Add Seccomp and Reboot call tests (#18165) (#18182)

opensearch-trigger-bot[bot] · github-actions[bot] · Rajat Gupta · web-flow · commit 4c2d043509af · 2025-05-01T20:24:20.000-05:00
(cherry picked from commit 47f9bdb) Signed-off-by: Rajat Gupta <gptrajat@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Rajat Gupta <gptrajat@amazon.com>
diff --git a/qa/systemd-test/src/test/java/org/opensearch/systemdinteg/SystemdIntegTests.java b/qa/systemd-test/src/test/java/org/opensearch/systemdinteg/SystemdIntegTests.java
@@ -135,6 +135,17 @@ public void testFileDescriptorLimit() throws IOException, InterruptedException {
                 limits.contains("Max open files            unlimited            unlimited"));
     }
 
+    public void testSeccompEnabled() throws IOException, InterruptedException {
+        // Check if Seccomp is enabled
+        String seccomp = executeCommand("sudo su -c 'grep Seccomp /proc/" + opensearchPid + "/status'", "Failed to read Seccomp status");
+        assertFalse("Seccomp should be enabled", seccomp.contains("0"));
+    }
+
+    public void testRebootSysCall() throws IOException, InterruptedException {
+        String rebootResult = executeCommand("sudo su opensearch -c 'kill -s SIGHUP 1' 2>&1 || echo 'Operation not permitted'", "Failed to test reboot system call");
+        assertTrue("Reboot system call should be blocked", rebootResult.contains("Operation not permitted"));
+    }
+
     public void testOpenSearchProcessCannotExit() throws IOException, InterruptedException {
 
         String scriptPath;
