Fix #24803 as this had been failing sometimes.
As the parallel tests are probably genuine failures, and
had already been cut down, I will re-create these specifically
as a parallel execution test with no seccomp to make the
cause clearer.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit 84ec04306caac458c237881b1869fb2b077fced4)
Signed-off-by: Victor Vieux <vieux@docker.com>
... | ... |
@@ -13,7 +13,6 @@ import ( |
13 | 13 |
"regexp" |
14 | 14 |
"strconv" |
15 | 15 |
"strings" |
16 |
- "sync" |
|
17 | 16 |
"syscall" |
18 | 17 |
"time" |
19 | 18 |
|
... | ... |
@@ -1067,117 +1066,63 @@ func (s *DockerSuite) TestRunSeccompAllowSetrlimit(c *check.C) { |
1067 | 1067 |
func (s *DockerSuite) TestRunSeccompDefaultProfileAcct(c *check.C) { |
1068 | 1068 |
testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace) |
1069 | 1069 |
|
1070 |
- var group sync.WaitGroup |
|
1071 |
- group.Add(5) |
|
1072 |
- errChan := make(chan error, 5) |
|
1073 |
- go func() { |
|
1074 |
- out, _, err := dockerCmdWithError("run", "syscall-test", "acct-test") |
|
1075 |
- if err == nil || !strings.Contains(out, "Operation not permitted") { |
|
1076 |
- errChan <- fmt.Errorf("goroutine 0: expected Operation not permitted, got: %s", out) |
|
1077 |
- } |
|
1078 |
- group.Done() |
|
1079 |
- }() |
|
1080 |
- |
|
1081 |
- go func() { |
|
1082 |
- out, _, err := dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "acct-test") |
|
1083 |
- if err == nil || !strings.Contains(out, "Operation not permitted") { |
|
1084 |
- errChan <- fmt.Errorf("goroutine 1: expected Operation not permitted, got: %s", out) |
|
1085 |
- } |
|
1086 |
- group.Done() |
|
1087 |
- }() |
|
1088 |
- |
|
1089 |
- go func() { |
|
1090 |
- out, _, err := dockerCmdWithError("run", "--cap-add", "sys_pacct", "syscall-test", "acct-test") |
|
1091 |
- if err == nil || !strings.Contains(out, "No such file or directory") { |
|
1092 |
- errChan <- fmt.Errorf("goroutine 2: expected No such file or directory, got: %s", out) |
|
1093 |
- } |
|
1094 |
- group.Done() |
|
1095 |
- }() |
|
1070 |
+ out, _, err := dockerCmdWithError("run", "syscall-test", "acct-test") |
|
1071 |
+ if err == nil || !strings.Contains(out, "Operation not permitted") { |
|
1072 |
+ c.Fatalf("test 0: expected Operation not permitted, got: %s", out) |
|
1073 |
+ } |
|
1096 | 1074 |
|
1097 |
- go func() { |
|
1098 |
- out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "acct-test") |
|
1099 |
- if err == nil || !strings.Contains(out, "No such file or directory") { |
|
1100 |
- errChan <- fmt.Errorf("goroutine 3: expected No such file or directory, got: %s", out) |
|
1101 |
- } |
|
1102 |
- group.Done() |
|
1103 |
- }() |
|
1075 |
+ out, _, err = dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "acct-test") |
|
1076 |
+ if err == nil || !strings.Contains(out, "Operation not permitted") { |
|
1077 |
+ c.Fatalf("test 1: expected Operation not permitted, got: %s", out) |
|
1078 |
+ } |
|
1104 | 1079 |
|
1105 |
- go func() { |
|
1106 |
- out, _, err := dockerCmdWithError("run", "--cap-drop", "ALL", "--cap-add", "sys_pacct", "syscall-test", "acct-test") |
|
1107 |
- if err == nil || !strings.Contains(out, "No such file or directory") { |
|
1108 |
- errChan <- fmt.Errorf("goroutine 4: expected No such file or directory, got: %s", out) |
|
1109 |
- } |
|
1110 |
- group.Done() |
|
1111 |
- }() |
|
1080 |
+ out, _, err = dockerCmdWithError("run", "--cap-add", "sys_pacct", "syscall-test", "acct-test") |
|
1081 |
+ if err == nil || !strings.Contains(out, "No such file or directory") { |
|
1082 |
+ c.Fatalf("test 2: expected No such file or directory, got: %s", out) |
|
1083 |
+ } |
|
1112 | 1084 |
|
1113 |
- group.Wait() |
|
1114 |
- close(errChan) |
|
1085 |
+ out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "acct-test") |
|
1086 |
+ if err == nil || !strings.Contains(out, "No such file or directory") { |
|
1087 |
+ c.Fatalf("test 3: expected No such file or directory, got: %s", out) |
|
1088 |
+ } |
|
1115 | 1089 |
|
1116 |
- for err := range errChan { |
|
1117 |
- c.Assert(err, checker.IsNil) |
|
1090 |
+ out, _, err = dockerCmdWithError("run", "--cap-drop", "ALL", "--cap-add", "sys_pacct", "syscall-test", "acct-test") |
|
1091 |
+ if err == nil || !strings.Contains(out, "No such file or directory") { |
|
1092 |
+ c.Fatalf("test 4: expected No such file or directory, got: %s", out) |
|
1118 | 1093 |
} |
1119 | 1094 |
} |
1120 | 1095 |
|
1121 | 1096 |
func (s *DockerSuite) TestRunSeccompDefaultProfileNS(c *check.C) { |
1122 | 1097 |
testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace) |
1123 | 1098 |
|
1124 |
- var group sync.WaitGroup |
|
1125 |
- group.Add(6) |
|
1126 |
- errChan := make(chan error, 6) |
|
1127 |
- |
|
1128 |
- go func() { |
|
1129 |
- out, _, err := dockerCmdWithError("run", "syscall-test", "ns-test", "echo", "hello0") |
|
1130 |
- if err == nil || !strings.Contains(out, "Operation not permitted") { |
|
1131 |
- errChan <- fmt.Errorf("goroutine 0: expected Operation not permitted, got: %s", out) |
|
1132 |
- } |
|
1133 |
- group.Done() |
|
1134 |
- }() |
|
1135 |
- |
|
1136 |
- go func() { |
|
1137 |
- out, _, err := dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello1") |
|
1138 |
- if err != nil || !strings.Contains(out, "hello1") { |
|
1139 |
- errChan <- fmt.Errorf("goroutine 1: expected hello1, got: %s, %v", out, err) |
|
1140 |
- } |
|
1141 |
- group.Done() |
|
1142 |
- }() |
|
1143 |
- |
|
1144 |
- go func() { |
|
1145 |
- out, _, err := dockerCmdWithError("run", "--cap-drop", "all", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello2") |
|
1146 |
- if err != nil || !strings.Contains(out, "hello2") { |
|
1147 |
- errChan <- fmt.Errorf("goroutine 2: expected hello2, got: %s, %v", out, err) |
|
1148 |
- } |
|
1149 |
- group.Done() |
|
1150 |
- }() |
|
1099 |
+ out, _, err := dockerCmdWithError("run", "syscall-test", "ns-test", "echo", "hello0") |
|
1100 |
+ if err == nil || !strings.Contains(out, "Operation not permitted") { |
|
1101 |
+ c.Fatalf("test 0: expected Operation not permitted, got: %s", out) |
|
1102 |
+ } |
|
1151 | 1103 |
|
1152 |
- go func() { |
|
1153 |
- out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "ns-test", "echo", "hello3") |
|
1154 |
- if err != nil || !strings.Contains(out, "hello3") { |
|
1155 |
- errChan <- fmt.Errorf("goroutine 3: expected hello3, got: %s, %v", out, err) |
|
1156 |
- } |
|
1157 |
- group.Done() |
|
1158 |
- }() |
|
1104 |
+ out, _, err = dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello1") |
|
1105 |
+ if err != nil || !strings.Contains(out, "hello1") { |
|
1106 |
+ c.Fatalf("test 1: expected hello1, got: %s, %v", out, err) |
|
1107 |
+ } |
|
1159 | 1108 |
|
1160 |
- go func() { |
|
1161 |
- out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "acct-test") |
|
1162 |
- if err == nil || !strings.Contains(out, "No such file or directory") { |
|
1163 |
- errChan <- fmt.Errorf("goroutine 4: expected No such file or directory, got: %s", out) |
|
1164 |
- } |
|
1165 |
- group.Done() |
|
1166 |
- }() |
|
1109 |
+ out, _, err = dockerCmdWithError("run", "--cap-drop", "all", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello2") |
|
1110 |
+ if err != nil || !strings.Contains(out, "hello2") { |
|
1111 |
+ c.Fatalf("test 2: expected hello2, got: %s, %v", out, err) |
|
1112 |
+ } |
|
1167 | 1113 |
|
1168 |
- go func() { |
|
1169 |
- out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "ns-test", "echo", "hello4") |
|
1170 |
- if err != nil || !strings.Contains(out, "hello4") { |
|
1171 |
- errChan <- fmt.Errorf("goroutine 5: expected hello4, got: %s, %v", out, err) |
|
1172 |
- } |
|
1173 |
- group.Done() |
|
1174 |
- }() |
|
1114 |
+ out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "ns-test", "echo", "hello3") |
|
1115 |
+ if err != nil || !strings.Contains(out, "hello3") { |
|
1116 |
+ c.Fatalf("test 3: expected hello3, got: %s, %v", out, err) |
|
1117 |
+ } |
|
1175 | 1118 |
|
1176 |
- group.Wait() |
|
1177 |
- close(errChan) |
|
1119 |
+ out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "acct-test") |
|
1120 |
+ if err == nil || !strings.Contains(out, "No such file or directory") { |
|
1121 |
+ c.Fatalf("test 4: expected No such file or directory, got: %s", out) |
|
1122 |
+ } |
|
1178 | 1123 |
|
1179 |
- for err := range errChan { |
|
1180 |
- c.Assert(err, checker.IsNil) |
|
1124 |
+ out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "ns-test", "echo", "hello4") |
|
1125 |
+ if err != nil || !strings.Contains(out, "hello4") { |
|
1126 |
+ c.Fatalf("test 5: expected hello4, got: %s, %v", out, err) |
|
1181 | 1127 |
} |
1182 | 1128 |
} |
1183 | 1129 |
|