Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci-openbsd-pf: new configuration overlay with PF enabled #1033

Merged
merged 3 commits into from Mar 5, 2019

Conversation

Projects
None yet
4 participants
@blackgnezdo
Copy link
Member

commented Mar 3, 2019

CC @mptre

Greg Steuck added some commits Mar 3, 2019

Greg Steuck
pkg/build/openbsd: copy overlay files from userspaceDir into image
This should be enough "infrastructure" for #1030. Everything else
is configuration.

@blackgnezdo blackgnezdo requested a review from dvyukov Mar 3, 2019

@codecov-io

This comment has been minimized.

Copy link

commented Mar 3, 2019

Codecov Report

Merging #1033 into master will decrease coverage by <.01%.
The diff coverage is 0%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1033      +/-   ##
==========================================
- Coverage   67.53%   67.52%   -0.01%     
==========================================
  Files         114      114              
  Lines       20425    20428       +3     
==========================================
  Hits        13794    13794              
- Misses       5985     5988       +3     
  Partials      646      646
Impacted Files Coverage Δ
pkg/build/openbsd.go 0% <0%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1c0e457...3419571. Read the comment docs.

@blackgnezdo

This comment has been minimized.

Copy link
Member Author

commented Mar 4, 2019

Chances are this is not a sufficiently open configuration to get coverage for the ingress code paths in PF. The default PF policy disables incoming TCP connections and thus our tun networking code will most likely fail to establish a connection. We will need to add a modified pf.conf such that incoming connections on TUN_IFACE make it through. Luckily it should be a matter of adding a new file into the overlay directory created by this PR.

@mptre

This comment has been minimized.

Copy link
Collaborator

commented Mar 4, 2019

@dvyukov

This comment has been minimized.

Copy link
Collaborator

commented Mar 5, 2019

LGTM

@blackgnezdo blackgnezdo merged commit 16559f8 into google:master Mar 5, 2019

2 checks passed

cla/google All necessary CLAs are signed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.