diff options
| author | Tyler Hicks <tyhicks@canonical.com> | 2017-10-10 05:01:57 +0000 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2017-10-19 14:23:52 -0400 |
| commit | 4f16fe2082863cf317512b24e9a88da373b1894b (patch) | |
| tree | e0c9afdce453d6689e61e86a42194a6497d74a29 | |
| parent | f9d757de253dbbb7d32fe16774a12b0ccfb7f499 (diff) | |
| download | libseccomp-4f16fe2082863cf317512b24e9a88da373b1894b.tar.gz | |
python: Expose API level functionality
Allow Python applications to get and set the API level using global
functions.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
| -rw-r--r-- | src/python/seccomp.pyx | 29 | ||||
| -rwxr-xr-x | tests/39-basic-api_level.py | 34 |
2 files changed, 60 insertions, 3 deletions
diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx index 275019a..27e374f 100644 --- a/src/python/seccomp.pyx +++ b/src/python/seccomp.pyx @@ -150,6 +150,35 @@ def resolve_syscall(arch, syscall): else: raise TypeError("Syscall must either be an int or str type") +def get_api(): + """ Query the level of API support + + Description: + Returns the API level value indicating the current supported + functionality. + """ + level = libseccomp.seccomp_api_get() + if level < 0: + raise RuntimeError(str.format("Library error (errno = {0})", level)) + + return level + +def set_api(unsigned int level): + """ Set the level of API support + + Arguments: + level - the API level + + Description: + This function forcibly sets the API level at runtime. General use + of this function is strongly discouraged. + """ + rc = libseccomp.seccomp_api_set(level) + if rc == -errno.EINVAL: + raise ValueError("Invalid level") + elif rc != 0: + raise RuntimeError(str.format("Library error (errno = {0})", rc)) + cdef class Arch: """ Python object representing the SyscallFilter architecture values. diff --git a/tests/39-basic-api_level.py b/tests/39-basic-api_level.py index e958bf1..49d23f2 100755 --- a/tests/39-basic-api_level.py +++ b/tests/39-basic-api_level.py @@ -4,7 +4,9 @@ # Seccomp Library test program # # Copyright (c) 2016 Red Hat <pmoore@redhat.com> -# Author: Paul Moore <paul@paul-moore.com> +# Copyright (c) 2017 Canonical Ltd. +# Authors: Paul Moore <paul@paul-moore.com> +# Tyler Hicks <tyhicks@canonical.com> # # @@ -28,8 +30,34 @@ import util from seccomp import * -# NOTE: this is a NULL test since we don't support the seccomp_version() API -# via the libseccomp python bindings +def test(): + api = get_api() + if (api < 1): + raise RuntimeError("Failed getting initial API level") + + set_api(1) + api = get_api() + if api != 1: + raise RuntimeError("Failed getting API level 1") + + set_api(2) + api = get_api() + if api != 2: + raise RuntimeError("Failed getting API level 2") + + # Attempt to set a high, invalid API level + try: + set_api(1024) + except ValueError: + pass + else: + raise RuntimeError("Missing failure when setting invalid API level") + # Ensure that the previously set API level didn't change + api = get_api() + if api != 2: + raise RuntimeError("Failed getting old API level after setting an invalid API level") + +test() # kate: syntax python; # kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; |