Run seccomp tests in series not parallel

Fix #24803 as this had been failing sometimes. As the parallel tests are probably genuine failures, and had already been cut down, I will re-create these specifically as a parallel execution test with no seccomp to make the cause clearer. Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2016-08-17 18:26:09 +01:00 · 2016-08-17 18:26:09 +01:00 · 84ec04306c
parent 0c8b0faef8
commit 84ec04306c
1 changed files with 42 additions and 97 deletions
--- a/integration-cli/docker_cli_run_unix_test.go
+++ b/integration-cli/docker_cli_run_unix_test.go
@ -13,7 +13,6 @@ import (
 	"regexp"
 	"strconv"
 	"strings"
 	"sync"
 	"syscall"
 	"time"
@ -1078,117 +1077,63 @@ func (s *DockerSuite) TestRunSeccompAllowSetrlimit(c *check.C) {
 func (s *DockerSuite) TestRunSeccompDefaultProfileAcct(c *check.C) {
 	testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace)
-	var group sync.WaitGroup
+	out, _, err := dockerCmdWithError("run", "syscall-test", "acct-test")
-	group.Add(5)
+	if err == nil || !strings.Contains(out, "Operation not permitted") {
-	errChan := make(chan error, 5)
+		c.Fatalf("test 0: expected Operation not permitted, got: %s", out)
-	go func() {
+	}
 		out, _, err := dockerCmdWithError("run", "syscall-test", "acct-test")
 		if err == nil || !strings.Contains(out, "Operation not permitted") {
 			errChan <- fmt.Errorf("goroutine 0: expected Operation not permitted, got: %s", out)
 		}
 		group.Done()
 	}()
-	go func() {
+	out, _, err = dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "acct-test")
-		out, _, err := dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "acct-test")
+	if err == nil || !strings.Contains(out, "Operation not permitted") {
-		if err == nil || !strings.Contains(out, "Operation not permitted") {
+		c.Fatalf("test 1: expected Operation not permitted, got: %s", out)
-			errChan <- fmt.Errorf("goroutine 1: expected Operation not permitted, got: %s", out)
+	}
 		}
 		group.Done()
 	}()
-	go func() {
+	out, _, err = dockerCmdWithError("run", "--cap-add", "sys_pacct", "syscall-test", "acct-test")
-		out, _, err := dockerCmdWithError("run", "--cap-add", "sys_pacct", "syscall-test", "acct-test")
+	if err == nil || !strings.Contains(out, "No such file or directory") {
-		if err == nil || !strings.Contains(out, "No such file or directory") {
+		c.Fatalf("test 2: expected No such file or directory, got: %s", out)
-			errChan <- fmt.Errorf("goroutine 2: expected No such file or directory, got: %s", out)
+	}
 		}
 		group.Done()
 	}()
-	go func() {
+	out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "acct-test")
-		out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "acct-test")
+	if err == nil || !strings.Contains(out, "No such file or directory") {
-		if err == nil || !strings.Contains(out, "No such file or directory") {
+		c.Fatalf("test 3: expected No such file or directory, got: %s", out)
-			errChan <- fmt.Errorf("goroutine 3: expected No such file or directory, got: %s", out)
+	}
 		}
 		group.Done()
 	}()
-	go func() {
+	out, _, err = dockerCmdWithError("run", "--cap-drop", "ALL", "--cap-add", "sys_pacct", "syscall-test", "acct-test")
-		out, _, err := dockerCmdWithError("run", "--cap-drop", "ALL", "--cap-add", "sys_pacct", "syscall-test", "acct-test")
+	if err == nil || !strings.Contains(out, "No such file or directory") {
-		if err == nil || !strings.Contains(out, "No such file or directory") {
+		c.Fatalf("test 4: expected No such file or directory, got: %s", out)
 			errChan <- fmt.Errorf("goroutine 4: expected No such file or directory, got: %s", out)
 		}
 		group.Done()
 	}()
 	group.Wait()
 	close(errChan)
 	for err := range errChan {
 		c.Assert(err, checker.IsNil)
 	}
 }
 func (s *DockerSuite) TestRunSeccompDefaultProfileNS(c *check.C) {
 	testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace)
-	var group sync.WaitGroup
+	out, _, err := dockerCmdWithError("run", "syscall-test", "ns-test", "echo", "hello0")
-	group.Add(6)
+	if err == nil || !strings.Contains(out, "Operation not permitted") {
-	errChan := make(chan error, 6)
+		c.Fatalf("test 0: expected Operation not permitted, got: %s", out)
 	}
-	go func() {
+	out, _, err = dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello1")
-		out, _, err := dockerCmdWithError("run", "syscall-test", "ns-test", "echo", "hello0")
+	if err != nil || !strings.Contains(out, "hello1") {
-		if err == nil || !strings.Contains(out, "Operation not permitted") {
+		c.Fatalf("test 1: expected hello1, got: %s, %v", out, err)
-			errChan <- fmt.Errorf("goroutine 0: expected Operation not permitted, got: %s", out)
+	}
 		}
 		group.Done()
 	}()
-	go func() {
+	out, _, err = dockerCmdWithError("run", "--cap-drop", "all", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello2")
-		out, _, err := dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello1")
+	if err != nil || !strings.Contains(out, "hello2") {
-		if err != nil || !strings.Contains(out, "hello1") {
+		c.Fatalf("test 2: expected hello2, got: %s, %v", out, err)
-			errChan <- fmt.Errorf("goroutine 1: expected hello1, got: %s, %v", out, err)
+	}
 		}
 		group.Done()
 	}()
-	go func() {
+	out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "ns-test", "echo", "hello3")
-		out, _, err := dockerCmdWithError("run", "--cap-drop", "all", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello2")
+	if err != nil || !strings.Contains(out, "hello3") {
-		if err != nil || !strings.Contains(out, "hello2") {
+		c.Fatalf("test 3: expected hello3, got: %s, %v", out, err)
-			errChan <- fmt.Errorf("goroutine 2: expected hello2, got: %s, %v", out, err)
+	}
 		}
 		group.Done()
 	}()
-	go func() {
+	out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "acct-test")
-		out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "ns-test", "echo", "hello3")
+	if err == nil || !strings.Contains(out, "No such file or directory") {
-		if err != nil || !strings.Contains(out, "hello3") {
+		c.Fatalf("test 4: expected No such file or directory, got: %s", out)
-			errChan <- fmt.Errorf("goroutine 3: expected hello3, got: %s, %v", out, err)
+	}
 		}
 		group.Done()
 	}()
-	go func() {
+	out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "ns-test", "echo", "hello4")
-		out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "acct-test")
+	if err != nil || !strings.Contains(out, "hello4") {
-		if err == nil || !strings.Contains(out, "No such file or directory") {
+		c.Fatalf("test 5: expected hello4, got: %s, %v", out, err)
 			errChan <- fmt.Errorf("goroutine 4: expected No such file or directory, got: %s", out)
 		}
 		group.Done()
 	}()
 	go func() {
 		out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "ns-test", "echo", "hello4")
 		if err != nil || !strings.Contains(out, "hello4") {
 			errChan <- fmt.Errorf("goroutine 5: expected hello4, got: %s, %v", out, err)
 		}
 		group.Done()
 	}()
 	group.Wait()
 	close(errChan)
 	for err := range errChan {
 		c.Assert(err, checker.IsNil)
 	}
 }