
|
||||||
t.Errorf("Start: error = %v, wantErr %v",
|
t.Errorf("Start: error = %v, wantErr %v",
|
||||||
|
|||||||
@ -15,7 +15,7 @@ import (
|
|||||||
|
|
||||||
func TestContainer(t *testing.T) {
|
func TestContainer(t *testing.T) {
|
||||||
t.Run("start empty container", func(t *testing.T) {
|
t.Run("start empty container", func(t *testing.T) {
|
||||||
h := helper.New(t.Context(), "/nonexistent", argsWt, false, argF, nil, nil)
|
h := helper.New(t.Context(), container.Nonexistent, argsWt, false, argF, nil, nil)
|
||||||
|
|
||||||
wantErr := "sandbox: starting an empty container"
|
wantErr := "sandbox: starting an empty container"
|
||||||
if err := h.Start(); err == nil || err.Error() != wantErr {
|
if err := h.Start(); err == nil || err.Error() != wantErr {
|
||||||
|
|||||||
@ -3,6 +3,7 @@ package system
|
|||||||
import (
|
import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"hakurei.app/container"
|
||||||
"hakurei.app/system/acl"
|
"hakurei.app/system/acl"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -52,19 +53,19 @@ func TestACLString(t *testing.T) {
|
|||||||
et Enablement
|
et Enablement
|
||||||
perms []acl.Perm
|
perms []acl.Perm
|
||||||
}{
|
}{
|
||||||
{`--- type: process path: "/nonexistent"`, Process, []acl.Perm{}},
|
{`--- type: process path: "/proc/nonexistent"`, Process, []acl.Perm{}},
|
||||||
{`r-- type: user path: "/nonexistent"`, User, []acl.Perm{acl.Read}},
|
{`r-- type: user path: "/proc/nonexistent"`, User, []acl.Perm{acl.Read}},
|
||||||
{`-w- type: wayland path: "/nonexistent"`, EWayland, []acl.Perm{acl.Write}},
|
{`-w- type: wayland path: "/proc/nonexistent"`, EWayland, []acl.Perm{acl.Write}},
|
||||||
{`--x type: x11 path: "/nonexistent"`, EX11, []acl.Perm{acl.Execute}},
|
{`--x type: x11 path: "/proc/nonexistent"`, EX11, []acl.Perm{acl.Execute}},
|
||||||
{`rw- type: dbus path: "/nonexistent"`, EDBus, []acl.Perm{acl.Read, acl.Write}},
|
{`rw- type: dbus path: "/proc/nonexistent"`, EDBus, []acl.Perm{acl.Read, acl.Write}},
|
||||||
{`r-x type: pulseaudio path: "/nonexistent"`, EPulse, []acl.Perm{acl.Read, acl.Execute}},
|
{`r-x type: pulseaudio path: "/proc/nonexistent"`, EPulse, []acl.Perm{acl.Read, acl.Execute}},
|
||||||
{`rwx type: user path: "/nonexistent"`, User, []acl.Perm{acl.Read, acl.Write, acl.Execute}},
|
{`rwx type: user path: "/proc/nonexistent"`, User, []acl.Perm{acl.Read, acl.Write, acl.Execute}},
|
||||||
{`rwx type: process path: "/nonexistent"`, Process, []acl.Perm{acl.Read, acl.Write, acl.Write, acl.Execute}},
|
{`rwx type: process path: "/proc/nonexistent"`, Process, []acl.Perm{acl.Read, acl.Write, acl.Write, acl.Execute}},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, tc := range testCases {
|
for _, tc := range testCases {
|
||||||
t.Run(tc.want, func(t *testing.T) {
|
t.Run(tc.want, func(t *testing.T) {
|
||||||
a := &ACL{et: tc.et, perms: tc.perms, path: "/nonexistent"}
|
a := &ACL{et: tc.et, perms: tc.perms, path: container.Nonexistent}
|
||||||
if got := a.String(); got != tc.want {
|
if got := a.String(); got != tc.want {
|
||||||
t.Errorf("String() = %v, want %v",
|
t.Errorf("String() = %v, want %v",
|
||||||
got, tc.want)
|
got, tc.want)
|
||||||
|
|||||||
@ -3,6 +3,8 @@ package system
|
|||||||
import (
|
import (
|
||||||
"os"
|
"os"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"hakurei.app/container"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestEnsure(t *testing.T) {
|
func TestEnsure(t *testing.T) {
|
||||||
@ -60,11 +62,11 @@ func TestMkdirString(t *testing.T) {
|
|||||||
t.Run(tc.want, func(t *testing.T) {
|
t.Run(tc.want, func(t *testing.T) {
|
||||||
m := &Mkdir{
|
m := &Mkdir{
|
||||||
et: tc.et,
|
et: tc.et,
|
||||||
path: "/nonexistent",
|
path: container.Nonexistent,
|
||||||
perm: 0701,
|
perm: 0701,
|
||||||
ephemeral: tc.ephemeral,
|
ephemeral: tc.ephemeral,
|
||||||
}
|
}
|
||||||
want := "mode: " + os.FileMode(0701).String() + " type: " + tc.want + " path: \"/nonexistent\""
|
want := "mode: " + os.FileMode(0701).String() + " type: " + tc.want + ` path: "/proc/nonexistent"`
|
||||||
if got := m.String(); got != want {
|
if got := m.String(); got != want {
|
||||||
t.Errorf("String() = %v, want %v", got, want)
|
t.Errorf("String() = %v, want %v", got, want)
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user