Improving mount diagnostics

2026-04-03 00:31:35 -07:00 · 2025-12-22 02:08:50 +00:00
parent 1f355ada4d
commit 95e9315c88
9 changed files with 1925 additions and 359 deletions
--- a/test/docker_tests/configurations/mount-tests/docker-compose.mount-test.api_noread.yml
+++ b/test/docker_tests/configurations/mount-tests/docker-compose.mount-test.api_noread.yml
@@ -0,0 +1,39 @@
+# Expected outcome: Mounts table shows /tmp/api is mounted and writable but NOT readable (R=❌, W=✅)
+# Note: This is a diagnostic-only container (entrypoint sleeps); the test chmods/chowns /tmp/api to mode 0300.
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-api_noread
+    entrypoint: ["sh", "-lc", "sleep infinity"]
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      NETALERTX_DEBUG: 0
+      NETALERTX_DATA: /data
+      NETALERTX_DB: /data/db
+      NETALERTX_CONFIG: /data/config
+      SYSTEM_SERVICES_RUN_TMP: /tmp
+      NETALERTX_API: /tmp/api
+      NETALERTX_LOG: /tmp/log
+      SYSTEM_SERVICES_RUN: /tmp/run
+      SYSTEM_SERVICES_ACTIVE_CONFIG: /tmp/nginx/active-config
+
+    volumes:
+      - type: volume
+        source: test_netalertx_data
+        target: /data
+        read_only: false
+
+    tmpfs:
+      - "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+
+volumes:
+  test_netalertx_data:
--- a/test/docker_tests/configurations/mount-tests/docker-compose.mount-test.data_noread.yml
+++ b/test/docker_tests/configurations/mount-tests/docker-compose.mount-test.data_noread.yml
@@ -0,0 +1,39 @@
+# Expected outcome: Mounts table shows /data is mounted and writable but NOT readable (R=❌, W=✅)
+# Note: This is a diagnostic-only container (entrypoint sleeps); the test chmods/chowns /data to mode 0300.
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-data_noread
+    entrypoint: ["sh", "-lc", "sleep infinity"]
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      NETALERTX_DEBUG: 0
+      NETALERTX_DATA: /data
+      NETALERTX_DB: /data/db
+      NETALERTX_CONFIG: /data/config
+      SYSTEM_SERVICES_RUN_TMP: /tmp
+      NETALERTX_API: /tmp/api
+      NETALERTX_LOG: /tmp/log
+      SYSTEM_SERVICES_RUN: /tmp/run
+      SYSTEM_SERVICES_ACTIVE_CONFIG: /tmp/nginx/active-config
+
+    volumes:
+      - type: volume
+        source: test_netalertx_data
+        target: /data
+        read_only: false
+
+    tmpfs:
+      - "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+
+volumes:
+  test_netalertx_data:
--- a/test/docker_tests/configurations/mount-tests/docker-compose.mount-test.db_noread.yml
+++ b/test/docker_tests/configurations/mount-tests/docker-compose.mount-test.db_noread.yml
@@ -0,0 +1,39 @@
+# Expected outcome: Mounts table shows /data/db is mounted and writable but NOT readable (R=❌, W=✅)
+# Note: This is a diagnostic-only container (entrypoint sleeps); the test chmods/chowns /data/db to mode 0300.
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-db_noread
+    entrypoint: ["sh", "-lc", "sleep infinity"]
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      NETALERTX_DEBUG: 0
+      NETALERTX_DATA: /data
+      NETALERTX_DB: /data/db
+      NETALERTX_CONFIG: /data/config
+      SYSTEM_SERVICES_RUN_TMP: /tmp
+      NETALERTX_API: /tmp/api
+      NETALERTX_LOG: /tmp/log
+      SYSTEM_SERVICES_RUN: /tmp/run
+      SYSTEM_SERVICES_ACTIVE_CONFIG: /tmp/nginx/active-config
+
+    volumes:
+      - type: volume
+        source: test_netalertx_data
+        target: /data
+        read_only: false
+
+    tmpfs:
+      - "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+
+volumes:
+  test_netalertx_data:
--- a/test/docker_tests/configurations/mount-tests/docker-compose.mount-test.tmp_noread.yml
+++ b/test/docker_tests/configurations/mount-tests/docker-compose.mount-test.tmp_noread.yml
@@ -0,0 +1,39 @@
+# Expected outcome: Mounts table shows /tmp is mounted and writable but NOT readable (R=❌, W=✅)
+# Note: This is a diagnostic-only container (entrypoint sleeps); the test chmods/chowns /tmp to mode 0300.
+services:
+  netalertx:
+    network_mode: host
+    build:
+      context: ../../../
+      dockerfile: Dockerfile
+    image: netalertx-test
+    container_name: netalertx-test-mount-tmp_noread
+    entrypoint: ["sh", "-lc", "sleep infinity"]
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - NET_BIND_SERVICE
+    environment:
+      NETALERTX_DEBUG: 0
+      NETALERTX_DATA: /data
+      NETALERTX_DB: /data/db
+      NETALERTX_CONFIG: /data/config
+      SYSTEM_SERVICES_RUN_TMP: /tmp
+      NETALERTX_API: /tmp/api
+      NETALERTX_LOG: /tmp/log
+      SYSTEM_SERVICES_RUN: /tmp/run
+      SYSTEM_SERVICES_ACTIVE_CONFIG: /tmp/nginx/active-config
+
+    volumes:
+      - type: volume
+        source: test_netalertx_data
+        target: /data
+        read_only: false
+
+    tmpfs:
+      - "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+
+volumes:
+  test_netalertx_data:
--- a/test/docker_tests/configurations/test_results.log
+++ b/test/docker_tests/configurations/test_results.log