coderabbit changes

2026-04-03 16:51:24 -07:00 · 2026-01-03 20:13:01 +00:00
parent 850d93ed62
commit 3cf856f1c2
11 changed files with 104 additions and 37 deletions
--- a/test/docker_tests/configurations/mount-tests/docker-compose.mount-test.cap_chown_missing.yml
+++ b/test/docker_tests/configurations/mount-tests/docker-compose.mount-test.cap_chown_missing.yml
@@ -14,6 +14,8 @@ services:
    cap_add:
      - SETUID
      - SETGID
+      - NET_RAW
+      - NET_ADMIN
    # Intentionally drop CHOWN to prove failure path while leaving defaults intact
    environment:
      LISTEN_ADDR: 0.0.0.0
--- a/test/docker_tests/configurations/mount-tests/docker-compose.mount-test.db_ramdisk.yml
+++ b/test/docker_tests/configurations/mount-tests/docker-compose.mount-test.db_ramdisk.yml
@@ -31,11 +31,11 @@ services:
        target: /data/config
        read_only: false
    tmpfs:
-      - "/data/db:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
-      - "/tmp/api:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
-      - "/tmp/log:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
-      - "/tmp/run:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
-      - "/tmp/nginx/active-config:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/data/db:mode=1700,uid=0,gid=0,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/tmp/api:mode=1700,uid=0,gid=0,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/tmp/log:mode=1700,uid=0,gid=0,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/tmp/run:mode=1700,uid=0,gid=0,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/tmp/nginx/active-config:mode=1700,uid=0,gid=0,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
 volumes:
  netalertx_config:
  netalertx_db:
--- a/test/docker_tests/configurations/mount-tests/docker-compose.mount-test.db_unwritable.yml
+++ b/test/docker_tests/configurations/mount-tests/docker-compose.mount-test.db_unwritable.yml
@@ -35,10 +35,10 @@ services:
        target: /data/config
        read_only: false
    tmpfs:
-      - "/tmp/api:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
-      - "/tmp/log:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
-      - "/tmp/run:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
-      - "/tmp/nginx/active-config:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/tmp/api:mode=1700,uid=0,gid=0,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/tmp/log:mode=1700,uid=0,gid=0,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/tmp/run:mode=1700,uid=0,gid=0,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/tmp/nginx/active-config:mode=1700,uid=0,gid=0,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
 volumes:
  netalertx_config:
  test_netalertx_db:
--- a/test/docker_tests/configurations/mount-tests/docker-compose.mount-test.log_mounted.yml
+++ b/test/docker_tests/configurations/mount-tests/docker-compose.mount-test.log_mounted.yml
@@ -39,9 +39,9 @@ services:
        target: /tmp/log
        read_only: false
    tmpfs:
-      - "/tmp/api:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
-      - "/tmp/run:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
-      - "/tmp/nginx/active-config:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/tmp/api:mode=1700,uid=20211,gid=20211,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/tmp/run:mode=1700,uid=20211,gid=20211,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/tmp/nginx/active-config:mode=1700,uid=20211,gid=20211,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
 volumes:
  netalertx_config:
  netalertx_db: