tests/integration/seccomp-notify-compat.bats - third_party/runc - Git at Google

 #!/usr/bin/env bats

 load helpers

 function setup() {
 	if is_kernel_gte 5.6; then
 		skip "requires kernel < 5.6"
 	fi

 	requires arch_x86_64

 	setup_seccompagent
 	setup_busybox
 }

 function teardown() {
 	teardown_seccompagent
 	teardown_bundle
 }

 # Support for seccomp notify requires Linux > 5.6, check that on older kernels
 # return an error.
 @test "runc run [seccomp] (SCMP_ACT_NOTIFY old kernel)" {
 	# Use just any seccomp profile with a notify action.
 	update_config ' .linux.seccomp = {
 				"defaultAction": "SCMP_ACT_ALLOW",
 				"listenerPath": "'"$SECCCOMP_AGENT_SOCKET"'",
 				"architectures": [ "SCMP_ARCH_X86","SCMP_ARCH_X32", "SCMP_ARCH_X86_64" ],
 				"syscalls": [{ "names": [ "mkdir" ], "action": "SCMP_ACT_NOTIFY" }]
 			}'

 	runc run test_busybox
 	[ "$status" -ne 0 ]
 	[[ "$output" == *"seccomp notify unsupported:"* ]]
 }
	#!/usr/bin/env bats

	load helpers

	function setup() {
	if is_kernel_gte 5.6; then
	skip "requires kernel < 5.6"
	fi

	requires arch_x86_64

	setup_seccompagent
	setup_busybox
	}

	function teardown() {
	teardown_seccompagent
	teardown_bundle
	}

	# Support for seccomp notify requires Linux > 5.6, check that on older kernels
	# return an error.
	@test "runc run [seccomp] (SCMP_ACT_NOTIFY old kernel)" {
	# Use just any seccomp profile with a notify action.
	update_config ' .linux.seccomp = {
	"defaultAction": "SCMP_ACT_ALLOW",
	"listenerPath": "'"$SECCCOMP_AGENT_SOCKET"'",
	"architectures": [ "SCMP_ARCH_X86","SCMP_ARCH_X32", "SCMP_ARCH_X86_64" ],
	"syscalls": [{ "names": [ "mkdir" ], "action": "SCMP_ACT_NOTIFY" }]
	}'

	runc run test_busybox
	[ "$status" -ne 0 ]
	[[ "$output" == "seccomp notify unsupported:" ]]
	}