diff --git a/tests/net_without_namespaces.rs b/tests/net_without_namespaces.rs index 2a31fdb..58216a7 100644 --- a/tests/net_without_namespaces.rs +++ b/tests/net_without_namespaces.rs @@ -31,10 +31,17 @@ fn main() { seccompiler::apply_filter(&program).unwrap(); let birdcage = Birdcage::new().unwrap(); - birdcage.lock().unwrap(); + let result = birdcage.lock(); - let result = TcpStream::connect("8.8.8.8:443"); - assert!(result.is_err()); + match result { + // Seccomp is supported, so networking should still be blocked. + Ok(_) => { + let result = TcpStream::connect("8.8.8.8:443"); + assert!(result.is_err()); + }, + // Seccomp isn't supported, so failure is desired. + Err(_) => (), + } } #[cfg(not(target_os = "linux"))] diff --git a/tests/net_without_seccomp.rs b/tests/net_without_seccomp.rs index f6c0855..f46c441 100644 --- a/tests/net_without_seccomp.rs +++ b/tests/net_without_seccomp.rs @@ -42,10 +42,17 @@ fn main() { seccompiler::apply_filter(&program).unwrap(); let birdcage = Birdcage::new().unwrap(); - birdcage.lock().unwrap(); + let result = birdcage.lock(); - let result = TcpStream::connect("8.8.8.8:443"); - assert!(result.is_err()); + match result { + // Namespaces are supported, so networking should still be blocked. + Ok(_) => { + let result = TcpStream::connect("8.8.8.8:443"); + assert!(result.is_err()); + }, + // Namespaces aren't supported, so failure is desired. + Err(_) => (), + } } #[cfg(not(target_os = "linux"))]