github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/tests/integration/seccomp-notify-compat.bats

github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/tests/integration/seccomp-notify-compat.bats (about)

     1  #!/usr/bin/env bats
     2  
     3  load helpers
     4  
     5  function setup() {
     6  	if is_kernel_gte 5.6; then
     7  		skip "requires kernel < 5.6"
     8  	fi
     9  
    10  	requires arch_x86_64
    11  
    12  	setup_seccompagent
    13  	setup_busybox
    14  }
    15  
    16  function teardown() {
    17  	teardown_seccompagent
    18  	teardown_bundle
    19  }
    20  
    21  # Support for seccomp notify requires Linux > 5.6, check that on older kernels
    22  # return an error.
    23  @test "runc run [seccomp] (SCMP_ACT_NOTIFY old kernel)" {
    24  	# Use just any seccomp profile with a notify action.
    25  	update_config ' .linux.seccomp = {
    26  				"defaultAction": "SCMP_ACT_ALLOW",
    27  				"listenerPath": "'"$SECCCOMP_AGENT_SOCKET"'",
    28  				"architectures": [ "SCMP_ARCH_X86","SCMP_ARCH_X32", "SCMP_ARCH_X86_64" ],
    29  				"syscalls": [{ "names": [ "mkdir" ], "action": "SCMP_ACT_NOTIFY" }]
    30  			}'
    31  
    32  	runc run test_busybox
    33  	[ "$status" -ne 0 ]
    34  	[[ "$output" == *"seccomp notify unsupported:"* ]]
    35  }