From 7e2b4028fa654dfc8a1177e1febbc91748668f52 Mon Sep 17 00:00:00 2001
From: Alan Somers <asomers@gmail.com>
Date: Sun, 15 Sep 2019 11:38:16 -0600
Subject: Fix test breakage in Seccomp mode.

Travis is now using Seccomp, and Docker's default Seccomp policy
disables execveat (though, weirdly, not fexecve).  It also prohibits any
operations on AF_ALG sockets.

While I'm here, replace close/dup with dup2, which is more reliable.

Also, drop the fork mutex earlier.  This way all of the exeve tests will
run, even if one fails.

https://docs.docker.com/engine/security/seccomp/
---
 test/sys/test_socket.rs | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'test/sys')

diff --git a/test/sys/test_socket.rs b/test/sys/test_socket.rs
index d4c4738e..106428b9 100644
--- a/test/sys/test_socket.rs
+++ b/test/sys/test_socket.rs
@@ -244,6 +244,10 @@ pub fn test_af_alg_cipher() {
                            ControlMessage, MsgFlags};
     use nix::sys::socket::sockopt::AlgSetKey;
 
+    // Travis's seccomp profile blocks AF_ALG
+    // https://docs.docker.com/engine/security/seccomp/
+    skip_if_seccomp!(test_af_alg_cipher);
+
     let alg_type = "skcipher";
     let alg_name = "ctr(aes)";
     // 256-bits secret key
@@ -308,6 +312,10 @@ pub fn test_af_alg_aead() {
                            ControlMessage, MsgFlags};
     use nix::sys::socket::sockopt::{AlgSetKey, AlgSetAeadAuthSize};
 
+    // Travis's seccomp profile blocks AF_ALG
+    // https://docs.docker.com/engine/security/seccomp/
+    skip_if_seccomp!(test_af_alg_aead);
+
     let auth_size = 4usize;
     let assoc_size = 16u32;
 
-- 
cgit v1.2.3