monadical/greywall
Archived
13
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity

fix: improve skip logic for Landlock tests in integration_linux_test.go

Browse Source
This commit is contained in:
JY Tan
2026-01-17 13:15:23 -08:00
parent d53d123fb6
commit 71c211c9ab
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
internal/sandbox/integration_linux_test.go
View File

@@ -16,8 +16,11 @@ import (
// ============================================================================ // ============================================================================
// skipIfLandlockNotUsable skips tests that require the Landlock wrapper. // skipIfLandlockNotUsable skips tests that require the Landlock wrapper.
// The Landlock wrapper is disabled when the executable is in /tmp (test binaries), // The Landlock wrapper re-executes the binary with --landlock-apply, which only
// because --tmpfs /tmp hides the test binary from inside the sandbox. // the fence CLI understands. Test binaries (e.g., sandbox.test) don't have this
// handler, so Landlock tests must be skipped when not running as the fence CLI.
// TODO: consider removing tests that call this function, for now can keep them
// as documentation.
func skipIfLandlockNotUsable(t *testing.T) { func skipIfLandlockNotUsable(t *testing.T) {
t.Helper() t.Helper()
features := DetectLinuxFeatures() features := DetectLinuxFeatures()
@@ -25,8 +28,8 @@ func skipIfLandlockNotUsable(t *testing.T) {
t.Skip("skipping: Landlock not available on this kernel") t.Skip("skipping: Landlock not available on this kernel")
} }
exePath, _ := os.Executable() exePath, _ := os.Executable()
if strings.HasPrefix(exePath, "/tmp/") { if !strings.Contains(filepath.Base(exePath), "fence") {
t.Skip("skipping: Landlock wrapper disabled in test environment (executable in /tmp)") t.Skip("skipping: Landlock wrapper requires fence CLI (test binary cannot use --landlock-apply)")
} }
} }