32-bit related seccomp issues #2783
Labels
Comments
|
This is because diff --git a/libcontainer/seccomp/patchbpf/enosys_linux_test.go b/libcontainer/seccomp/patchbpf/enosys_linux_test.go
index 17b92af95867..1675c6eae6d4 100644
--- a/libcontainer/seccomp/patchbpf/enosys_linux_test.go
+++ b/libcontainer/seccomp/patchbpf/enosys_linux_test.go
@@ -159,7 +159,7 @@ func testEnosysStub(t *testing.T, defaultAction configs.Action, arches []string)
type syscallTest struct {
syscall string
sysno libseccomp.ScmpSyscall
- expected int
+ expected uint32
}
scmpArch, err := libseccomp.GetArchFromString(arch)
@@ -177,9 +177,9 @@ func testEnosysStub(t *testing.T, defaultAction configs.Action, arches []string)
// Add explicit syscalls (whether they will return -ENOSYS
// depends on the filter rules).
for idx, syscall := range explicitSyscalls {
- expected := int(retFallthrough)
+ expected := retFallthrough
if idx >= enosysStart {
- expected = int(retErrnoEnosys)
+ expected = retErrnoEnosys
}
sysno, err := libseccomp.GetSyscallFromNameByArch(syscall, scmpArch)
if err != nil {
@@ -201,7 +201,7 @@ func testEnosysStub(t *testing.T, defaultAction configs.Action, arches []string)
syscallTests = append(syscallTests, syscallTest{
sysno: sysno,
syscall: syscall,
- expected: int(retFallthrough),
+ expected: retFallthrough,
})
}
@@ -216,7 +216,7 @@ func testEnosysStub(t *testing.T, defaultAction configs.Action, arches []string)
syscallTests = append(syscallTests, syscallTest{
sysno: sysno,
syscall: fmt.Sprintf("syscall_%#x", sysno),
- expected: int(retErrnoEnosys),
+ expected: retErrnoEnosys,
})
}
@@ -224,14 +224,17 @@ func testEnosysStub(t *testing.T, defaultAction configs.Action, arches []string)
for _, test := range syscallTests {
// Override the expected value in the two special cases.
if !archSet[arch] || isAllowAction(defaultAction) {
- test.expected = int(retFallthrough)
+ test.expected = retFallthrough
}
payload := mockSyscallPayload(t, test.sysno, nativeArch, 0x1337, 0xF00BA5)
- ret, err := filter.Run(payload)
+ // NOTE: golang.org/x/net/bpf returns int here rather than
+ // uint32. See <>.
+ rawRet, err := filter.Run(payload)
if err != nil {
t.Fatalf("error running filter: %v", err)
}
+ ret := uint32(rawRet)
if ret != test.expected {
t.Logf("mock filter for %v %v:", arches, allowedSyscalls)
for idx, insn := range program { |
|
The second issue is probably caused by running x86_64 container under i386. Looking... |
Fixed by rebasing on top of #2741 |
@cyphar initially I just changed |
|
I guess we can close this one now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I finally managed to be able to run i386-cross unit test (see #2768) and got these two issues:
and the second one (caused by using x86_64 images under i386, now fixed):
...
=== RUN TestSeccompDenyGetcwdWithErrno
seccomp_test.go:83: Expected output pwd: getcwd: No such process but got
--- FAIL: TestSeccompDenyGetcwdWithErrno (0.37s)
=== RUN TestSeccompDenyGetcwd
seccomp_test.go:152: Expected output pwd: getcwd: Operation not permitted but got
--- FAIL: TestSeccompDenyGetcwd (0.32s)
=== RUN TestSeccompPermitWriteConditional
seccomp_test.go:207: signal: bad system call (core dumped):
--- FAIL: TestSeccompPermitWriteConditional (0.31s)
=== RUN TestSeccompDenyWriteConditional
--- PASS: TestSeccompDenyWriteConditional (0.33s)
=== RUN TestSeccompPermitWriteMultipleConditions
seccomp_test.go:332: |: signal: bad system call (core dumped)
--- FAIL: TestSeccompPermitWriteMultipleConditions (0.31s)
=== RUN TestSeccompDenyWriteMultipleConditions
--- PASS: TestSeccompDenyWriteMultipleConditions (0.33s)
=== RUN TestSeccompMultipleConditionSameArgDeniesStdout
seccomp_test.go:437: |: signal: bad system call (core dumped)
--- FAIL: TestSeccompMultipleConditionSameArgDeniesStdout (0.33s)
=== RUN TestSeccompMultipleConditionSameArgDeniesStderr
--- PASS: TestSeccompMultipleConditionSameArgDeniesStderr (0.31s)
FAIL
FAIL github.com/opencontainers/runc/libcontainer/integration 9.887s
The text was updated successfully, but these errors were encountered: