mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
93bbc76ee5
While testing #24510 I noticed that 32 bit syscalls were incorrectly being blocked and we did not have a test for this, so adding one. This is only tested on amd64 as it is the only architecture that reliably supports 32 bit code execution, others only do sometimes. There is no 32 bit libc in the buildpack-deps so we cannot build 32 bit C code easily so use the simplest assembly program which just calls the exit syscall. Signed-off-by: Justin Cormack <justin.cormack@docker.com>
26 lines
934 B
Bash
26 lines
934 B
Bash
#!/bin/bash
|
|
set -e
|
|
|
|
# Build a C binary for cloning a userns for seccomp tests
|
|
# and compile it for target daemon
|
|
if [ "$DOCKER_ENGINE_GOOS" = "linux" ]; then
|
|
if [ "$DOCKER_ENGINE_OSARCH" = "$DOCKER_CLIENT_OSARCH" ]; then
|
|
tmpdir=$(mktemp -d)
|
|
gcc -g -Wall -static contrib/syscall-test/userns.c -o "${tmpdir}/userns-test"
|
|
gcc -g -Wall -static contrib/syscall-test/ns.c -o "${tmpdir}/ns-test"
|
|
gcc -g -Wall -static contrib/syscall-test/acct.c -o "${tmpdir}/acct-test"
|
|
if [ "$DOCKER_ENGINE_OSARCH" = "linux/amd64" ]; then
|
|
gcc -s -m32 -nostdlib contrib/syscall-test/exit32.s -o "${tmpdir}/exit32-test"
|
|
fi
|
|
|
|
dockerfile="${tmpdir}/Dockerfile"
|
|
cat <<-EOF > "$dockerfile"
|
|
FROM debian:jessie
|
|
COPY . /usr/bin/
|
|
EOF
|
|
docker build --force-rm ${DOCKER_BUILD_ARGS} -qt syscall-test "${tmpdir}" > /dev/null
|
|
rm -rf "${tmpdir}"
|
|
else
|
|
docker build ${DOCKER_BUILD_ARGS} -qt syscall-test contrib/syscall-test > /dev/null
|
|
fi
|
|
fi
|