test: add a custom binary to reliable check seccomp support
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This commit is contained in:
parent
f1f5c635d2
commit
0d37c41521
4 changed files with 35 additions and 1 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -11,3 +11,4 @@ ocid.conf
|
|||
test/bin2img/bin2img
|
||||
test/copyimg/copyimg
|
||||
test/testdata/redis-image
|
||||
test/checkseccomp/checkseccomp
|
||||
|
|
7
Makefile
7
Makefile
|
@ -50,6 +50,9 @@ bin2img:
|
|||
copyimg:
|
||||
make -C test/$@
|
||||
|
||||
checkseccomp:
|
||||
make -C test/$@
|
||||
|
||||
ocid:
|
||||
ifndef GOPATH
|
||||
$(error GOPATH is not set)
|
||||
|
@ -82,6 +85,7 @@ clean:
|
|||
make -C pause clean
|
||||
make -C test/bin2img clean
|
||||
make -C test/copyimg clean
|
||||
make -C test/checkseccomp clean
|
||||
|
||||
ocidimage:
|
||||
docker build -t ${OCID_IMAGE} .
|
||||
|
@ -95,7 +99,7 @@ integration: ocidimage
|
|||
localintegration: binaries
|
||||
./test/test_runner.sh ${TESTFLAGS}
|
||||
|
||||
binaries: ocid ocic kpod conmon pause bin2img copyimg
|
||||
binaries: ocid ocic kpod conmon pause bin2img copyimg checkseccomp
|
||||
|
||||
MANPAGES_MD := $(wildcard docs/*.md)
|
||||
MANPAGES := $(MANPAGES_MD:%.md=%)
|
||||
|
@ -191,6 +195,7 @@ install.tools: .install.gitvalidation .install.gometalinter .install.md2man
|
|||
.PHONY: \
|
||||
bin2img \
|
||||
binaries \
|
||||
checkseccomp \
|
||||
clean \
|
||||
conmon \
|
||||
copyimg \
|
||||
|
|
6
test/checkseccomp/Makefile
Normal file
6
test/checkseccomp/Makefile
Normal file
|
@ -0,0 +1,6 @@
|
|||
checkseccomp: $(wildcard *.go)
|
||||
go build -o $@
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
rm -f checkseccomp
|
22
test/checkseccomp/checkseccomp.go
Normal file
22
test/checkseccomp/checkseccomp.go
Normal file
|
@ -0,0 +1,22 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"os"
|
||||
"syscall"
|
||||
)
|
||||
|
||||
const (
|
||||
// SeccompModeFilter refers to the syscall argument SECCOMP_MODE_FILTER.
|
||||
SeccompModeFilter = uintptr(2)
|
||||
)
|
||||
|
||||
func main() {
|
||||
// Check if Seccomp is supported, via CONFIG_SECCOMP.
|
||||
if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_GET_SECCOMP, 0, 0); err != syscall.EINVAL {
|
||||
// Make sure the kernel has CONFIG_SECCOMP_FILTER.
|
||||
if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_SECCOMP, SeccompModeFilter, 0); err != syscall.EINVAL {
|
||||
os.Exit(0)
|
||||
}
|
||||
}
|
||||
os.Exit(1)
|
||||
}
|
Loading…
Reference in a new issue