diff options
author | Andy Lutomirski <luto@amacapital.net> | 2013-10-22 09:35:50 -0700 |
---|---|---|
committer | Paul Moore <pmoore@redhat.com> | 2013-10-22 14:24:44 -0400 |
commit | 8e1b4634733dcd59713c43d7d1e53c277767b2fb (patch) | |
tree | b17aaaa1f6a6e97700691051125b73ba2d9da7d6 | |
parent | 9de19061978d990dc9fc25a20e145218cf66806c (diff) | |
download | libseccomp-8e1b4634733dcd59713c43d7d1e53c277767b2fb.tar.gz |
python: Remove file object support from Arg
It's still possible to pass file descriptors into the Arg data, but safe
uses are already complicated enough that making the user call fileno()
themselves seems reasonable.
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
(corrected the python test cases to take into account the change)
Signed-off-by: Paul Moore <pmoore@redhat.com>
-rw-r--r-- | src/python/seccomp.pyx | 10 | ||||
-rwxr-xr-x | tests/07-sim-db_bug_looping.py | 4 | ||||
-rwxr-xr-x | tests/16-sim-arch_basic.py | 6 | ||||
-rwxr-xr-x | tests/17-sim-arch_merge.py | 6 |
4 files changed, 10 insertions, 16 deletions
diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx index ed7c1bb..47d2ae1 100644 --- a/src/python/seccomp.pyx +++ b/src/python/seccomp.pyx @@ -165,14 +165,8 @@ cdef class Arg: """ self._arg.arg = arg self._arg.op = op - if isinstance(datum_a, file): - self._arg.datum_a = datum_a.fileno() - else: - self._arg.datum_a = datum_a - if isinstance(datum_b, file): - self._arg.datum_b = datum_b.fileno() - else: - self._arg.datum_b = datum_b + self._arg.datum_a = datum_a + self._arg.datum_b = datum_b def to_c(self): """ Convert the object into a C structure. diff --git a/tests/07-sim-db_bug_looping.py b/tests/07-sim-db_bug_looping.py index 0b6e988..3314a3e 100755 --- a/tests/07-sim-db_bug_looping.py +++ b/tests/07-sim-db_bug_looping.py @@ -32,9 +32,9 @@ def test(args): f = SyscallFilter(KILL) # the next three seccomp_rule_add_exact() calls for read must go together # in this order to catch an infinite loop. - f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdout)) + f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdout.fileno())) f.add_rule(ALLOW, "read", Arg(1, EQ, 0)) - f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin)) + f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) return f args = util.get_opt() diff --git a/tests/16-sim-arch_basic.py b/tests/16-sim-arch_basic.py index 4484ac5..d29a5ff 100755 --- a/tests/16-sim-arch_basic.py +++ b/tests/16-sim-arch_basic.py @@ -38,9 +38,9 @@ def test(args): f.add_arch(Arch.X32) if not f.exist_arch(Arch.ARM): f.add_arch(Arch.ARM) - f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin)) - f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout)) - f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr)) + f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) f.add_rule(ALLOW, "close") f.add_rule(ALLOW, "socket") f.add_rule(ALLOW, "connect") diff --git a/tests/17-sim-arch_merge.py b/tests/17-sim-arch_merge.py index 0221764..44e9cc4 100755 --- a/tests/17-sim-arch_merge.py +++ b/tests/17-sim-arch_merge.py @@ -37,9 +37,9 @@ def test(args): if not f64.exist_arch(Arch.X86_64): f64.add_arch(Arch.X86_64) f64.remove_arch(Arch.NATIVE) - f32.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin)) - f32.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout)) - f32.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr)) + f32.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) + f32.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) + f32.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) f32.add_rule(ALLOW, "close") f64.add_rule(ALLOW, "socket") f64.add_rule(ALLOW, "connect") |