tests: create a simple live test to verify we can set the TSYNC attribute

Signed-off-by: Paul Moore <paul@paul-moore.com>

5 files changed, 165 insertions, 3 deletions

diff --git a/tests/.gitignore b/tests/.gitignore
index 9a0e46e..f6c40ee 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -36,3 +36,4 @@ util.pyc
 29-sim-pseudo_syscall
 30-sim-socket_syscalls
 31-basic-version_check
+32-live-tsync_allow
diff --git a/tests/32-live-tsync_allow.c b/tests/32-live-tsync_allow.c
new file mode 100644
index 0000000..26f7af2
--- /dev/null
+++ b/tests/32-live-tsync_allow.c
@@ -0,0 +1,84 @@
+/**
+ * Seccomp Library test program
+ *
+ * Copyright (c) 2013 Red Hat <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <errno.h>
+#include <unistd.h>
+
+#include <seccomp.h>
+
+#include "util.h"
+
+int main(int argc, char *argv[])
+{
+	int rc;
+	scmp_filter_ctx ctx = NULL;
+
+	rc = util_action_parse(argv[1]);
+	if (rc != SCMP_ACT_ALLOW) {
+		rc = 1;
+		goto out;
+	}
+
+	rc = util_trap_install();
+	if (rc != 0)
+		goto out;
+
+	ctx = seccomp_init(SCMP_ACT_TRAP);
+	if (ctx == NULL)
+		return ENOMEM;
+
+	rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 0);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 0);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigreturn), 0);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit_group), 0);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_load(ctx);
+	if (rc != 0)
+		goto out;
+
+	rc = util_file_write("/dev/null");
+	if (rc != 0)
+		goto out;
+
+	rc = 160;
+
+out:
+	seccomp_release(ctx);
+	return (rc < 0 ? -rc : rc);
+}
diff --git a/tests/32-live-tsync_allow.py b/tests/32-live-tsync_allow.py
new file mode 100755
index 0000000..a59b1a3
--- /dev/null
+++ b/tests/32-live-tsync_allow.py
@@ -0,0 +1,63 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2013 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test():
+    action = util.parse_action(sys.argv[1])
+    if not action == ALLOW:
+        quit(1)
+    util.install_trap()
+    f = SyscallFilter(TRAP)
+    f.set_attr(Attr.CTL_TSYNC, 1)
+    # NOTE: additional syscalls required for python
+    f.add_rule(ALLOW, "stat")
+    f.add_rule(ALLOW, "fstat")
+    f.add_rule(ALLOW, "open")
+    f.add_rule(ALLOW, "openat")
+    f.add_rule(ALLOW, "mmap")
+    f.add_rule(ALLOW, "munmap")
+    f.add_rule(ALLOW, "read")
+    f.add_rule(ALLOW, "write")
+    f.add_rule(ALLOW, "close")
+    f.add_rule(ALLOW, "rt_sigaction")
+    f.add_rule(ALLOW, "rt_sigreturn")
+    f.add_rule(ALLOW, "sigreturn")
+    f.add_rule(ALLOW, "brk")
+    f.add_rule(ALLOW, "exit_group")
+    f.load()
+    try:
+        util.write_file("/dev/null")
+    except OSError as ex:
+        quit(ex.errno)
+    quit(160)
+
+test()
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/tests/32-live-tsync_allow.tests b/tests/32-live-tsync_allow.tests
new file mode 100644
index 0000000..9938ea7
--- /dev/null
+++ b/tests/32-live-tsync_allow.tests
@@ -0,0 +1,11 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2013 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+
+test type: live
+
+# Testname		Result
+32-live-tsync_allow	ALLOW
diff --git a/tests/Makefile.am b/tests/Makefile.am
index fec9e19..5f17e97 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -59,7 +59,8 @@ check_PROGRAMS = \
 	28-sim-arch_x86 \
 	29-sim-pseudo_syscall \
 	30-sim-socket_syscalls \
-	31-basic-version_check
+	31-basic-version_check \
+	32-live-tsync_allow
 
 EXTRA_DIST_TESTPYTHON = \
 	util.py \
@@ -93,7 +94,8 @@ EXTRA_DIST_TESTPYTHON = \
 	28-sim-arch_x86.py \
 	29-sim-pseudo_syscall.py \
 	30-sim-socket_syscalls.py \
-	31-basic-version_check.py
+	31-basic-version_check.py \
+	32-live-tsync_allow.py
 
 EXTRA_DIST_TESTCFGS = \
 	01-sim-allow.tests \
@@ -126,7 +128,8 @@ EXTRA_DIST_TESTCFGS = \
 	28-sim-arch_x86.tests \
 	29-sim-pseudo_syscall.tests \
 	30-sim-socket_syscalls.tests \
-	31-basic-version_check.tests
+	31-basic-version_check.tests \
+	32-live-tsync_allow.tests
 
 EXTRA_DIST_TESTSCRIPTS = regression testdiff testgen