From 9f0eab904b4e559e7e8f1edc8c1ad351dd9f3ebc Mon Sep 17 00:00:00 2001 From: Chao Wu Date: Sun, 3 Mar 2024 23:35:40 +0800 Subject: [PATCH] Dragonball: fix test_signal_handler a) There is some unknown syscalls triggered in new github virt machine that would break the make test process with SIGSYS after applying SeccompFilter. In order to fix this, we change the allowlist in this unit test for seccompfileter into a blocklist to avoid meeting the unknown syscalls. b) lazy static METRICS is not fully initialize in the unit test and may lead to unstable result for this UT. fixes: #9207 Signed-off-by: Chao Wu --- src/dragonball/src/signal_handler.rs | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/src/dragonball/src/signal_handler.rs b/src/dragonball/src/signal_handler.rs index 0890294e4a..7f368a9cf6 100644 --- a/src/dragonball/src/signal_handler.rs +++ b/src/dragonball/src/signal_handler.rs @@ -156,28 +156,17 @@ mod tests { #[test] fn test_signal_handler() { + // When METRICS initializes lazy, it will call the call_once to add locks. + // If the signal interrupts the initialization process, initializing again the + // metrics in the signal interrupt handler will cause a deadlock. + lazy_static::initialize(&METRICS); let child = thread::spawn(move || { assert!(register_signal_handlers().is_ok()); let filter = SeccompFilter::new( - vec![ - (libc::SYS_brk, vec![]), - (libc::SYS_exit, vec![]), - (libc::SYS_futex, vec![]), - (libc::SYS_getpid, vec![]), - (libc::SYS_munmap, vec![]), - (libc::SYS_kill, vec![]), - (libc::SYS_rt_sigprocmask, vec![]), - (libc::SYS_rt_sigreturn, vec![]), - (libc::SYS_sched_getaffinity, vec![]), - (libc::SYS_set_tid_address, vec![]), - (libc::SYS_sigaltstack, vec![]), - (libc::SYS_write, vec![]), - ] - .into_iter() - .collect(), - SeccompAction::Trap, + vec![(libc::SYS_mkdirat, vec![])].into_iter().collect(), SeccompAction::Allow, + SeccompAction::Trap, std::env::consts::ARCH.try_into().unwrap(), ) .unwrap();