github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-27 15:57:09 +00:00
Code Issues Projects Releases Wiki Activity

Dragonball: fix test_signal_handler

Browse Source 
a) There is some unknown syscalls triggered in new github virt machine
that would break the make test process with SIGSYS after applying
SeccompFilter. In order to fix this, we change the allowlist in this
unit test for seccompfileter into a blocklist to avoid meeting the unknown syscalls.
b) lazy static METRICS is not fully initialize in the unit test and may lead to
unstable result for this UT.

fixes: #9207

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
This commit is contained in:
Chao Wu 2024-03-03 23:35:40 +08:00
parent 253fe72435
commit 9f0eab904b
1 changed files with 6 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/dragonball/src/signal_handler.rs
View File

@ -156,28 +156,17 @@ mod tests {
#[test]
fn test_signal_handler() {
// When METRICS initializes lazy, it will call the call_once to add locks.
// If the signal interrupts the initialization process, initializing again the
// metrics in the signal interrupt handler will cause a deadlock.
lazy_static::initialize(&METRICS);
let child = thread::spawn(move || {
assert!(register_signal_handlers().is_ok());
let filter = SeccompFilter::new(
vec![
(libc::SYS_brk, vec![]),
(libc::SYS_exit, vec![]),
(libc::SYS_futex, vec![]),
(libc::SYS_getpid, vec![]),
(libc::SYS_munmap, vec![]),
(libc::SYS_kill, vec![]),
(libc::SYS_rt_sigprocmask, vec![]),
(libc::SYS_rt_sigreturn, vec![]),
(libc::SYS_sched_getaffinity, vec![]),
(libc::SYS_set_tid_address, vec![]),
(libc::SYS_sigaltstack, vec![]),
(libc::SYS_write, vec![]),
]
.into_iter()
.collect(),
SeccompAction::Trap,
vec![(libc::SYS_mkdirat, vec![])].into_iter().collect(),
SeccompAction::Allow,
SeccompAction::Trap,
std::env::consts::ARCH.try_into().unwrap(),
)
.unwrap();