From ea956c7c117f0bb0e8a8f89a103c96019a62c4f5 Mon Sep 17 00:00:00 2001 From: Christian Duerr Date: Thu, 14 Sep 2023 22:06:47 +0200 Subject: [PATCH] Fix partial net tests without support --- tests/net_without_namespaces.rs | 13 ++++++++++--- tests/net_without_seccomp.rs | 13 ++++++++++--- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/tests/net_without_namespaces.rs b/tests/net_without_namespaces.rs index 2a31fdb..58216a7 100644 --- a/tests/net_without_namespaces.rs +++ b/tests/net_without_namespaces.rs @@ -31,10 +31,17 @@ fn main() { seccompiler::apply_filter(&program).unwrap(); let birdcage = Birdcage::new().unwrap(); - birdcage.lock().unwrap(); + let result = birdcage.lock(); - let result = TcpStream::connect("8.8.8.8:443"); - assert!(result.is_err()); + match result { + // Seccomp is supported, so networking should still be blocked. + Ok(_) => { + let result = TcpStream::connect("8.8.8.8:443"); + assert!(result.is_err()); + }, + // Seccomp isn't supported, so failure is desired. + Err(_) => (), + } } #[cfg(not(target_os = "linux"))] diff --git a/tests/net_without_seccomp.rs b/tests/net_without_seccomp.rs index f6c0855..f46c441 100644 --- a/tests/net_without_seccomp.rs +++ b/tests/net_without_seccomp.rs @@ -42,10 +42,17 @@ fn main() { seccompiler::apply_filter(&program).unwrap(); let birdcage = Birdcage::new().unwrap(); - birdcage.lock().unwrap(); + let result = birdcage.lock(); - let result = TcpStream::connect("8.8.8.8:443"); - assert!(result.is_err()); + match result { + // Namespaces are supported, so networking should still be blocked. + Ok(_) => { + let result = TcpStream::connect("8.8.8.8:443"); + assert!(result.is_err()); + }, + // Namespaces aren't supported, so failure is desired. + Err(_) => (), + } } #[cfg(not(target_os = "linux"))]