libcontainer: change seccomp test for clone syscall

This commit changes the value of seccomp test for clone syscall. Also hardcoded values should be changed because it is unclear to understand what flags are tested. Related issues: * containerd/containerd#3314 * moby/moby#39308 * opencontainers/runtime-tools#694 Signed-off-by: Kenta Tada <Kenta.Tada@sony.com>
opencontainers · Jun 4, 2019 · b54fd85 · b54fd85
1 parent 5ef781c
commit b54fd85
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/libcontainer/specconv/spec_linux_test.go b/libcontainer/specconv/spec_linux_test.go
@@ -7,6 +7,8 @@ import (
 	"strings"
 	"testing"
 
+	"golang.org/x/sys/unix"
+
 	"github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/opencontainers/runc/libcontainer/configs/validate"
 	"github.com/opencontainers/runtime-spec/specs-go"
@@ -104,7 +106,7 @@ func TestSetupSeccomp(t *testing.T) {
 				Args: []specs.LinuxSeccompArg{
 					{
 						Index:    0,
-						Value:    2080505856,
+						Value:    unix.CLONE_NEWNS | unix.CLONE_NEWUTS | unix.CLONE_NEWIPC | unix.CLONE_NEWUSER | unix.CLONE_NEWPID | unix.CLONE_NEWNET | unix.CLONE_NEWCGROUP,
 						ValueTwo: 0,
 						Op:       "SCMP_CMP_MASKED_EQ",
 					},
@@ -154,7 +156,7 @@ func TestSetupSeccomp(t *testing.T) {
 			expectedCloneSyscallArgs := configs.Arg{
 				Index:    0,
 				Op:       7, // SCMP_CMP_MASKED_EQ
-				Value:    2080505856,
+				Value:    unix.CLONE_NEWNS | unix.CLONE_NEWUTS | unix.CLONE_NEWIPC | unix.CLONE_NEWUSER | unix.CLONE_NEWPID | unix.CLONE_NEWNET | unix.CLONE_NEWCGROUP,
 				ValueTwo: 0,
 			}
 			if expectedCloneSyscallArgs != *call.Args[0] {