From 77b18477a4a26ae82fed15c0a1f6150709770b40 Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Wed, 1 Jul 2015 13:50:34 -0400 Subject: tests: make 27-sim-bpf_blk_state architecture independent Using any of the socket related syscalls is always problematic, use a generic syscall number for this test since it isn't syscall specific. Reported-by: Jan Willeke Signed-off-by: Paul Moore (imported from commit 37a609498a218c370e86d34470a21d0d98db3b4f) --- tests/27-sim-bpf_blk_state.c | 26 +++++++++++++------------- tests/27-sim-bpf_blk_state.py | 26 +++++++++++++------------- tests/27-sim-bpf_blk_state.tests | 8 ++++---- 3 files changed, 30 insertions(+), 30 deletions(-) diff --git a/tests/27-sim-bpf_blk_state.c b/tests/27-sim-bpf_blk_state.c index 39c53dd..fd69044 100644 --- a/tests/27-sim-bpf_blk_state.c +++ b/tests/27-sim-bpf_blk_state.c @@ -40,55 +40,55 @@ int main(int argc, char *argv[]) if (ctx == NULL) return ENOMEM; - rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, 1000, 1, SCMP_A0(SCMP_CMP_EQ, 3)); if (rc != 0) goto out; - rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, 1000, 1, SCMP_A0(SCMP_CMP_EQ, 4)); if (rc != 0) goto out; - rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, 1000, 1, SCMP_A0(SCMP_CMP_EQ, 5)); if (rc != 0) goto out; - rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, 1000, 1, SCMP_A0(SCMP_CMP_EQ, 6)); if (rc != 0) goto out; - rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, 1000, 1, SCMP_A0(SCMP_CMP_EQ, 7)); if (rc != 0) goto out; - rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, 1000, 1, SCMP_A0(SCMP_CMP_EQ, 8)); if (rc != 0) goto out; - rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, 1000, 1, SCMP_A0(SCMP_CMP_EQ, 9)); if (rc != 0) goto out; - rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, 1000, 1, SCMP_A0(SCMP_CMP_EQ, 11)); if (rc != 0) goto out; - rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, 1000, 1, SCMP_A0(SCMP_CMP_EQ, 12)); if (rc != 0) goto out; - rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, 1000, 1, SCMP_A0(SCMP_CMP_EQ, 13)); if (rc != 0) goto out; - rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, 1000, 1, SCMP_A0(SCMP_CMP_EQ, 14)); if (rc != 0) goto out; - rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, 1000, 1, SCMP_A0(SCMP_CMP_EQ, 15)); if (rc != 0) goto out; - rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1, + rc = seccomp_rule_add_exact(ctx, SCMP_ACT_KILL, 1000, 1, SCMP_A0(SCMP_CMP_GE, 16)); if (rc != 0) goto out; diff --git a/tests/27-sim-bpf_blk_state.py b/tests/27-sim-bpf_blk_state.py index 647c549..ff53ac9 100755 --- a/tests/27-sim-bpf_blk_state.py +++ b/tests/27-sim-bpf_blk_state.py @@ -30,19 +30,19 @@ from seccomp import * def test(args): f = SyscallFilter(ALLOW) - f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 3)) - f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 4)) - f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 5)) - f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 6)) - f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 7)) - f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 8)) - f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 9)) - f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 11)) - f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 12)) - f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 13)) - f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 14)) - f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 15)) - f.add_rule_exactly(KILL, "socket", Arg(0, GE, 16)) + f.add_rule_exactly(KILL, 1000, Arg(0, EQ, 3)) + f.add_rule_exactly(KILL, 1000, Arg(0, EQ, 4)) + f.add_rule_exactly(KILL, 1000, Arg(0, EQ, 5)) + f.add_rule_exactly(KILL, 1000, Arg(0, EQ, 6)) + f.add_rule_exactly(KILL, 1000, Arg(0, EQ, 7)) + f.add_rule_exactly(KILL, 1000, Arg(0, EQ, 8)) + f.add_rule_exactly(KILL, 1000, Arg(0, EQ, 9)) + f.add_rule_exactly(KILL, 1000, Arg(0, EQ, 11)) + f.add_rule_exactly(KILL, 1000, Arg(0, EQ, 12)) + f.add_rule_exactly(KILL, 1000, Arg(0, EQ, 13)) + f.add_rule_exactly(KILL, 1000, Arg(0, EQ, 14)) + f.add_rule_exactly(KILL, 1000, Arg(0, EQ, 15)) + f.add_rule_exactly(KILL, 1000, Arg(0, GE, 16)) return f args = util.get_opt() diff --git a/tests/27-sim-bpf_blk_state.tests b/tests/27-sim-bpf_blk_state.tests index dd72b05..a4a8ae1 100644 --- a/tests/27-sim-bpf_blk_state.tests +++ b/tests/27-sim-bpf_blk_state.tests @@ -8,10 +8,10 @@ test type: bpf-sim # Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result -27-sim-bpf_blk_state +x86_64 socket 0-2 N N N N N ALLOW -27-sim-bpf_blk_state +x86_64 socket 3-9 N N N N N KILL -27-sim-bpf_blk_state +x86_64 socket 10 N N N N N ALLOW -27-sim-bpf_blk_state +x86_64 socket 11-32 N N N N N KILL +27-sim-bpf_blk_state all 1000 0-2 N N N N N ALLOW +27-sim-bpf_blk_state all 1000 3-9 N N N N N KILL +27-sim-bpf_blk_state all 1000 10 N N N N N ALLOW +27-sim-bpf_blk_state all 1000 11-32 N N N N N KILL test type: bpf-sim-fuzz -- cgit v1.2.1