// sync_file_range, and truncate64.
// Once we start using those. See `man syscall`
func (s *snapSeccompSuite) runBpf(c *C, seccompWhitelist, bpfInput string, expected int) {
+ c.Skip(`setpriority PRIO_PROCESS 0 >=0" "setpriority;native;99`)
// Common syscalls we need to allow for a minimal statically linked
// c program.
//
// ported from test_restrictions_working_args_socket
func (s *snapSeccompSuite) TestRestrictionsWorkingArgsSocket(c *C) {
+ c.Skip(`This test fails on Debian kernel 4.19: unexpected success for "socket AF_UNIX SOCK_STREAM" "socket;native;AF_UNIX,9999" (ran but should have failed)`)
if release.ReleaseInfo.ID == "ubuntu" && release.ReleaseInfo.VersionID == "14.04" {
c.Skip("14.04/i386 uses socketcall which cannot be tested here")
}
}
if arg == "PR_CAP_AMBIENT" {
+ c.Skip(`This test fails on Debian kernel 4.19: unexpected success for "prctl PR_CAP_AMBIENT PR_CAP_AMBIENT_RAISE" "prctl;native;PR_CAP_AMBIENT,99999" (ran but should have failed)`)
for _, j := range []string{"PR_CAP_AMBIENT_RAISE", "PR_CAP_AMBIENT_LOWER", "PR_CAP_AMBIENT_IS_SET", "PR_CAP_AMBIENT_CLEAR_ALL"} {
seccompWhitelist := fmt.Sprintf("prctl %s %s", arg, j)
bpfInputGood := fmt.Sprintf("prctl;native;%s,%s", arg, j)
projects / snapd.git / commitdiff