Ophestra
6cf58ca1b3
All checks were successful
Test / Create distribution (push) Successful in 32s
Test / Sandbox (push) Successful in 2m10s
Test / Hakurei (push) Successful in 3m2s
Test / Hpkg (push) Successful in 3m56s
Test / Sandbox (race detector) (push) Successful in 4m1s
Test / Hakurei (race detector) (push) Successful in 4m45s
Test / Flake checks (push) Successful in 1m25s
This will be merged with spFilesystemOp eventually. Signed-off-by: Ophestra <cat@gensokyo.uk>
66 lines
2.2 KiB
Go
66 lines
2.2 KiB
Go
package app
|
|
|
|
import (
|
|
"syscall"
|
|
"testing"
|
|
|
|
"hakurei.app/container"
|
|
"hakurei.app/container/fhs"
|
|
"hakurei.app/container/stub"
|
|
"hakurei.app/hst"
|
|
"hakurei.app/system"
|
|
"hakurei.app/system/acl"
|
|
)
|
|
|
|
func TestSpFinalOp(t *testing.T) {
|
|
checkOpBehaviour(t, []opBehaviourTestCase{
|
|
{"nil extra invalid env", func(bool, bool) outcomeOp {
|
|
return spFinalOp{}
|
|
}, func() *hst.Config {
|
|
c := hst.Template()
|
|
// verify nil check behaviour
|
|
c.ExtraPerms = append(c.ExtraPerms, hst.ExtraPermConfig{})
|
|
// verify toContainer behaviour
|
|
c.Container.Env["="] = "\x00"
|
|
return c
|
|
}, nil, []stub.Call{
|
|
// this op configures the system state and does not make calls during toSystem
|
|
}, newI().
|
|
Ensure(m("/var/lib/hakurei/u0"), 0700).
|
|
UpdatePermType(system.User, m("/var/lib/hakurei/u0"),
|
|
acl.Execute).
|
|
UpdatePermType(system.User, m("/var/lib/hakurei/u0/org.chromium.Chromium"),
|
|
acl.Read, acl.Write, acl.Execute), nil, nil, func(state *outcomeStateParams) {
|
|
state.params.Ops = new(container.Ops)
|
|
}, []stub.Call{
|
|
// this op configures the container state and does not make calls during toContainer
|
|
}, nil, nil, &hst.AppError{
|
|
Step: "flatten environment",
|
|
Err: syscall.EINVAL,
|
|
Msg: "invalid environment variable =",
|
|
}},
|
|
|
|
{"success", func(bool, bool) outcomeOp {
|
|
return spFinalOp{}
|
|
}, hst.Template, nil, []stub.Call{
|
|
// this op configures the system state and does not make calls during toSystem
|
|
}, newI().
|
|
Ensure(m("/var/lib/hakurei/u0"), 0700).
|
|
UpdatePermType(system.User, m("/var/lib/hakurei/u0"),
|
|
acl.Execute).
|
|
UpdatePermType(system.User, m("/var/lib/hakurei/u0/org.chromium.Chromium"),
|
|
acl.Read, acl.Write, acl.Execute), nil, nil, func(state *outcomeStateParams) {
|
|
state.params.Ops = new(container.Ops)
|
|
}, []stub.Call{
|
|
// this op configures the container state and does not make calls during toContainer
|
|
}, &container.Params{
|
|
Env: []string{
|
|
"GOOGLE_API_KEY=AIzaSyBHDrl33hwRp4rMQY0ziRbj8K9LPA6vUCY",
|
|
"GOOGLE_DEFAULT_CLIENT_ID=77185425430.apps.googleusercontent.com",
|
|
"GOOGLE_DEFAULT_CLIENT_SECRET=OTJgUOQcT7lO7GsGZq2G4IlT",
|
|
},
|
|
Ops: new(container.Ops).Remount(fhs.AbsRoot, syscall.MS_RDONLY),
|
|
}, nil, nil},
|
|
})
|
|
}
|