diff options
author | Tyler Hicks <tyhicks@canonical.com> | 2017-10-18 06:16:52 +0000 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2017-11-01 12:48:14 -0400 |
commit | d0e11951f6484db5d8e98591ddc0c0157b333d85 (patch) | |
tree | 0402519270e14ee916dfa31503505bc49037bdd7 /tests | |
parent | 8a8576c9e0cf463d2d624686a4e57058ae30e91a (diff) | |
download | libseccomp-d0e11951f6484db5d8e98591ddc0c0157b333d85.tar.gz |
all: add support for new log filter flag
Extend libseccomp to support SECCOMP_FILTER_FLAG_LOG, which is intended
to cause log events for all actions taken by a filter except for
SCMP_ACT_ALLOW actions. This is done via a new filter attribute called
SCMP_FLTATR_CTL_LOG that is off by default.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/13-basic-attrs.c | 15 | ||||
-rwxr-xr-x | tests/13-basic-attrs.py | 5 | ||||
-rw-r--r-- | tests/39-basic-api_level.c | 13 | ||||
-rwxr-xr-x | tests/39-basic-api_level.py | 7 |
4 files changed, 36 insertions, 4 deletions
diff --git a/tests/13-basic-attrs.c b/tests/13-basic-attrs.c index bbb6765..0fe4755 100644 --- a/tests/13-basic-attrs.c +++ b/tests/13-basic-attrs.c @@ -32,6 +32,10 @@ int main(int argc, char *argv[]) uint32_t val = (uint32_t)(-1); scmp_filter_ctx ctx = NULL; + rc = seccomp_api_set(3); + if (rc != 0) + return EOPNOTSUPP; + ctx = seccomp_init(SCMP_ACT_ALLOW); if (ctx == NULL) return ENOMEM; @@ -93,6 +97,17 @@ int main(int argc, char *argv[]) goto out; } + rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_LOG, 1); + if (rc != 0) + goto out; + rc = seccomp_attr_get(ctx, SCMP_FLTATR_CTL_LOG, &val); + if (rc != 0) + goto out; + if (val != 1) { + rc = -1; + goto out; + } + rc = 0; out: seccomp_release(ctx); diff --git a/tests/13-basic-attrs.py b/tests/13-basic-attrs.py index 8133942..49759ee 100755 --- a/tests/13-basic-attrs.py +++ b/tests/13-basic-attrs.py @@ -29,6 +29,8 @@ import util from seccomp import * def test(): + set_api(3) + f = SyscallFilter(ALLOW) if f.get_attr(Attr.ACT_DEFAULT) != ALLOW: raise RuntimeError("Failed getting Attr.ACT_DEFAULT") @@ -47,6 +49,9 @@ def test(): f.set_attr(Attr.API_TSKIP, 0) if f.get_attr(Attr.API_TSKIP) != 0: raise RuntimeError("Failed getting Attr.API_TSKIP") + f.set_attr(Attr.CTL_LOG, 1) + if f.get_attr(Attr.CTL_LOG) != 1: + raise RuntimeError("Failed getting Attr.CTL_LOG") test() diff --git a/tests/39-basic-api_level.c b/tests/39-basic-api_level.c index 18c082a..9ce3b41 100644 --- a/tests/39-basic-api_level.c +++ b/tests/39-basic-api_level.c @@ -47,14 +47,21 @@ int main(int argc, char *argv[]) if (api != 2) return -5; + rc = seccomp_api_set(3); + if (rc != 0) + return -6; + api = seccomp_api_get(); + if (api != 3) + return -7; + /* Attempt to set a high, invalid API level */ rc = seccomp_api_set(1024); if (rc != -EINVAL) - return -6; + return -8; /* Ensure that the previously set API level didn't change */ api = seccomp_api_get(); - if (api != 2) - return -7; + if (api != 3) + return -9; return 0; } diff --git a/tests/39-basic-api_level.py b/tests/39-basic-api_level.py index 49d23f2..9c40c33 100755 --- a/tests/39-basic-api_level.py +++ b/tests/39-basic-api_level.py @@ -45,6 +45,11 @@ def test(): if api != 2: raise RuntimeError("Failed getting API level 2") + set_api(3) + api = get_api() + if api != 3: + raise RuntimeError("Failed getting API level 3") + # Attempt to set a high, invalid API level try: set_api(1024) @@ -54,7 +59,7 @@ def test(): raise RuntimeError("Missing failure when setting invalid API level") # Ensure that the previously set API level didn't change api = get_api() - if api != 2: + if api != 3: raise RuntimeError("Failed getting old API level after setting an invalid API level") test() |