test/sandbox: check seccomp outcome

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-04 13:30:16 +09:00
parent ea853e21d9
commit f7bd6a5a41
4 changed files with 79 additions and 0 deletions
--- a/test/sandbox/seccomp.nix
+++ b/test/sandbox/seccomp.nix
@@ -0,0 +1,27 @@
+{
+  writeText,
+  buildGoModule,
+
+  version,
+}:
+let
+  mainFile = writeText "main.go" ''
+    package main
+
+    import "git.gensokyo.uk/security/fortify/test/sandbox"
+
+    func main() { sandbox.MustAssertSeccomp() }
+  '';
+in
+buildGoModule {
+  pname = "check-seccomp";
+  inherit version;
+
+  src = ../.;
+  vendorHash = null;
+
+  preBuild = ''
+    go mod init git.gensokyo.uk/security/fortify/test >& /dev/null
+    cp ${mainFile} main.go
+  '';
+}