Clayton Gilmer
ff58de323a
Some checks failed
Test / Create distribution (pull_request) Successful in 31s
Test / Create distribution (push) Successful in 37s
Test / Sandbox (push) Successful in 2m15s
Test / Sandbox (pull_request) Successful in 2m14s
Test / Hakurei (push) Failing after 3m8s
Test / Hakurei (pull_request) Failing after 3m2s
Test / Hpkg (push) Successful in 4m9s
Test / Hpkg (pull_request) Successful in 4m5s
Test / Sandbox (race detector) (push) Successful in 4m31s
Test / Sandbox (race detector) (pull_request) Successful in 4m26s
Test / Hakurei (race detector) (push) Successful in 5m1s
Test / Flake checks (push) Has been skipped
Test / Hakurei (race detector) (pull_request) Successful in 4m58s
Test / Flake checks (pull_request) Has been skipped
62 lines
2.4 KiB
Go
62 lines
2.4 KiB
Go
package container_test
|
|
|
|
import (
|
|
"testing"
|
|
"unsafe"
|
|
|
|
"hakurei.app/container"
|
|
)
|
|
|
|
func TestLandlockString(t *testing.T) {
|
|
testCases := []struct {
|
|
name string
|
|
rulesetAttr *container.RulesetAttr
|
|
want string
|
|
}{
|
|
{"nil", nil, "NULL"},
|
|
{"zero", new(container.RulesetAttr), "0"},
|
|
{"some", &container.RulesetAttr{Scoped: container.LANDLOCK_SCOPE_SIGNAL}, "scoped: signal"},
|
|
{"set", &container.RulesetAttr{
|
|
HandledAccessFS: container.LANDLOCK_ACCESS_FS_MAKE_SYM | container.LANDLOCK_ACCESS_FS_IOCTL_DEV | container.LANDLOCK_ACCESS_FS_WRITE_FILE,
|
|
HandledAccessNet: container.LANDLOCK_ACCESS_NET_BIND_TCP,
|
|
Scoped: container.LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET | container.LANDLOCK_SCOPE_SIGNAL,
|
|
}, "fs: write_file make_sym fs_ioctl_dev, net: bind_tcp, scoped: abstract_unix_socket signal"},
|
|
{"all", &container.RulesetAttr{
|
|
HandledAccessFS: container.LANDLOCK_ACCESS_FS_EXECUTE |
|
|
container.LANDLOCK_ACCESS_FS_WRITE_FILE |
|
|
container.LANDLOCK_ACCESS_FS_READ_FILE |
|
|
container.LANDLOCK_ACCESS_FS_READ_DIR |
|
|
container.LANDLOCK_ACCESS_FS_REMOVE_DIR |
|
|
container.LANDLOCK_ACCESS_FS_REMOVE_FILE |
|
|
container.LANDLOCK_ACCESS_FS_MAKE_CHAR |
|
|
container.LANDLOCK_ACCESS_FS_MAKE_DIR |
|
|
container.LANDLOCK_ACCESS_FS_MAKE_REG |
|
|
container.LANDLOCK_ACCESS_FS_MAKE_SOCK |
|
|
container.LANDLOCK_ACCESS_FS_MAKE_FIFO |
|
|
container.LANDLOCK_ACCESS_FS_MAKE_BLOCK |
|
|
container.LANDLOCK_ACCESS_FS_MAKE_SYM |
|
|
container.LANDLOCK_ACCESS_FS_REFER |
|
|
container.LANDLOCK_ACCESS_FS_TRUNCATE |
|
|
container.LANDLOCK_ACCESS_FS_IOCTL_DEV,
|
|
HandledAccessNet: container.LANDLOCK_ACCESS_NET_BIND_TCP |
|
|
container.LANDLOCK_ACCESS_NET_CONNECT_TCP,
|
|
Scoped: container.LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET |
|
|
container.LANDLOCK_SCOPE_SIGNAL,
|
|
}, "fs: execute write_file read_file read_dir remove_dir remove_file make_char make_dir make_reg make_sock make_fifo make_block make_sym fs_refer fs_truncate fs_ioctl_dev, net: bind_tcp connect_tcp, scoped: abstract_unix_socket signal"},
|
|
}
|
|
for _, tc := range testCases {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
if got := tc.rulesetAttr.String(); got != tc.want {
|
|
t.Errorf("String: %s, want %s", got, tc.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestLandlockAttrSize(t *testing.T) {
|
|
want := 24
|
|
if got := unsafe.Sizeof(container.RulesetAttr{}); got != uintptr(want) {
|
|
t.Errorf("Sizeof: %d, want %d", got, want)
|
|
}
|
|
}
|