diff options
author | Lars Wirzenius <liw@liw.fi> | 2020-02-08 11:22:40 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2020-02-08 11:22:40 +0200 |
commit | 3bcf1226308d8ea81f9d2fb75a83b15775f52a8b (patch) | |
tree | a26c31ddf75eada372611cc1db5d931745d9e05b | |
parent | 7ed639e2db6b1d04e8c5d6156f74706918914a71 (diff) | |
download | ick2-3bcf1226308d8ea81f9d2fb75a83b15775f52a8b.tar.gz |
Add: more scenarios to be filled in
-rw-r--r-- | worker.md | 50 |
1 files changed, 49 insertions, 1 deletions
@@ -286,7 +286,55 @@ artifact store"). Acceptance criteria for Ick contractor {#acceptance} ============================================================================= -FIXME. +Debian stable systree +----------------------------------------------------------------------------- + +Scenario to build a base Debian stable systree artifact, and run +something in it and check the output. + +Install non-base packages +----------------------------------------------------------------------------- + +Scenario using debootstrap action that installs additional packages. + +Create artifact +----------------------------------------------------------------------------- + +Scenario that creates an artifact from parts of the workspace, and +restores it in a different project. + +Network isolation +----------------------------------------------------------------------------- + +Scenario that checks the security container prevents shell snippets +from accessing the network. + +Filesystem isolation +----------------------------------------------------------------------------- + +Scenario that checks the security container prevents shell snippts +from seeing or modifying the host's filesystem: /etc, /home, /tmp, +/var/tmp at least. + +Also, checks that the user in the container can't modfify the system +tree. + +User isolation +----------------------------------------------------------------------------- + +Scenario that checks the security container has a separate user/group +db from the host. + +Hostname isolation +----------------------------------------------------------------------------- + +Scenario that checks the security container has a specific hostname. + +Build environment setup +----------------------------------------------------------------------------- + +Scenario that checks the security container has /workspace as cwd, and +a specific uid and gid. Known problems |