diff options
| -rw-r--r-- | tests/27-sim-bpf_blk_state.c | 103 | ||||
| -rwxr-xr-x | tests/27-sim-bpf_blk_state.py | 53 | ||||
| -rw-r--r-- | tests/27-sim-bpf_blk_state.tests | 24 | ||||
| -rw-r--r-- | tests/Makefile.am | 3 |
4 files changed, 182 insertions, 1 deletions
diff --git a/tests/27-sim-bpf_blk_state.c b/tests/27-sim-bpf_blk_state.c new file mode 100644 index 0000000..39c53dd --- /dev/null +++ b/tests/27-sim-bpf_blk_state.c @@ -0,0 +1,103 @@ +/** + * Seccomp Library test program + * + * Copyright (c) 2015 Red Hat <pmoore@redhat.com> + * Author: Paul Moore <pmoore@redhat.com> + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see <http://www.gnu.org/licenses>. + */ + +#include <errno.h> +#include <unistd.h> + +#include <seccomp.h> + +#include "util.h" + +int main(int argc, char *argv[]) +{ + int rc; + struct util_options opts; + scmp_filter_ctx ctx = NULL; + + rc = util_getopt(argc, argv, &opts); + if (rc < 0) + goto out; + + ctx = seccomp_init(SCMP_ACT_ALLOW); + if (ctx == NULL) + return ENOMEM; + + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + SCMP_A0(SCMP_CMP_EQ, 3)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + SCMP_A0(SCMP_CMP_EQ, 4)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + SCMP_A0(SCMP_CMP_EQ, 5)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + SCMP_A0(SCMP_CMP_EQ, 6)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + SCMP_A0(SCMP_CMP_EQ, 7)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + SCMP_A0(SCMP_CMP_EQ, 8)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + SCMP_A0(SCMP_CMP_EQ, 9)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + SCMP_A0(SCMP_CMP_EQ, 11)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + SCMP_A0(SCMP_CMP_EQ, 12)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + SCMP_A0(SCMP_CMP_EQ, 13)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + SCMP_A0(SCMP_CMP_EQ, 14)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + SCMP_A0(SCMP_CMP_EQ, 15)); + if (rc != 0) + goto out; + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + SCMP_A0(SCMP_CMP_GE, 16)); + if (rc != 0) + goto out; + + rc = util_filter_output(&opts, ctx); + if (rc) + goto out; + +out: + seccomp_release(ctx); + return (rc < 0 ? -rc : rc); +} diff --git a/tests/27-sim-bpf_blk_state.py b/tests/27-sim-bpf_blk_state.py new file mode 100755 index 0000000..647c549 --- /dev/null +++ b/tests/27-sim-bpf_blk_state.py @@ -0,0 +1,53 @@ +#!/usr/bin/env python + +# +# Seccomp Library test program +# +# Copyright (c) 2015 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <pmoore@redhat.com> +# + +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of version 2.1 of the GNU Lesser General Public License as +# published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +# for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library; if not, see <http://www.gnu.org/licenses>. +# + +import argparse +import sys + +import util + +from seccomp import * + +def test(args): + f = SyscallFilter(ALLOW) + f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 3)) + f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 4)) + f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 5)) + f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 6)) + f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 7)) + f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 8)) + f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 9)) + f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 11)) + f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 12)) + f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 13)) + f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 14)) + f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 15)) + f.add_rule_exactly(KILL, "socket", Arg(0, GE, 16)) + return f + +args = util.get_opt() +ctx = test(args) +util.filter_output(args, ctx) + +# kate: syntax python; +# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; diff --git a/tests/27-sim-bpf_blk_state.tests b/tests/27-sim-bpf_blk_state.tests new file mode 100644 index 0000000..dd72b05 --- /dev/null +++ b/tests/27-sim-bpf_blk_state.tests @@ -0,0 +1,24 @@ +# +# libseccomp regression test automation data +# +# Copyright (c) 2015 Red Hat <pmoore@redhat.com> +# Author: Paul Moore <pmoore@redhat.com +# + +test type: bpf-sim + +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +27-sim-bpf_blk_state +x86_64 socket 0-2 N N N N N ALLOW +27-sim-bpf_blk_state +x86_64 socket 3-9 N N N N N KILL +27-sim-bpf_blk_state +x86_64 socket 10 N N N N N ALLOW +27-sim-bpf_blk_state +x86_64 socket 11-32 N N N N N KILL + +test type: bpf-sim-fuzz + +# Testname StressCount +27-sim-bpf_blk_state 50 + +test type: bpf-valgrind + +# Testname +27-sim-bpf_blk_state diff --git a/tests/Makefile.am b/tests/Makefile.am index edb50a3..d6f91fd 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -51,7 +51,8 @@ check_PROGRAMS = \ 23-sim-arch_all_le_basic \ 24-live-arg_allow \ 25-sim-multilevel_chains_adv \ - 26-sim-arch_all_be_basic + 26-sim-arch_all_be_basic \ + 27-sim-bpf_blk_state EXTRA_DIST_TESTPYTHON = \ util.py \ |