[Do not merge] Minor fix in CI example tests

The target triple wasn't being passed to the example-based tests. Also try to very slightly tighten the bindmounts in the network Isolate test
boustrophedon · Apr 12, 2024 · 2a4094d · 2a4094d
1 parent dd29e1d
commit 2a4094d
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/Makefile b/Makefile
@@ -10,8 +10,8 @@ test:
 test-ci:
 	cargo test --target=$(TARGET_TRIPLE) --tests --examples --all-features
 	cargo test --target=$(TARGET_TRIPLE) --tests --examples --no-default-features
-	cargo run --all-features --example isolate_test
-	cargo run --all-features --example ipc_server_with_database
+	cargo run  --target=$(TARGET_TRIPLE) --all-features --example isolate_test
+	cargo run  --target=$(TARGET_TRIPLE) --all-features --example ipc_server_with_database
 
 # Run clippy
 lint:

diff --git a/examples/isolate_test.rs b/examples/isolate_test.rs
@@ -303,13 +303,15 @@ fn network_call() {
 
 fn isolate_with_network(name: &'static str) -> Isolate {
     Isolate::new(name, network_call)
-        // Just mount all of / because ssl and dns files are all over the place.
+        // ssl and dns files are all over the place.
         // If you wanted you could further restrict it via landlock or by mounting only specific
         // files and directories but it highly depends on your operating system and DNS setup. One
         // thing in particular to note is that if a file exists but it's a symlink to somewhere
         // outside the filesystem, something (e.g. openssl) might see that the file is there and
         // it can stat it, but then will try to read the file and crash.
-        .add_bind_mount("/", "/")
+        .add_bind_mount("/var", "/var")
+        .add_bind_mount("/usr", "/usr")
+        .add_bind_mount("/etc", "/etc")
         .new_network(false)
 }
 
@@ -359,12 +361,13 @@ fn main() {
     if argv0.contains("isolate_test") {
         // These tests actually launch the isolates, which then hit the hooks above after
         // re-execing
+        test_with_network();
+        return;
         test_isolate_hello();
         test_isolate_uid();
         test_check_mountinfo();
         test_unix_socket();
         test_multiple_binds();
-        test_with_network();
         test_safetycontext();
 
         // TODO: for some reason these tests where the isolate panics make strace think there are