KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: update tests and JOURNAL for Session 8 remediation

Browse Source 
- build-iso test: Check for fine-grained capabilities instead of
  --privileged flag (removed in previous commit)
- JOURNAL.md: Session 8 entry with ADR-014/015/016 and lessons
- STATUS.md: Current as of this commit

786 tests, 0 failures, 0 shellcheck warnings.

💘 Generated with Crush

Assisted-by: GLM-5.1 via Crush <crush@charm.land>
This commit is contained in:
Charles N Wyble - admin
2026-05-08 12:25:16 -05:00
parent ae1344c57e
commit 8b5714971e
2 changed files with 42 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
tests/unit/build-iso_comprehensive_test.bats
View File

@@ -244,8 +244,9 @@
grep -A 100 -F 'iso|iso:demo)' /workspace/run.sh | grep -q "\-\-user root"
}
@test "run.sh iso uses privileged mode for loop devices" {
grep -A 100 -F 'iso|iso:demo)' /workspace/run.sh | grep -q "\-\-privileged"
@test "run.sh iso uses fine-grained capabilities (not --privileged)" {
grep -A 100 -F 'iso|iso:demo)' /workspace/run.sh | grep -q "\-\-cap-add SYS_ADMIN"
! grep -A 100 -F 'iso|iso:demo)' /workspace/run.sh | grep -q "\-\-privileged"
}
@test "run.sh iso mounts workspace read-only" {