summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wirzenius <liw@liw.fi>2020-02-08 11:22:40 +0200
committerLars Wirzenius <liw@liw.fi>2020-02-08 11:22:40 +0200
commit3bcf1226308d8ea81f9d2fb75a83b15775f52a8b (patch)
treea26c31ddf75eada372611cc1db5d931745d9e05b
parent7ed639e2db6b1d04e8c5d6156f74706918914a71 (diff)
downloadick2-3bcf1226308d8ea81f9d2fb75a83b15775f52a8b.tar.gz
Add: more scenarios to be filled in
-rw-r--r--worker.md50
1 files changed, 49 insertions, 1 deletions
diff --git a/worker.md b/worker.md
index 36c0efe..4aeb1f0 100644
--- a/worker.md
+++ b/worker.md
@@ -286,7 +286,55 @@ artifact store").
Acceptance criteria for Ick contractor {#acceptance}
=============================================================================
-FIXME.
+Debian stable systree
+-----------------------------------------------------------------------------
+
+Scenario to build a base Debian stable systree artifact, and run
+something in it and check the output.
+
+Install non-base packages
+-----------------------------------------------------------------------------
+
+Scenario using debootstrap action that installs additional packages.
+
+Create artifact
+-----------------------------------------------------------------------------
+
+Scenario that creates an artifact from parts of the workspace, and
+restores it in a different project.
+
+Network isolation
+-----------------------------------------------------------------------------
+
+Scenario that checks the security container prevents shell snippets
+from accessing the network.
+
+Filesystem isolation
+-----------------------------------------------------------------------------
+
+Scenario that checks the security container prevents shell snippts
+from seeing or modifying the host's filesystem: /etc, /home, /tmp,
+/var/tmp at least.
+
+Also, checks that the user in the container can't modfify the system
+tree.
+
+User isolation
+-----------------------------------------------------------------------------
+
+Scenario that checks the security container has a separate user/group
+db from the host.
+
+Hostname isolation
+-----------------------------------------------------------------------------
+
+Scenario that checks the security container has a specific hostname.
+
+Build environment setup
+-----------------------------------------------------------------------------
+
+Scenario that checks the security container has /workspace as cwd, and
+a specific uid and gid.
Known problems