Fix test breakage in Seccomp mode.

asomers · asomers · commit 7e2b4028fa65 · 2019-09-19T17:25:09.000-06:00
Travis is now using Seccomp, and Docker's default Seccomp policy disables execveat (though, weirdly, not fexecve). It also prohibits any operations on AF_ALG sockets. While I'm here, replace close/dup with dup2, which is more reliable. Also, drop the fork mutex earlier. This way all of the exeve tests will run, even if one fails. https://docs.docker.com/engine/security/seccomp/
diff --git a/test/sys/test_socket.rs b/test/sys/test_socket.rs
@@ -244,6 +244,10 @@ pub fn test_af_alg_cipher() {
                            ControlMessage, MsgFlags};
     use nix::sys::socket::sockopt::AlgSetKey;
 
+    // Travis's seccomp profile blocks AF_ALG
+    // https://docs.docker.com/engine/security/seccomp/
+    skip_if_seccomp!(test_af_alg_cipher);
+
     let alg_type = "skcipher";
     let alg_name = "ctr(aes)";
     // 256-bits secret key
@@ -308,6 +312,10 @@ pub fn test_af_alg_aead() {
                            ControlMessage, MsgFlags};
     use nix::sys::socket::sockopt::{AlgSetKey, AlgSetAeadAuthSize};
 
+    // Travis's seccomp profile blocks AF_ALG
+    // https://docs.docker.com/engine/security/seccomp/
+    skip_if_seccomp!(test_af_alg_aead);
+
     let auth_size = 4usize;
     let assoc_size = 16u32;
 
diff --git a/test/test.rs b/test/test.rs
@@ -73,6 +73,35 @@ macro_rules! skip_if_not_root {
     };
 }
 
+cfg_if! {
+    if #[cfg(any(target_os = "android", target_os = "linux"))] {
+        macro_rules! skip_if_seccomp {
+            ($name:expr) => {
+                if let Ok(s) = std::fs::read_to_string("/proc/self/status") {
+                    for l in s.lines() {
+                        let mut fields = l.split_whitespace();
+                        if fields.next() == Some("Seccomp:") &&
+                            fields.next() != Some("0")
+                        {
+                            use ::std::io::Write;
+                            let stderr = ::std::io::stderr();
+                            let mut handle = stderr.lock();
+                            writeln!(handle,
+                                "{} cannot be run in Seccomp mode.  Skipping test.",
+                                stringify!($name)).unwrap();
+                            return;
+                        }
+                    }
+                }
+            }
+        }
+    } else {
+        macro_rules! skip_if_seccomp {
+            ($name:expr) => {}
+        }
+    }
+}
+
 mod sys;
 mod test_dir;
 mod test_fcntl;
diff --git a/test/test_unistd.rs b/test/test_unistd.rs
@@ -184,7 +184,13 @@ macro_rules! execve_test_factory(
     ($test_name:ident, $syscall:ident, $exe: expr $(, $pathname:expr, $flags:expr)*) => (
     #[test]
     fn $test_name() {
-        let _m = ::FORK_MTX.lock().expect("Mutex got poisoned by another test");
+        if "execveat" == stringify!($syscall) {
+            // Though undocumented, Docker's default seccomp profile seems to
+            // block this syscall.  https://github.com/nix-rust/nix/issues/1122
+            skip_if_seccomp!($test_name);
+        }
+
+        let m = ::FORK_MTX.lock().expect("Mutex got poisoned by another test");
         // The `exec`d process will write to `writer`, and we'll read that
         // data from `reader`.
         let (reader, writer) = pipe().unwrap();
@@ -194,12 +200,9 @@ macro_rules! execve_test_factory(
         //       The tests make sure not to do that, though.
         match fork().unwrap() {
             Child => {
-                // Close stdout.
-                close(1).unwrap();
                 // Make `writer` be the stdout of the new process.
-                dup(writer).unwrap();
-                // exec!
-                $syscall(
+                dup2(writer, 1).unwrap();
+                let r = $syscall(
                     $exe,
                     $(&CString::new($pathname).unwrap(), )*
                     &[CString::new(b"".as_ref()).unwrap(),
@@ -208,11 +211,17 @@ macro_rules! execve_test_factory(
                                    .as_ref()).unwrap()],
                     &[CString::new(b"foo=bar".as_ref()).unwrap(),
                       CString::new(b"baz=quux".as_ref()).unwrap()]
-                    $(, $flags)*).unwrap();
+                    $(, $flags)*);
+                let _ = std::io::stderr()
+                    .write_all(format!("{:?}", r).as_bytes());
+                // Should only get here in event of error
+                unsafe{ _exit(1) };
             },
             Parent { child } => {
                 // Wait for the child to exit.
-                waitpid(child, None).unwrap();
+                let ws = waitpid(child, None);
+                drop(m);
+                assert_eq!(ws, Ok(WaitStatus::Exited(child, 0)));
                 // Read 1024 bytes.
                 let mut buf = [0u8; 1024];
                 read(reader, &mut buf).unwrap();
