snap-seccomp: remove use of x/net/bpf from tests

[mvo5]

Based on https://github.com/snapcore/snapd/pull/3502/files

The bpf code of seccomp uses native endian. The x/net/bpf VM
always uses the network endian. This means we can not currently
simulate our geneated bpf with the bpf.VM. There is a open bug
at golang/go#20556

Given that we now also test the generated bpf against the in-kernel
seccomp implementation we can retire the bpf.VM tests (which test
exactly the same).

[codecov-io]

Codecov Report

Merging #3779 into master will decrease coverage by 0.05%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #3779      +/-   ##
==========================================
- Coverage   75.74%   75.68%   -0.06%     
==========================================
  Files         409      409              
  Lines       35388    35388              
==========================================
- Hits        26804    26784      -20     
- Misses       6688     6708      +20     
  Partials     1896     1896

Impacted Files	Coverage Δ
cmd/snap-seccomp/main.go	51.35% <0%> (-6.05%)	⬇️
interfaces/sorting.go	98.71% <0%> (-1.29%)	⬇️
cmd/snap/cmd_aliases.go	95% <0%> (+1.66%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 73bbe43...06032a9. Read the comment docs.

[stolowski]

Looks good! Just one comment.

[stolowski]

sc_apply_seccomp_bpf doesn't seem to be reporting any errors by return value, it exits right away or returns 0. I think returning instead of exiting makes it more friendly for testing, but not insisting on that. In any case, this conditional seems inconsistent with what the function is doing.

[mvo5]

Thanks, I addressed this now.

[stolowski]

Thanks! Is there a particular reason you return negative value from the function (only to return -rc from main)?

[pedronis]

lgtm