jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

api: fix config tests 

Signed-off-by: Andrey Vagin <avagin@openvz.org>
This commit is contained in:
Andrey Vagin 2015-02-03 15:27:21 +03:00 committed by Michael Crosby
parent daca745c4c
commit bcd0222be5
13 changed files with 463 additions and 490 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
configs/config_test.go
View File

@ -5,8 +5,6 @@ import (
"os"
"path/filepath"
"testing"
"github.com/docker/libcontainer/devices"
)
// Checks whether the expected capability is specified in the capabilities.
@ -19,13 +17,13 @@ func contains(expected string, values []string) bool {
return false
}
func containsDevice(expected *devices.Device, values []*devices.Device) bool {
func containsDevice(expected *Device, values []*Device) bool {
for _, d := range values {
if d.Path == expected.Path &&
d.CgroupPermissions == expected.CgroupPermissions &&
d.Permissions == expected.Permissions &&
d.FileMode == expected.FileMode &&
d.MajorNumber == expected.MajorNumber &&
d.MinorNumber == expected.MinorNumber &&
d.Major == expected.Major &&
d.Minor == expected.Minor &&
d.Type == expected.Type {
return true
}
@ -59,11 +57,6 @@ func TestConfigJsonFormat(t *testing.T) {
t.Fail()
}
if !container.Tty {
t.Log("tty should be set to true")
t.Fail()
}
if !container.Namespaces.Contains(NEWNET) {
t.Log("namespaces should contain NEWNET")
t.Fail()
@ -120,8 +113,8 @@ func TestConfigJsonFormat(t *testing.T) {
}
}
for _, d := range devices.DefaultSimpleDevices {
if !containsDevice(d, container.MountConfig.DeviceNodes) {
for _, d := range DefaultSimpleDevices {
if !containsDevice(d, container.DeviceNodes) {
t.Logf("expected device configuration for %s", d.Path)
t.Fail()
}
@ -154,8 +147,8 @@ func TestSelinuxLabels(t *testing.T) {
if container.ProcessLabel != label {
t.Fatalf("expected process label %q but received %q", label, container.ProcessLabel)
}
if container.MountConfig.MountLabel != label {
t.Fatalf("expected mount label %q but received %q", label, container.MountConfig.MountLabel)
if container.MountLabel != label {
t.Fatalf("expected mount label %q but received %q", label, container.MountLabel)
}
}

20
devices/defaults.go → configs/device_defaults.go
View File

@ -1,10 +1,8 @@
package devices
import "github.com/docker/libcontainer/configs"
package configs
var (
// These are devices that are to be both allowed and created.
DefaultSimpleDevices = []*configs.Device{
DefaultSimpleDevices = []*Device{
// /dev/null and zero
{
Path: "/dev/null",
@ -60,18 +58,18 @@ var (
FileMode: 0666,
},
}
DefaultAllowedDevices = append([]*configs.Device{
DefaultAllowedDevices = append([]*Device{
// allow mknod for any device
{
Type: 'c',
Major: configs.Wildcard,
Minor: configs.Wildcard,
Major: Wildcard,
Minor: Wildcard,
Permissions: "m",
},
{
Type: 'b',
Major: configs.Wildcard,
Minor: configs.Wildcard,
Major: Wildcard,
Minor: Wildcard,
Permissions: "m",
},
@ -101,7 +99,7 @@ var (
Path: "",
Type: 'c',
Major: 136,
Minor: configs.Wildcard,
Minor: Wildcard,
Permissions: "rwm",
},
{
@ -121,7 +119,7 @@ var (
Permissions: "rwm",
},
}, DefaultSimpleDevices...)
DefaultAutoCreatedDevices = append([]*configs.Device{
DefaultAutoCreatedDevices = append([]*Device{
{
// /dev/fuse is created but not allowed.
// This is to allow java to work. Because java

12
devices/devices_test.go
View File

@ -6,7 +6,7 @@ import (
"testing"
)
func TestGetDeviceLstatFailure(t *testing.T) {
func TestDeviceFromPathLstatFailure(t *testing.T) {
testError := errors.New("test error")
// Override os.Lstat to inject error.
@ -14,13 +14,13 @@ func TestGetDeviceLstatFailure(t *testing.T) {
return nil, testError
}
_, err := GetDevice("", "")
_, err := DeviceFromPath("", "")
if err != testError {
t.Fatalf("Unexpected error %v, expected %v", err, testError)
}
}
func TestGetHostDeviceNodesIoutilReadDirFailure(t *testing.T) {
func TestHostDevicesIoutilReadDirFailure(t *testing.T) {
testError := errors.New("test error")
// Override ioutil.ReadDir to inject error.
@ -28,13 +28,13 @@ func TestGetHostDeviceNodesIoutilReadDirFailure(t *testing.T) {
return nil, testError
}
_, err := GetHostDeviceNodes()
_, err := HostDevices()
if err != testError {
t.Fatalf("Unexpected error %v, expected %v", err, testError)
}
}
func TestGetHostDeviceNodesIoutilReadDirDeepFailure(t *testing.T) {
func TestHostDevicesIoutilReadDirDeepFailure(t *testing.T) {
testError := errors.New("test error")
called := false
@ -54,7 +54,7 @@ func TestGetHostDeviceNodesIoutilReadDirDeepFailure(t *testing.T) {
return []os.FileInfo{fi}, nil
}
_, err := GetHostDeviceNodes()
_, err := HostDevices()
if err != testError {
t.Fatalf("Unexpected error %v, expected %v", err, testError)
}

5
integration/template_test.go
View File

@ -4,7 +4,6 @@ import (
"syscall"
"github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/devices"
)
// newTemplateConfig returns a base template for running a container
@ -41,10 +40,10 @@ func newTemplateConfig(rootfs string) *configs.Config {
Name: "test",
Parent: "integration",
AllowAllDevices: false,
AllowedDevices: devices.DefaultAllowedDevices,
AllowedDevices: configs.DefaultAllowedDevices,
},
DeviceNodes: devices.DefaultAutoCreatedDevices,
DeviceNodes: configs.DefaultAutoCreatedDevices,
Hostname: "integration",
Env: []string{
"HOME=/root",

2
linux_container_test.go
View File

@ -34,7 +34,7 @@ func (m *mockCgroupManager) GetPaths() map[string]string {
return nil
}
func (m *mockCgroupManager) Freeze(state cgroups.FreezerState) error {
func (m *mockCgroupManager) Freeze(state configs.FreezerState) error {
return nil
}

3
linux_factory_test.go
View File

@ -118,9 +118,6 @@ func TestFactoryLoadContainer(t *testing.T) {
}
config := container.Config()
if config == nil {
t.Fatal("expected non nil container config")
}
if config.RootFs != expectedConfig.RootFs {
t.Fatalf("expected rootfs %q but received %q", expectedConfig.RootFs, config.RootFs)

118
sample_configs/apparmor.json
View File

@ -16,99 +16,99 @@
"cgroups": {
"allowed_devices": [
{
"cgroup_permissions": "m",
"major_number": -1,
"minor_number": -1,
"permissions": "m",
"major": -1,
"minor": -1,
"type": 99
},
{
"cgroup_permissions": "m",
"major_number": -1,
"minor_number": -1,
"permissions": "m",
"major": -1,
"minor": -1,
"type": 98
},
{
"cgroup_permissions": "rwm",
"major_number": 5,
"minor_number": 1,
"permissions": "rwm",
"major": 5,
"minor": 1,
"path": "/dev/console",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 4,
"permissions": "rwm",
"major": 4,
"path": "/dev/tty0",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 4,
"minor_number": 1,
"permissions": "rwm",
"major": 4,
"minor": 1,
"path": "/dev/tty1",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 136,
"minor_number": -1,
"permissions": "rwm",
"major": 136,
"minor": -1,
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 5,
"minor_number": 2,
"permissions": "rwm",
"major": 5,
"minor": 2,
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 10,
"minor_number": 200,
"permissions": "rwm",
"major": 10,
"minor": 200,
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 3,
"major": 1,
"minor": 3,
"path": "/dev/null",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 5,
"major": 1,
"minor": 5,
"path": "/dev/zero",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 7,
"major": 1,
"minor": 7,
"path": "/dev/full",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 5,
"major": 5,
"path": "/dev/tty",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 9,
"major": 1,
"minor": 9,
"path": "/dev/urandom",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 8,
"major": 1,
"minor": 8,
"path": "/dev/random",
"type": 99
}
@ -118,57 +118,55 @@
},
"restrict_sys": true,
"apparmor_profile": "docker-default",
"mount_config": {
"device_nodes": [
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 3,
"major": 1,
"minor": 3,
"path": "/dev/null",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 5,
"major": 1,
"minor": 5,
"path": "/dev/zero",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 7,
"major": 1,
"minor": 7,
"path": "/dev/full",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 5,
"major": 5,
"path": "/dev/tty",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 9,
"major": 1,
"minor": 9,
"path": "/dev/urandom",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 8,
"major": 1,
"minor": 8,
"path": "/dev/random",
"type": 99
}
]
},
],
"environment": [
"HOME=/",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",

180
sample_configs/attach_to_bridge.json
View File

@ -16,99 +16,99 @@
"cgroups": {
"allowed_devices": [
{
"cgroup_permissions": "m",
"major_number": -1,
"minor_number": -1,
"permissions": "m",
"major": -1,
"minor": -1,
"type": 99
},
{
"cgroup_permissions": "m",
"major_number": -1,
"minor_number": -1,
"permissions": "m",
"major": -1,
"minor": -1,
"type": 98
},
{
"cgroup_permissions": "rwm",
"major_number": 5,
"minor_number": 1,
"permissions": "rwm",
"major": 5,
"minor": 1,
"path": "/dev/console",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 4,
"permissions": "rwm",
"major": 4,
"path": "/dev/tty0",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 4,
"minor_number": 1,
"permissions": "rwm",
"major": 4,
"minor": 1,
"path": "/dev/tty1",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 136,
"minor_number": -1,
"permissions": "rwm",
"major": 136,
"minor": -1,
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 5,
"minor_number": 2,
"permissions": "rwm",
"major": 5,
"minor": 2,
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 10,
"minor_number": 200,
"permissions": "rwm",
"major": 10,
"minor": 200,
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 3,
"major": 1,
"minor": 3,
"path": "/dev/null",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 5,
"major": 1,
"minor": 5,
"path": "/dev/zero",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 7,
"major": 1,
"minor": 7,
"path": "/dev/full",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 5,
"major": 5,
"path": "/dev/tty",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 9,
"major": 1,
"minor": 9,
"path": "/dev/urandom",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 8,
"major": 1,
"minor": 8,
"path": "/dev/random",
"type": 99
}
@ -117,57 +117,55 @@
"parent": "docker"
},
"restrict_sys": true,
"mount_config": {
"device_nodes": [
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 3,
"path": "/dev/null",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 5,
"path": "/dev/zero",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 7,
"path": "/dev/full",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 5,
"path": "/dev/tty",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 9,
"path": "/dev/urandom",
"type": 99
},
{
"cgroup_permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 8,
"path": "/dev/random",
"type": 99
}
]
},
"device_nodes": [
{
"permissions": "rwm",
"file_mode": 438,
"major": 1,
"minor": 3,
"path": "/dev/null",
"type": 99
},
{
"permissions": "rwm",
"file_mode": 438,
"major": 1,
"minor": 5,
"path": "/dev/zero",
"type": 99
},
{
"permissions": "rwm",
"file_mode": 438,
"major": 1,
"minor": 7,
"path": "/dev/full",
"type": 99
},
{
"permissions": "rwm",
"file_mode": 438,
"major": 5,
"path": "/dev/tty",
"type": 99
},
{
"permissions": "rwm",
"file_mode": 438,
"major": 1,
"minor": 9,
"path": "/dev/urandom",
"type": 99
},
{
"permissions": "rwm",
"file_mode": 438,
"major": 1,
"minor": 8,
"path": "/dev/random",
"type": 99
}
],
"environment": [
"HOME=/",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",

118
sample_configs/host-pid.json
View File

@ -16,99 +16,99 @@
"cgroups": {
"allowed_devices": [
{
"cgroup_permissions": "m",
"major_number": -1,
"minor_number": -1,
"permissions": "m",
"major": -1,
"minor": -1,
"type": 99
},
{
"cgroup_permissions": "m",
"major_number": -1,
"minor_number": -1,
"permissions": "m",
"major": -1,
"minor": -1,
"type": 98
},
{
"cgroup_permissions": "rwm",
"major_number": 5,
"minor_number": 1,
"permissions": "rwm",
"major": 5,
"minor": 1,
"path": "/dev/console",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 4,
"permissions": "rwm",
"major": 4,
"path": "/dev/tty0",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 4,
"minor_number": 1,
"permissions": "rwm",
"major": 4,
"minor": 1,
"path": "/dev/tty1",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 136,
"minor_number": -1,
"permissions": "rwm",
"major": 136,
"minor": -1,
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 5,
"minor_number": 2,
"permissions": "rwm",
"major": 5,
"minor": 2,
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 10,
"minor_number": 200,
"permissions": "rwm",
"major": 10,
"minor": 200,
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 3,
"major": 1,
"minor": 3,
"path": "/dev/null",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 5,
"major": 1,
"minor": 5,
"path": "/dev/zero",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 7,
"major": 1,
"minor": 7,
"path": "/dev/full",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 5,
"major": 5,
"path": "/dev/tty",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 9,
"major": 1,
"minor": 9,
"path": "/dev/urandom",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 8,
"major": 1,
"minor": 8,
"path": "/dev/random",
"type": 99
}
@ -117,52 +117,51 @@
"parent": "docker"
},
"restrict_sys": true,
"mount_config": {
"device_nodes": [
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 3,
"major": 1,
"minor": 3,
"path": "/dev/null",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 5,
"major": 1,
"minor": 5,
"path": "/dev/zero",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 7,
"major": 1,
"minor": 7,
"path": "/dev/full",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 5,
"major": 5,
"path": "/dev/tty",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 9,
"major": 1,
"minor": 9,
"path": "/dev/urandom",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 8,
"major": 1,
"minor": 8,
"path": "/dev/random",
"type": 99
}
@ -172,8 +171,7 @@
"type": "tmpfs",
"destination": "/tmp"
}
]
},
],
"environment": [
"HOME=/",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",

118
sample_configs/minimal.json
View File

@ -16,99 +16,99 @@
"cgroups": {
"allowed_devices": [
{
"cgroup_permissions": "m",
"major_number": -1,
"minor_number": -1,
"permissions": "m",
"major": -1,
"minor": -1,
"type": 99
},
{
"cgroup_permissions": "m",
"major_number": -1,
"minor_number": -1,
"permissions": "m",
"major": -1,
"minor": -1,
"type": 98
},
{
"cgroup_permissions": "rwm",
"major_number": 5,
"minor_number": 1,
"permissions": "rwm",
"major": 5,
"minor": 1,
"path": "/dev/console",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 4,
"permissions": "rwm",
"major": 4,
"path": "/dev/tty0",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 4,
"minor_number": 1,
"permissions": "rwm",
"major": 4,
"minor": 1,
"path": "/dev/tty1",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 136,
"minor_number": -1,
"permissions": "rwm",
"major": 136,
"minor": -1,
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 5,
"minor_number": 2,
"permissions": "rwm",
"major": 5,
"minor": 2,
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 10,
"minor_number": 200,
"permissions": "rwm",
"major": 10,
"minor": 200,
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 3,
"major": 1,
"minor": 3,
"path": "/dev/null",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 5,
"major": 1,
"minor": 5,
"path": "/dev/zero",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 7,
"major": 1,
"minor": 7,
"path": "/dev/full",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 5,
"major": 5,
"path": "/dev/tty",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 9,
"major": 1,
"minor": 9,
"path": "/dev/urandom",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 8,
"major": 1,
"minor": 8,
"path": "/dev/random",
"type": 99
}
@ -117,52 +117,51 @@
"parent": "docker"
},
"restrict_sys": true,
"mount_config": {
"device_nodes": [
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 3,
"major": 1,
"minor": 3,
"path": "/dev/null",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 5,
"major": 1,
"minor": 5,
"path": "/dev/zero",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 7,
"major": 1,
"minor": 7,
"path": "/dev/full",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 5,
"major": 5,
"path": "/dev/tty",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 9,
"major": 1,
"minor": 9,
"path": "/dev/urandom",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 8,
"major": 1,
"minor": 8,
"path": "/dev/random",
"type": 99
}
@ -172,8 +171,7 @@
"type": "tmpfs",
"destination": "/tmp"
}
]
},
],
"environment": [
"HOME=/",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",

118
sample_configs/route_source_address_selection.json
View File

@ -16,99 +16,99 @@
"cgroups": {
"allowed_devices": [
{
"cgroup_permissions": "m",
"major_number": -1,
"minor_number": -1,
"permissions": "m",
"major": -1,
"minor": -1,
"type": 99
},
{
"cgroup_permissions": "m",
"major_number": -1,
"minor_number": -1,
"permissions": "m",
"major": -1,
"minor": -1,
"type": 98
},
{
"cgroup_permissions": "rwm",
"major_number": 5,
"minor_number": 1,
"permissions": "rwm",
"major": 5,
"minor": 1,
"path": "/dev/console",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 4,
"permissions": "rwm",
"major": 4,
"path": "/dev/tty0",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 4,
"minor_number": 1,
"permissions": "rwm",
"major": 4,
"minor": 1,
"path": "/dev/tty1",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 136,
"minor_number": -1,
"permissions": "rwm",
"major": 136,
"minor": -1,
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 5,
"minor_number": 2,
"permissions": "rwm",
"major": 5,
"minor": 2,
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 10,
"minor_number": 200,
"permissions": "rwm",
"major": 10,
"minor": 200,
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 3,
"major": 1,
"minor": 3,
"path": "/dev/null",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 5,
"major": 1,
"minor": 5,
"path": "/dev/zero",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 7,
"major": 1,
"minor": 7,
"path": "/dev/full",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 5,
"major": 5,
"path": "/dev/tty",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 9,
"major": 1,
"minor": 9,
"path": "/dev/urandom",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 8,
"major": 1,
"minor": 8,
"path": "/dev/random",
"type": 99
}
@ -117,57 +117,55 @@
"parent": "docker"
},
"restrict_sys": true,
"mount_config": {
"device_nodes": [
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 3,
"major": 1,
"minor": 3,
"path": "/dev/null",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 5,
"major": 1,
"minor": 5,
"path": "/dev/zero",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 7,
"major": 1,
"minor": 7,
"path": "/dev/full",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 5,
"major": 5,
"path": "/dev/tty",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 9,
"major": 1,
"minor": 9,
"path": "/dev/urandom",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 8,
"major": 1,
"minor": 8,
"path": "/dev/random",
"type": 99
}
]
},
],
"environment": [
"HOME=/",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",

118
sample_configs/selinux.json
View File

@ -16,99 +16,99 @@
"cgroups": {
"allowed_devices": [
{
"cgroup_permissions": "m",
"major_number": -1,
"minor_number": -1,
"permissions": "m",
"major": -1,
"minor": -1,
"type": 99
},
{
"cgroup_permissions": "m",
"major_number": -1,
"minor_number": -1,
"permissions": "m",
"major": -1,
"minor": -1,
"type": 98
},
{
"cgroup_permissions": "rwm",
"major_number": 5,
"minor_number": 1,
"permissions": "rwm",
"major": 5,
"minor": 1,
"path": "/dev/console",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 4,
"permissions": "rwm",
"major": 4,
"path": "/dev/tty0",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 4,
"minor_number": 1,
"permissions": "rwm",
"major": 4,
"minor": 1,
"path": "/dev/tty1",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 136,
"minor_number": -1,
"permissions": "rwm",
"major": 136,
"minor": -1,
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 5,
"minor_number": 2,
"permissions": "rwm",
"major": 5,
"minor": 2,
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 10,
"minor_number": 200,
"permissions": "rwm",
"major": 10,
"minor": 200,
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 3,
"major": 1,
"minor": 3,
"path": "/dev/null",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 5,
"major": 1,
"minor": 5,
"path": "/dev/zero",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 7,
"major": 1,
"minor": 7,
"path": "/dev/full",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 5,
"major": 5,
"path": "/dev/tty",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 9,
"major": 1,
"minor": 9,
"path": "/dev/urandom",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 8,
"major": 1,
"minor": 8,
"path": "/dev/random",
"type": 99
}
@ -118,58 +118,56 @@
},
"restrict_sys": true,
"process_label": "system_u:system_r:svirt_lxc_net_t:s0:c164,c475",
"mount_config": {
"mount_label": "system_u:system_r:svirt_lxc_net_t:s0:c164,c475",
"device_nodes": [
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 3,
"major": 1,
"minor": 3,
"path": "/dev/null",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 5,
"major": 1,
"minor": 5,
"path": "/dev/zero",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 7,
"major": 1,
"minor": 7,
"path": "/dev/full",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 5,
"major": 5,
"path": "/dev/tty",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 9,
"major": 1,
"minor": 9,
"path": "/dev/urandom",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 8,
"major": 1,
"minor": 8,
"path": "/dev/random",
"type": 99
}
]
},
],
"environment": [
"HOME=/",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",

118
sample_configs/userns.json
View File

@ -16,99 +16,99 @@
"cgroups": {
"allowed_devices": [
{
"cgroup_permissions": "m",
"major_number": -1,
"minor_number": -1,
"permissions": "m",
"major": -1,
"minor": -1,
"type": 99
},
{
"cgroup_permissions": "m",
"major_number": -1,
"minor_number": -1,
"permissions": "m",
"major": -1,
"minor": -1,
"type": 98
},
{
"cgroup_permissions": "rwm",
"major_number": 5,
"minor_number": 1,
"permissions": "rwm",
"major": 5,
"minor": 1,
"path": "/dev/console",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 4,
"permissions": "rwm",
"major": 4,
"path": "/dev/tty0",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 4,
"minor_number": 1,
"permissions": "rwm",
"major": 4,
"minor": 1,
"path": "/dev/tty1",
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 136,
"minor_number": -1,
"permissions": "rwm",
"major": 136,
"minor": -1,
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 5,
"minor_number": 2,
"permissions": "rwm",
"major": 5,
"minor": 2,
"type": 99
},
{
"cgroup_permissions": "rwm",
"major_number": 10,
"minor_number": 200,
"permissions": "rwm",
"major": 10,
"minor": 200,
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 3,
"major": 1,
"minor": 3,
"path": "/dev/null",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 5,
"major": 1,
"minor": 5,
"path": "/dev/zero",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 7,
"major": 1,
"minor": 7,
"path": "/dev/full",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 5,
"major": 5,
"path": "/dev/tty",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 9,
"major": 1,
"minor": 9,
"path": "/dev/urandom",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 8,
"major": 1,
"minor": 8,
"path": "/dev/random",
"type": 99
}
@ -117,52 +117,51 @@
"parent": "docker"
},
"restrict_sys": true,
"mount_config": {
"device_nodes": [
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 3,
"major": 1,
"minor": 3,
"path": "/dev/null",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 5,
"major": 1,
"minor": 5,
"path": "/dev/zero",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 7,
"major": 1,
"minor": 7,
"path": "/dev/full",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 5,
"major": 5,
"path": "/dev/tty",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 9,
"major": 1,
"minor": 9,
"path": "/dev/urandom",
"type": 99
},
{
"cgroup_permissions": "rwm",
"permissions": "rwm",
"file_mode": 438,
"major_number": 1,
"minor_number": 8,
"major": 1,
"minor": 8,
"path": "/dev/random",
"type": 99
}
@ -172,8 +171,7 @@
"type": "tmpfs",
"destination": "/tmp"
}
]
},
],
"environment": [
"HOME=/",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",