security/hakurei
security/hakurei
5
2
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 4 Wiki Activity

Compare commits

base: security:e642a602946d3b5f9283790474536b2c8dc84045
Branches Tags
security:master
security:staging
security:develop
security:v0.1.3
security:v0.1.2
security:v0.1.1
security:v0.1.0
..
compare: security:c959381ed2e1d6661cc2635cff3ba5abac20cca1
Branches Tags
security:staging
security:develop
security:master
security:v0.1.3
security:v0.1.2
security:v0.1.1
security:v0.1.0

2 Commits
e642a60294 ... c959381ed2

Author SHA1 Message Date
Ophestra
c959381ed2
container: access test case by index in helper
Some checks failed
Test / Create distribution (push) Successful in 33s
Details
Test / Sandbox (push) Successful in 1m59s
Details
Test / Hakurei (push) Successful in 3m27s
Details
Test / Sandbox (race detector) (push) Successful in 3m55s
Details
Test / Planterette (push) Successful in 4m15s
Details
Test / Hakurei (race detector) (push) Successful in 4m55s
Details
Test / Flake checks (push) Failing after 36s
Details 
This is more elegant and allows for much easier extension of the tests. Mountinfo is still serialised however due to libPaths nondeterminism.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-26 17:21:18 +09:00
Ophestra
3633d24ebc
nix: update flake lock
Some checks failed
Test / Create distribution (push) Successful in 33s
Details
Test / Hakurei (push) Successful in 41s
Details
Test / Hakurei (race detector) (push) Successful in 41s
Details
Test / Planterette (push) Successful in 40s
Details
Test / Sandbox (push) Successful in 1m26s
Details
Test / Sandbox (race detector) (push) Successful in 2m16s
Details
Test / Flake checks (push) Failing after 1m19s
Details 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-26 15:12:39 +09:00
7 changed files with 8 additions and 45 deletions
Show Stats Expand all files Collapse all files

6
container/container_test.go
View File

@ -57,9 +57,7 @@ var containerTestCases = []struct {
1000, 100, nil, 0, seccomp.PresetExt}, 1000, 100, nil, 0, seccomp.PresetExt},
{"custom rules", true, true, true, {"custom rules", true, true, true,
new(container.Ops), nil, new(container.Ops), nil,
1, 31, []seccomp.NativeRule{ 1, 31, []seccomp.NativeRule{{seccomp.ScmpSyscall(syscall.SYS_SETUID), seccomp.ScmpErrno(syscall.EPERM), nil}}, 0, seccomp.PresetExt},
{seccomp.ScmpSyscall(syscall.SYS_SETUID), seccomp.ScmpErrno(syscall.EPERM), nil},
}, 0, seccomp.PresetExt},
{"tmpfs", true, false, false, {"tmpfs", true, false, false,
new(container.Ops). new(container.Ops).
Tmpfs(hst.Tmp, 0, 0755), Tmpfs(hst.Tmp, 0, 0755),
@ -106,7 +104,7 @@ func TestContainer(t *testing.T) {
c.Gid = tc.gid c.Gid = tc.gid
c.Hostname = hostname c.Hostname = hostname
c.Stdout, c.Stderr = os.Stdout, os.Stderr c.Stdout, c.Stderr = os.Stdout, os.Stderr
c.Ops = tc.ops *c.Ops = append(*c.Ops, *tc.ops...)
c.SeccompRules = tc.rules c.SeccompRules = tc.rules
c.SeccompFlags = tc.flags | seccomp.AllowMultiarch c.SeccompFlags = tc.flags | seccomp.AllowMultiarch
c.SeccompPresets = tc.presets c.SeccompPresets = tc.presets

12
flake.lock generated
View File

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748665073, "lastModified": 1753479839,
"narHash": "sha256-RMhjnPKWtCoIIHiuR9QKD7xfsKb3agxzMfJY8V9MOew=", "narHash": "sha256-E/rPVh7vyPMJUFl2NAew+zibNGfVbANr8BP8nLRbLkQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "282e1e029cb6ab4811114fc85110613d72771dea", "rev": "0b9bf983db4d064764084cd6748efb1ab8297d1e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -23,11 +23,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1749024892, "lastModified": 1753345091,
"narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=", "narHash": "sha256-CdX2Rtvp5I8HGu9swBmYuq+ILwRxpXdJwlpg8jvN4tU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef", "rev": "3ff0e34b1383648053bba8ed03f201d3466f90c9",
"type": "github" "type": "github"
}, },
"original": { "original": {

7
test/sandbox/case/device.nix
View File

@ -173,13 +173,6 @@ in
} null; } null;
} null; } null;
".local" = fs "800001ed" { ".local" = fs "800001ed" {
share = fs "800001ed" {
dbus-1 = fs "800001ed" {
services = fs "800001ed" {
"ca.desrt.dconf.service" = fs "80001ff" null null;
} null;
} null;
} null;
state = fs "800001ed" { state = fs "800001ed" {
".keep" = fs "80001ff" null ""; ".keep" = fs "80001ff" null "";
home-manager = fs "800001ed" { gcroots = fs "800001ed" { current-home = fs "80001ff" null null; } null; } null; home-manager = fs "800001ed" { gcroots = fs "800001ed" { current-home = fs "80001ff" null null; } null; } null;

7
test/sandbox/case/mapuid.nix
View File

@ -199,13 +199,6 @@ in
} null; } null;
} null; } null;
".local" = fs "800001ed" { ".local" = fs "800001ed" {
share = fs "800001ed" {
dbus-1 = fs "800001ed" {
services = fs "800001ed" {
"ca.desrt.dconf.service" = fs "80001ff" null null;
} null;
} null;
} null;
state = fs "800001ed" { state = fs "800001ed" {
".keep" = fs "80001ff" null ""; ".keep" = fs "80001ff" null "";
home-manager = fs "800001ed" { gcroots = fs "800001ed" { current-home = fs "80001ff" null null; } null; } null; home-manager = fs "800001ed" { gcroots = fs "800001ed" { current-home = fs "80001ff" null null; } null; } null;

7
test/sandbox/case/pdlike.nix
View File

@ -200,13 +200,6 @@ in
} null; } null;
} null; } null;
".local" = fs "800001ed" { ".local" = fs "800001ed" {
share = fs "800001ed" {
dbus-1 = fs "800001ed" {
services = fs "800001ed" {
"ca.desrt.dconf.service" = fs "80001ff" null null;
} null;
} null;
} null;
state = fs "800001ed" { state = fs "800001ed" {
".keep" = fs "80001ff" null ""; ".keep" = fs "80001ff" null "";
home-manager = fs "800001ed" { gcroots = fs "800001ed" { current-home = fs "80001ff" null null; } null; } null; home-manager = fs "800001ed" { gcroots = fs "800001ed" { current-home = fs "80001ff" null null; } null; } null;

7
test/sandbox/case/preset.nix
View File

@ -199,13 +199,6 @@ in
} null; } null;
} null; } null;
".local" = fs "800001ed" { ".local" = fs "800001ed" {
share = fs "800001ed" {
dbus-1 = fs "800001ed" {
services = fs "800001ed" {
"ca.desrt.dconf.service" = fs "80001ff" null null;
} null;
} null;
} null;
state = fs "800001ed" { state = fs "800001ed" {
".keep" = fs "80001ff" null ""; ".keep" = fs "80001ff" null "";
home-manager = fs "800001ed" { gcroots = fs "800001ed" { current-home = fs "80001ff" null null; } null; } null; home-manager = fs "800001ed" { gcroots = fs "800001ed" { current-home = fs "80001ff" null null; } null; } null;

7
test/sandbox/case/tty.nix
View File

@ -200,13 +200,6 @@ in
} null; } null;
} null; } null;
".local" = fs "800001ed" { ".local" = fs "800001ed" {
share = fs "800001ed" {
dbus-1 = fs "800001ed" {
services = fs "800001ed" {
"ca.desrt.dconf.service" = fs "80001ff" null null;
} null;
} null;
} null;
state = fs "800001ed" { state = fs "800001ed" {
".keep" = fs "80001ff" null ""; ".keep" = fs "80001ff" null "";
home-manager = fs "800001ed" { gcroots = fs "800001ed" { current-home = fs "80001ff" null null; } null; } null; home-manager = fs "800001ed" { gcroots = fs "800001ed" { current-home = fs "80001ff" null null; } null; } null;