container/init: close setup pipe early
All checks were successful
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m32s
Test / Sandbox (race detector) (push) Successful in 4m30s
Test / Hpkg (push) Successful in 4m48s
Test / Hakurei (race detector) (push) Successful in 6m17s
Test / Hakurei (push) Successful in 3m17s
Test / Flake checks (push) Successful in 1m21s
All checks were successful
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m32s
Test / Sandbox (race detector) (push) Successful in 4m30s
Test / Hpkg (push) Successful in 4m48s
Test / Hakurei (race detector) (push) Successful in 6m17s
Test / Hakurei (push) Successful in 3m17s
Test / Flake checks (push) Successful in 1m21s
This prevents leaking the setup pipe. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -45,6 +45,12 @@ machine.wait_for_file("/tmp/sway-ipc.sock")
|
||||
swaymsg("exec hakurei run cat")
|
||||
check_filter(0, "pdlike", "cat")
|
||||
|
||||
# Check fd leak:
|
||||
swaymsg("exec hakurei -v run sleep infinity")
|
||||
pd_identity0_sleep_pid = int(machine.wait_until_succeeds("pgrep -U 10000 -x sleep", timeout=60))
|
||||
print(machine.succeed(f"hakurei-test fd {pd_identity0_sleep_pid}"))
|
||||
machine.succeed(f"kill -INT {pd_identity0_sleep_pid}")
|
||||
|
||||
# Verify capabilities/securebits in user namespace:
|
||||
print(machine.succeed("sudo -u alice -i hakurei run capsh --print"))
|
||||
print(machine.succeed("sudo -u alice -i hakurei run capsh --has-no-new-privs"))
|
||||
|
||||
Reference in New Issue
Block a user