systemd/test/fuzz/fuzz-nspawn-oci/basic.json

{
    "ociVersion": "1.0.0",

    "hostname" : "foo",

    "root": {
        "path": "rootfs",
        "readonly": true
    },

    "process": {
        "terminal": false,
        "consoleSize": {
            "height":6667,
            "width":6668
        },

        "user": {
            "uid": 14,
            "gid": 14,
            "additionalGids": [59, 81]
        },

        "args": [
            "/tmp/verify.sh"
        ],

        "env": [
            "FOO=BAR",
            "WITHSPACES=FOO BAR",
            "WITHSHELLCHARS=$ASDF \\\"asdf asdf\\\" !",
            "WITHCONTROLCHARS=\\123\\125\\010\\020",
            "TERM=xterm"
        ],

        "cwd": "/tmp/src",

        "noNewPrivileges" : true,
        "oomScoreAdj" : 20,
        "capabilities" : {
            "bounding" : [
                "CAP_AUDIT_WRITE",
                "CAP_KILL",
                "CAP_NET_BIND_SERVICE"
            ],
            "permitted" : [
                "CAP_AUDIT_WRITE",
                "CAP_KILL",
                "CAP_NET_BIND_SERVICE"
            ],
            "inheritable" : [
                "CAP_AUDIT_WRITE",
                "CAP_KILL",
                "CAP_NET_BIND_SERVICE"
            ],
            "effective" : [
                "CAP_AUDIT_WRITE",
                "CAP_KILL"
            ],
            "ambient" : [
                "CAP_NET_BIND_SERVICE"
            ]
        },
        "rlimits" : [
            {
                "type" : "RLIMIT_NOFILE",
                "soft" : 1024,
                "hard" : 1024
            },
            {
                "type" : "RLIMIT_RTPRIO",
                "soft" : 5,
                "hard" : 10
            }
        ]
    },

    "mounts": [
        {
            "destination": "/tmp/src",
            "source": "src",
            "options": ["ro"]
        },

        {
            "destination": "/tmp/verify.sh",
            "source": "verify.sh",
            "options": ["ro"]
        },

        {
            "destination": "/proc",
            "type": "proc",
            "source": "proc"
        },
        {
            "destination": "/dev",
            "type": "tmpfs",
            "source": "tmpfs",
            "options": [
                "mode=777"
            ]
        },
        {
            "destination": "/dev/pts",
            "type": "devpts",
            "source": "devpts",
            "options": [
                "mode=777"
            ]
        },
        {
            "destination": "/dev/shm",
            "type": "tmpfs",
            "source": "shm",
            "options": [
                "mode=777"
            ]
        },
        {
            "destination": "/dev/mqueue",
            "type": "mqueue",
            "source": "mqueue",
            "options": [
                "mode=777"
            ]
        },
        {
            "destination": "/sys",
            "type": "sysfs",
            "source": "sysfs",
            "options": [
                "mode=777"
            ]
        },
        {
            "destination": "/sys/fs/cgroup",
            "type": "cgroup",
            "source": "cgroup",
            "options": [
                "mode=777"
            ]
        }
    ],

    "linux" : {
        "namespaces" : [
            {
                "type" : "mount"
            },
            {
                "type" : "network",
                "path" : "$NETNS"
            },
            {
                "type" : "pid"
            },
            {
                "type" : "uts"
            }
        ],
        "uidMappings" : [
            {
                "containerID" : 0,
                "hostID" : 1000,
                "size" : 100
            }
        ],
        "gidMappings" : [
            {
                "containerID" : 0,
                "hostID" : 1000,
                "size" : 100
            }
        ],
        "devices" : [
            {
                "type" : "c",
                "path" : "/dev/zero",
                "major" : 1,
                "minor" : 5,
                "fileMode" : 444
            },
            {
                "type" : "b",
                "path" : "$DEV",
                "major" : 4,
                "minor" : 2,
                "fileMode" : 666,
                "uid" : 0,
                "gid" : 0
            }
        ],
        "resources" : {
            "devices" : [
                {
                    "allow" : false,
                    "access" : "m"
                },
                {
                    "allow" : true,
                    "type" : "b",
                    "major" : 4,
                    "minor" : 2,
                    "access" : "rwm"
                }
            ],
            "memory" : {
                "limit" : 134217728,
                "reservation" : 33554432,
                "swap" : 268435456
            },
            "cpu" : {
                "shares" : 1024,
                "quota" : 1000000,
                "period" : 500000,
                "cpus" : "0-7"
            },
            "blockIO" : {
                "weight" : 10,
                "weightDevice" : [
                    {
                        "major" : 4,
                        "minor" : 2,
                        "weight" : 500
                    }
                ],
                "throttleReadBpsDevice" : [
                    {
                        "major" : 4,
                        "minor" : 2,
                        "rate" : 500
                    }
                ],
                "throttleWriteBpsDevice" : [
                    {
                        "major" : 4,
                        "minor" : 2,
                        "rate" : 500
                    }
                ],
                "throttleReadIOPSDevice" : [
                    {
                        "major" : 4,
                        "minor" : 2,
                        "rate" : 500
                    }
                ],
                "throttleWriteIOPSDevice" : [
                    {
                        "major" : 4,
                        "minor" : 2,
                        "rate" : 500
                    }
                ]
            },
            "pids" : {
                "limit" : 1024
            }
        },
        "sysctl" : {
            "kernel.domainname" : "foo.bar",
            "vm.swappiness" : "60"
        },
        "seccomp" : {
            "defaultAction" : "SCMP_ACT_ALLOW",
            "architectures" : [
                "SCMP_ARCH_ARM",
                "SCMP_ARCH_X86_64"
            ],
            "syscalls" : [
                {
                    "names" : [
                        "lchown",
                        "chmod"
                    ],
                    "action" : "SCMP_ACT_ERRNO",
                    "args" : [
                        {
                            "index" : 0,
                            "value" : 1,
                            "op" : "SCMP_CMP_NE"
                        },
                        {
                            "index" : 1,
                            "value" : 2,
                            "valueTwo" : 3,
                            "op" : "SCMP_CMP_MASKED_EQ"
                        }
                    ]
                }
            ]
        },
        "rootfsPropagation" : "shared",
        "maskedPaths" : [
            "/proc/kcore",
            "/root/nonexistent"
        ],
        "readonlyPaths" : [
            "/proc/sys",
            "/opt/readonly"
        ]
    },
    "hooks" : {
        "prestart" : [
            {
                "path" : "/bin/sh",
                "args" : [
                    "-xec",
                    "echo $PRESTART_FOO >/prestart"
                ],
                "env" : [
                    "PRESTART_FOO=prestart_bar",
                    "ALSO_FOO=also_bar"
                ],
                "timeout" : 666
            },
            {
                "path" : "/bin/touch",
                "args" : [
                    "/tmp/also-prestart"
                ]
            }
        ],
        "poststart" : [
            {
                "path" : "/bin/sh",
                "args" : [
                    "touch",
                    "/poststart"
                ]
            }
        ],
        "poststop" : [
            {
                "path" : "/bin/sh",
                "args" : [
                    "touch",
                    "/poststop"
                ]
            }
        ]
    },
    "annotations" : {
        "hello.world" : "1",
        "foo" : "bar"
    }
}
fuzz-nspawn-oci: add fuzzer for the oci bundle loader 2019-03-21 23:16:56 +01:00			`{`
			`"ociVersion": "1.0.0",`

fuzz: update the base JSON for fuzz-nspawn-oci 2023-05-15 21:10:07 +02:00			`"hostname" : "foo",`

fuzz-nspawn-oci: add fuzzer for the oci bundle loader 2019-03-21 23:16:56 +01:00			`"root": {`
			`"path": "rootfs",`
			`"readonly": true`
			`},`

			`"process": {`
			`"terminal": false,`
			`"consoleSize": {`
			`"height":6667,`
			`"width":6668`
			`},`

			`"user": {`
			`"uid": 14,`
			`"gid": 14,`
			`"additionalGids": [59, 81]`
			`},`

			`"args": [`
			`"/tmp/verify.sh"`
			`],`

			`"env": [`
			`"FOO=BAR",`
			`"WITHSPACES=FOO BAR",`
			`"WITHSHELLCHARS=$ASDF \\\"asdf asdf\\\" !",`
			`"WITHCONTROLCHARS=\\123\\125\\010\\020",`
			`"TERM=xterm"`
			`],`

			`"cwd": "/tmp/src",`

fuzz: update the base JSON for fuzz-nspawn-oci 2023-05-15 21:10:07 +02:00			`"noNewPrivileges" : true,`
			`"oomScoreAdj" : 20,`
			`"capabilities" : {`
			`"bounding" : [`
			`"CAP_AUDIT_WRITE",`
			`"CAP_KILL",`
			`"CAP_NET_BIND_SERVICE"`
			`],`
			`"permitted" : [`
			`"CAP_AUDIT_WRITE",`
			`"CAP_KILL",`
			`"CAP_NET_BIND_SERVICE"`
			`],`
			`"inheritable" : [`
			`"CAP_AUDIT_WRITE",`
			`"CAP_KILL",`
			`"CAP_NET_BIND_SERVICE"`
			`],`
			`"effective" : [`
			`"CAP_AUDIT_WRITE",`
			`"CAP_KILL"`
			`],`
			`"ambient" : [`
			`"CAP_NET_BIND_SERVICE"`
			`]`
			`},`
			`"rlimits" : [`
fuzz-nspawn-oci: add fuzzer for the oci bundle loader 2019-03-21 23:16:56 +01:00			`{`
fuzz: update the base JSON for fuzz-nspawn-oci 2023-05-15 21:10:07 +02:00			`"type" : "RLIMIT_NOFILE",`
			`"soft" : 1024,`
			`"hard" : 1024`
			`},`
			`{`
			`"type" : "RLIMIT_RTPRIO",`
			`"soft" : 5,`
			`"hard" : 10`
fuzz-nspawn-oci: add fuzzer for the oci bundle loader 2019-03-21 23:16:56 +01:00			`}`
			`]`
			`},`

			`"mounts": [`
			`{`
			`"destination": "/tmp/src",`
			`"source": "src",`
			`"options": ["ro"]`
			`},`

			`{`
			`"destination": "/tmp/verify.sh",`
			`"source": "verify.sh",`
			`"options": ["ro"]`
			`},`

			`{`
			`"destination": "/proc",`
			`"type": "proc",`
			`"source": "proc"`
			`},`
			`{`
			`"destination": "/dev",`
			`"type": "tmpfs",`
			`"source": "tmpfs",`
			`"options": [`
			`"mode=777"`
			`]`
			`},`
			`{`
			`"destination": "/dev/pts",`
			`"type": "devpts",`
			`"source": "devpts",`
			`"options": [`
			`"mode=777"`
			`]`
			`},`
			`{`
			`"destination": "/dev/shm",`
			`"type": "tmpfs",`
			`"source": "shm",`
			`"options": [`
			`"mode=777"`
			`]`
			`},`
			`{`
			`"destination": "/dev/mqueue",`
			`"type": "mqueue",`
			`"source": "mqueue",`
			`"options": [`
			`"mode=777"`
			`]`
			`},`
			`{`
			`"destination": "/sys",`
			`"type": "sysfs",`
			`"source": "sysfs",`
			`"options": [`
			`"mode=777"`
			`]`
			`},`
			`{`
			`"destination": "/sys/fs/cgroup",`
			`"type": "cgroup",`
			`"source": "cgroup",`
			`"options": [`
			`"mode=777"`
			`]`
			`}`
			`],`

fuzz: update the base JSON for fuzz-nspawn-oci 2023-05-15 21:10:07 +02:00			`"linux" : {`
			`"namespaces" : [`
			`{`
			`"type" : "mount"`
			`},`
			`{`
			`"type" : "network",`
			`"path" : "$NETNS"`
			`},`
			`{`
			`"type" : "pid"`
			`},`
			`{`
			`"type" : "uts"`
			`}`
			`],`
			`"uidMappings" : [`
			`{`
			`"containerID" : 0,`
			`"hostID" : 1000,`
			`"size" : 100`
			`}`
			`],`
			`"gidMappings" : [`
			`{`
			`"containerID" : 0,`
			`"hostID" : 1000,`
			`"size" : 100`
			`}`
			`],`
			`"devices" : [`
			`{`
			`"type" : "c",`
			`"path" : "/dev/zero",`
			`"major" : 1,`
			`"minor" : 5,`
			`"fileMode" : 444`
			`},`
			`{`
			`"type" : "b",`
			`"path" : "$DEV",`
			`"major" : 4,`
			`"minor" : 2,`
			`"fileMode" : 666,`
			`"uid" : 0,`
			`"gid" : 0`
			`}`
			`],`
			`"resources" : {`
			`"devices" : [`
			`{`
			`"allow" : false,`
			`"access" : "m"`
			`},`
			`{`
			`"allow" : true,`
			`"type" : "b",`
			`"major" : 4,`
			`"minor" : 2,`
			`"access" : "rwm"`
			`}`
			`],`
			`"memory" : {`
			`"limit" : 134217728,`
			`"reservation" : 33554432,`
			`"swap" : 268435456`
			`},`
			`"cpu" : {`
			`"shares" : 1024,`
			`"quota" : 1000000,`
			`"period" : 500000,`
			`"cpus" : "0-7"`
			`},`
			`"blockIO" : {`
			`"weight" : 10,`
			`"weightDevice" : [`
			`{`
			`"major" : 4,`
			`"minor" : 2,`
			`"weight" : 500`
			`}`
			`],`
			`"throttleReadBpsDevice" : [`
			`{`
			`"major" : 4,`
			`"minor" : 2,`
			`"rate" : 500`
			`}`
			`],`
			`"throttleWriteBpsDevice" : [`
			`{`
			`"major" : 4,`
			`"minor" : 2,`
			`"rate" : 500`
			`}`
			`],`
			`"throttleReadIOPSDevice" : [`
			`{`
			`"major" : 4,`
			`"minor" : 2,`
			`"rate" : 500`
			`}`
			`],`
			`"throttleWriteIOPSDevice" : [`
			`{`
			`"major" : 4,`
			`"minor" : 2,`
			`"rate" : 500`
			`}`
			`]`
			`},`
			`"pids" : {`
			`"limit" : 1024`
			`}`
			`},`
			`"sysctl" : {`
			`"kernel.domainname" : "foo.bar",`
			`"vm.swappiness" : "60"`
			`},`
			`"seccomp" : {`
			`"defaultAction" : "SCMP_ACT_ALLOW",`
			`"architectures" : [`
			`"SCMP_ARCH_ARM",`
			`"SCMP_ARCH_X86_64"`
			`],`
			`"syscalls" : [`
fuzz-nspawn-oci: add fuzzer for the oci bundle loader 2019-03-21 23:16:56 +01:00			`{`
fuzz: update the base JSON for fuzz-nspawn-oci 2023-05-15 21:10:07 +02:00			`"names" : [`
			`"lchown",`
			`"chmod"`
			`],`
			`"action" : "SCMP_ACT_ERRNO",`
			`"args" : [`
			`{`
			`"index" : 0,`
			`"value" : 1,`
			`"op" : "SCMP_CMP_NE"`
			`},`
			`{`
			`"index" : 1,`
			`"value" : 2,`
			`"valueTwo" : 3,`
			`"op" : "SCMP_CMP_MASKED_EQ"`
			`}`
			`]`
fuzz-nspawn-oci: add fuzzer for the oci bundle loader 2019-03-21 23:16:56 +01:00			`}`
			`]`
			`},`
fuzz: update the base JSON for fuzz-nspawn-oci 2023-05-15 21:10:07 +02:00			`"rootfsPropagation" : "shared",`
			`"maskedPaths" : [`
			`"/proc/kcore",`
			`"/root/nonexistent"`
			`],`
			`"readonlyPaths" : [`
			`"/proc/sys",`
			`"/opt/readonly"`
			`]`
			`},`
			`"hooks" : {`
			`"prestart" : [`
fuzz-nspawn-oci: add fuzzer for the oci bundle loader 2019-03-21 23:16:56 +01:00			`{`
fuzz: update the base JSON for fuzz-nspawn-oci 2023-05-15 21:10:07 +02:00			`"path" : "/bin/sh",`
			`"args" : [`
			`"-xec",`
			`"echo $PRESTART_FOO >/prestart"`
			`],`
			`"env" : [`
			`"PRESTART_FOO=prestart_bar",`
			`"ALSO_FOO=also_bar"`
			`],`
			`"timeout" : 666`
fuzz-nspawn-oci: add fuzzer for the oci bundle loader 2019-03-21 23:16:56 +01:00			`},`
			`{`
fuzz: update the base JSON for fuzz-nspawn-oci 2023-05-15 21:10:07 +02:00			`"path" : "/bin/touch",`
			`"args" : [`
			`"/tmp/also-prestart"`
			`]`
			`}`
			`],`
			`"poststart" : [`
fuzz-nspawn-oci: add fuzzer for the oci bundle loader 2019-03-21 23:16:56 +01:00			`{`
fuzz: update the base JSON for fuzz-nspawn-oci 2023-05-15 21:10:07 +02:00			`"path" : "/bin/sh",`
			`"args" : [`
			`"touch",`
			`"/poststart"`
			`]`
			`}`
			`],`
			`"poststop" : [`
			`{`
			`"path" : "/bin/sh",`
			`"args" : [`
			`"touch",`
			`"/poststop"`
			`]`
fuzz-nspawn-oci: add fuzzer for the oci bundle loader 2019-03-21 23:16:56 +01:00			`}`
			`]`
			`},`
fuzz: update the base JSON for fuzz-nspawn-oci 2023-05-15 21:10:07 +02:00			`"annotations" : {`
			`"hello.world" : "1",`
			`"foo" : "bar"`
fuzz-nspawn-oci: add fuzzer for the oci bundle loader 2019-03-21 23:16:56 +01:00			`}`
			`}`