Skip to content

bats/runc: Backport PR#5124 for better coredump detection #24750

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ricardobranco777 merged 1 commit into from
Feb 25, 2026
Merged

bats/runc: Backport PR#5124 for better coredump detection #24750

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions data/containers/patches.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,15 +283,29 @@ podman-py:
runc:
# Note on patches:
# https://github.com/opencontainers/runc/pull/5079 - integration: Skip test for new privileges if NoNewPrivs is set
# https://github.com/opencontainers/runc/pull/5124 - tests/int: Disable coredumps for SCMP_ACT_KILL tests
opensuse-Tumbleweed:
GITHUB_PATCHES:
- 5079
- 5124
sle-16.1:
GITHUB_PATCHES:
- 5124
sle-16.0:
GITHUB_PATCHES:
- 5124
sle-15-SP7:
GITHUB_PATCHES:
- 5124
sle-15-SP6:
GITHUB_PATCHES:
- 5124
sle-15-SP5:
GITHUB_PATCHES:
- 5124
sle-15-SP4:
GITHUB_PATCHES:
- 5124
skopeo:
opensuse-Tumbleweed:
sle-16.1:
Expand Down
37 changes: 37 additions & 0 deletions data/containers/patches/runc/5124.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
From f18e97d312f31f109c5ef2485b62cad04e819529 Mon Sep 17 00:00:00 2001
From: Ricardo Branco <rbranco@suse.de>
Date: Wed, 25 Feb 2026 13:12:24 +0100
Subject: [PATCH] tests/int: Disable coredumps for SCMP_ACT_KILL tests

SCMP_ACT_KILL terminates the process with a fatal signal, which may
produce a core dump depending on the host configuration.

While this is harmless on ephemeral CI instances, it can leave unwanted
core files on developer or customer systems. It also interferes with
test environments that detect unexpected core dumps.

Signed-off-by: Ricardo Branco <rbranco@suse.de>
---
tests/integration/seccomp.bats | 2 ++
1 file changed, 2 insertions(+)

diff --git a/tests/integration/seccomp.bats b/tests/integration/seccomp.bats
index db9571e0d67..b5ed47dbc6a 100644
--- a/tests/integration/seccomp.bats
+++ b/tests/integration/seccomp.bats
@@ -155,6 +155,7 @@ function flags_value() {
@test "runc run [seccomp] (SCMP_ACT_KILL)" {
update_config ' .process.args = ["/bin/sh", "-c", "mkdir /dev/shm/foo"]
| .process.noNewPrivileges = false
+ | .process.rlimits = [{"type": "RLIMIT_CORE", "soft": 0, "hard": 0}]
| .linux.seccomp = {
"defaultAction":"SCMP_ACT_ALLOW",
"architectures":["SCMP_ARCH_X86","SCMP_ARCH_X32","SCMP_ARCH_X86_64","SCMP_ARCH_AARCH64","SCMP_ARCH_ARM"],
@@ -173,6 +174,7 @@ function flags_value() {
"architectures":["SCMP_ARCH_X86","SCMP_ARCH_X32","SCMP_ARCH_X86_64","SCMP_ARCH_AARCH64","SCMP_ARCH_ARM"],
"syscalls":[{"names":["mkdir","mkdirat"], "action":"SCMP_ACT_KILL"}]
}
+ | .process.rlimits = [{"type": "RLIMIT_CORE", "soft": 0, "hard": 0}]
| .hooks = {
"startContainer": [ {
"path": "/bin/sh",
3 changes: 0 additions & 3 deletions lib/containers/bats.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -483,9 +483,6 @@ sub collect_coredumps {
foreach my $line (@lines) {
my ($pid, $exe) = split /\s+/, $line;

# The runc seccomp SCMP_ACT_KILL test uses mkdir so a core file is expected
next if ($package eq "runc" && basename($exe) eq "mkdir");

# Dumping and compressing coredumps may take some time
my $out = script_output("coredumpctl info $pid", timeout => 300, proceed_on_failure => 1);
record_info("COREDUMP", $out);
Expand Down