Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
snap-seccomp: remove use of x/net/bpf from tests #3779
Conversation
codecov-io
commented
Aug 22, 2017
•
Codecov Report
@@ Coverage Diff @@
## master #3779 +/- ##
==========================================
- Coverage 75.74% 75.68% -0.06%
==========================================
Files 409 409
Lines 35388 35388
==========================================
- Hits 26804 26784 -20
- Misses 6688 6708 +20
Partials 1896 1896
Continue to review full report at Codecov.
|
mvo5
added some commits
Aug 30, 2017
| - } | ||
| - } | ||
| + rc = sc_apply_seccomp_bpf(argv[1]); | ||
| + if (rc || argc == 2) |
stolowski
Aug 30, 2017
Contributor
sc_apply_seccomp_bpf doesn't seem to be reporting any errors by return value, it exits right away or returns 0. I think returning instead of exiting makes it more friendly for testing, but not insisting on that. In any case, this conditional seems inconsistent with what the function is doing.
stolowski
Sep 1, 2017
Contributor
Thanks! Is there a particular reason you return negative value from the function (only to return -rc from main)?
mvo5 commentedAug 22, 2017
Based on https://github.com/snapcore/snapd/pull/3502/files
The bpf code of seccomp uses native endian. The x/net/bpf VM
always uses the network endian. This means we can not currently
simulate our geneated bpf with the bpf.VM. There is a open bug
at golang/go#20556
Given that we now also test the generated bpf against the in-kernel
seccomp implementation we can retire the bpf.VM tests (which test
exactly the same).