container/comp: rename from bits
All checks were successful
Test / Create distribution (push) Successful in 32s
Test / Sandbox (push) Successful in 2m19s
Test / Hakurei (push) Successful in 3m9s
Test / Hpkg (push) Successful in 3m53s
Test / Sandbox (race detector) (push) Successful in 4m2s
Test / Hakurei (race detector) (push) Successful in 4m43s
Test / Flake checks (push) Successful in 1m23s
All checks were successful
Test / Create distribution (push) Successful in 32s
Test / Sandbox (push) Successful in 2m19s
Test / Hakurei (push) Successful in 3m9s
Test / Hpkg (push) Successful in 3m53s
Test / Sandbox (race detector) (push) Successful in 4m2s
Test / Hakurei (race detector) (push) Successful in 4m43s
Test / Flake checks (push) Successful in 1m23s
This package will also hold syscall lookup tables for seccomp. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -6,8 +6,8 @@ import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"hakurei.app/container/bits"
|
||||
"hakurei.app/container/check"
|
||||
"hakurei.app/container/comp"
|
||||
"hakurei.app/container/seccomp"
|
||||
"hakurei.app/container/stub"
|
||||
)
|
||||
@@ -70,7 +70,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(79), nil),
|
||||
@@ -95,7 +95,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(78), nil),
|
||||
@@ -123,7 +123,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(76), nil),
|
||||
@@ -152,7 +152,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(74), nil),
|
||||
@@ -182,7 +182,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(72), nil),
|
||||
@@ -213,7 +213,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(70), nil),
|
||||
@@ -245,7 +245,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(68), nil),
|
||||
@@ -279,7 +279,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(66), nil),
|
||||
@@ -315,7 +315,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Hostname: "hakurei-check",
|
||||
Ops: (*Ops)(sliceAddr(make(Ops, 1))),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(64), nil),
|
||||
@@ -351,9 +351,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(nil, nil, bits.BindDevice),
|
||||
Ops: new(Ops).Bind(nil, nil, comp.BindDevice),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(63), nil),
|
||||
@@ -389,9 +389,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(62), nil),
|
||||
@@ -428,9 +428,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(60), nil),
|
||||
@@ -467,9 +467,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(59), nil),
|
||||
@@ -507,9 +507,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(57), nil),
|
||||
@@ -548,9 +548,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(55), nil),
|
||||
@@ -590,9 +590,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(53), nil),
|
||||
@@ -633,9 +633,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(51), nil),
|
||||
@@ -677,9 +677,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(49), nil),
|
||||
@@ -722,9 +722,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(47), nil),
|
||||
@@ -768,9 +768,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(45), nil),
|
||||
@@ -823,9 +823,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(43), nil),
|
||||
@@ -878,9 +878,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(42), nil),
|
||||
@@ -934,9 +934,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(40), nil),
|
||||
@@ -991,9 +991,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(38), nil),
|
||||
@@ -1050,9 +1050,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(36), nil),
|
||||
@@ -1110,9 +1110,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(34), nil),
|
||||
@@ -1171,9 +1171,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(32), nil),
|
||||
@@ -1233,9 +1233,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(30), nil),
|
||||
@@ -1296,9 +1296,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(28), nil),
|
||||
@@ -1360,9 +1360,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(26), nil),
|
||||
@@ -1425,9 +1425,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(24), nil),
|
||||
@@ -1491,9 +1491,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(22), nil),
|
||||
@@ -1565,9 +1565,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(20), nil),
|
||||
@@ -1672,9 +1672,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(18), nil),
|
||||
@@ -1780,9 +1780,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(16), nil),
|
||||
@@ -1869,7 +1869,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
call("capBoundingSetDrop", stub.ExpectArgs{uintptr(0x28)}, nil, nil),
|
||||
call("capAmbientRaise", stub.ExpectArgs{uintptr(0x15)}, nil, nil),
|
||||
call("capset", stub.ExpectArgs{&capHeader{_LINUX_CAPABILITY_VERSION_3, 0}, &[2]capData{{0, 0x200000, 0x200000}, {0, 0, 0}}}, nil, nil),
|
||||
call("verbosef", stub.ExpectArgs{"resolving presets %#x", []any{bits.FilterPreset(0xf)}}, nil, nil),
|
||||
call("verbosef", stub.ExpectArgs{"resolving presets %#x", []any{comp.FilterPreset(0xf)}}, nil, nil),
|
||||
call("seccompLoad", stub.ExpectArgs{seccomp.Preset(0xf, 0), seccomp.ExportFlag(0)}, nil, stub.UniqueError(15)),
|
||||
call("fatalf", stub.ExpectArgs{"cannot load syscall filter: %v", []any{stub.UniqueError(15)}}, nil, nil),
|
||||
},
|
||||
@@ -1890,7 +1890,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 24,
|
||||
Gid: 1 << 47,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompDisable: true,
|
||||
ParentPerm: 0750,
|
||||
@@ -2004,7 +2004,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 24,
|
||||
Gid: 1 << 47,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompDisable: true,
|
||||
ParentPerm: 0750,
|
||||
@@ -2106,7 +2106,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 24,
|
||||
Gid: 1 << 47,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompDisable: true,
|
||||
ParentPerm: 0750,
|
||||
@@ -2199,7 +2199,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 24,
|
||||
Gid: 1 << 47,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompDisable: true,
|
||||
ParentPerm: 0750,
|
||||
@@ -2294,7 +2294,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 24,
|
||||
Gid: 1 << 47,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompDisable: true,
|
||||
ParentPerm: 0750,
|
||||
@@ -2396,7 +2396,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 24,
|
||||
Gid: 1 << 47,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompDisable: true,
|
||||
ParentPerm: 0750,
|
||||
@@ -2534,9 +2534,9 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
Uid: 1 << 32,
|
||||
Gid: 1 << 31,
|
||||
Hostname: "hakurei-check",
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), bits.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
Ops: new(Ops).Bind(check.MustAbs("/"), check.MustAbs("/"), comp.BindDevice).Proc(check.MustAbs("/proc/")),
|
||||
SeccompRules: make([]seccomp.NativeRule, 0),
|
||||
SeccompPresets: bits.PresetStrict,
|
||||
SeccompPresets: comp.PresetStrict,
|
||||
RetainSession: true,
|
||||
Privileged: true,
|
||||
}, 1000, 100, 3, true}, uintptr(9)}, stub.UniqueError(0), nil),
|
||||
@@ -2623,7 +2623,7 @@ func TestInitEntrypoint(t *testing.T) {
|
||||
call("capBoundingSetDrop", stub.ExpectArgs{uintptr(0x28)}, nil, nil),
|
||||
call("capAmbientRaise", stub.ExpectArgs{uintptr(0x15)}, nil, nil),
|
||||
call("capset", stub.ExpectArgs{&capHeader{_LINUX_CAPABILITY_VERSION_3, 0}, &[2]capData{{0, 0x200000, 0x200000}, {0, 0, 0}}}, nil, nil),
|
||||
call("verbosef", stub.ExpectArgs{"resolving presets %#x", []any{bits.FilterPreset(0xf)}}, nil, nil),
|
||||
call("verbosef", stub.ExpectArgs{"resolving presets %#x", []any{comp.FilterPreset(0xf)}}, nil, nil),
|
||||
call("seccompLoad", stub.ExpectArgs{seccomp.Preset(0xf, 0), seccomp.ExportFlag(0)}, nil, nil),
|
||||
call("verbosef", stub.ExpectArgs{"%d filter rules loaded", []any{73}}, nil, nil),
|
||||
call("newFile", stub.ExpectArgs{uintptr(10), "extra file 0"}, (*os.File)(nil), nil),
|
||||
|
||||
Reference in New Issue
Block a user