summaryrefslogtreecommitdiff
path: root/src/test/test-seccomp.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2017-02-08 16:21:11 +0100
committerLennart Poettering <lennart@poettering.net>2017-02-08 22:21:27 +0100
commitae9d60ce4eb116eefb7c4102074ae1cc13fd3216 (patch)
treeba261d6ab1d6128aed129a2e5d597488627b0549 /src/test/test-seccomp.c
parentb53ede699cdc5233041a22591f18863fb3fe2672 (diff)
seccomp: on s390 the clone() parameters are reversed
Add a bit of code that tries to get the right parameter order in place for some of the better known architectures, and skips restrict_namespaces for other archs. This also bypasses the test on archs where we don't know the right order. In this case I didn't bother with testing the case where no filter is applied, since that is hopefully just an issue for now, as there's nothing stopping us from supporting more archs, we just need to know which order is right. Fixes: #5241
Diffstat (limited to 'src/test/test-seccomp.c')
-rw-r--r--src/test/test-seccomp.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
index 3659238810..34a1275162 100644
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@@ -158,6 +158,8 @@ static void test_restrict_namespace(void) {
assert_se(streq(s, "cgroup ipc net mnt pid user uts"));
assert_se(namespace_flag_from_string_many(s, &ul) == 0 && ul == NAMESPACE_FLAGS_ALL);
+#if SECCOMP_RESTRICT_NAMESPACES_BROKEN == 0
+
if (!is_seccomp_available())
return;
if (geteuid() != 0)
@@ -216,6 +218,7 @@ static void test_restrict_namespace(void) {
}
assert_se(wait_for_terminate_and_warn("nsseccomp", pid, true) == EXIT_SUCCESS);
+#endif
}
static void test_protect_sysctl(void) {