From 2a4094d3af50f6819d8d21183e2ade4a9556f063 Mon Sep 17 00:00:00 2001 From: Harry Stern Date: Fri, 12 Apr 2024 14:18:28 -0400 Subject: [PATCH] [Do not merge] Minor fix in CI example tests The target triple wasn't being passed to the example-based tests. Also try to very slightly tighten the bindmounts in the network Isolate test --- Makefile | 4 ++-- examples/isolate_test.rs | 9 ++++++--- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 66ff2de..6845e75 100644 --- a/Makefile +++ b/Makefile @@ -10,8 +10,8 @@ test: test-ci: cargo test --target=$(TARGET_TRIPLE) --tests --examples --all-features cargo test --target=$(TARGET_TRIPLE) --tests --examples --no-default-features - cargo run --all-features --example isolate_test - cargo run --all-features --example ipc_server_with_database + cargo run --target=$(TARGET_TRIPLE) --all-features --example isolate_test + cargo run --target=$(TARGET_TRIPLE) --all-features --example ipc_server_with_database # Run clippy lint: diff --git a/examples/isolate_test.rs b/examples/isolate_test.rs index 8fa65e7..68055ff 100644 --- a/examples/isolate_test.rs +++ b/examples/isolate_test.rs @@ -303,13 +303,15 @@ fn network_call() { fn isolate_with_network(name: &'static str) -> Isolate { Isolate::new(name, network_call) - // Just mount all of / because ssl and dns files are all over the place. + // ssl and dns files are all over the place. // If you wanted you could further restrict it via landlock or by mounting only specific // files and directories but it highly depends on your operating system and DNS setup. One // thing in particular to note is that if a file exists but it's a symlink to somewhere // outside the filesystem, something (e.g. openssl) might see that the file is there and // it can stat it, but then will try to read the file and crash. - .add_bind_mount("/", "/") + .add_bind_mount("/var", "/var") + .add_bind_mount("/usr", "/usr") + .add_bind_mount("/etc", "/etc") .new_network(false) } @@ -359,12 +361,13 @@ fn main() { if argv0.contains("isolate_test") { // These tests actually launch the isolates, which then hit the hooks above after // re-execing + test_with_network(); + return; test_isolate_hello(); test_isolate_uid(); test_check_mountinfo(); test_unix_socket(); test_multiple_binds(); - test_with_network(); test_safetycontext(); // TODO: for some reason these tests where the isolate panics make strace think there are