Run seccomp tests in series not parallel

Fix #24803 as this had been failing sometimes. As the parallel tests are probably genuine failures, and had already been cut down, I will re-create these specifically as a parallel execution test with no seccomp to make the cause clearer. Signed-off-by: Justin Cormack <justin.cormack@docker.com> (cherry picked from commit 84ec04306c) Signed-off-by: Victor Vieux <vieux@docker.com>
2016-08-17 18:26:09 +01:00 · 2016-08-17 18:26:09 +01:00 · 64ae81609c
commit 64ae81609c
parent 0a6b4c2d9c
1 changed files with 42 additions and 97 deletions
--- a/integration-cli/docker_cli_run_unix_test.go
+++ b/integration-cli/docker_cli_run_unix_test.go
@ -13,7 +13,6 @@ import (
 	"regexp"
 	"strconv"
 	"strings"
-	"sync"
 	"syscall"
 	"time"

@ -1067,117 +1066,63 @@ func (s *DockerSuite) TestRunSeccompAllowSetrlimit(c *check.C) {
 func (s *DockerSuite) TestRunSeccompDefaultProfileAcct(c *check.C) {
 	testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace)

-	var group sync.WaitGroup
-	group.Add(5)
-	errChan := make(chan error, 5)
-	go func() {
-		out, _, err := dockerCmdWithError("run", "syscall-test", "acct-test")
-		if err == nil || !strings.Contains(out, "Operation not permitted") {
-			errChan <- fmt.Errorf("goroutine 0: expected Operation not permitted, got: %s", out)
-		}
-		group.Done()
-	}()
+	out, _, err := dockerCmdWithError("run", "syscall-test", "acct-test")
+	if err == nil || !strings.Contains(out, "Operation not permitted") {
+		c.Fatalf("test 0: expected Operation not permitted, got: %s", out)
+	}

-	go func() {
-		out, _, err := dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "acct-test")
-		if err == nil || !strings.Contains(out, "Operation not permitted") {
-			errChan <- fmt.Errorf("goroutine 1: expected Operation not permitted, got: %s", out)
-		}
-		group.Done()
-	}()
+	out, _, err = dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "acct-test")
+	if err == nil || !strings.Contains(out, "Operation not permitted") {
+		c.Fatalf("test 1: expected Operation not permitted, got: %s", out)
+	}

-	go func() {
-		out, _, err := dockerCmdWithError("run", "--cap-add", "sys_pacct", "syscall-test", "acct-test")
-		if err == nil || !strings.Contains(out, "No such file or directory") {
-			errChan <- fmt.Errorf("goroutine 2: expected No such file or directory, got: %s", out)
-		}
-		group.Done()
-	}()
+	out, _, err = dockerCmdWithError("run", "--cap-add", "sys_pacct", "syscall-test", "acct-test")
+	if err == nil || !strings.Contains(out, "No such file or directory") {
+		c.Fatalf("test 2: expected No such file or directory, got: %s", out)
+	}

-	go func() {
-		out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "acct-test")
-		if err == nil || !strings.Contains(out, "No such file or directory") {
-			errChan <- fmt.Errorf("goroutine 3: expected No such file or directory, got: %s", out)
-		}
-		group.Done()
-	}()
+	out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "acct-test")
+	if err == nil || !strings.Contains(out, "No such file or directory") {
+		c.Fatalf("test 3: expected No such file or directory, got: %s", out)
+	}

-	go func() {
-		out, _, err := dockerCmdWithError("run", "--cap-drop", "ALL", "--cap-add", "sys_pacct", "syscall-test", "acct-test")
-		if err == nil || !strings.Contains(out, "No such file or directory") {
-			errChan <- fmt.Errorf("goroutine 4: expected No such file or directory, got: %s", out)
-		}
-		group.Done()
-	}()
-
-	group.Wait()
-	close(errChan)
-
-	for err := range errChan {
-		c.Assert(err, checker.IsNil)
+	out, _, err = dockerCmdWithError("run", "--cap-drop", "ALL", "--cap-add", "sys_pacct", "syscall-test", "acct-test")
+	if err == nil || !strings.Contains(out, "No such file or directory") {
+		c.Fatalf("test 4: expected No such file or directory, got: %s", out)
 	}
 }

 func (s *DockerSuite) TestRunSeccompDefaultProfileNS(c *check.C) {
 	testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace)

-	var group sync.WaitGroup
-	group.Add(6)
-	errChan := make(chan error, 6)
+	out, _, err := dockerCmdWithError("run", "syscall-test", "ns-test", "echo", "hello0")
+	if err == nil || !strings.Contains(out, "Operation not permitted") {
+		c.Fatalf("test 0: expected Operation not permitted, got: %s", out)
+	}

-	go func() {
-		out, _, err := dockerCmdWithError("run", "syscall-test", "ns-test", "echo", "hello0")
-		if err == nil || !strings.Contains(out, "Operation not permitted") {
-			errChan <- fmt.Errorf("goroutine 0: expected Operation not permitted, got: %s", out)
-		}
-		group.Done()
-	}()
+	out, _, err = dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello1")
+	if err != nil || !strings.Contains(out, "hello1") {
+		c.Fatalf("test 1: expected hello1, got: %s, %v", out, err)
+	}

-	go func() {
-		out, _, err := dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello1")
-		if err != nil || !strings.Contains(out, "hello1") {
-			errChan <- fmt.Errorf("goroutine 1: expected hello1, got: %s, %v", out, err)
-		}
-		group.Done()
-	}()
+	out, _, err = dockerCmdWithError("run", "--cap-drop", "all", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello2")
+	if err != nil || !strings.Contains(out, "hello2") {
+		c.Fatalf("test 2: expected hello2, got: %s, %v", out, err)
+	}

-	go func() {
-		out, _, err := dockerCmdWithError("run", "--cap-drop", "all", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello2")
-		if err != nil || !strings.Contains(out, "hello2") {
-			errChan <- fmt.Errorf("goroutine 2: expected hello2, got: %s, %v", out, err)
-		}
-		group.Done()
-	}()
+	out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "ns-test", "echo", "hello3")
+	if err != nil || !strings.Contains(out, "hello3") {
+		c.Fatalf("test 3: expected hello3, got: %s, %v", out, err)
+	}

-	go func() {
-		out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "ns-test", "echo", "hello3")
-		if err != nil || !strings.Contains(out, "hello3") {
-			errChan <- fmt.Errorf("goroutine 3: expected hello3, got: %s, %v", out, err)
-		}
-		group.Done()
-	}()
+	out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "acct-test")
+	if err == nil || !strings.Contains(out, "No such file or directory") {
+		c.Fatalf("test 4: expected No such file or directory, got: %s", out)
+	}

-	go func() {
-		out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "acct-test")
-		if err == nil || !strings.Contains(out, "No such file or directory") {
-			errChan <- fmt.Errorf("goroutine 4: expected No such file or directory, got: %s", out)
-		}
-		group.Done()
-	}()
-
-	go func() {
-		out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "ns-test", "echo", "hello4")
-		if err != nil || !strings.Contains(out, "hello4") {
-			errChan <- fmt.Errorf("goroutine 5: expected hello4, got: %s, %v", out, err)
-		}
-		group.Done()
-	}()
-
-	group.Wait()
-	close(errChan)
-
-	for err := range errChan {
-		c.Assert(err, checker.IsNil)
+	out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "ns-test", "echo", "hello4")
+	if err != nil || !strings.Contains(out, "hello4") {
+		c.Fatalf("test 5: expected hello4, got: %s, %v", out, err)
 	}
 }