Browse code

integration/container: Drop i386 cross-compile socketcall test

The int $0x80 test already directly invokes the ia32 socketcall syscall
and provides reliable coverage of the socketcall denial.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>

Paweł Gronowski authored on 2026/05/01 15:52:35
Showing 1 changed files
... ...
@@ -93,20 +93,4 @@ func TestExecSocketDenied(t *testing.T) {
93 93
 
94 94
 		compileAndExecSocketDenied(ctx, t, apiClient, cID, "AF_ALG_socketcall_int80", afALGSocketcallSource, gcc, "not implemented")
95 95
 	})
96
-
97
-	// Test AF_ALG with a real i386 binary cross-compiled from amd64. glibc
98
-	// on i386 routes socket() through the socketcall(2) multiplexer, which
99
-	// is a different seccomp path than the native socket(2) syscall.
100
-	t.Run("AF_ALG_socketcall_i386", func(t *testing.T) {
101
-		skip.If(t, !isAmd64, "i386 cross-compilation only available on amd64")
102
-
103
-		res := container.ExecT(ctx, t, apiClient, cID, []string{
104
-			"sh", "-c", "apt-get install -y --no-install-recommends gcc-i686-linux-gnu libc6-dev-i386-cross linux-libc-dev-i386-cross",
105
-		})
106
-		res.AssertSuccess(t)
107
-
108
-		compileAndExecSocketDenied(ctx, t, apiClient, cID, "AF_ALG_socketcall_i386", afALGSource,
109
-			[]string{"i686-linux-gnu-gcc", "-static"}, "not implemented",
110
-		)
111
-	})
112 96
 }