Fix test breakage in Seccomp mode.

Travis is now using Seccomp, and Docker's default Seccomp policy
disables execveat (though, weirdly, not fexecve).  It also prohibits any
operations on AF_ALG sockets.

While I'm here, replace close/dup with dup2, which is more reliable.

Also, drop the fork mutex earlier.  This way all of the exeve tests will
run, even if one fails.

https://docs.docker.com/engine/security/seccomp/

1 files changed, 29 insertions, 0 deletions

diff --git a/test/test.rs b/test/test.rs
index f0d45dc2..24260500 100644
--- a/test/test.rs
+++ b/test/test.rs
@@ -73,6 +73,35 @@ macro_rules! skip_if_not_root {
     };
 }
 
+cfg_if! {
+    if #[cfg(any(target_os = "android", target_os = "linux"))] {
+        macro_rules! skip_if_seccomp {
+            ($name:expr) => {
+                if let Ok(s) = std::fs::read_to_string("/proc/self/status") {
+                    for l in s.lines() {
+                        let mut fields = l.split_whitespace();
+                        if fields.next() == Some("Seccomp:") &&
+                            fields.next() != Some("0")
+                        {
+                            use ::std::io::Write;
+                            let stderr = ::std::io::stderr();
+                            let mut handle = stderr.lock();
+                            writeln!(handle,
+                                "{} cannot be run in Seccomp mode.  Skipping test.",
+                                stringify!($name)).unwrap();
+                            return;
+                        }
+                    }
+                }
+            }
+        }
+    } else {
+        macro_rules! skip_if_seccomp {
+            ($name:expr) => {}
+        }
+    }
+}
+
 mod sys;
 mod test_dir;
 mod test_fcntl;