tests: add python versions of the existing tests

Signed-off-by: Paul Moore <pmoore@redhat.com>

18 files changed, 940 insertions, 0 deletions

diff --git a/tests/01-allow.py b/tests/01-allow.py
new file mode 100755
index 0000000..db3656b
--- /dev/null
+++ b/tests/01-allow.py
@@ -0,0 +1,40 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2012 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <pmoore@redhat.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test(args):
+    f = SyscallFilter(ALLOW)
+    return f
+
+args = util.get_opt()
+ctx = test(args)
+util.filter_output(args, ctx)
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/tests/02-basic.py b/tests/02-basic.py
new file mode 100755
index 0000000..868664f
--- /dev/null
+++ b/tests/02-basic.py
@@ -0,0 +1,44 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2012 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <pmoore@redhat.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test(args):
+    f = SyscallFilter(KILL)
+    f.add_rule_exactly(ALLOW, "read");
+    f.add_rule_exactly(ALLOW, "write");
+    f.add_rule_exactly(ALLOW, "close");
+    f.add_rule_exactly(ALLOW, "rt_sigreturn");
+    return f
+
+args = util.get_opt()
+ctx = test(args)
+util.filter_output(args, ctx)
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/tests/03-basic-chains.py b/tests/03-basic-chains.py
new file mode 100755
index 0000000..324170d
--- /dev/null
+++ b/tests/03-basic-chains.py
@@ -0,0 +1,45 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2012 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <pmoore@redhat.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test(args):
+    f = SyscallFilter(KILL)
+    f.add_rule_exactly(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()));
+    f.add_rule_exactly(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()));
+    f.add_rule_exactly(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()));
+    f.add_rule_exactly(ALLOW, "close");
+    f.add_rule_exactly(ALLOW, "rt_sigreturn");
+    return f
+
+args = util.get_opt()
+ctx = test(args)
+util.filter_output(args, ctx)
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/tests/04-multilevel-chains.py b/tests/04-multilevel-chains.py
new file mode 100755
index 0000000..e40deee
--- /dev/null
+++ b/tests/04-multilevel-chains.py
@@ -0,0 +1,56 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2012 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <pmoore@redhat.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test(args):
+    f = SyscallFilter(KILL)
+    f.add_rule_exactly(ALLOW, "open");
+    f.add_rule_exactly(ALLOW, "close");
+    f.add_rule_exactly(ALLOW, "read",
+                        Arg(0, EQ, sys.stdin.fileno()),
+                        Arg(1, NE, 0),
+                        Arg(2, LT, sys.maxsize));
+    f.add_rule_exactly(ALLOW, "write",
+                        Arg(0, EQ, sys.stdout.fileno()),
+                        Arg(1, NE, 0),
+                        Arg(2, LT, sys.maxsize));
+    f.add_rule_exactly(ALLOW, "write",
+                        Arg(0, EQ, sys.stderr.fileno()),
+                        Arg(1, NE, 0),
+                        Arg(2, LT, sys.maxsize));
+    f.add_rule_exactly(ALLOW, "close");
+    f.add_rule_exactly(ALLOW, "rt_sigreturn");
+    return f
+
+args = util.get_opt()
+ctx = test(args)
+util.filter_output(args, ctx)
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/tests/05-long-jumps.py b/tests/05-long-jumps.py
new file mode 100755
index 0000000..c6fd066
--- /dev/null
+++ b/tests/05-long-jumps.py
@@ -0,0 +1,56 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2012 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <pmoore@redhat.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test(args):
+    f = SyscallFilter(KILL)
+    # syscalls referenced by number to make the test simpler
+    f.add_rule_exactly(ALLOW, 1)
+    i = 0
+    while i < 600:
+        f.add_rule_exactly(ALLOW, 1000,
+                           Arg(0, EQ, i),
+                           Arg(1, NE, 0),
+                           Arg(2, LT, sys.maxsize))
+        i += 1
+    i = 100
+    while i < 700:
+        f.add_rule_exactly(ALLOW, i,
+                           Arg(0, NE, 0))
+        i += 1
+    f.add_rule_exactly(ALLOW, 4)
+    return f
+
+args = util.get_opt()
+ctx = test(args)
+util.filter_output(args, ctx)
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
+
diff --git a/tests/06-actions.py b/tests/06-actions.py
new file mode 100755
index 0000000..4bd76f5
--- /dev/null
+++ b/tests/06-actions.py
@@ -0,0 +1,45 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2012 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <pmoore@redhat.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import errno
+import sys
+
+import util
+
+from seccomp import *
+
+def test(args):
+    f = SyscallFilter(KILL)
+    f.add_rule(ALLOW, "read")
+    f.add_rule(ERRNO(errno.EPERM), "write")
+    f.add_rule(TRAP, "close")
+    f.add_rule(TRACE(1234), "open")
+    return f
+
+args = util.get_opt()
+ctx = test(args)
+util.filter_output(args, ctx)
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/tests/07-db-bug-looping.py b/tests/07-db-bug-looping.py
new file mode 100755
index 0000000..0b6e988
--- /dev/null
+++ b/tests/07-db-bug-looping.py
@@ -0,0 +1,45 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2012 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <pmoore@redhat.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test(args):
+    f = SyscallFilter(KILL)
+    # the next three seccomp_rule_add_exact() calls for read must go together
+    # in this order to catch an infinite loop.
+    f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdout))
+    f.add_rule(ALLOW, "read", Arg(1, EQ, 0))
+    f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin))
+    return f
+
+args = util.get_opt()
+ctx = test(args)
+util.filter_output(args, ctx)
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/tests/08-subtree-checks.py b/tests/08-subtree-checks.py
new file mode 100755
index 0000000..766c3d1
--- /dev/null
+++ b/tests/08-subtree-checks.py
@@ -0,0 +1,122 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2012 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <pmoore@redhat.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test(args):
+    f = SyscallFilter(KILL)
+    # the syscall and argument numbers are all fake to make the test simpler
+    f.add_rule_exactly(ALLOW, 1000,
+                       Arg(0, EQ, 0),
+                       Arg(1, EQ, 1))
+    f.add_rule_exactly(ALLOW, 1000,
+                       Arg(1, EQ, 1))
+
+    f.add_rule_exactly(ALLOW, 1001,
+                       Arg(1, EQ, 1))
+    f.add_rule_exactly(ALLOW, 1001,
+                       Arg(0, EQ, 0),
+                       Arg(1, EQ, 1))
+
+    f.add_rule_exactly(ALLOW, 1002,
+                       Arg(0, EQ, 0),
+                       Arg(1, EQ, 1),
+                       Arg(2, EQ, 2),
+                       Arg(3, EQ, 3))
+    f.add_rule_exactly(ALLOW, 1002,
+                       Arg(1, EQ, 1),
+                       Arg(2, EQ, 2))
+
+    f.add_rule_exactly(ALLOW, 1003,
+                       Arg(1, EQ, 1),
+                       Arg(2, EQ, 2))
+    f.add_rule_exactly(ALLOW, 1003,
+                       Arg(0, EQ, 0),
+                       Arg(1, EQ, 1),
+                       Arg(2, EQ, 2),
+                       Arg(3, EQ, 3))
+
+    f.add_rule_exactly(ALLOW, 1004,
+                       Arg(0, EQ, 0),
+                       Arg(1, EQ, 1),
+                       Arg(2, EQ, 2),
+                       Arg(3, EQ, 3))
+    f.add_rule_exactly(ALLOW, 1004,
+                       Arg(0, EQ, 0),
+                       Arg(1, EQ, 11))
+    f.add_rule_exactly(ALLOW, 1004,
+                       Arg(0, EQ, 0),
+                       Arg(1, EQ, 1),
+                       Arg(2, EQ, 2),
+                       Arg(3, EQ, 33))
+    f.add_rule_exactly(ALLOW, 1004,
+                       Arg(1, EQ, 1),
+                       Arg(2, EQ, 2))
+
+    f.add_rule_exactly(ALLOW, 1005,
+                       Arg(1, EQ, 1),
+                       Arg(2, EQ, 2))
+    f.add_rule_exactly(ALLOW, 1005,
+                       Arg(0, EQ, 0),
+                       Arg(1, EQ, 1),
+                       Arg(2, EQ, 2),
+                       Arg(3, EQ, 3))
+    f.add_rule_exactly(ALLOW, 1005,
+                       Arg(0, EQ, 0),
+                       Arg(1, EQ, 11))
+    f.add_rule_exactly(ALLOW, 1005,
+                       Arg(0, EQ, 0),
+                       Arg(1, EQ, 1),
+                       Arg(2, EQ, 2),
+                       Arg(3, EQ, 33))
+
+    f.add_rule_exactly(ALLOW, 1006,
+                       Arg(1, NE, 1),
+                       Arg(2, EQ, 0))
+    f.add_rule_exactly(ALLOW, 1006,
+                       Arg(1, EQ, 1),
+                       Arg(2, EQ, 2))
+    f.add_rule_exactly(ALLOW, 1006,
+                       Arg(1, NE, 1))
+
+    f.add_rule_exactly(TRAP, 1007,
+                       Arg(2, EQ, 1),
+                       Arg(3, EQ, 3))
+    f.add_rule_exactly(ALLOW, 1007,
+                       Arg(2, EQ, 1),
+                       Arg(3, NE, 3))
+    f.add_rule_exactly(ALLOW, 1007,
+                       Arg(3, NE, 3))
+    return f
+
+args = util.get_opt()
+ctx = test(args)
+util.filter_output(args, ctx)
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/tests/09-syscall-priority-pre.py b/tests/09-syscall-priority-pre.py
new file mode 100755
index 0000000..7b19943
--- /dev/null
+++ b/tests/09-syscall-priority-pre.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2012 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <pmoore@redhat.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test(args):
+    f = SyscallFilter(KILL)
+    # the syscall and argument numbers are all fake to make the test simpler
+    f.syscall_priority(1000, 3)
+    f.syscall_priority(1001, 2)
+    f.syscall_priority(1002, 1)
+    f.add_rule_exactly(ALLOW, 1000, Arg(0, EQ, 0), Arg(1, EQ, 1))
+    f.add_rule_exactly(ALLOW, 1001, Arg(0, EQ, 0))
+    f.add_rule_exactly(ALLOW, 1002)
+    return f
+
+args = util.get_opt()
+ctx = test(args)
+util.filter_output(args, ctx)
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/tests/10-syscall-priority-post.py b/tests/10-syscall-priority-post.py
new file mode 100755
index 0000000..bc2e152
--- /dev/null
+++ b/tests/10-syscall-priority-post.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2012 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <pmoore@redhat.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test(args):
+    f = SyscallFilter(KILL)
+    # the syscall and argument numbers are all fake to make the test simpler
+    f.add_rule_exactly(ALLOW, 1000, Arg(0, EQ, 0), Arg(1, EQ, 1))
+    f.add_rule_exactly(ALLOW, 1001, Arg(0, EQ, 0))
+    f.add_rule_exactly(ALLOW, 1002)
+    f.syscall_priority(1000, 3)
+    f.syscall_priority(1001, 2)
+    f.syscall_priority(1002, 1)
+    return f
+
+args = util.get_opt()
+ctx = test(args)
+util.filter_output(args, ctx)
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/tests/11-basic-errors.py b/tests/11-basic-errors.py
new file mode 100755
index 0000000..900548d
--- /dev/null
+++ b/tests/11-basic-errors.py
@@ -0,0 +1,86 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2012 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <pmoore@redhat.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test():
+    # this test differs from the native test for obvious reasons
+    try:
+        f = SyscallFilter(ALLOW + 1)
+    except RuntimeError:
+        pass
+
+    f = SyscallFilter(ALLOW)
+    try:
+        f.reset(KILL + 1)
+    except ValueError:
+        pass
+
+    f = SyscallFilter(ALLOW)
+    try:
+        f.syscall_priority(-1000, 1)
+    except RuntimeError:
+        pass
+
+    f = SyscallFilter(ALLOW)
+    try:
+        f.add_rule(ALLOW, "read")
+    except RuntimeError:
+        pass
+    try:
+        f.add_rule(KILL - 1, "read")
+    except RuntimeError:
+        pass
+    try:
+        f.add_rule(KILL, "read",
+                Arg(0, EQ, 0),
+                Arg(1, EQ, 1),
+                Arg(2, EQ, 2),
+                Arg(3, EQ, 3),
+                Arg(4, EQ, 4),
+                Arg(5, EQ, 5),
+                Arg(6, EQ, 6),
+                Arg(7, EQ, 7))
+    except RuntimeError:
+        pass
+    try:
+        f.add_rule(KILL, -1001)
+    except RuntimeError:
+        pass
+
+    f = SyscallFilter(ALLOW)
+    if f.exist_arch(Arch.X86):
+        try:
+            f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 2))
+        except RuntimeError:
+            pass
+
+test()
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/tests/12-basic-masked-ops.c b/tests/12-basic-masked-ops.c
index c213a69..a6fd939 100644
--- a/tests/12-basic-masked-ops.c
+++ b/tests/12-basic-masked-ops.c
@@ -39,6 +39,9 @@ int main(int argc, char *argv[])
 	if (ctx == NULL)
 		goto out;
 
+	/* the syscall and argument numbers are all fake to make the test
+	 * simpler */
+
 	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1000, 3,
 				    SCMP_A0(SCMP_CMP_EQ, 0),
 				    SCMP_A1(SCMP_CMP_EQ, 1),
diff --git a/tests/12-basic-masked-ops.py b/tests/12-basic-masked-ops.py
new file mode 100755
index 0000000..283534b
--- /dev/null
+++ b/tests/12-basic-masked-ops.py
@@ -0,0 +1,61 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2012 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <pmoore@redhat.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test(args):
+    f = SyscallFilter(KILL)
+    # the syscall and argument numbers are all fake to make the test simpler
+    f.add_rule_exactly(ALLOW, 1000,
+                       Arg(0, EQ, 0),
+                       Arg(1, EQ, 1),
+                       Arg(2, EQ, 2))
+    f.add_rule_exactly(ALLOW, 1000,
+                       Arg(0, EQ, 0),
+                       Arg(1, MASKED_EQ, 0x00ff, 1),
+                       Arg(2, EQ, 2))
+    f.add_rule_exactly(ALLOW, 1000,
+                       Arg(0, EQ, 0),
+                       Arg(1, MASKED_EQ, 0xffff, 11),
+                       Arg(2, EQ, 2))
+    f.add_rule_exactly(ALLOW, 1000,
+                       Arg(0, EQ, 0),
+                       Arg(1, MASKED_EQ, 0xffff, 111),
+                       Arg(2, EQ, 2))
+    f.add_rule_exactly(ALLOW, 1000,
+                       Arg(0, EQ, 0),
+                       Arg(1, MASKED_EQ, 0xff00, 1000),
+                       Arg(2, EQ, 2))
+    return f
+
+args = util.get_opt()
+ctx = test(args)
+util.filter_output(args, ctx)
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/tests/13-attrs.py b/tests/13-attrs.py
new file mode 100755
index 0000000..471ab34
--- /dev/null
+++ b/tests/13-attrs.py
@@ -0,0 +1,49 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2012 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <pmoore@redhat.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test():
+    f = SyscallFilter(ALLOW)
+    if f.get_attr(Attr.ACT_DEFAULT) != ALLOW:
+        raise RuntimeError("Failed getting Attr.ACT_DEFAULT")
+    try:
+        f.set_attr(Attr.ACT_DEFAULT, ALLOW)
+    except RuntimeError:
+        pass
+    f.set_attr(Attr.ACT_BADARCH, ALLOW)
+    if f.get_attr(Attr.ACT_BADARCH) != ALLOW:
+        raise RuntimeError("Failed getting Attr.ACT_BADARCH")
+    f.set_attr(Attr.CTL_NNP, 0)
+    if f.get_attr(Attr.CTL_NNP) != 0:
+        raise RuntimeError("Failed getting Attr.CTL_NNP")
+
+test()
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/tests/14-reset.py b/tests/14-reset.py
new file mode 100755
index 0000000..60c131f
--- /dev/null
+++ b/tests/14-reset.py
@@ -0,0 +1,43 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2012 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <pmoore@redhat.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test(args):
+    f = SyscallFilter(KILL)
+    f.add_rule(ALLOW, "read")
+    f.reset()
+    f.add_rule(ALLOW, "write")
+    return f
+
+args = util.get_opt()
+ctx = test(args)
+util.filter_output(args, ctx)
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/tests/15-resolver.py b/tests/15-resolver.py
new file mode 100755
index 0000000..b15e148
--- /dev/null
+++ b/tests/15-resolver.py
@@ -0,0 +1,45 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2012 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <pmoore@redhat.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test():
+    f = SyscallFilter(KILL)
+    # this differs from the native test as we don't support the syscall
+    # resolution functions by themselves
+    f.add_rule(ALLOW, "open")
+    f.add_rule(ALLOW, "socket")
+    try:
+        f.add_rule(ALLOW, "INVALID")
+    except RuntimeError:
+        pass
+
+test()
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/tests/16-arch-basic.py b/tests/16-arch-basic.py
new file mode 100755
index 0000000..eebe9a3
--- /dev/null
+++ b/tests/16-arch-basic.py
@@ -0,0 +1,51 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2012 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <pmoore@redhat.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test(args):
+    f = SyscallFilter(KILL)
+    if not f.exist_arch(Arch.X86):
+        f.add_arch(Arch.X86)
+    if not f.exist_arch(Arch.X86_64):
+        f.add_arch(Arch.X86_64)
+    f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin))
+    f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout))
+    f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr))
+    f.add_rule(ALLOW, "close")
+    f.add_rule(ALLOW, "socket")
+    f.add_rule(ALLOW, "connect")
+    f.add_rule(ALLOW, "shutdown")
+    return f
+
+args = util.get_opt()
+ctx = test(args)
+util.filter_output(args, ctx)
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/tests/17-arch-merge.py b/tests/17-arch-merge.py
new file mode 100755
index 0000000..0221764
--- /dev/null
+++ b/tests/17-arch-merge.py
@@ -0,0 +1,55 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2012 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <pmoore@redhat.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test(args):
+    f32 = SyscallFilter(KILL)
+    f64 = SyscallFilter(KILL)
+    if not f32.exist_arch(Arch.X86):
+        f32.add_arch(Arch.X86)
+        f32.remove_arch(Arch.NATIVE)
+    if not f64.exist_arch(Arch.X86_64):
+        f64.add_arch(Arch.X86_64)
+        f64.remove_arch(Arch.NATIVE)
+    f32.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin))
+    f32.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout))
+    f32.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr))
+    f32.add_rule(ALLOW, "close")
+    f64.add_rule(ALLOW, "socket")
+    f64.add_rule(ALLOW, "connect")
+    f64.add_rule(ALLOW, "shutdown")
+    f64.merge(f32)
+    return f64
+
+args = util.get_opt()
+ctx = test(args)
+util.filter_output(args, ctx)
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;