Browse code
Run seccomp tests in series not parallel
Fix #24803 as this had been failing sometimes.
As the parallel tests are probably genuine failures, and
had already been cut down, I will re-create these specifically
as a parallel execution test with no seccomp to make the
cause clearer.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Justin Cormack authored on 2016/08/18 02:26:09Showing 1 changed files
| ... | ... |
@@ -13,7 +13,6 @@ import ( |
| 13 | 13 |
"regexp" |
| 14 | 14 |
"strconv" |
| 15 | 15 |
"strings" |
| 16 |
- "sync" |
|
| 17 | 16 |
"syscall" |
| 18 | 17 |
"time" |
| 19 | 18 |
|
| ... | ... |
@@ -1078,117 +1077,63 @@ func (s *DockerSuite) TestRunSeccompAllowSetrlimit(c *check.C) {
|
| 1078 | 1078 |
func (s *DockerSuite) TestRunSeccompDefaultProfileAcct(c *check.C) {
|
| 1079 | 1079 |
testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace) |
| 1080 | 1080 |
|
| 1081 |
- var group sync.WaitGroup |
|
| 1082 |
- group.Add(5) |
|
| 1083 |
- errChan := make(chan error, 5) |
|
| 1084 |
- go func() {
|
|
| 1085 |
- out, _, err := dockerCmdWithError("run", "syscall-test", "acct-test")
|
|
| 1086 |
- if err == nil || !strings.Contains(out, "Operation not permitted") {
|
|
| 1087 |
- errChan <- fmt.Errorf("goroutine 0: expected Operation not permitted, got: %s", out)
|
|
| 1088 |
- } |
|
| 1089 |
- group.Done() |
|
| 1090 |
- }() |
|
| 1091 |
- |
|
| 1092 |
- go func() {
|
|
| 1093 |
- out, _, err := dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "acct-test")
|
|
| 1094 |
- if err == nil || !strings.Contains(out, "Operation not permitted") {
|
|
| 1095 |
- errChan <- fmt.Errorf("goroutine 1: expected Operation not permitted, got: %s", out)
|
|
| 1096 |
- } |
|
| 1097 |
- group.Done() |
|
| 1098 |
- }() |
|
| 1099 |
- |
|
| 1100 |
- go func() {
|
|
| 1101 |
- out, _, err := dockerCmdWithError("run", "--cap-add", "sys_pacct", "syscall-test", "acct-test")
|
|
| 1102 |
- if err == nil || !strings.Contains(out, "No such file or directory") {
|
|
| 1103 |
- errChan <- fmt.Errorf("goroutine 2: expected No such file or directory, got: %s", out)
|
|
| 1104 |
- } |
|
| 1105 |
- group.Done() |
|
| 1106 |
- }() |
|
| 1081 |
+ out, _, err := dockerCmdWithError("run", "syscall-test", "acct-test")
|
|
| 1082 |
+ if err == nil || !strings.Contains(out, "Operation not permitted") {
|
|
| 1083 |
+ c.Fatalf("test 0: expected Operation not permitted, got: %s", out)
|
|
| 1084 |
+ } |
|
| 1107 | 1085 |
|
| 1108 |
- go func() {
|
|
| 1109 |
- out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "acct-test")
|
|
| 1110 |
- if err == nil || !strings.Contains(out, "No such file or directory") {
|
|
| 1111 |
- errChan <- fmt.Errorf("goroutine 3: expected No such file or directory, got: %s", out)
|
|
| 1112 |
- } |
|
| 1113 |
- group.Done() |
|
| 1114 |
- }() |
|
| 1086 |
+ out, _, err = dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "acct-test")
|
|
| 1087 |
+ if err == nil || !strings.Contains(out, "Operation not permitted") {
|
|
| 1088 |
+ c.Fatalf("test 1: expected Operation not permitted, got: %s", out)
|
|
| 1089 |
+ } |
|
| 1115 | 1090 |
|
| 1116 |
- go func() {
|
|
| 1117 |
- out, _, err := dockerCmdWithError("run", "--cap-drop", "ALL", "--cap-add", "sys_pacct", "syscall-test", "acct-test")
|
|
| 1118 |
- if err == nil || !strings.Contains(out, "No such file or directory") {
|
|
| 1119 |
- errChan <- fmt.Errorf("goroutine 4: expected No such file or directory, got: %s", out)
|
|
| 1120 |
- } |
|
| 1121 |
- group.Done() |
|
| 1122 |
- }() |
|
| 1091 |
+ out, _, err = dockerCmdWithError("run", "--cap-add", "sys_pacct", "syscall-test", "acct-test")
|
|
| 1092 |
+ if err == nil || !strings.Contains(out, "No such file or directory") {
|
|
| 1093 |
+ c.Fatalf("test 2: expected No such file or directory, got: %s", out)
|
|
| 1094 |
+ } |
|
| 1123 | 1095 |
|
| 1124 |
- group.Wait() |
|
| 1125 |
- close(errChan) |
|
| 1096 |
+ out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "acct-test")
|
|
| 1097 |
+ if err == nil || !strings.Contains(out, "No such file or directory") {
|
|
| 1098 |
+ c.Fatalf("test 3: expected No such file or directory, got: %s", out)
|
|
| 1099 |
+ } |
|
| 1126 | 1100 |
|
| 1127 |
- for err := range errChan {
|
|
| 1128 |
- c.Assert(err, checker.IsNil) |
|
| 1101 |
+ out, _, err = dockerCmdWithError("run", "--cap-drop", "ALL", "--cap-add", "sys_pacct", "syscall-test", "acct-test")
|
|
| 1102 |
+ if err == nil || !strings.Contains(out, "No such file or directory") {
|
|
| 1103 |
+ c.Fatalf("test 4: expected No such file or directory, got: %s", out)
|
|
| 1129 | 1104 |
} |
| 1130 | 1105 |
} |
| 1131 | 1106 |
|
| 1132 | 1107 |
func (s *DockerSuite) TestRunSeccompDefaultProfileNS(c *check.C) {
|
| 1133 | 1108 |
testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace) |
| 1134 | 1109 |
|
| 1135 |
- var group sync.WaitGroup |
|
| 1136 |
- group.Add(6) |
|
| 1137 |
- errChan := make(chan error, 6) |
|
| 1138 |
- |
|
| 1139 |
- go func() {
|
|
| 1140 |
- out, _, err := dockerCmdWithError("run", "syscall-test", "ns-test", "echo", "hello0")
|
|
| 1141 |
- if err == nil || !strings.Contains(out, "Operation not permitted") {
|
|
| 1142 |
- errChan <- fmt.Errorf("goroutine 0: expected Operation not permitted, got: %s", out)
|
|
| 1143 |
- } |
|
| 1144 |
- group.Done() |
|
| 1145 |
- }() |
|
| 1146 |
- |
|
| 1147 |
- go func() {
|
|
| 1148 |
- out, _, err := dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello1")
|
|
| 1149 |
- if err != nil || !strings.Contains(out, "hello1") {
|
|
| 1150 |
- errChan <- fmt.Errorf("goroutine 1: expected hello1, got: %s, %v", out, err)
|
|
| 1151 |
- } |
|
| 1152 |
- group.Done() |
|
| 1153 |
- }() |
|
| 1154 |
- |
|
| 1155 |
- go func() {
|
|
| 1156 |
- out, _, err := dockerCmdWithError("run", "--cap-drop", "all", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello2")
|
|
| 1157 |
- if err != nil || !strings.Contains(out, "hello2") {
|
|
| 1158 |
- errChan <- fmt.Errorf("goroutine 2: expected hello2, got: %s, %v", out, err)
|
|
| 1159 |
- } |
|
| 1160 |
- group.Done() |
|
| 1161 |
- }() |
|
| 1110 |
+ out, _, err := dockerCmdWithError("run", "syscall-test", "ns-test", "echo", "hello0")
|
|
| 1111 |
+ if err == nil || !strings.Contains(out, "Operation not permitted") {
|
|
| 1112 |
+ c.Fatalf("test 0: expected Operation not permitted, got: %s", out)
|
|
| 1113 |
+ } |
|
| 1162 | 1114 |
|
| 1163 |
- go func() {
|
|
| 1164 |
- out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "ns-test", "echo", "hello3")
|
|
| 1165 |
- if err != nil || !strings.Contains(out, "hello3") {
|
|
| 1166 |
- errChan <- fmt.Errorf("goroutine 3: expected hello3, got: %s, %v", out, err)
|
|
| 1167 |
- } |
|
| 1168 |
- group.Done() |
|
| 1169 |
- }() |
|
| 1115 |
+ out, _, err = dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello1")
|
|
| 1116 |
+ if err != nil || !strings.Contains(out, "hello1") {
|
|
| 1117 |
+ c.Fatalf("test 1: expected hello1, got: %s, %v", out, err)
|
|
| 1118 |
+ } |
|
| 1170 | 1119 |
|
| 1171 |
- go func() {
|
|
| 1172 |
- out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "acct-test")
|
|
| 1173 |
- if err == nil || !strings.Contains(out, "No such file or directory") {
|
|
| 1174 |
- errChan <- fmt.Errorf("goroutine 4: expected No such file or directory, got: %s", out)
|
|
| 1175 |
- } |
|
| 1176 |
- group.Done() |
|
| 1177 |
- }() |
|
| 1120 |
+ out, _, err = dockerCmdWithError("run", "--cap-drop", "all", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello2")
|
|
| 1121 |
+ if err != nil || !strings.Contains(out, "hello2") {
|
|
| 1122 |
+ c.Fatalf("test 2: expected hello2, got: %s, %v", out, err)
|
|
| 1123 |
+ } |
|
| 1178 | 1124 |
|
| 1179 |
- go func() {
|
|
| 1180 |
- out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "ns-test", "echo", "hello4")
|
|
| 1181 |
- if err != nil || !strings.Contains(out, "hello4") {
|
|
| 1182 |
- errChan <- fmt.Errorf("goroutine 5: expected hello4, got: %s, %v", out, err)
|
|
| 1183 |
- } |
|
| 1184 |
- group.Done() |
|
| 1185 |
- }() |
|
| 1125 |
+ out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "ns-test", "echo", "hello3")
|
|
| 1126 |
+ if err != nil || !strings.Contains(out, "hello3") {
|
|
| 1127 |
+ c.Fatalf("test 3: expected hello3, got: %s, %v", out, err)
|
|
| 1128 |
+ } |
|
| 1186 | 1129 |
|
| 1187 |
- group.Wait() |
|
| 1188 |
- close(errChan) |
|
| 1130 |
+ out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "acct-test")
|
|
| 1131 |
+ if err == nil || !strings.Contains(out, "No such file or directory") {
|
|
| 1132 |
+ c.Fatalf("test 4: expected No such file or directory, got: %s", out)
|
|
| 1133 |
+ } |
|
| 1189 | 1134 |
|
| 1190 |
- for err := range errChan {
|
|
| 1191 |
- c.Assert(err, checker.IsNil) |
|
| 1135 |
+ out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "ns-test", "echo", "hello4")
|
|
| 1136 |
+ if err != nil || !strings.Contains(out, "hello4") {
|
|
| 1137 |
+ c.Fatalf("test 5: expected hello4, got: %s, %v", out, err)
|
|
| 1192 | 1138 |
} |
| 1193 | 1139 |
} |
| 1194 | 1140 |
|