diff options
author | Frantisek Sumsal <frantisek@sumsal.cz> | 2023-05-15 21:10:07 +0200 |
---|---|---|
committer | Frantisek Sumsal <frantisek@sumsal.cz> | 2023-05-16 11:27:10 +0200 |
commit | f00519b5b376cad0f19c3760ad95a970908016d1 (patch) | |
tree | a2e13132169d9b02efa0fd52c85758220cf1aba7 /test/fuzz | |
parent | test: add a couple of tests for nspawn's OCI stuff (diff) | |
download | systemd-f00519b5b376cad0f19c3760ad95a970908016d1.tar.xz systemd-f00519b5b376cad0f19c3760ad95a970908016d1.zip |
fuzz: update the base JSON for fuzz-nspawn-oci
Diffstat (limited to 'test/fuzz')
-rw-r--r-- | test/fuzz/fuzz-nspawn-oci/basic.json | 247 |
1 files changed, 227 insertions, 20 deletions
diff --git a/test/fuzz/fuzz-nspawn-oci/basic.json b/test/fuzz/fuzz-nspawn-oci/basic.json index f42739e03a..24bacf39c1 100644 --- a/test/fuzz/fuzz-nspawn-oci/basic.json +++ b/test/fuzz/fuzz-nspawn-oci/basic.json @@ -1,6 +1,8 @@ { "ociVersion": "1.0.0", + "hostname" : "foo", + "root": { "path": "rootfs", "readonly": true @@ -33,11 +35,42 @@ "cwd": "/tmp/src", - "rlimits": [ + "noNewPrivileges" : true, + "oomScoreAdj" : 20, + "capabilities" : { + "bounding" : [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ], + "permitted" : [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ], + "inheritable" : [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ], + "effective" : [ + "CAP_AUDIT_WRITE", + "CAP_KILL" + ], + "ambient" : [ + "CAP_NET_BIND_SERVICE" + ] + }, + "rlimits" : [ { - "type": "RLIMIT_NOFILE", - "hard": 1020, - "soft": 1020 + "type" : "RLIMIT_NOFILE", + "soft" : 1024, + "hard" : 1024 + }, + { + "type" : "RLIMIT_RTPRIO", + "soft" : 5, + "hard" : 10 } ] }, @@ -110,32 +143,206 @@ } ], - "hooks": {}, - - "linux": { - "resources": { - "devices": [ + "linux" : { + "namespaces" : [ + { + "type" : "mount" + }, + { + "type" : "network", + "path" : "$NETNS" + }, + { + "type" : "pid" + }, + { + "type" : "uts" + } + ], + "uidMappings" : [ + { + "containerID" : 0, + "hostID" : 1000, + "size" : 100 + } + ], + "gidMappings" : [ + { + "containerID" : 0, + "hostID" : 1000, + "size" : 100 + } + ], + "devices" : [ + { + "type" : "c", + "path" : "/dev/zero", + "major" : 1, + "minor" : 5, + "fileMode" : 444 + }, + { + "type" : "b", + "path" : "$DEV", + "major" : 4, + "minor" : 2, + "fileMode" : 666, + "uid" : 0, + "gid" : 0 + } + ], + "resources" : { + "devices" : [ + { + "allow" : false, + "access" : "m" + }, + { + "allow" : true, + "type" : "b", + "major" : 4, + "minor" : 2, + "access" : "rwm" + } + ], + "memory" : { + "limit" : 134217728, + "reservation" : 33554432, + "swap" : 268435456 + }, + "cpu" : { + "shares" : 1024, + "quota" : 1000000, + "period" : 500000, + "cpus" : "0-7" + }, + "blockIO" : { + "weight" : 10, + "weightDevice" : [ + { + "major" : 4, + "minor" : 2, + "weight" : 500 + } + ], + "throttleReadBpsDevice" : [ + { + "major" : 4, + "minor" : 2, + "rate" : 500 + } + ], + "throttleWriteBpsDevice" : [ + { + "major" : 4, + "minor" : 2, + "rate" : 500 + } + ], + "throttleReadIOPSDevice" : [ + { + "major" : 4, + "minor" : 2, + "rate" : 500 + } + ], + "throttleWriteIOPSDevice" : [ + { + "major" : 4, + "minor" : 2, + "rate" : 500 + } + ] + }, + "pids" : { + "limit" : 1024 + } + }, + "sysctl" : { + "kernel.domainname" : "foo.bar", + "vm.swappiness" : "60" + }, + "seccomp" : { + "defaultAction" : "SCMP_ACT_ALLOW", + "architectures" : [ + "SCMP_ARCH_ARM", + "SCMP_ARCH_X86_64" + ], + "syscalls" : [ { - "allow": false, - "access": "rwm" + "names" : [ + "lchown", + "chmod" + ], + "action" : "SCMP_ACT_ERRNO", + "args" : [ + { + "index" : 0, + "value" : 1, + "op" : "SCMP_CMP_NE" + }, + { + "index" : 1, + "value" : 2, + "valueTwo" : 3, + "op" : "SCMP_CMP_MASKED_EQ" + } + ] } ] }, - "namespaces": [ + "rootfsPropagation" : "shared", + "maskedPaths" : [ + "/proc/kcore", + "/root/nonexistent" + ], + "readonlyPaths" : [ + "/proc/sys", + "/opt/readonly" + ] + }, + "hooks" : { + "prestart" : [ { - "type": "pid" + "path" : "/bin/sh", + "args" : [ + "-xec", + "echo $PRESTART_FOO >/prestart" + ], + "env" : [ + "PRESTART_FOO=prestart_bar", + "ALSO_FOO=also_bar" + ], + "timeout" : 666 }, { - "type": "ipc" - }, + "path" : "/bin/touch", + "args" : [ + "/tmp/also-prestart" + ] + } + ], + "poststart" : [ { - "type": "mount" + "path" : "/bin/sh", + "args" : [ + "touch", + "/poststart" + ] + } + ], + "poststop" : [ + { + "path" : "/bin/sh", + "args" : [ + "touch", + "/poststop" + ] } ] }, - - "annotations": { - "com.example.key1": "value1", - "com.example.key2": "value2" + "annotations" : { + "hello.world" : "1", + "foo" : "bar" } } |