diff options
Diffstat (limited to 'worker.md')
-rw-r--r-- | worker.md | 50 |
1 files changed, 49 insertions, 1 deletions
@@ -286,7 +286,55 @@ artifact store"). Acceptance criteria for Ick contractor {#acceptance} ============================================================================= -FIXME. +Debian stable systree +----------------------------------------------------------------------------- + +Scenario to build a base Debian stable systree artifact, and run +something in it and check the output. + +Install non-base packages +----------------------------------------------------------------------------- + +Scenario using debootstrap action that installs additional packages. + +Create artifact +----------------------------------------------------------------------------- + +Scenario that creates an artifact from parts of the workspace, and +restores it in a different project. + +Network isolation +----------------------------------------------------------------------------- + +Scenario that checks the security container prevents shell snippets +from accessing the network. + +Filesystem isolation +----------------------------------------------------------------------------- + +Scenario that checks the security container prevents shell snippts +from seeing or modifying the host's filesystem: /etc, /home, /tmp, +/var/tmp at least. + +Also, checks that the user in the container can't modfify the system +tree. + +User isolation +----------------------------------------------------------------------------- + +Scenario that checks the security container has a separate user/group +db from the host. + +Hostname isolation +----------------------------------------------------------------------------- + +Scenario that checks the security container has a specific hostname. + +Build environment setup +----------------------------------------------------------------------------- + +Scenario that checks the security container has /workspace as cwd, and +a specific uid and gid. Known problems |