diff options
author | Mathias Krause' via libseccomp <libseccomp@googlegroups.com> | 2015-06-14 11:09:15 +0200 |
---|---|---|
committer | Paul Moore <pmoore@redhat.com> | 2015-06-15 17:31:08 -0400 |
commit | 25be15a99463286f1dcf8ba581ad9b94676db754 (patch) | |
tree | 9cece06916ffb0172a935d6a0ac6ce183b6e415c /tests/28-sim-arch_x86.py | |
parent | 9b16b91c1293c3629529d288018415e309043daa (diff) | |
download | libseccomp-25be15a99463286f1dcf8ba581ad9b94676db754.tar.gz |
tests: add a test for faulty handling of the x32 architecture
We currently allow calling close() on the x32 architecture when we're
generating a blacklist filter for x86 and x86_64, i.e. one with an
ALLOW policy. We shouldn't as the default handling for unsupported
architectures should be defined by the bad_arch handling -- not the
default policy.
The reason for the faulty behaviour is the wrong jump target for the
x32 architecture test. It should jump to the KILL label, not the next
architecture test instruction. That one won't test the architecture
any more as the accumulator register was already overwritten with the
syscall number for the x32 test.
This test generates a filter that should return ERRNO(1) on calls to
close() for supported architectures or KILL on unsupported ones. But,
currently, does not do so for x32 and ALLOWs the syscall instead.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
[PM: added a python version of the test]
Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'tests/28-sim-arch_x86.py')
-rw-r--r-- | tests/28-sim-arch_x86.py | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/tests/28-sim-arch_x86.py b/tests/28-sim-arch_x86.py new file mode 100644 index 0000000..3ef7b77 --- /dev/null +++ b/tests/28-sim-arch_x86.py @@ -0,0 +1,47 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2015 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <pmoore@redhat.com> +# +# Adapted from 29-sim-arch_x86.c by Mathias Krause <minipli@googlemail.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(ALLOW) + f.remove_arch(Arch()) + # add x86-64 and x86 (in that order!) but explicitly leave out x32 + f.add_arch(Arch("x86_64")) + f.add_arch(Arch("x86")) + f.add_rule(ERRNO(1), "close") + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; |