-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathDockerfile.fanotify
More file actions
32 lines (27 loc) · 1.2 KB
/
Copy pathDockerfile.fanotify
File metadata and controls
32 lines (27 loc) · 1.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# Dockerfile.fanotify — Linux test harness for the fanotify watcher
# backend. macOS / Windows developers can't exercise fanotify locally
# because the syscall is Linux-only; this image gives the test suite
# a kernel that supports FAN_REPORT_DFID_NAME (Linux 5.17+, which
# Docker Desktop's VM provides out of the box).
#
# Usage:
# make test-fanotify
#
# The container must run with CAP_SYS_ADMIN and an unconfined
# apparmor profile so fanotify_init / fanotify_mark / open_by_handle_at
# don't fail with EPERM. The Makefile target sets both.
FROM golang:1.25-bookworm
# fanotify_init with FAN_REPORT_DFID_NAME requires Linux 5.17+ and
# CAP_SYS_ADMIN; open_by_handle_at additionally needs the kernel to
# expose /proc/self/fd. Bookworm's base image is fine — we just need
# Go and a writable workspace.
WORKDIR /src
# Copy go.mod + go.sum first so dependency download caches across
# source-only changes.
COPY go.mod go.sum ./
RUN go mod download
COPY . .
# The default entrypoint runs the fanotify-tagged tests. Override
# with `docker run ... go test ./...` to exercise the full suite
# from within the same container.
CMD ["go", "test", "-tags", "fanotify_integration", "-count=1", "-v", "./internal/cli/serve/"]