diff options
author | Paul Moore <pmoore@redhat.com> | 2012-10-04 15:38:19 -0400 |
---|---|---|
committer | Paul Moore <pmoore@redhat.com> | 2012-11-05 12:30:59 -0500 |
commit | e72c5080f11df86d7a501ed0e0b6e563f12d61b8 (patch) | |
tree | 5a2823c02014c435cc88741bfa2d4f10608db038 | |
parent | 2f087c90a863a0cb12343b8f0be1c2e754ceda85 (diff) | |
download | libseccomp-e72c5080f11df86d7a501ed0e0b6e563f12d61b8.tar.gz |
tests: add python versions of the existing tests
Signed-off-by: Paul Moore <pmoore@redhat.com>
-rwxr-xr-x | tests/01-allow.py | 40 | ||||
-rwxr-xr-x | tests/02-basic.py | 44 | ||||
-rwxr-xr-x | tests/03-basic-chains.py | 45 | ||||
-rwxr-xr-x | tests/04-multilevel-chains.py | 56 | ||||
-rwxr-xr-x | tests/05-long-jumps.py | 56 | ||||
-rwxr-xr-x | tests/06-actions.py | 45 | ||||
-rwxr-xr-x | tests/07-db-bug-looping.py | 45 | ||||
-rwxr-xr-x | tests/08-subtree-checks.py | 122 | ||||
-rwxr-xr-x | tests/09-syscall-priority-pre.py | 47 | ||||
-rwxr-xr-x | tests/10-syscall-priority-post.py | 47 | ||||
-rwxr-xr-x | tests/11-basic-errors.py | 86 | ||||
-rw-r--r-- | tests/12-basic-masked-ops.c | 3 | ||||
-rwxr-xr-x | tests/12-basic-masked-ops.py | 61 | ||||
-rwxr-xr-x | tests/13-attrs.py | 49 | ||||
-rwxr-xr-x | tests/14-reset.py | 43 | ||||
-rwxr-xr-x | tests/15-resolver.py | 45 | ||||
-rwxr-xr-x | tests/16-arch-basic.py | 51 | ||||
-rwxr-xr-x | tests/17-arch-merge.py | 55 |
18 files changed, 940 insertions, 0 deletions
diff --git a/tests/01-allow.py b/tests/01-allow.py new file mode 100755 index 0000000..db3656b --- /dev/null +++ b/tests/01-allow.py @@ -0,0 +1,40 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2012 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <pmoore@redhat.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(ALLOW) + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff --git a/tests/02-basic.py b/tests/02-basic.py new file mode 100755 index 0000000..868664f --- /dev/null +++ b/tests/02-basic.py @@ -0,0 +1,44 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2012 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <pmoore@redhat.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(KILL) + f.add_rule_exactly(ALLOW, "read"); + f.add_rule_exactly(ALLOW, "write"); + f.add_rule_exactly(ALLOW, "close"); + f.add_rule_exactly(ALLOW, "rt_sigreturn"); + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff --git a/tests/03-basic-chains.py b/tests/03-basic-chains.py new file mode 100755 index 0000000..324170d --- /dev/null +++ b/tests/03-basic-chains.py @@ -0,0 +1,45 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2012 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <pmoore@redhat.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(KILL) + f.add_rule_exactly(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())); + f.add_rule_exactly(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())); + f.add_rule_exactly(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())); + f.add_rule_exactly(ALLOW, "close"); + f.add_rule_exactly(ALLOW, "rt_sigreturn"); + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff --git a/tests/04-multilevel-chains.py b/tests/04-multilevel-chains.py new file mode 100755 index 0000000..e40deee --- /dev/null +++ b/tests/04-multilevel-chains.py @@ -0,0 +1,56 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2012 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <pmoore@redhat.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(KILL) + f.add_rule_exactly(ALLOW, "open"); + f.add_rule_exactly(ALLOW, "close"); + f.add_rule_exactly(ALLOW, "read", + Arg(0, EQ, sys.stdin.fileno()), + Arg(1, NE, 0), + Arg(2, LT, sys.maxsize)); + f.add_rule_exactly(ALLOW, "write", + Arg(0, EQ, sys.stdout.fileno()), + Arg(1, NE, 0), + Arg(2, LT, sys.maxsize)); + f.add_rule_exactly(ALLOW, "write", + Arg(0, EQ, sys.stderr.fileno()), + Arg(1, NE, 0), + Arg(2, LT, sys.maxsize)); + f.add_rule_exactly(ALLOW, "close"); + f.add_rule_exactly(ALLOW, "rt_sigreturn"); + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff --git a/tests/05-long-jumps.py b/tests/05-long-jumps.py new file mode 100755 index 0000000..c6fd066 --- /dev/null +++ b/tests/05-long-jumps.py @@ -0,0 +1,56 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2012 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <pmoore@redhat.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(KILL) + # syscalls referenced by number to make the test simpler + f.add_rule_exactly(ALLOW, 1) + i = 0 + while i < 600: + f.add_rule_exactly(ALLOW, 1000, + Arg(0, EQ, i), + Arg(1, NE, 0), + Arg(2, LT, sys.maxsize)) + i += 1 + i = 100 + while i < 700: + f.add_rule_exactly(ALLOW, i, + Arg(0, NE, 0)) + i += 1 + f.add_rule_exactly(ALLOW, 4) + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; + diff --git a/tests/06-actions.py b/tests/06-actions.py new file mode 100755 index 0000000..4bd76f5 --- /dev/null +++ b/tests/06-actions.py @@ -0,0 +1,45 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2012 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <pmoore@redhat.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import errno +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(KILL) + f.add_rule(ALLOW, "read") + f.add_rule(ERRNO(errno.EPERM), "write") + f.add_rule(TRAP, "close") + f.add_rule(TRACE(1234), "open") + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff --git a/tests/07-db-bug-looping.py b/tests/07-db-bug-looping.py new file mode 100755 index 0000000..0b6e988 --- /dev/null +++ b/tests/07-db-bug-looping.py @@ -0,0 +1,45 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2012 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <pmoore@redhat.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(KILL) + # the next three seccomp_rule_add_exact() calls for read must go together + # in this order to catch an infinite loop. + f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdout)) + f.add_rule(ALLOW, "read", Arg(1, EQ, 0)) + f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin)) + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff --git a/tests/08-subtree-checks.py b/tests/08-subtree-checks.py new file mode 100755 index 0000000..766c3d1 --- /dev/null +++ b/tests/08-subtree-checks.py @@ -0,0 +1,122 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2012 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <pmoore@redhat.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(KILL) + # the syscall and argument numbers are all fake to make the test simpler + f.add_rule_exactly(ALLOW, 1000, + Arg(0, EQ, 0), + Arg(1, EQ, 1)) + f.add_rule_exactly(ALLOW, 1000, + Arg(1, EQ, 1)) + + f.add_rule_exactly(ALLOW, 1001, + Arg(1, EQ, 1)) + f.add_rule_exactly(ALLOW, 1001, + Arg(0, EQ, 0), + Arg(1, EQ, 1)) + + f.add_rule_exactly(ALLOW, 1002, + Arg(0, EQ, 0), + Arg(1, EQ, 1), + Arg(2, EQ, 2), + Arg(3, EQ, 3)) + f.add_rule_exactly(ALLOW, 1002, + Arg(1, EQ, 1), + Arg(2, EQ, 2)) + + f.add_rule_exactly(ALLOW, 1003, + Arg(1, EQ, 1), + Arg(2, EQ, 2)) + f.add_rule_exactly(ALLOW, 1003, + Arg(0, EQ, 0), + Arg(1, EQ, 1), + Arg(2, EQ, 2), + Arg(3, EQ, 3)) + + f.add_rule_exactly(ALLOW, 1004, + Arg(0, EQ, 0), + Arg(1, EQ, 1), + Arg(2, EQ, 2), + Arg(3, EQ, 3)) + f.add_rule_exactly(ALLOW, 1004, + Arg(0, EQ, 0), + Arg(1, EQ, 11)) + f.add_rule_exactly(ALLOW, 1004, + Arg(0, EQ, 0), + Arg(1, EQ, 1), + Arg(2, EQ, 2), + Arg(3, EQ, 33)) + f.add_rule_exactly(ALLOW, 1004, + Arg(1, EQ, 1), + Arg(2, EQ, 2)) + + f.add_rule_exactly(ALLOW, 1005, + Arg(1, EQ, 1), + Arg(2, EQ, 2)) + f.add_rule_exactly(ALLOW, 1005, + Arg(0, EQ, 0), + Arg(1, EQ, 1), + Arg(2, EQ, 2), + Arg(3, EQ, 3)) + f.add_rule_exactly(ALLOW, 1005, + Arg(0, EQ, 0), + Arg(1, EQ, 11)) + f.add_rule_exactly(ALLOW, 1005, + Arg(0, EQ, 0), + Arg(1, EQ, 1), + Arg(2, EQ, 2), + Arg(3, EQ, 33)) + + f.add_rule_exactly(ALLOW, 1006, + Arg(1, NE, 1), + Arg(2, EQ, 0)) + f.add_rule_exactly(ALLOW, 1006, + Arg(1, EQ, 1), + Arg(2, EQ, 2)) + f.add_rule_exactly(ALLOW, 1006, + Arg(1, NE, 1)) + + f.add_rule_exactly(TRAP, 1007, + Arg(2, EQ, 1), + Arg(3, EQ, 3)) + f.add_rule_exactly(ALLOW, 1007, + Arg(2, EQ, 1), + Arg(3, NE, 3)) + f.add_rule_exactly(ALLOW, 1007, + Arg(3, NE, 3)) + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff --git a/tests/09-syscall-priority-pre.py b/tests/09-syscall-priority-pre.py new file mode 100755 index 0000000..7b19943 --- /dev/null +++ b/tests/09-syscall-priority-pre.py @@ -0,0 +1,47 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2012 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <pmoore@redhat.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(KILL) + # the syscall and argument numbers are all fake to make the test simpler + f.syscall_priority(1000, 3) + f.syscall_priority(1001, 2) + f.syscall_priority(1002, 1) + f.add_rule_exactly(ALLOW, 1000, Arg(0, EQ, 0), Arg(1, EQ, 1)) + f.add_rule_exactly(ALLOW, 1001, Arg(0, EQ, 0)) + f.add_rule_exactly(ALLOW, 1002) + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff --git a/tests/10-syscall-priority-post.py b/tests/10-syscall-priority-post.py new file mode 100755 index 0000000..bc2e152 --- /dev/null +++ b/tests/10-syscall-priority-post.py @@ -0,0 +1,47 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2012 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <pmoore@redhat.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(KILL) + # the syscall and argument numbers are all fake to make the test simpler + f.add_rule_exactly(ALLOW, 1000, Arg(0, EQ, 0), Arg(1, EQ, 1)) + f.add_rule_exactly(ALLOW, 1001, Arg(0, EQ, 0)) + f.add_rule_exactly(ALLOW, 1002) + f.syscall_priority(1000, 3) + f.syscall_priority(1001, 2) + f.syscall_priority(1002, 1) + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff --git a/tests/11-basic-errors.py b/tests/11-basic-errors.py new file mode 100755 index 0000000..900548d --- /dev/null +++ b/tests/11-basic-errors.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2012 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <pmoore@redhat.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(): + # this test differs from the native test for obvious reasons + try: + f = SyscallFilter(ALLOW + 1) + except RuntimeError: + pass + + f = SyscallFilter(ALLOW) + try: + f.reset(KILL + 1) + except ValueError: + pass + + f = SyscallFilter(ALLOW) + try: + f.syscall_priority(-1000, 1) + except RuntimeError: + pass + + f = SyscallFilter(ALLOW) + try: + f.add_rule(ALLOW, "read") + except RuntimeError: + pass + try: + f.add_rule(KILL - 1, "read") + except RuntimeError: + pass + try: + f.add_rule(KILL, "read", + Arg(0, EQ, 0), + Arg(1, EQ, 1), + Arg(2, EQ, 2), + Arg(3, EQ, 3), + Arg(4, EQ, 4), + Arg(5, EQ, 5), + Arg(6, EQ, 6), + Arg(7, EQ, 7)) + except RuntimeError: + pass + try: + f.add_rule(KILL, -1001) + except RuntimeError: + pass + + f = SyscallFilter(ALLOW) + if f.exist_arch(Arch.X86): + try: + f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 2)) + except RuntimeError: + pass + +test() + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff --git a/tests/12-basic-masked-ops.c b/tests/12-basic-masked-ops.c index c213a69..a6fd939 100644 --- a/tests/12-basic-masked-ops.c +++ b/tests/12-basic-masked-ops.c @@ -39,6 +39,9 @@ int main(int argc, char *argv[]) if (ctx == NULL) goto out; + /* the syscall and argument numbers are all fake to make the test + * simpler */ + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1000, 3, SCMP_A0(SCMP_CMP_EQ, 0), SCMP_A1(SCMP_CMP_EQ, 1), diff --git a/tests/12-basic-masked-ops.py b/tests/12-basic-masked-ops.py new file mode 100755 index 0000000..283534b --- /dev/null +++ b/tests/12-basic-masked-ops.py @@ -0,0 +1,61 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2012 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <pmoore@redhat.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(KILL) + # the syscall and argument numbers are all fake to make the test simpler + f.add_rule_exactly(ALLOW, 1000, + Arg(0, EQ, 0), + Arg(1, EQ, 1), + Arg(2, EQ, 2)) + f.add_rule_exactly(ALLOW, 1000, + Arg(0, EQ, 0), + Arg(1, MASKED_EQ, 0x00ff, 1), + Arg(2, EQ, 2)) + f.add_rule_exactly(ALLOW, 1000, + Arg(0, EQ, 0), + Arg(1, MASKED_EQ, 0xffff, 11), + Arg(2, EQ, 2)) + f.add_rule_exactly(ALLOW, 1000, + Arg(0, EQ, 0), + Arg(1, MASKED_EQ, 0xffff, 111), + Arg(2, EQ, 2)) + f.add_rule_exactly(ALLOW, 1000, + Arg(0, EQ, 0), + Arg(1, MASKED_EQ, 0xff00, 1000), + Arg(2, EQ, 2)) + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff --git a/tests/13-attrs.py b/tests/13-attrs.py new file mode 100755 index 0000000..471ab34 --- /dev/null +++ b/tests/13-attrs.py @@ -0,0 +1,49 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2012 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <pmoore@redhat.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(): + f = SyscallFilter(ALLOW) + if f.get_attr(Attr.ACT_DEFAULT) != ALLOW: + raise RuntimeError("Failed getting Attr.ACT_DEFAULT") + try: + f.set_attr(Attr.ACT_DEFAULT, ALLOW) + except RuntimeError: + pass + f.set_attr(Attr.ACT_BADARCH, ALLOW) + if f.get_attr(Attr.ACT_BADARCH) != ALLOW: + raise RuntimeError("Failed getting Attr.ACT_BADARCH") + f.set_attr(Attr.CTL_NNP, 0) + if f.get_attr(Attr.CTL_NNP) != 0: + raise RuntimeError("Failed getting Attr.CTL_NNP") + +test() + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff --git a/tests/14-reset.py b/tests/14-reset.py new file mode 100755 index 0000000..60c131f --- /dev/null +++ b/tests/14-reset.py @@ -0,0 +1,43 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2012 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <pmoore@redhat.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(KILL) + f.add_rule(ALLOW, "read") + f.reset() + f.add_rule(ALLOW, "write") + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff --git a/tests/15-resolver.py b/tests/15-resolver.py new file mode 100755 index 0000000..b15e148 --- /dev/null +++ b/tests/15-resolver.py @@ -0,0 +1,45 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2012 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <pmoore@redhat.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(): + f = SyscallFilter(KILL) + # this differs from the native test as we don't support the syscall + # resolution functions by themselves + f.add_rule(ALLOW, "open") + f.add_rule(ALLOW, "socket") + try: + f.add_rule(ALLOW, "INVALID") + except RuntimeError: + pass + +test() + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff --git a/tests/16-arch-basic.py b/tests/16-arch-basic.py new file mode 100755 index 0000000..eebe9a3 --- /dev/null +++ b/tests/16-arch-basic.py @@ -0,0 +1,51 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2012 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <pmoore@redhat.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(KILL) + if not f.exist_arch(Arch.X86): + f.add_arch(Arch.X86) + if not f.exist_arch(Arch.X86_64): + f.add_arch(Arch.X86_64) + f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin)) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout)) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr)) + f.add_rule(ALLOW, "close") + f.add_rule(ALLOW, "socket") + f.add_rule(ALLOW, "connect") + f.add_rule(ALLOW, "shutdown") + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff --git a/tests/17-arch-merge.py b/tests/17-arch-merge.py new file mode 100755 index 0000000..0221764 --- /dev/null +++ b/tests/17-arch-merge.py @@ -0,0 +1,55 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2012 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <pmoore@redhat.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f32 = SyscallFilter(KILL) + f64 = SyscallFilter(KILL) + if not f32.exist_arch(Arch.X86): + f32.add_arch(Arch.X86) + f32.remove_arch(Arch.NATIVE) + if not f64.exist_arch(Arch.X86_64): + f64.add_arch(Arch.X86_64) + f64.remove_arch(Arch.NATIVE) + f32.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin)) + f32.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout)) + f32.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr)) + f32.add_rule(ALLOW, "close") + f64.add_rule(ALLOW, "socket") + f64.add_rule(ALLOW, "connect") + f64.add_rule(ALLOW, "shutdown") + f64.merge(f32) + return f64 + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; |