dilim/runc

mirror of https://github.com/opencontainers/runc.git synced 2026-06-30 19:58:25 +00:00

Files

Kir Kolyshkin 0079bee17f Support specs.LinuxSeccompFlagWaitKillableRecv

This adds support for WaitKillableRecv seccomp flag
(also known as SCMP_FLTATR_CTL_WAITKILL in libseccomp and
as SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV in the kernel).

This requires:
 - libseccomp >= 2.6.0
 - libseccomp-golang >= 0.11.0
 - linux kernel >= 5.19

Note that this flag does not make sense without NEW_LISTENER, and
the kernel returns EINVAL when SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV
is set but SECCOMP_FILTER_FLAG_NEW_LISTENER is not set.

For runc this means that .linux.seccomp.listenerPath should also be set,
and some of the seccomp rules should have SCMP_ACT_NOTIFY action. This
is why the flag is tested separately in seccomp-notify.bats.

At the moment the only adequate CI environment for this functionality is
Fedora 43. On all other platforms (including CentOS 10 and Ubuntu 24.04)
it is skipped similar to this:

> ok 251 runc run [seccomp] (SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV) # skip requires libseccomp >= 2.6.0 and API level >= 7 (current version: 2.5.6, API level: 6)

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

2026-03-16 10:48:42 -07:00

testdata

seccomp_syscall_test1: use ftruncate instead of kcmp

2024-04-23 09:10:13 +09:00

bootstrap-get-images.sh

Update busybox:glibc in integration tests to latest (1.37.0) builds

2025-09-25 17:06:20 -07:00

capabilities.bats

integration: quote shell value to prevent word splitting

2026-01-06 10:02:03 +00:00

cgroup_delegation.bats

ci: fix for codespell 2.2

2022-08-17 16:37:44 -07:00

cgroups.bats

tests: add pids.limit tests

2025-11-11 15:16:50 +11:00

checkpoint.bats

tests/int/checkpoint: fix using run twice

2025-10-18 15:30:16 -07:00

cpu_affinity.bats

libct: reset CPU affinity by default

2025-08-28 08:25:46 +10:00

create.bats

integration: output debug information in fd leak test

2026-03-12 17:58:09 +09:00

cwd.bats

tests: fix checks for non-existent variables

2022-02-28 18:41:35 -08:00

debug.bats

tests/int: remove useless/obvious comments

2025-10-18 15:30:16 -07:00

delete.bats

tests/int/delete: fix pause test for rootless case

2025-10-18 15:33:27 -07:00

dev.bats

libct/cg/sd: set the DeviceAllow property before DevicePolicy

2025-02-05 12:16:43 -08:00

env.bats

tests: Add env var tests

2025-04-04 15:44:47 +02:00

events.bats

tests/int: remove useless/obvious comments

2025-10-18 15:30:16 -07:00

exec.bats

tests/int: add "runc exec [init changes cgroup]"

2026-02-11 11:57:27 -08:00

get-images.sh

Update busybox:glibc in integration tests to latest (1.37.0) builds

2025-09-25 17:06:20 -07:00

help.bats

tests/int/help: simplify and fix

2025-08-27 18:08:51 -07:00

helpers.bash

tests: add RUNC_CMDLINE for tests incompatible with functions

2025-08-28 08:23:15 +10:00

hooks_so.bats

tests/int: simplify assignments

2025-01-07 13:54:34 -08:00

hooks.bats

tests/int: rm some "shellcheck disable" annotations

2025-03-13 10:21:55 -07:00

host-mntns.bats

tests/int: add a test for host mntns vs hooks

2023-08-28 12:46:59 -07:00

idmap.bats

mount: add support for ridmap and idmap

2023-12-14 11:36:42 +11:00

ioprio.bats

runc exec: fix setting process.ioPriority

2025-02-11 18:01:30 -08:00

kill.bats

tests/int: remove useless/obvious comments

2025-10-18 15:30:16 -07:00

list.bats

tests/int: remove useless/obvious comments

2025-10-18 15:30:16 -07:00

mask.bats

tests/int: remove useless/obvious comments

2025-10-18 15:30:16 -07:00

memorypolicy.bats

Add memory policy support

2025-10-07 15:06:37 +03:00

mounts_propagation.bats

fix rootfs propagation mode

2025-05-19 12:55:35 +00:00

mounts_recursive.bats

libct/specconv: fix partial clear of atime mount flags

2026-02-06 03:30:55 +00:00

mounts_sshfs.bats

tests/integration: Fix remount on debian testing

2024-04-09 13:16:55 +01:00

mounts.bats

integration: add some tests for bind mount through dangling symlinks

2025-11-26 21:04:05 +11:00

netdev.bats

tests/int: use run with a status check

2025-10-18 15:30:16 -07:00

no_pivot.bats

tests/int/no_pivot: fix for new kernels

2021-06-29 13:31:54 -07:00

pause.bats

tests/int: remove useless/obvious comments

2025-10-18 15:30:16 -07:00

personality.bats

test: runc run with personality syscall blocked by seccomp

2025-09-25 09:54:08 +00:00

pidfd-socket.bats

tests/int: remove bogus $status checks

2025-10-18 15:30:16 -07:00

ps.bats

tests/int/ps: enable for rootless

2023-07-17 23:16:55 +08:00

README.md

tests/int/README: update

2025-10-18 15:30:16 -07:00

rlimits.bats

update/add some tests for rlimit

2024-05-08 10:57:10 +00:00

root.bats

tests/int/{root,list}.bats: ALT_ROOT fixups in teardown

2022-02-28 18:39:08 -08:00

run.bats

test: check whether runc set a correct default home env or not

2025-04-01 15:22:19 +00:00

scheduler.bats

tests/int: use run with a status check

2025-10-18 15:30:16 -07:00

seccomp-notify-compat.bats

tests: integration: add runc-dmz smoke tests

2023-09-22 15:38:21 +10:00

seccomp-notify.bats

Support specs.LinuxSeccompFlagWaitKillableRecv

2026-03-16 10:48:42 -07:00

seccomp.bats

Support specs.LinuxSeccompFlagWaitKillableRecv

2026-03-16 10:48:42 -07:00

selinux.bats

tests/int/selinux: fix for non-standard binary name

2025-08-27 18:08:51 -07:00

spec.bats

use go mod instead of go get in spec.bats

2024-04-30 05:20:54 +00:00

start_detached.bats

tests/int: remove useless/obvious comments

2025-10-18 15:30:16 -07:00

start_hello.bats

tests/int: remove useless/obvious comments

2025-10-18 15:30:16 -07:00

start.bats

tests/int: remove useless/obvious comments

2025-10-18 15:30:16 -07:00

state.bats

tests/int: remove useless/obvious comments

2025-10-18 15:30:16 -07:00

timens.bats

test: exec into a container with private time ns

2025-02-22 16:42:01 +00:00

tty.bats

tests/int: remove useless/obvious comments

2025-10-18 15:30:16 -07:00

umask.bats

tests/int: remove useless/obvious comments

2025-10-18 15:30:16 -07:00

update.bats

tests: add pids.limit tests

2025-11-11 15:16:50 +11:00

userns.bats

tests/int: use run with a status check

2025-10-18 15:30:16 -07:00

version.bats

tests/integration/*.bats: reformat with shfmt

2020-10-11 19:15:36 -07:00

README.md

runc Integration Tests

Integration tests provide end-to-end testing of runc.

Note that integration tests do not replace unit tests.

As a rule of thumb, code should be tested thoroughly with unit tests. Integration tests on the other hand are meant to test a specific feature end to end.

Integration tests are written in bash using the bats (Bash Automated Testing System) framework. Please see bats documentation for more details.

Running integration tests

The easiest way to run integration tests is with Docker:

make integration

Alternatively, you can run integration tests directly on your host through make:

sudo make localintegration

Or you can just run them directly using bats

sudo bats tests/integration

To run a single test bucket:

make integration TESTPATH="/checkpoint.bats"

To run them on your host, you need to set up a development environment plus bats (Bash Automated Testing System).

For example:

cd ~/go/src/github.com
git clone https://github.com/bats-core/bats-core.git
cd bats-core
./install.sh /usr/local

Writing integration tests

Helper functions are provided in order to facilitate writing tests.

Please see existing tests for examples.