diff options
author | Alan Somers <asomers@gmail.com> | 2019-09-15 11:38:16 -0600 |
---|---|---|
committer | Alan Somers <asomers@gmail.com> | 2019-09-19 17:25:09 -0600 |
commit | 7e2b4028fa654dfc8a1177e1febbc91748668f52 (patch) | |
tree | 94622d702e5f5957de47e944d9801c5cc3fad773 /test/sys | |
parent | adcfaf5802a9afc624f3787fb47bc20b19a4014f (diff) | |
download | nix-7e2b4028fa654dfc8a1177e1febbc91748668f52.zip |
Fix test breakage in Seccomp mode.
Travis is now using Seccomp, and Docker's default Seccomp policy
disables execveat (though, weirdly, not fexecve). It also prohibits any
operations on AF_ALG sockets.
While I'm here, replace close/dup with dup2, which is more reliable.
Also, drop the fork mutex earlier. This way all of the exeve tests will
run, even if one fails.
https://docs.docker.com/engine/security/seccomp/
Diffstat (limited to 'test/sys')
-rw-r--r-- | test/sys/test_socket.rs | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/test/sys/test_socket.rs b/test/sys/test_socket.rs index d4c4738e..106428b9 100644 --- a/test/sys/test_socket.rs +++ b/test/sys/test_socket.rs @@ -244,6 +244,10 @@ pub fn test_af_alg_cipher() { ControlMessage, MsgFlags}; use nix::sys::socket::sockopt::AlgSetKey; + // Travis's seccomp profile blocks AF_ALG + // https://docs.docker.com/engine/security/seccomp/ + skip_if_seccomp!(test_af_alg_cipher); + let alg_type = "skcipher"; let alg_name = "ctr(aes)"; // 256-bits secret key @@ -308,6 +312,10 @@ pub fn test_af_alg_aead() { ControlMessage, MsgFlags}; use nix::sys::socket::sockopt::{AlgSetKey, AlgSetAeadAuthSize}; + // Travis's seccomp profile blocks AF_ALG + // https://docs.docker.com/engine/security/seccomp/ + skip_if_seccomp!(test_af_alg_aead); + let auth_size = 4usize; let assoc_size = 16u32; |