| // This test executable constructs a series of directories that cover all different types of |
| // rights which are expressable using fio::Operations. This is used to verify in the |
| // rights_integration_test that directories are having their rights correctly scoped when |
| // passed. |
| { |
| include: [ "//sdk/lib/diagnostics/syslog/client.shard.cml" ], |
| program: { |
| runner: "elf", |
| binary: "bin/expose_dir_rights", |
| }, |
| capabilities: [ |
| { |
| directory: "read_only", |
| rights: [ "r*" ], |
| path: "/read_only", |
| }, |
| { |
| directory: "read_write", |
| rights: [ "rw*" ], |
| path: "/read_write", |
| }, |
| { |
| directory: "read_exec", |
| rights: [ "rx*" ], |
| path: "/read_exec", |
| }, |
| { |
| directory: "read_admin", |
| rights: [ |
| "admin", |
| "r*", |
| ], |
| path: "/read_admin", |
| }, |
| |
| // This will be scoped to "r*" by the parent before offering it to the sibling. |
| { |
| directory: "read_only_after_scoped", |
| from: "self", |
| rights: [ "rw*" ], |
| path: "/read_only_after_scoped", |
| }, |
| ], |
| expose: [ |
| { |
| directory: "read_only", |
| from: "self", |
| }, |
| { |
| directory: "read_write", |
| from: "self", |
| }, |
| { |
| directory: "read_exec", |
| from: "self", |
| }, |
| { |
| directory: "read_admin", |
| from: "self", |
| }, |
| { |
| directory: "read_only_after_scoped", |
| from: "self", |
| }, |
| ], |
| } |