Handle more edge cases; more clear warnings

2026-04-03 16:51:24 -07:00 · 2026-01-05 02:08:32 +00:00
parent 16375abb51
commit c86d0c8772
15 changed files with 613 additions and 1482 deletions
--- a/test/docker_tests/configurations/mount-tests/docker-compose.mount-test.active_config_unwritable.yml
+++ b/test/docker_tests/configurations/mount-tests/docker-compose.mount-test.active_config_unwritable.yml
@@ -14,6 +14,8 @@ services:
      - ALL
    cap_add:
      - CHOWN
+      - SETGID
+      - SETUID
      - NET_ADMIN
      - NET_RAW
      - NET_BIND_SERVICE
@@ -31,12 +33,31 @@ services:
        source: test_netalertx_data
        target: /data
        read_only: false
+      - type: tmpfs
+        target: /tmp/log
+        tmpfs:
+          size: 64m
+          mode: 1777
+          options: noexec,nosuid,nodev,async,noatime,nodiratime
+      - type: tmpfs
+        target: /tmp/api
+        tmpfs:
+          size: 64m
+          mode: 1777
+          options: noexec,nosuid,nodev,async,noatime,nodiratime
+      - type: tmpfs
+        target: /tmp/run
+        tmpfs:
+          size: 64m
+          mode: 1777
+          options: noexec,nosuid,nodev,async,noatime,nodiratime
      - type: volume
        source: test_system_services_active_config
        target: /tmp/nginx/active-config
        read_only: true
    tmpfs:
-      - "/tmp:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      # Ensure /tmp is a writable tmpfs for the app user; mode 1777 to support su-exec drop.
+      - /tmp:uid=20211,gid=20211,mode=1777,noexec,nosuid,nodev,size=64m
 volumes:
  test_netalertx_data:
  test_system_services_active_config: