diff options
author | Alan Somers <asomers@gmail.com> | 2019-09-15 11:38:16 -0600 |
---|---|---|
committer | Alan Somers <asomers@gmail.com> | 2019-09-19 17:25:09 -0600 |
commit | 7e2b4028fa654dfc8a1177e1febbc91748668f52 (patch) | |
tree | 94622d702e5f5957de47e944d9801c5cc3fad773 /test/test.rs | |
parent | adcfaf5802a9afc624f3787fb47bc20b19a4014f (diff) | |
download | nix-7e2b4028fa654dfc8a1177e1febbc91748668f52.zip |
Fix test breakage in Seccomp mode.
Travis is now using Seccomp, and Docker's default Seccomp policy
disables execveat (though, weirdly, not fexecve). It also prohibits any
operations on AF_ALG sockets.
While I'm here, replace close/dup with dup2, which is more reliable.
Also, drop the fork mutex earlier. This way all of the exeve tests will
run, even if one fails.
https://docs.docker.com/engine/security/seccomp/
Diffstat (limited to 'test/test.rs')
-rw-r--r-- | test/test.rs | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/test/test.rs b/test/test.rs index f0d45dc2..24260500 100644 --- a/test/test.rs +++ b/test/test.rs @@ -73,6 +73,35 @@ macro_rules! skip_if_not_root { }; } +cfg_if! { + if #[cfg(any(target_os = "android", target_os = "linux"))] { + macro_rules! skip_if_seccomp { + ($name:expr) => { + if let Ok(s) = std::fs::read_to_string("/proc/self/status") { + for l in s.lines() { + let mut fields = l.split_whitespace(); + if fields.next() == Some("Seccomp:") && + fields.next() != Some("0") + { + use ::std::io::Write; + let stderr = ::std::io::stderr(); + let mut handle = stderr.lock(); + writeln!(handle, + "{} cannot be run in Seccomp mode. Skipping test.", + stringify!($name)).unwrap(); + return; + } + } + } + } + } + } else { + macro_rules! skip_if_seccomp { + ($name:expr) => {} + } + } +} + mod sys; mod test_dir; mod test_fcntl; |