Browse code
integration/container: Drop i386 cross-compile socketcall test
The int $0x80 test already directly invokes the ia32 socketcall syscall
and provides reliable coverage of the socketcall denial.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Paweł Gronowski authored on 2026/05/01 15:52:35Showing 1 changed files
| ... | ... |
@@ -93,20 +93,4 @@ func TestExecSocketDenied(t *testing.T) {
|
| 93 | 93 |
|
| 94 | 94 |
compileAndExecSocketDenied(ctx, t, apiClient, cID, "AF_ALG_socketcall_int80", afALGSocketcallSource, gcc, "not implemented") |
| 95 | 95 |
}) |
| 96 |
- |
|
| 97 |
- // Test AF_ALG with a real i386 binary cross-compiled from amd64. glibc |
|
| 98 |
- // on i386 routes socket() through the socketcall(2) multiplexer, which |
|
| 99 |
- // is a different seccomp path than the native socket(2) syscall. |
|
| 100 |
- t.Run("AF_ALG_socketcall_i386", func(t *testing.T) {
|
|
| 101 |
- skip.If(t, !isAmd64, "i386 cross-compilation only available on amd64") |
|
| 102 |
- |
|
| 103 |
- res := container.ExecT(ctx, t, apiClient, cID, []string{
|
|
| 104 |
- "sh", "-c", "apt-get install -y --no-install-recommends gcc-i686-linux-gnu libc6-dev-i386-cross linux-libc-dev-i386-cross", |
|
| 105 |
- }) |
|
| 106 |
- res.AssertSuccess(t) |
|
| 107 |
- |
|
| 108 |
- compileAndExecSocketDenied(ctx, t, apiClient, cID, "AF_ALG_socketcall_i386", afALGSource, |
|
| 109 |
- []string{"i686-linux-gnu-gcc", "-static"}, "not implemented",
|
|
| 110 |
- ) |
|
| 111 |
- }) |
|
| 112 | 96 |
} |