diff options
author | Paul Moore <paul@paul-moore.com> | 2020-01-27 09:38:38 -0700 |
---|---|---|
committer | Tom Hromatka <tom.hromatka@oracle.com> | 2020-02-03 11:09:17 -0700 |
commit | 138299c6bb22f0638dcbf2c2e915270ad66d008c (patch) | |
tree | e2684aab78deaadb97975fd47e9841a1bcc03692 | |
parent | 31ecb5fa1a7eb0677e73548831a0dcdcbceb415e (diff) | |
download | libseccomp-138299c6bb22f0638dcbf2c2e915270ad66d008c.tar.gz |
tests: introduce a simple seccomp_load() test as part of the non-live tests
This is a bit controversial as historically we've refrained from
doing any tests that rely on the host kernel in the non-live tests,
but I think enough time has past that we can do a simple
seccomp_load() and not break the world's build/test platforms.
The obvious big advantage is we are now testing the basic
prctl()/seccomp() filter load infrastructure as part of the main
regression test run.
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
(cherry picked from commit 3bae8850487eaad54fccbf206516b269f330b08f)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Conflicts:
tests/.gitignore
tests/Makefile.am
-rw-r--r-- | tests/.gitignore | 1 | ||||
-rw-r--r-- | tests/52-basic-load.c | 48 | ||||
-rwxr-xr-x | tests/52-basic-load.py | 38 | ||||
-rw-r--r-- | tests/52-basic-load.tests | 11 | ||||
-rw-r--r-- | tests/Makefile.am | 9 |
5 files changed, 104 insertions, 3 deletions
diff --git a/tests/.gitignore b/tests/.gitignore index a5bc9e4..17297a2 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -56,3 +56,4 @@ util.pyc 48-sim-32b_args 49-sim-64b_comparisons 50-sim-hash_collision +52-basic-load diff --git a/tests/52-basic-load.c b/tests/52-basic-load.c new file mode 100644 index 0000000..2f2b516 --- /dev/null +++ b/tests/52-basic-load.c @@ -0,0 +1,48 @@ +/** + * Seccomp Library test program + * + * Copyright (c) 2019 Cisco Systems, Inc. <pmoore2@cisco.com> + * Author: Paul Moore <paul@paul-moore.com> + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see <http://www.gnu.org/licenses>. + */ + +#include <errno.h> +#include <unistd.h> + +#include <seccomp.h> + +#include "util.h" + +int main(int argc, char *argv[]) +{ + int rc; + struct util_options opts; + scmp_filter_ctx ctx = NULL; + + rc = util_getopt(argc, argv, &opts); + if (rc < 0) + goto out; + + ctx = seccomp_init(SCMP_ACT_ALLOW); + if (ctx == NULL) + return ENOMEM; + + rc = seccomp_load(ctx); + +out: + seccomp_release(ctx); + return (rc < 0 ? -rc : rc); +} diff --git a/tests/52-basic-load.py b/tests/52-basic-load.py new file mode 100755 index 0000000..4395a79 --- /dev/null +++ b/tests/52-basic-load.py @@ -0,0 +1,38 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2019 Cisco Systems, Inc. <pmoore2@cisco.com> +# Author: Paul Moore <paul@paul-moore.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(): + f = SyscallFilter(ALLOW) + f.load() + +test() + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff --git a/tests/52-basic-load.tests b/tests/52-basic-load.tests new file mode 100644 index 0000000..510e2d3 --- /dev/null +++ b/tests/52-basic-load.tests @@ -0,0 +1,11 @@ +# +# libseccomp regression test automation data +# +# Copyright (c) 2013 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <paul@paul-moore.com> +# + +test type: basic + +# Test command +52-basic-load diff --git a/tests/Makefile.am b/tests/Makefile.am index eb84e14..f667b7d 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -89,7 +89,8 @@ check_PROGRAMS = \ 47-live-kill_process \ 48-sim-32b_args \ 49-sim-64b_comparisons \ - 50-sim-hash_collision + 50-sim-hash_collision \ + 52-basic-load EXTRA_DIST_TESTPYTHON = \ util.py \ @@ -141,7 +142,8 @@ EXTRA_DIST_TESTPYTHON = \ 47-live-kill_process.py \ 48-sim-32b_args.py \ 49-sim-64b_comparisons.py \ - 50-sim-hash_collision.py + 50-sim-hash_collision.py \ + 52-basic-load.py EXTRA_DIST_TESTCFGS = \ 01-sim-allow.tests \ @@ -193,7 +195,8 @@ EXTRA_DIST_TESTCFGS = \ 47-live-kill_process.tests \ 48-sim-32b_args.tests \ 49-sim-64b_comparisons.tests \ - 50-sim-hash_collision.tests + 50-sim-hash_collision.tests \ + 52-basic-load.tests EXTRA_DIST_TESTSCRIPTS = \ 38-basic-pfc_coverage.sh 38-basic-pfc_coverage.pfc |