std: rename from comp
All checks were successful
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 2m12s
Test / Hakurei (push) Successful in 3m9s
Test / Hpkg (push) Successful in 3m59s
Test / Sandbox (race detector) (push) Successful in 4m10s
Test / Hakurei (race detector) (push) Successful in 5m4s
Test / Flake checks (push) Successful in 1m28s
All checks were successful
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 2m12s
Test / Hakurei (push) Successful in 3m9s
Test / Hpkg (push) Successful in 3m59s
Test / Sandbox (race detector) (push) Successful in 4m10s
Test / Hakurei (race detector) (push) Successful in 5m4s
Test / Flake checks (push) Successful in 1m28s
Seccomp lookup tables are going to be relocated here, and PNR constants. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -7,8 +7,8 @@ import (
|
||||
"time"
|
||||
|
||||
"hakurei.app/container/check"
|
||||
"hakurei.app/container/comp"
|
||||
"hakurei.app/container/seccomp"
|
||||
"hakurei.app/container/std"
|
||||
"hakurei.app/container/stub"
|
||||
)
|
||||
|
||||
@@ -70,7 +70,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(79), nil),
|
||||
@@ -95,7 +95,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(78), nil),
|
||||
@@ -123,7 +123,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(76), nil),
|
||||
@@ -152,7 +152,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(74), nil),
|
||||
@@ -182,7 +182,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(72), nil),
|
||||
@@ -213,7 +213,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(70), nil),
|
||||
@@ -245,7 +245,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(68), nil),
|
||||
@@ -279,7 +279,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(66), nil),
|
||||
@@ -315,7 +315,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(64), nil),
|
||||
@@ -351,9 +351,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(nil, nil, comp.BindDevice),
|
||||
Ops: new(Ops).Bind(nil, nil, std.BindDevice),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(63), nil),
|
||||
@@ -389,9 +389,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(62), nil),
|
||||
@@ -428,9 +428,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(60), nil),
|
||||
@@ -467,9 +467,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(59), nil),
|
||||
@@ -507,9 +507,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(57), nil),
|
||||
@@ -548,9 +548,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(55), nil),
|
||||
@@ -590,9 +590,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(53), nil),
|
||||
@@ -633,9 +633,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(51), nil),
|
||||
@@ -677,9 +677,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(49), nil),
|
||||
@@ -722,9 +722,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(47), nil),
|
||||
@@ -768,9 +768,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(45), nil),
|
||||
@@ -823,9 +823,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(43), nil),
|
||||
@@ -878,9 +878,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(42), nil),
|
||||
@@ -934,9 +934,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(40), nil),
|
||||
@@ -991,9 +991,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(38), nil),
|
||||
@@ -1050,9 +1050,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(36), nil),
|
||||
@@ -1110,9 +1110,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(34), nil),
|
||||
@@ -1171,9 +1171,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(32), nil),
|
||||
@@ -1233,9 +1233,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(30), nil),
|
||||
@@ -1296,9 +1296,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(28), nil),
|
||||
@@ -1360,9 +1360,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(26), nil),
|
||||
@@ -1425,9 +1425,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(24), nil),
|
||||
@@ -1491,9 +1491,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(22), nil),
|
||||
@@ -1565,9 +1565,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(20), nil),
|
||||
@@ -1672,9 +1672,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(18), nil),
|
||||
@@ -1780,9 +1780,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(16), nil),
|
||||
@@ -1869,7 +1869,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
call("capBoundingSetDrop", stub.ExpectArgs{uintptr(0x28)}, nil, nil),
|
||||
call("capAmbientRaise", stub.ExpectArgs{uintptr(0x15)}, nil, nil),
|
||||
call("capset", stub.ExpectArgs{&capHeader{_LINUX_CAPABILITY_VERSION_3, 0}, &[2]capData{{0, 0x200000, 0x200000}, {0, 0, 0}}}, nil, nil),
|
||||
call("verbosef", stub.ExpectArgs{"resolving presets %#x", []any{comp.FilterPreset(0xf)}}, nil, nil),
|
||||
call("verbosef", stub.ExpectArgs{"resolving presets %#x", []any{std.FilterPreset(0xf)}}, nil, nil),
|
||||
call("seccompLoad", stub.ExpectArgs{seccomp.Preset(0xf, 0), seccomp.ExportFlag(0)}, nil, stub.UniqueError(15)),
|
||||
call("fatalf", stub.ExpectArgs{"cannot load syscall filter: %v", []any{stub.UniqueError(15)}}, nil, nil),
|
||||
},
|
||||
@@ -1890,7 +1890,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 24,
|
||||
Gid: 1 << 47,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompDisable: true,
|
||||
ParentPerm: 0750,
|
||||
@@ -2004,7 +2004,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 24,
|
||||
Gid: 1 << 47,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompDisable: true,
|
||||
ParentPerm: 0750,
|
||||
@@ -2102,7 +2102,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 24,
|
||||
Gid: 1 << 47,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompDisable: true,
|
||||
ParentPerm: 0750,
|
||||
@@ -2200,7 +2200,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 24,
|
||||
Gid: 1 << 47,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompDisable: true,
|
||||
ParentPerm: 0750,
|
||||
@@ -2291,7 +2291,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 24,
|
||||
Gid: 1 << 47,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompDisable: true,
|
||||
ParentPerm: 0750,
|
||||
@@ -2384,7 +2384,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 24,
|
||||
Gid: 1 << 47,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompDisable: true,
|
||||
ParentPerm: 0750,
|
||||
@@ -2484,7 +2484,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 24,
|
||||
Gid: 1 << 47,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompDisable: true,
|
||||
ParentPerm: 0750,
|
||||
@@ -2620,9 +2620,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), std.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
SeccompPresets: std.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(0), nil),
|
||||
@@ -2709,7 +2709,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
call("capBoundingSetDrop", stub.ExpectArgs{uintptr(0x28)}, nil, nil),
|
||||
call("capAmbientRaise", stub.ExpectArgs{uintptr(0x15)}, nil, nil),
|
||||
call("capset", stub.ExpectArgs{&capHeader{_LINUX_CAPABILITY_VERSION_3, 0}, &[2]capData{{0, 0x200000, 0x200000}, {0, 0, 0}}}, nil, nil),
|
||||
call("verbosef", stub.ExpectArgs{"resolving presets %#x", []any{comp.FilterPreset(0xf)}}, nil, nil),
|
||||
call("verbosef", stub.ExpectArgs{"resolving presets %#x", []any{std.FilterPreset(0xf)}}, nil, nil),
|
||||
call("seccompLoad", stub.ExpectArgs{seccomp.Preset(0xf, 0), seccomp.ExportFlag(0)}, nil, nil),
|
||||
call("verbosef", stub.ExpectArgs{"%d filter rules loaded", []any{73}}, nil, nil),
|
||||
call("newFile", stub.ExpectArgs{uintptr(10), "extra file 0"}, (*os.File)(nil), nil),
|
||||
|
||||
Reference in New Issue
Block a user