commit | a9344b09df2525f3adc3ae8bf4f50cb20af7bc38 | [log] [tgz] |
---|---|---|
author | Oliver Newman <olivernewman@google.com> | Mon Apr 17 21:42:07 2023 +0000 |
committer | CQ Bot <fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com> | Mon Apr 17 21:42:07 2023 +0000 |
tree | 6aec84ff0666eae2b55df272a94f3c7c41f05481 | |
parent | 734660f32c996977bdc9b5096423bafa176f3095 [diff] |
[nsjail] Clean up nsjail wrapper logic - Create an abstraction layer `Config` struct that abstracts away the details of constructing nsjail command line flags. This makes the business logic of `ctxOsExec()` slightly simpler. - Only write the nsjail executable to disk once, instead of writing a new executable for each `ctx.os.exec()` call. - Delete `nsjail.Supported()` function as it's not a useful abstraction. - Always resolve cmd[0] to an absolute or relative path for consistency, even when outside an nsjail. Change-Id: I76c6c3413ce4fea88dd7f112cc4c9e924f192a04 Reviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/836542 Reviewed-by: Marc-Antoine Ruel <maruel@google.com> Fuchsia-Auto-Submit: Oliver Newman <olivernewman@google.com> Commit-Queue: Auto-Submit <auto-submit@fuchsia-infra.iam.gserviceaccount.com>
Scalable Hermetic Analysis and Checks.
go install go.fuchsia.dev/shac-project/shac@latest shac check shac doc shac.star | less
⚠ The source of truth is at https://fuchsia.googlesource.com/shac-project/shac.git and uses Gerrit for code review.
See CONTRIBUTING.md to submit changes.