From 5646eca119f80f8f45ebec9fcbe666ca614ebf5d Mon Sep 17 00:00:00 2001 From: James O'Doherty Date: Sat, 13 Jun 2026 13:50:25 -0400 Subject: feat: implement system preflight checks and health diagnostics Introduced a tiered system verification mechanism to improve reliability and provide actionable feedback to users, avoiding false positives in the critical execution path. Key changes: - Implement `CheckSystemRequirements` for critical, non-ambiguous requirements (e.g., TUN device availability) to ensure fatal environment issues are caught immediately during bootstrap. - Implement a user-facing `healthcheck` command that provides comprehensive diagnostics and actionable configuration hints for common misconfigurations (e.g., unprivileged user namespaces, subuid/subgid mappings, and kernel sysctls). - Refactor the `FileSystem` interface to support full mockability, allowing for exhaustive unit testing of diagnostic logic. - Add comprehensive unit tests in `internal/namespace/preflight_test.go` covering various Linux distributions, privilege levels, and hardware availability scenarios. - Ensure code quality through formatting, static analysis (golangci-lint), and validation of all existing unit, integration, and E2E tests. --- internal/namespace/ops.go | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'internal/namespace/ops.go') diff --git a/internal/namespace/ops.go b/internal/namespace/ops.go index b2b5e10..76f696c 100644 --- a/internal/namespace/ops.go +++ b/internal/namespace/ops.go @@ -9,6 +9,7 @@ import ( // Ops defines the set of operations required by the Manager to handle // namespace isolation, lifecycle, and synchronization. type Ops interface { + CheckSystemRequirements() error IsIsolated() bool Bootstrap() error BootstrapJoin(pid int) error @@ -31,6 +32,10 @@ func NewLinuxOps() Ops { return &linuxOps{} } +func (l *linuxOps) CheckSystemRequirements() error { + return CheckSystemRequirements() +} + func (l *linuxOps) IsIsolated() bool { return IsIsolated() } -- cgit v1.2.3