From 64ae81609cadb52c75d33756adbca89441a11adc Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Wed, 17 Aug 2016 18:26:09 +0100 Subject: [PATCH] Run seccomp tests in series not parallel Fix #24803 as this had been failing sometimes. As the parallel tests are probably genuine failures, and had already been cut down, I will re-create these specifically as a parallel execution test with no seccomp to make the cause clearer. Signed-off-by: Justin Cormack (cherry picked from commit 84ec04306caac458c237881b1869fb2b077fced4) Signed-off-by: Victor Vieux --- integration-cli/docker_cli_run_unix_test.go | 139 ++++++-------------- 1 file changed, 42 insertions(+), 97 deletions(-) diff --git a/integration-cli/docker_cli_run_unix_test.go b/integration-cli/docker_cli_run_unix_test.go index c1995b7ce1..b0974f43ad 100644 --- a/integration-cli/docker_cli_run_unix_test.go +++ b/integration-cli/docker_cli_run_unix_test.go @@ -13,7 +13,6 @@ import ( "regexp" "strconv" "strings" - "sync" "syscall" "time" @@ -1067,117 +1066,63 @@ func (s *DockerSuite) TestRunSeccompAllowSetrlimit(c *check.C) { func (s *DockerSuite) TestRunSeccompDefaultProfileAcct(c *check.C) { testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace) - var group sync.WaitGroup - group.Add(5) - errChan := make(chan error, 5) - go func() { - out, _, err := dockerCmdWithError("run", "syscall-test", "acct-test") - if err == nil || !strings.Contains(out, "Operation not permitted") { - errChan <- fmt.Errorf("goroutine 0: expected Operation not permitted, got: %s", out) - } - group.Done() - }() + out, _, err := dockerCmdWithError("run", "syscall-test", "acct-test") + if err == nil || !strings.Contains(out, "Operation not permitted") { + c.Fatalf("test 0: expected Operation not permitted, got: %s", out) + } - go func() { - out, _, err := dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "acct-test") - if err == nil || !strings.Contains(out, "Operation not permitted") { - errChan <- fmt.Errorf("goroutine 1: expected Operation not permitted, got: %s", out) - } - group.Done() - }() + out, _, err = dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "acct-test") + if err == nil || !strings.Contains(out, "Operation not permitted") { + c.Fatalf("test 1: expected Operation not permitted, got: %s", out) + } - go func() { - out, _, err := dockerCmdWithError("run", "--cap-add", "sys_pacct", "syscall-test", "acct-test") - if err == nil || !strings.Contains(out, "No such file or directory") { - errChan <- fmt.Errorf("goroutine 2: expected No such file or directory, got: %s", out) - } - group.Done() - }() + out, _, err = dockerCmdWithError("run", "--cap-add", "sys_pacct", "syscall-test", "acct-test") + if err == nil || !strings.Contains(out, "No such file or directory") { + c.Fatalf("test 2: expected No such file or directory, got: %s", out) + } - go func() { - out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "acct-test") - if err == nil || !strings.Contains(out, "No such file or directory") { - errChan <- fmt.Errorf("goroutine 3: expected No such file or directory, got: %s", out) - } - group.Done() - }() + out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "acct-test") + if err == nil || !strings.Contains(out, "No such file or directory") { + c.Fatalf("test 3: expected No such file or directory, got: %s", out) + } - go func() { - out, _, err := dockerCmdWithError("run", "--cap-drop", "ALL", "--cap-add", "sys_pacct", "syscall-test", "acct-test") - if err == nil || !strings.Contains(out, "No such file or directory") { - errChan <- fmt.Errorf("goroutine 4: expected No such file or directory, got: %s", out) - } - group.Done() - }() - - group.Wait() - close(errChan) - - for err := range errChan { - c.Assert(err, checker.IsNil) + out, _, err = dockerCmdWithError("run", "--cap-drop", "ALL", "--cap-add", "sys_pacct", "syscall-test", "acct-test") + if err == nil || !strings.Contains(out, "No such file or directory") { + c.Fatalf("test 4: expected No such file or directory, got: %s", out) } } func (s *DockerSuite) TestRunSeccompDefaultProfileNS(c *check.C) { testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace) - var group sync.WaitGroup - group.Add(6) - errChan := make(chan error, 6) + out, _, err := dockerCmdWithError("run", "syscall-test", "ns-test", "echo", "hello0") + if err == nil || !strings.Contains(out, "Operation not permitted") { + c.Fatalf("test 0: expected Operation not permitted, got: %s", out) + } - go func() { - out, _, err := dockerCmdWithError("run", "syscall-test", "ns-test", "echo", "hello0") - if err == nil || !strings.Contains(out, "Operation not permitted") { - errChan <- fmt.Errorf("goroutine 0: expected Operation not permitted, got: %s", out) - } - group.Done() - }() + out, _, err = dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello1") + if err != nil || !strings.Contains(out, "hello1") { + c.Fatalf("test 1: expected hello1, got: %s, %v", out, err) + } - go func() { - out, _, err := dockerCmdWithError("run", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello1") - if err != nil || !strings.Contains(out, "hello1") { - errChan <- fmt.Errorf("goroutine 1: expected hello1, got: %s, %v", out, err) - } - group.Done() - }() + out, _, err = dockerCmdWithError("run", "--cap-drop", "all", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello2") + if err != nil || !strings.Contains(out, "hello2") { + c.Fatalf("test 2: expected hello2, got: %s, %v", out, err) + } - go func() { - out, _, err := dockerCmdWithError("run", "--cap-drop", "all", "--cap-add", "sys_admin", "syscall-test", "ns-test", "echo", "hello2") - if err != nil || !strings.Contains(out, "hello2") { - errChan <- fmt.Errorf("goroutine 2: expected hello2, got: %s, %v", out, err) - } - group.Done() - }() + out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "ns-test", "echo", "hello3") + if err != nil || !strings.Contains(out, "hello3") { + c.Fatalf("test 3: expected hello3, got: %s, %v", out, err) + } - go func() { - out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "syscall-test", "ns-test", "echo", "hello3") - if err != nil || !strings.Contains(out, "hello3") { - errChan <- fmt.Errorf("goroutine 3: expected hello3, got: %s, %v", out, err) - } - group.Done() - }() + out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "acct-test") + if err == nil || !strings.Contains(out, "No such file or directory") { + c.Fatalf("test 4: expected No such file or directory, got: %s", out) + } - go func() { - out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "acct-test") - if err == nil || !strings.Contains(out, "No such file or directory") { - errChan <- fmt.Errorf("goroutine 4: expected No such file or directory, got: %s", out) - } - group.Done() - }() - - go func() { - out, _, err := dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "ns-test", "echo", "hello4") - if err != nil || !strings.Contains(out, "hello4") { - errChan <- fmt.Errorf("goroutine 5: expected hello4, got: %s, %v", out, err) - } - group.Done() - }() - - group.Wait() - close(errChan) - - for err := range errChan { - c.Assert(err, checker.IsNil) + out, _, err = dockerCmdWithError("run", "--cap-add", "ALL", "--security-opt", "seccomp=unconfined", "syscall-test", "ns-test", "echo", "hello4") + if err != nil || !strings.Contains(out, "hello4") { + c.Fatalf("test 5: expected hello4, got: %s, %v", out, err) } }