From 3bcf1226308d8ea81f9d2fb75a83b15775f52a8b Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sat, 8 Feb 2020 11:22:40 +0200 Subject: Add: more scenarios to be filled in --- worker.md | 50 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) diff --git a/worker.md b/worker.md index 36c0efe..4aeb1f0 100644 --- a/worker.md +++ b/worker.md @@ -286,7 +286,55 @@ artifact store"). Acceptance criteria for Ick contractor {#acceptance} ============================================================================= -FIXME. +Debian stable systree +----------------------------------------------------------------------------- + +Scenario to build a base Debian stable systree artifact, and run +something in it and check the output. + +Install non-base packages +----------------------------------------------------------------------------- + +Scenario using debootstrap action that installs additional packages. + +Create artifact +----------------------------------------------------------------------------- + +Scenario that creates an artifact from parts of the workspace, and +restores it in a different project. + +Network isolation +----------------------------------------------------------------------------- + +Scenario that checks the security container prevents shell snippets +from accessing the network. + +Filesystem isolation +----------------------------------------------------------------------------- + +Scenario that checks the security container prevents shell snippts +from seeing or modifying the host's filesystem: /etc, /home, /tmp, +/var/tmp at least. + +Also, checks that the user in the container can't modfify the system +tree. + +User isolation +----------------------------------------------------------------------------- + +Scenario that checks the security container has a separate user/group +db from the host. + +Hostname isolation +----------------------------------------------------------------------------- + +Scenario that checks the security container has a specific hostname. + +Build environment setup +----------------------------------------------------------------------------- + +Scenario that checks the security container has /workspace as cwd, and +a specific uid and gid. Known problems -- cgit v1.2.1