On some systems, the cgroup hierarchies are grouped together
(cpu,cpuacct). In order to avoid fake failures, update the cgroup
parsing to just check whether or not the mountinfo options *contain* the
cgroup type.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Enable the full test suite to run on `make test`. They also all run
inside a Docker container for maximum reproducibility.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
As v2.1.0 is no longer required for successful testing, do not build it in the
Dockerfile - instead just use the version Ubuntu ships.
Signed-off-by: Matthew Heon <mheon@redhat.com>
This removes the existing, native Go seccomp filter generation and replaces it
with Libseccomp. Libseccomp is a C library which provides architecture
independent generation of Seccomp filters for the Linux kernel.
This adds a dependency on v2.2.1 or above of Libseccomp.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Mrunal Patel
Aleksa Sarai
Qiang Huang
Mike Brown
Tianon Gravi
Jessica Frazelle
Antonio Murdaca
Matthew Heon
Alexander Morozov