Fix errors for tests

2025-12-06 17:15:38 -08:00 · 2025-10-26 00:14:03 +00:00
parent c4a041e6e1
commit fb02774814
6 changed files with 52 additions and 9 deletions
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -185,6 +185,9 @@ RUN chown -R ${READ_ONLY_USER}:${READ_ONLY_GROUP} ${READ_ONLY_FOLDERS} && \
    find ${READ_WRITE_FOLDERS} -type d -exec chmod 700 {} + && \
    chown ${READ_ONLY_USER}:${READ_ONLY_GROUP} /entrypoint.sh /opt /opt/venv && \
    chmod 005 /entrypoint.sh ${SYSTEM_SERVICES}/*.sh /app /opt /opt/venv && \
+    for dir in ${READ_WRITE_FOLDERS}; do \
+        install -d -o ${NETALERTX_USER} -g ${NETALERTX_GROUP} -m 700 "$dir"; \
+    done && \
    apk del apk-tools && \
    rm -Rf /var /etc/sudoers.d/* /etc/shadow /etc/gshadow /etc/sudoers \
    /lib/apk /lib/firmware /lib/modules-load.d /lib/sysctl.d /mnt /home/ /root \
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@@ -164,7 +164,7 @@
    {
      "label": "[Any] Build Unit Test Docker image",
      "type": "shell",
-      "command": "docker build -t netalertx-test .",
+      "command": "docker build -t netalertx-test .; echo '🧪 Unit Test Docker image built: netalertx-test'",
      "presentation": {
        "echo": true,
        "reveal": "always",
--- a/3
+++ b/3
@@ -182,6 +182,9 @@ RUN chown -R ${READ_ONLY_USER}:${READ_ONLY_GROUP} ${READ_ONLY_FOLDERS} && \
    find ${READ_WRITE_FOLDERS} -type d -exec chmod 700 {} + && \
    chown ${READ_ONLY_USER}:${READ_ONLY_GROUP} /entrypoint.sh /opt /opt/venv && \
    chmod 005 /entrypoint.sh ${SYSTEM_SERVICES}/*.sh /app /opt /opt/venv && \
+    for dir in ${READ_WRITE_FOLDERS}; do \
+        install -d -o ${NETALERTX_USER} -g ${NETALERTX_GROUP} -m 700 "$dir"; \
+    done && \
    apk del apk-tools && \
    rm -Rf /var /etc/sudoers.d/* /etc/shadow /etc/gshadow /etc/sudoers \
    /lib/apk /lib/firmware /lib/modules-load.d /lib/sysctl.d /mnt /home/ /root \
--- a/install/production-filesystem/entrypoint.sh
+++ b/install/production-filesystem/entrypoint.sh
@@ -70,7 +70,9 @@ if [ "${NETALERTX_DEBUG:-0}" != "1" ]; then
 		if [ ${NETALERTX_DOCKER_ERROR_CHECK} -ne 0 ]; then
 			
 			echo exit code ${NETALERTX_DOCKER_ERROR_CHECK} from ${script}
-			exit ${NETALERTX_DOCKER_ERROR_CHECK}
+			if [ ${NETALERTX_DOCKER_ERROR_CHECK} -ne 0 ]; then
+			   NETALERTX_CHECK_ONLY=${NETALERTX_DOCKER_ERROR_CHECK}
+			fi
 		fi
 	done
 fi
--- a/install/production-filesystem/services/scripts/check-persistent-storage.sh
+++ b/install/production-filesystem/services/scripts/check-persistent-storage.sh
@@ -1,14 +1,48 @@
 #!/bin/sh
 # check-storage.sh - Verify critical paths are persistent mounts.

-warn_if_not_persistent_mount() {
-    path="$1"
-    # Check if the path is a mount point by looking for it in /proc/self/mountinfo
-    # We are looking for an exact match in the mount point column (field 5)
-    if awk -v target="${path}" '$5 == target {found=1} END {exit found ? 0 : 1}' /proc/self/mountinfo; then
+# Get the Device ID of the root filesystem (overlayfs/tmpfs)
+# The default, non-persistent container root will have a unique Device ID.
+# Persistent mounts will have a different Device ID (unless it's a bind mount
+# from the host's root, which is a rare and unusual setup for a single volume check).
+ROOT_DEV_ID=$(stat -c '%d' /)
+
+is_persistent_mount() {
+    target_path="$1"
+
+    # Stat the path and get its Device ID
+    current_dev_id=$(stat -c '%d' "${target_path}")
+
+    # If the Device ID of the target is *different* from the root's Device ID,
+    # it means it resides on a separate filesystem, implying a mount.
+    if [ "${current_dev_id}" != "${ROOT_DEV_ID}" ]; then
+        return 0 # Persistent (different filesystem/device ID)
+    fi
+
+    # Fallback to check if it's the root directory itself (which is always mounted)
+    if [ "${target_path}" = "/" ]; then
        return 0
    fi

+    # Check parent directory recursively
+    parent_dir=$(dirname "${target_path}")
+    if [ "${parent_dir}" != "${target_path}" ]; then
+        is_persistent_mount "${parent_dir}"
+        return $?
+    fi
+
+    return 1 # Not persistent
+}
+
+warn_if_not_persistent_mount() {
+    path="$1"
+
+    if is_persistent_mount "${path}"; then
+        return 0
+    fi
+
+    # ... (Your existing warning message block remains unchanged) ...
+
    failures=1
    YELLOW=$(printf '\033[1;33m')
    RESET=$(printf '\033[0m')
@@ -36,7 +70,7 @@ EOF

 # If NETALERTX_DEBUG=1 then we will exit
 if [ "${NETALERTX_DEBUG}" = "1" ]; then
-	exit 0
+    exit 0
 fi

 failures=0
@@ -49,4 +83,4 @@ if [ "${failures}" -ne 0 ]; then
    # We only warn, not exit, as this is not a critical failure
    # but the user should be aware of the potential data loss.
    sleep 5 # Give user time to read the message
-fi
+fi
--- a/test/docker_tests/test_container_environment.py
+++ b/test/docker_tests/test_container_environment.py
@@ -169,6 +169,7 @@ def _run_container(
    extra_args: list[str] | None = None,
    volume_specs: list[str] | None = None,
    sleep_seconds: float = GRACE_SECONDS,
+    userns: str | None = "host",
 ) -> subprocess.CompletedProcess[str]:
    name = f"netalertx-test-{label}-{uuid.uuid4().hex[:8]}".lower()
    cmd: list[str] = ["docker", "run", "--rm", "--name", name]