diff options
author | Lennart Poettering <lennart@poettering.net> | 2017-02-08 16:21:11 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2017-02-08 22:21:27 +0100 |
commit | ae9d60ce4eb116eefb7c4102074ae1cc13fd3216 (patch) | |
tree | ba261d6ab1d6128aed129a2e5d597488627b0549 /src/test/test-seccomp.c | |
parent | b53ede699cdc5233041a22591f18863fb3fe2672 (diff) |
seccomp: on s390 the clone() parameters are reversed
Add a bit of code that tries to get the right parameter order in place
for some of the better known architectures, and skips
restrict_namespaces for other archs.
This also bypasses the test on archs where we don't know the right
order.
In this case I didn't bother with testing the case where no filter is
applied, since that is hopefully just an issue for now, as there's
nothing stopping us from supporting more archs, we just need to know
which order is right.
Fixes: #5241
Diffstat (limited to 'src/test/test-seccomp.c')
-rw-r--r-- | src/test/test-seccomp.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c index 3659238810..34a1275162 100644 --- a/src/test/test-seccomp.c +++ b/src/test/test-seccomp.c @@ -158,6 +158,8 @@ static void test_restrict_namespace(void) { assert_se(streq(s, "cgroup ipc net mnt pid user uts")); assert_se(namespace_flag_from_string_many(s, &ul) == 0 && ul == NAMESPACE_FLAGS_ALL); +#if SECCOMP_RESTRICT_NAMESPACES_BROKEN == 0 + if (!is_seccomp_available()) return; if (geteuid() != 0) @@ -216,6 +218,7 @@ static void test_restrict_namespace(void) { } assert_se(wait_for_terminate_and_warn("nsseccomp", pid, true) == EXIT_SUCCESS); +#endif } static void test_protect_sysctl(void) { |