test: add a custom binary to reliable check seccomp support

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This commit is contained in:
Antonio Murdaca 2017-01-19 18:10:47 +01:00
parent f1f5c635d2
commit 0d37c41521
No known key found for this signature in database
GPG key ID: B2BEAD150DE936B9
4 changed files with 35 additions and 1 deletions

1
.gitignore vendored
View file

@ -11,3 +11,4 @@ ocid.conf
test/bin2img/bin2img
test/copyimg/copyimg
test/testdata/redis-image
test/checkseccomp/checkseccomp

View file

@ -50,6 +50,9 @@ bin2img:
copyimg:
make -C test/$@
checkseccomp:
make -C test/$@
ocid:
ifndef GOPATH
$(error GOPATH is not set)
@ -82,6 +85,7 @@ clean:
make -C pause clean
make -C test/bin2img clean
make -C test/copyimg clean
make -C test/checkseccomp clean
ocidimage:
docker build -t ${OCID_IMAGE} .
@ -95,7 +99,7 @@ integration: ocidimage
localintegration: binaries
./test/test_runner.sh ${TESTFLAGS}
binaries: ocid ocic kpod conmon pause bin2img copyimg
binaries: ocid ocic kpod conmon pause bin2img copyimg checkseccomp
MANPAGES_MD := $(wildcard docs/*.md)
MANPAGES := $(MANPAGES_MD:%.md=%)
@ -191,6 +195,7 @@ install.tools: .install.gitvalidation .install.gometalinter .install.md2man
.PHONY: \
bin2img \
binaries \
checkseccomp \
clean \
conmon \
copyimg \

View file

@ -0,0 +1,6 @@
checkseccomp: $(wildcard *.go)
go build -o $@
.PHONY: clean
clean:
rm -f checkseccomp

View file

@ -0,0 +1,22 @@
package main
import (
"os"
"syscall"
)
const (
// SeccompModeFilter refers to the syscall argument SECCOMP_MODE_FILTER.
SeccompModeFilter = uintptr(2)
)
func main() {
// Check if Seccomp is supported, via CONFIG_SECCOMP.
if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_GET_SECCOMP, 0, 0); err != syscall.EINVAL {
// Make sure the kernel has CONFIG_SECCOMP_FILTER.
if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_SECCOMP, SeccompModeFilter, 0); err != syscall.EINVAL {
os.Exit(0)
}
}
os.Exit(1)
}