Run gofmt -s on everything
PiperOrigin-RevId: 214040901 Change-Id: I74d79497a053da3624921ad2b7c5193ca4a87942
This commit is contained in:
parent
4634cd66ad
commit
7ce13ebcad
|
@ -98,7 +98,7 @@ func buildProgram(rules SyscallRules, kill bool) ([]linux.BPFInstruction, error)
|
||||||
// buildIndex builds a BST to quickly search through all syscalls that are whitelisted.
|
// buildIndex builds a BST to quickly search through all syscalls that are whitelisted.
|
||||||
func buildIndex(rules SyscallRules, program *bpf.ProgramBuilder) error {
|
func buildIndex(rules SyscallRules, program *bpf.ProgramBuilder) error {
|
||||||
syscalls := []uintptr{}
|
syscalls := []uintptr{}
|
||||||
for sysno, _ := range rules {
|
for sysno := range rules {
|
||||||
syscalls = append(syscalls, sysno)
|
syscalls = append(syscalls, sysno)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -120,7 +120,7 @@ func (sr SyscallRules) Merge(rules SyscallRules) {
|
||||||
sr[sysno] = append(sr[sysno], Rule{})
|
sr[sysno] = append(sr[sysno], Rule{})
|
||||||
}
|
}
|
||||||
if len(rs) == 0 {
|
if len(rs) == 0 {
|
||||||
rs = []Rule{Rule{}}
|
rs = []Rule{{}}
|
||||||
}
|
}
|
||||||
sr[sysno] = append(sr[sysno], rs...)
|
sr[sysno] = append(sr[sysno], rs...)
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -368,19 +368,19 @@ func TestMerge(t *testing.T) {
|
||||||
name: "empty both",
|
name: "empty both",
|
||||||
main: nil,
|
main: nil,
|
||||||
merge: nil,
|
merge: nil,
|
||||||
want: []Rule{Rule{}, Rule{}},
|
want: []Rule{{}, {}},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "empty main",
|
name: "empty main",
|
||||||
main: nil,
|
main: nil,
|
||||||
merge: []Rule{Rule{}},
|
merge: []Rule{{}},
|
||||||
want: []Rule{Rule{}, Rule{}},
|
want: []Rule{{}, {}},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "empty merge",
|
name: "empty merge",
|
||||||
main: []Rule{Rule{}},
|
main: []Rule{{}},
|
||||||
merge: nil,
|
merge: nil,
|
||||||
want: []Rule{Rule{}, Rule{}},
|
want: []Rule{{}, {}},
|
||||||
},
|
},
|
||||||
} {
|
} {
|
||||||
t.Run(tst.name, func(t *testing.T) {
|
t.Run(tst.name, func(t *testing.T) {
|
||||||
|
|
|
@ -735,13 +735,11 @@ func TestUnixDomainSockets(t *testing.T) {
|
||||||
UID: uint32(os.Getuid()),
|
UID: uint32(os.Getuid()),
|
||||||
GID: uint32(os.Getgid()),
|
GID: uint32(os.Getgid()),
|
||||||
}
|
}
|
||||||
spec.Mounts = []specs.Mount{
|
spec.Mounts = []specs.Mount{{
|
||||||
specs.Mount{
|
|
||||||
Type: "bind",
|
Type: "bind",
|
||||||
Destination: dir,
|
Destination: dir,
|
||||||
Source: dir,
|
Source: dir,
|
||||||
},
|
}}
|
||||||
}
|
|
||||||
|
|
||||||
rootDir, bundleDir, err := testutil.SetupContainer(spec, conf)
|
rootDir, bundleDir, err := testutil.SetupContainer(spec, conf)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -65,15 +65,15 @@ var allowedSyscalls = seccomp.SyscallRules{
|
||||||
syscall.SYS_FCHMOD: {},
|
syscall.SYS_FCHMOD: {},
|
||||||
syscall.SYS_FCHOWNAT: {},
|
syscall.SYS_FCHOWNAT: {},
|
||||||
syscall.SYS_FCNTL: []seccomp.Rule{
|
syscall.SYS_FCNTL: []seccomp.Rule{
|
||||||
seccomp.Rule{
|
{
|
||||||
seccomp.AllowAny{},
|
seccomp.AllowAny{},
|
||||||
seccomp.AllowValue(syscall.F_GETFL),
|
seccomp.AllowValue(syscall.F_GETFL),
|
||||||
},
|
},
|
||||||
seccomp.Rule{
|
{
|
||||||
seccomp.AllowAny{},
|
seccomp.AllowAny{},
|
||||||
seccomp.AllowValue(syscall.F_SETFL),
|
seccomp.AllowValue(syscall.F_SETFL),
|
||||||
},
|
},
|
||||||
seccomp.Rule{
|
{
|
||||||
seccomp.AllowAny{},
|
seccomp.AllowAny{},
|
||||||
seccomp.AllowValue(syscall.F_GETFD),
|
seccomp.AllowValue(syscall.F_GETFD),
|
||||||
},
|
},
|
||||||
|
|
|
@ -134,7 +134,7 @@ func NewSpecWithArgs(args ...string) *specs.Spec {
|
||||||
// This creates a writable mount inside the root. Also, when tmpdir points
|
// This creates a writable mount inside the root. Also, when tmpdir points
|
||||||
// to "/tmp", it makes the the actual /tmp to be mounted and not a tmpfs
|
// to "/tmp", it makes the the actual /tmp to be mounted and not a tmpfs
|
||||||
// inside the sentry.
|
// inside the sentry.
|
||||||
specs.Mount{
|
{
|
||||||
Type: "bind",
|
Type: "bind",
|
||||||
Destination: TmpDir(),
|
Destination: TmpDir(),
|
||||||
Source: TmpDir(),
|
Source: TmpDir(),
|
||||||
|
|
Loading…
Reference in New Issue