Merge pull request #26934 from kolyshkin/fix-ci

test/e2e: fix 'block all syscalls' seccomp for runc
2026-02-05 06:45:31 +01:00 · 2026-01-23 13:18:33 +01:00
parent c4128cbc40 18b5b2e2d6
commit 1af4caf888
1 changed files with 15 additions and 5 deletions
--- a/test/e2e/run_seccomp_test.go
+++ b/test/e2e/run_seccomp_test.go
@@ -3,7 +3,7 @@
 package integration

 import (
-	"fmt"
+	"path"

 	. "github.com/containers/podman/v6/test/utils"
 	. "github.com/onsi/ginkgo/v2"
@@ -54,11 +54,21 @@ var _ = Describe("Podman run", func() {
 		session := podmanTest.Podman([]string{"run", "--seccomp-policy", "image", img, "ls"})
 		session.WaitWithDefaultTimeout()

-		expect := fmt.Sprintf("OCI runtime error: %s: read from the init process", podmanTest.OCIRuntime)
-		if IsRemote() {
-			expect = fmt.Sprintf("for attach: %s: read from the init process: OCI runtime error", podmanTest.OCIRuntime)
+		switch path.Base(podmanTest.OCIRuntime) {
+		case "crun":
+			// "crun create" fails with "read from the init process" error.
+			Expect(session).To(ExitWithError(126, "read from the init process"))
+		case "runc":
+			// "runc create" succeeds, then...
+			Expect(session).To(Or(
+				// either "runc start" fails with "cannot start a container that has stopped",
+				ExitWithError(126, "cannot start a container that has stopped"),
+				// or podman itself fails with "failed to connect to container's attach socket".
+				ExitWithError(127, "failed to connect to container's attach socket"),
+			))
+		default:
+			Expect(session.ExitCode()).To(BeNumerically(">", 0), "Exit status using generic runtime")
 		}
-		Expect(session).To(ExitWithError(126, expect))
 	})

 	It("podman run --seccomp-policy image (bogus profile)", func() {