diff options
-rw-r--r-- | tests/.gitignore | 1 | ||||
-rw-r--r-- | tests/07-db-bug-looping.c | 98 | ||||
-rw-r--r-- | tests/Makefile | 3 |
3 files changed, 101 insertions, 1 deletions
diff --git a/tests/.gitignore b/tests/.gitignore index 104dd46..c2b71ec 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -5,4 +5,5 @@ 04-multilevel-chains 05-long-jumps 06-actions +07-db-bug-looping diff --git a/tests/07-db-bug-looping.c b/tests/07-db-bug-looping.c new file mode 100644 index 0000000..4071059 --- /dev/null +++ b/tests/07-db-bug-looping.c @@ -0,0 +1,98 @@ +/** + * Seccomp Library test program + * + * Copyright (c) 2012 IBM <adlai@us.ibm.com> + * Author: Ashley Lai <adlai@us.ibm.com> + */ + +/* + * This program is free software: you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#include <errno.h> +#include <getopt.h> +#include <stdlib.h> +#include <stdio.h> +#include <unistd.h> + +#include <seccomp.h> + +int main(int argc, char *argv[]) +{ + static int bpf = 0; + int rc; + + while (1) { + static struct option long_options[] = { + {"bpf", no_argument, &bpf, 1}, + {"pfc", no_argument, &bpf, 0}, + {0,0,0,0}, + }; + int c, option_index = 0; + + c = getopt_long(argc, argv, "bp", + long_options, &option_index); + + if (c == -1) + break; + + switch (c) { + case 0: + break; + case 'b': + bpf = 1; + break; + + case 'p': + bpf = 0; + break; + default: + return -1; + } + } + + if (optind < argc) { + printf("usage %s: [--bpf,-b] [--pfc,-p]\n", argv[0]); + return -EINVAL; + } + rc = seccomp_init(SCMP_ACT_KILL); + if (rc != 0) + return rc; + + /* The next three seccomp_add_syscall() for read must + * go together in this order to catch an infinite loop. */ + rc = seccomp_add_syscall(SCMP_ACT_ALLOW, SCMP_SYS(read), 1, + 0, SCMP_CMP_EQ, STDOUT_FILENO); + if (rc != 0) + return rc; + + rc = seccomp_add_syscall(SCMP_ACT_ALLOW, SCMP_SYS(read), 1, + 1, SCMP_CMP_EQ, NULL); + if (rc != 0) + return rc; + + rc = seccomp_add_syscall(SCMP_ACT_ALLOW, SCMP_SYS(read), 1, + 0, SCMP_CMP_EQ, STDIN_FILENO); + if (rc != 0) + return rc; + + if (bpf) + rc = seccomp_gen_bpf(STDOUT_FILENO); + else + rc = seccomp_gen_pfc(STDOUT_FILENO); + if (rc != 0) + return rc; + + seccomp_release(); + return rc; +} diff --git a/tests/Makefile b/tests/Makefile index c07f5db..d42ca2b 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -42,7 +42,8 @@ TESTS = 01-allow \ 03-basic-chains \ 04-multilevel-chains \ 05-long-jumps \ - 06-actions + 06-actions \ + 07-db-bug-looping DEPS = $(TESTS:%=%.d) |