TestRuleAddAndLoad: fix for ppc

kolyshkin · pcmoore · commit 9006a281d671 · 2022-07-28T21:31:39.000-04:00
As reported in [1], the test fails on ppc64le since getpid(2) is not supposed to ever return an error, and somehow glibc relies on that assumption, and returns a positive value of error set by the seccomp rule from its getpid(2) wrapper. This makes the test fail. While seccomp_rule_add(3) man page was amended to note that behavior in [2], the test case here was never fixed so it always fails on ppc. Fix it by replacing getpid(2) with close(2). Make some other cosmetic changes while at it. The test case was tested to fail (when the corresponding FilterAddRule call is commented out): > seccomp_test.go:647: Syscall listen: want no space left on device, got socket operation on non-socket [1] #61 [2] seccomp/libseccomp#333 Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> Acked-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
diff --git a/seccomp_test.go b/seccomp_test.go
@@ -590,9 +590,14 @@ func subprocessRuleAddAndLoad(t *testing.T) {
 	}
 	defer filter1.Release()
 
-	call, err := GetSyscallFromName("getpid")
+	const expErr = 28 // ENOSPC, but can be anything not usually returned by listen(2).
+	call, err := GetSyscallFromName("listen")
 	if err != nil {
-		t.Errorf("Error getting syscall number of getpid: %s", err)
+		t.Errorf("Error getting syscall number of listen: %s", err)
+	}
+	err = filter1.AddRule(call, ActErrno.SetReturnCode(expErr))
+	if err != nil {
+		t.Errorf("Error adding rule to restrict syscall: %s", err)
 	}
 
 	call2, err := GetSyscallFromName("setreuid")
@@ -608,11 +613,6 @@ func subprocessRuleAddAndLoad(t *testing.T) {
 	uid := syscall.Getuid()
 	euid := syscall.Geteuid()
 
-	err = filter1.AddRule(call, ActErrno.SetReturnCode(0x1))
-	if err != nil {
-		t.Errorf("Error adding rule to restrict syscall: %s", err)
-	}
-
 	cond, err := MakeCondition(1, CompareEqual, uint64(euid))
 	if err != nil {
 		t.Errorf("Error making rule to restrict syscall: %s", err)
@@ -640,10 +640,9 @@ func subprocessRuleAddAndLoad(t *testing.T) {
 		t.Errorf("Error loading filter: %s", err)
 	}
 
-	// Try making a simple syscall, it should error
-	pid := syscall.Getpid()
-	if pid != -1 {
-		t.Errorf("Syscall should have returned error code!")
+	// Try making a simple syscall which should return an error.
+	if err := syscall.Listen(0, 0); err != syscall.Errno(expErr) {
+		t.Errorf("Syscall listen: want %v, got %v", syscall.Errno(expErr), err)
 	}
 
 	// Try making a Geteuid syscall that should normally succeed
