Google Git
Sign in
fuchsia / shac-project / shac / a9344b09df2525f3adc3ae8bf4f50cb20af7bc38
commita9344b09df2525f3adc3ae8bf4f50cb20af7bc38[log] [tgz]
authorOliver Newman <olivernewman@google.com>Mon Apr 17 21:42:07 2023 +0000
committerCQ Bot <fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com>Mon Apr 17 21:42:07 2023 +0000
tree6aec84ff0666eae2b55df272a94f3c7c41f05481
parent734660f32c996977bdc9b5096423bafa176f3095 [diff]
[nsjail] Clean up nsjail wrapper logic

- Create an abstraction layer `Config` struct that abstracts away the
  details of constructing nsjail command line flags. This makes the
  business logic of `ctxOsExec()` slightly simpler.
- Only write the nsjail executable to disk once, instead of writing a
  new executable for each `ctx.os.exec()` call.
- Delete `nsjail.Supported()` function as it's not a useful abstraction.
- Always resolve cmd[0] to an absolute or relative path for consistency,
  even when outside an nsjail.

Change-Id: I76c6c3413ce4fea88dd7f112cc4c9e924f192a04
Reviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/836542
Reviewed-by: Marc-Antoine Ruel <maruel@google.com>
Fuchsia-Auto-Submit: Oliver Newman <olivernewman@google.com>
Commit-Queue: Auto-Submit <auto-submit@fuchsia-infra.iam.gserviceaccount.com>
5 files changed
tree: 6aec84ff0666eae2b55df272a94f3c7c41f05481
  1. .github/
  2. doc/
  3. internal/
  4. scripts/
  5. .gitignore
  6. AUTHORS
  7. check_doc.star
  8. codecov.yml
  9. CONTRIBUTING.md
  10. go.mod
  11. go.star
  12. go.sum
  13. LICENSE
  14. licenses.star
  15. main.go
  16. OWNERS
  17. PATENTS
  18. README.md
  19. shac.star
README.md

shac

Scalable Hermetic Analysis and Checks.

Usage

go install go.fuchsia.dev/shac-project/shac@latest
shac check
shac doc shac.star | less

Documentation

Contributing

⚠ The source of truth is at https://fuchsia.googlesource.com/shac-project/shac.git and uses Gerrit for code review.

See CONTRIBUTING.md to submit changes.