test/e2e: Add linkat to seccomp profile

Some architectures (i.e., arm64) do not implement the link(2) system call and ln(1) uses linkat(2) instead. Use the names array to block both syscalls so the tests works on all architectures. Signed-off-by: Ricardo Branco <rbranco@suse.de>
2026-03-30 20:43:40 -04:00 · 2026-03-11 23:10:28 +01:00
parent 2ea88f0573
commit a4d0fd8853
2 changed files with 2 additions and 2 deletions
--- a/test/e2e/play_kube_test.go
+++ b/test/e2e/play_kube_test.go
@@ -1518,7 +1518,7 @@ var (
 	defaultConfigMapName  = "testConfigMap"
 	defaultSecretName     = "testSecret"
 	defaultPVCName        = "testPVC"
-	seccompLinkEPERM      = []byte(`{"defaultAction":"SCMP_ACT_ALLOW","syscalls":[{"name":"link","action":"SCMP_ACT_ERRNO"}]}`)
+	seccompLinkEPERM      = []byte(`{"defaultAction":"SCMP_ACT_ALLOW","syscalls":[{"names":["link","linkat"],"action":"SCMP_ACT_ERRNO"}]}`)
 	// CPU Period in ms
 	defaultCPUPeriod = 100
 	// Default secret in JSON. Note that the values ("foo" and "bar") are base64 encoded.
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -400,7 +400,7 @@ var _ = Describe("Podman run", func() {
 	})

 	forbidLinkSeccompProfile := func() string {
-		in := []byte(`{"defaultAction":"SCMP_ACT_ALLOW","syscalls":[{"name":"link","action":"SCMP_ACT_ERRNO"}]}`)
+		in := []byte(`{"defaultAction":"SCMP_ACT_ALLOW","syscalls":[{"names":["link","linkat"],"action":"SCMP_ACT_ERRNO"}]}`)
 		jsonFile, err := podmanTest.CreateSeccompJSON(in)
 		if err != nil {
 			GinkgoWriter.Println(err)