system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-21 18:24:38 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

fuzz: update the base JSON for fuzz-nspawn-oci

Browse source
This commit is contained in:
Frantisek Sumsal 2023-05-15 21:10:07 +02:00
parent 0d5896a949
commit f00519b5b3
1 changed files with 227 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

247
test/fuzz/fuzz-nspawn-oci/basic.json
View file

@ -1,6 +1,8 @@
{
"ociVersion": "1.0.0",
"hostname" : "foo",
"root": {
"path": "rootfs",
"readonly": true
@ -33,11 +35,42 @@
"cwd": "/tmp/src",
"rlimits": [
"noNewPrivileges" : true,
"oomScoreAdj" : 20,
"capabilities" : {
"bounding" : [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE"
],
"permitted" : [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE"
],
"inheritable" : [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE"
],
"effective" : [
"CAP_AUDIT_WRITE",
"CAP_KILL"
],
"ambient" : [
"CAP_NET_BIND_SERVICE"
]
},
"rlimits" : [
{
"type": "RLIMIT_NOFILE",
"hard": 1020,
"soft": 1020
"type" : "RLIMIT_NOFILE",
"soft" : 1024,
"hard" : 1024
},
{
"type" : "RLIMIT_RTPRIO",
"soft" : 5,
"hard" : 10
}
]
},
@ -110,32 +143,206 @@
}
],
"hooks": {},
"linux": {
"resources": {
"devices": [
"linux" : {
"namespaces" : [
{
"type" : "mount"
},
{
"type" : "network",
"path" : "$NETNS"
},
{
"type" : "pid"
},
{
"type" : "uts"
}
],
"uidMappings" : [
{
"containerID" : 0,
"hostID" : 1000,
"size" : 100
}
],
"gidMappings" : [
{
"containerID" : 0,
"hostID" : 1000,
"size" : 100
}
],
"devices" : [
{
"type" : "c",
"path" : "/dev/zero",
"major" : 1,
"minor" : 5,
"fileMode" : 444
},
{
"type" : "b",
"path" : "$DEV",
"major" : 4,
"minor" : 2,
"fileMode" : 666,
"uid" : 0,
"gid" : 0
}
],
"resources" : {
"devices" : [
{
"allow": false,
"access": "rwm"
"allow" : false,
"access" : "m"
},
{
"allow" : true,
"type" : "b",
"major" : 4,
"minor" : 2,
"access" : "rwm"
}
],
"memory" : {
"limit" : 134217728,
"reservation" : 33554432,
"swap" : 268435456
},
"cpu" : {
"shares" : 1024,
"quota" : 1000000,
"period" : 500000,
"cpus" : "0-7"
},
"blockIO" : {
"weight" : 10,
"weightDevice" : [
{
"major" : 4,
"minor" : 2,
"weight" : 500
}
],
"throttleReadBpsDevice" : [
{
"major" : 4,
"minor" : 2,
"rate" : 500
}
],
"throttleWriteBpsDevice" : [
{
"major" : 4,
"minor" : 2,
"rate" : 500
}
],
"throttleReadIOPSDevice" : [
{
"major" : 4,
"minor" : 2,
"rate" : 500
}
],
"throttleWriteIOPSDevice" : [
{
"major" : 4,
"minor" : 2,
"rate" : 500
}
]
},
"pids" : {
"limit" : 1024
}
},
"sysctl" : {
"kernel.domainname" : "foo.bar",
"vm.swappiness" : "60"
},
"seccomp" : {
"defaultAction" : "SCMP_ACT_ALLOW",
"architectures" : [
"SCMP_ARCH_ARM",
"SCMP_ARCH_X86_64"
],
"syscalls" : [
{
"names" : [
"lchown",
"chmod"
],
"action" : "SCMP_ACT_ERRNO",
"args" : [
{
"index" : 0,
"value" : 1,
"op" : "SCMP_CMP_NE"
},
{
"index" : 1,
"value" : 2,
"valueTwo" : 3,
"op" : "SCMP_CMP_MASKED_EQ"
}
]
}
]
},
"namespaces": [
"rootfsPropagation" : "shared",
"maskedPaths" : [
"/proc/kcore",
"/root/nonexistent"
],
"readonlyPaths" : [
"/proc/sys",
"/opt/readonly"
]
},
"hooks" : {
"prestart" : [
{
"type": "pid"
"path" : "/bin/sh",
"args" : [
"-xec",
"echo $PRESTART_FOO >/prestart"
],
"env" : [
"PRESTART_FOO=prestart_bar",
"ALSO_FOO=also_bar"
],
"timeout" : 666
},
{
"type": "ipc"
},
"path" : "/bin/touch",
"args" : [
"/tmp/also-prestart"
]
}
],
"poststart" : [
{
"type": "mount"
"path" : "/bin/sh",
"args" : [
"touch",
"/poststart"
]
}
],
"poststop" : [
{
"path" : "/bin/sh",
"args" : [
"touch",
"/poststop"
]
}
]
},
"annotations": {
"com.example.key1": "value1",
"com.example.key2": "value2"
"annotations" : {
"hello.world" : "1",
"foo" : "bar"
}
}