init: verify after chdir that cwd is inside the container · opencontainers/runc@0994249 (original) (raw)

`@@ -13,7 +13,7 @@ import (

`

13

13

` libseccomp "github.com/seccomp/libseccomp-golang"

`

14

14

`)

`

15

15

``

16

``

`-

func TestSeccompDenyGetcwdWithErrno(t *testing.T) {

`

``

16

`+

func TestSeccompDenySyslogWithErrno(t *testing.T) {

`

17

17

`if testing.Short() {

`

18

18

`return

`

19

19

` }

`

`@@ -25,7 +25,7 @@ func TestSeccompDenyGetcwdWithErrno(t *testing.T) {

`

25

25

`DefaultAction: configs.Allow,

`

26

26

`Syscalls: []*configs.Syscall{

`

27

27

` {

`

28

``

`-

Name: "getcwd",

`

``

28

`+

Name: "syslog",

`

29

29

`Action: configs.Errno,

`

30

30

`ErrnoRet: &errnoRet,

`

31

31

` },

`

`@@ -39,7 +39,7 @@ func TestSeccompDenyGetcwdWithErrno(t *testing.T) {

`

39

39

`buffers := newStdBuffers()

`

40

40

`pwd := &libcontainer.Process{

`

41

41

`Cwd: "/",

`

42

``

`-

Args: []string{"pwd"},

`

``

42

`+

Args: []string{"dmesg"},

`

43

43

`Env: standardEnvironment,

`

44

44

`Stdin: buffers.Stdin,

`

45

45

`Stdout: buffers.Stdout,

`

`@@ -65,17 +65,17 @@ func TestSeccompDenyGetcwdWithErrno(t *testing.T) {

`

65

65

` }

`

66

66

``

67

67

`if exitCode == 0 {

`

68

``

`-

t.Fatalf("Getcwd should fail with negative exit code, instead got %d!", exitCode)

`

``

68

`+

t.Fatalf("dmesg should fail with negative exit code, instead got %d!", exitCode)

`

69

69

` }

`

70

70

``

71

``

`-

expected := "pwd: getcwd: No such process"

`

``

71

`+

expected := "dmesg: klogctl: No such process"

`

72

72

`actual := strings.Trim(buffers.Stderr.String(), "\n")

`

73

73

`if actual != expected {

`

74

74

`t.Fatalf("Expected output %s but got %s\n", expected, actual)

`

75

75

` }

`

76

76

`}

`

77

77

``

78

``

`-

func TestSeccompDenyGetcwd(t *testing.T) {

`

``

78

`+

func TestSeccompDenySyslog(t *testing.T) {

`

79

79

`if testing.Short() {

`

80

80

`return

`

81

81

` }

`

`@@ -85,7 +85,7 @@ func TestSeccompDenyGetcwd(t *testing.T) {

`

85

85

`DefaultAction: configs.Allow,

`

86

86

`Syscalls: []*configs.Syscall{

`

87

87

` {

`

88

``

`-

Name: "getcwd",

`

``

88

`+

Name: "syslog",

`

89

89

`Action: configs.Errno,

`

90

90

` },

`

91

91

` },

`

`@@ -98,7 +98,7 @@ func TestSeccompDenyGetcwd(t *testing.T) {

`

98

98

`buffers := newStdBuffers()

`

99

99

`pwd := &libcontainer.Process{

`

100

100

`Cwd: "/",

`

101

``

`-

Args: []string{"pwd"},

`

``

101

`+

Args: []string{"dmesg"},

`

102

102

`Env: standardEnvironment,

`

103

103

`Stdin: buffers.Stdin,

`

104

104

`Stdout: buffers.Stdout,

`

`@@ -124,10 +124,10 @@ func TestSeccompDenyGetcwd(t *testing.T) {

`

124

124

` }

`

125

125

``

126

126

`if exitCode == 0 {

`

127

``

`-

t.Fatalf("Getcwd should fail with negative exit code, instead got %d!", exitCode)

`

``

127

`+

t.Fatalf("dmesg should fail with negative exit code, instead got %d!", exitCode)

`

128

128

` }

`

129

129

``

130

``

`-

expected := "pwd: getcwd: Operation not permitted"

`

``

130

`+

expected := "dmesg: klogctl: Operation not permitted"

`

131

131

`actual := strings.Trim(buffers.Stderr.String(), "\n")

`

132

132

`if actual != expected {

`

133

133

`t.Fatalf("Expected output %s but got %s\n", expected, actual)

`