forked from root-project/root
-
Notifications
You must be signed in to change notification settings - Fork 0
47 lines (36 loc) · 1.2 KB
/
testsecurity.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
name: 'Self-hosted runner security test'
on:
workflow_dispatch:
jobs:
no-container:
runs-on: [self-hosted, linux, x64]
steps:
- name: Print debug info
run: 'printf "%s@%s\\n" $(whoami) $(hostname); pwd; ls -la; ls -la /'
if: always()
- name: Attempt illegal write operation
run: 'if touch /a; then false; fi'
if: always()
- name: Attempt illegal read operation
run: 'if cd /root; then false; fi'
if: always()
in-container:
needs: no-container
strategy:
fail-fast: false
matrix:
image: ["","","","","","","","","","","","","","","","","","","",""]
runs-on: [self-hosted, linux, x64]
container:
image: ubuntu
options: '-v /:/mnt/test --security-opt label=disable'
steps:
- name: Print debug info
run: 'printf "%s@%s\\n" $(whoami) $(hostname); pwd; ls -Zla; ls -Zla /'
if: always()
- name: Attempt illegal write operation
run: 'if touch /mnt/test/a > /dev/null; then false; fi'
if: always()
- name: Attempt illegal read operation
run: 'if cd /mnt/test/root > /dev/null; then false; fi'
if: always()