diff options
| author | Alan Somers <asomers@gmail.com> | 2019-09-15 11:38:16 -0600 |
|---|---|---|
| committer | Alan Somers <asomers@gmail.com> | 2019-09-19 17:25:09 -0600 |
| commit | 7e2b4028fa654dfc8a1177e1febbc91748668f52 (patch) | |
| tree | 94622d702e5f5957de47e944d9801c5cc3fad773 /test/test_unistd.rs | |
| parent | adcfaf5802a9afc624f3787fb47bc20b19a4014f (diff) | |
| download | nix-7e2b4028fa654dfc8a1177e1febbc91748668f52.zip | |
Fix test breakage in Seccomp mode.
Travis is now using Seccomp, and Docker's default Seccomp policy
disables execveat (though, weirdly, not fexecve). It also prohibits any
operations on AF_ALG sockets.
While I'm here, replace close/dup with dup2, which is more reliable.
Also, drop the fork mutex earlier. This way all of the exeve tests will
run, even if one fails.
https://docs.docker.com/engine/security/seccomp/
Diffstat (limited to 'test/test_unistd.rs')
| -rw-r--r-- | test/test_unistd.rs | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/test/test_unistd.rs b/test/test_unistd.rs index e1e03f3f..21aaa0fc 100644 --- a/test/test_unistd.rs +++ b/test/test_unistd.rs @@ -184,7 +184,13 @@ macro_rules! execve_test_factory( ($test_name:ident, $syscall:ident, $exe: expr $(, $pathname:expr, $flags:expr)*) => ( #[test] fn $test_name() { - let _m = ::FORK_MTX.lock().expect("Mutex got poisoned by another test"); + if "execveat" == stringify!($syscall) { + // Though undocumented, Docker's default seccomp profile seems to + // block this syscall. https://github.com/nix-rust/nix/issues/1122 + skip_if_seccomp!($test_name); + } + + let m = ::FORK_MTX.lock().expect("Mutex got poisoned by another test"); // The `exec`d process will write to `writer`, and we'll read that // data from `reader`. let (reader, writer) = pipe().unwrap(); @@ -194,12 +200,9 @@ macro_rules! execve_test_factory( // The tests make sure not to do that, though. match fork().unwrap() { Child => { - // Close stdout. - close(1).unwrap(); // Make `writer` be the stdout of the new process. - dup(writer).unwrap(); - // exec! - $syscall( + dup2(writer, 1).unwrap(); + let r = $syscall( $exe, $(&CString::new($pathname).unwrap(), )* &[CString::new(b"".as_ref()).unwrap(), @@ -208,11 +211,17 @@ macro_rules! execve_test_factory( .as_ref()).unwrap()], &[CString::new(b"foo=bar".as_ref()).unwrap(), CString::new(b"baz=quux".as_ref()).unwrap()] - $(, $flags)*).unwrap(); + $(, $flags)*); + let _ = std::io::stderr() + .write_all(format!("{:?}", r).as_bytes()); + // Should only get here in event of error + unsafe{ _exit(1) }; }, Parent { child } => { // Wait for the child to exit. - waitpid(child, None).unwrap(); + let ws = waitpid(child, None); + drop(m); + assert_eq!(ws, Ok(WaitStatus::Exited(child, 0))); // Read 1024 bytes. let mut buf = [0u8; 1024]; read(reader, &mut buf).unwrap(); |