zishuo/runc
1
0
Fork 0
mirror of https://github.com/opencontainers/runc.git synced 2025-12-24 11:50:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

integration: verify syscall compatibility after seccomp enforcement

Browse Source 
Signed-off-by: lifubang <lifubang@acmcoder.com>
This commit is contained in:
lifubang
2025-11-14 02:56:50 +00:00
committed by lfbzhm
parent 75188fab73
commit d8706501cf
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
tests/integration/seccomp.bats
View File

@@ -185,3 +185,16 @@ function flags_value() {
[[ "$output" == *"error running startContainer hook"* ]]
[[ "$output" == *"bad system call"* ]]
}
@test "runc run [seccomp] (verify syscall compatibility after seccomp enforcement)" {
update_config ' .process.args = ["true"]
| .process.noNewPrivileges = false
| .linux.seccomp = {
"defaultAction":"SCMP_ACT_ALLOW",
"architectures":["SCMP_ARCH_X86","SCMP_ARCH_X32","SCMP_ARCH_X86_64","SCMP_ARCH_AARCH64","SCMP_ARCH_ARM"],
"syscalls":[{"names":["close_range", "fsopen", "fsconfig", "fspick", "openat2", "open_tree", "move_mount", "mount_setattr"], "action":"SCMP_ACT_ERRNO", "errnoRet": 38}]
}'
runc run test_busybox
[ "$status" -eq 0 ]
}