mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Merge pull request #19725 from WeiZhang555/opt-TestRunSeccompDefaultProfile
Optimize `TestRunSeccompDefaultProfile`
This commit is contained in:
commit
c28bba0460
1 changed files with 38 additions and 15 deletions
|
@ -12,6 +12,7 @@ import (
|
|||
"regexp"
|
||||
"strconv"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/docker/docker/pkg/homedir"
|
||||
|
@ -851,24 +852,46 @@ func (s *DockerSuite) TestRunSeccompAllowAptKey(c *check.C) {
|
|||
func (s *DockerSuite) TestRunSeccompDefaultProfile(c *check.C) {
|
||||
testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace)
|
||||
|
||||
out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "acct-test")
|
||||
if err == nil || !strings.Contains(out, "Operation not permitted") {
|
||||
c.Fatalf("expected Operation not permitted, got: %s", out)
|
||||
}
|
||||
var group sync.WaitGroup
|
||||
group.Add(4)
|
||||
errChan := make(chan error, 4)
|
||||
go func() {
|
||||
out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "acct-test")
|
||||
if err == nil || !strings.Contains(out, "Operation not permitted") {
|
||||
errChan <- fmt.Errorf("expected Operation not permitted, got: %s", out)
|
||||
}
|
||||
group.Done()
|
||||
}()
|
||||
|
||||
out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "ns-test", "echo", "hello")
|
||||
if err == nil || !strings.Contains(out, "Operation not permitted") {
|
||||
c.Fatalf("expected Operation not permitted, got: %s", out)
|
||||
}
|
||||
go func() {
|
||||
out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "ns-test", "echo", "hello")
|
||||
if err == nil || !strings.Contains(out, "Operation not permitted") {
|
||||
errChan <- fmt.Errorf("expected Operation not permitted, got: %s", out)
|
||||
}
|
||||
group.Done()
|
||||
}()
|
||||
|
||||
out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp:unconfined", "syscall-test", "acct-test")
|
||||
if err == nil || !strings.Contains(out, "No such file or directory") {
|
||||
c.Fatalf("expected No such file or directory, got: %s", out)
|
||||
}
|
||||
go func() {
|
||||
out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp:unconfined", "syscall-test", "acct-test")
|
||||
if err == nil || !strings.Contains(out, "No such file or directory") {
|
||||
errChan <- fmt.Errorf("expected No such file or directory, got: %s", out)
|
||||
}
|
||||
group.Done()
|
||||
}()
|
||||
|
||||
out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp:unconfined", "syscall-test", "ns-test", "echo", "hello")
|
||||
if err != nil || !strings.Contains(out, "hello") {
|
||||
c.Fatalf("expected hello, got: %s, %v", out, err)
|
||||
go func() {
|
||||
out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp:unconfined", "syscall-test", "ns-test", "echo", "hello")
|
||||
if err != nil || !strings.Contains(out, "hello") {
|
||||
errChan <- fmt.Errorf("expected hello, got: %s, %v", out, err)
|
||||
}
|
||||
group.Done()
|
||||
}()
|
||||
|
||||
group.Wait()
|
||||
close(errChan)
|
||||
|
||||
for err := range errChan {
|
||||
c.Assert(err, checker.IsNil)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue