From d8706501cfee6d4777371c2bbee97e1a8d13fb14 Mon Sep 17 00:00:00 2001
From: lifubang <lifubang@acmcoder.com>
Date: Fri, 14 Nov 2025 02:56:50 +0000
Subject: [PATCH] integration: verify syscall compatibility after seccomp
 enforcement

Signed-off-by: lifubang <lifubang@acmcoder.com>
---
 tests/integration/seccomp.bats | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/tests/integration/seccomp.bats b/tests/integration/seccomp.bats
index 748dbd2bf..db9571e0d 100644
--- a/tests/integration/seccomp.bats
+++ b/tests/integration/seccomp.bats
@@ -185,3 +185,16 @@ function flags_value() {
 	[[ "$output" == *"error running startContainer hook"* ]]
 	[[ "$output" == *"bad system call"* ]]
 }
+
+@test "runc run [seccomp] (verify syscall compatibility after seccomp enforcement)" {
+	update_config '   .process.args = ["true"]
+			| .process.noNewPrivileges = false
+			| .linux.seccomp = {
+				"defaultAction":"SCMP_ACT_ALLOW",
+				"architectures":["SCMP_ARCH_X86","SCMP_ARCH_X32","SCMP_ARCH_X86_64","SCMP_ARCH_AARCH64","SCMP_ARCH_ARM"],
+				"syscalls":[{"names":["close_range", "fsopen", "fsconfig", "fspick", "openat2", "open_tree", "move_mount", "mount_setattr"], "action":"SCMP_ACT_ERRNO", "errnoRet": 38}]
+			}'
+
+	runc run test_busybox
+	[ "$status" -eq 0 ]
+}