From 8e1b4634733dcd59713c43d7d1e53c277767b2fb Mon Sep 17 00:00:00 2001 From: Andy Lutomirski Date: Tue, 22 Oct 2013 09:35:50 -0700 Subject: python: Remove file object support from Arg It's still possible to pass file descriptors into the Arg data, but safe uses are already complicated enough that making the user call fileno() themselves seems reasonable. Signed-off-by: Andy Lutomirski (corrected the python test cases to take into account the change) Signed-off-by: Paul Moore --- src/python/seccomp.pyx | 10 ++-------- tests/07-sim-db_bug_looping.py | 4 ++-- tests/16-sim-arch_basic.py | 6 +++--- tests/17-sim-arch_merge.py | 6 +++--- 4 files changed, 10 insertions(+), 16 deletions(-) diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx index ed7c1bb..47d2ae1 100644 --- a/src/python/seccomp.pyx +++ b/src/python/seccomp.pyx @@ -165,14 +165,8 @@ cdef class Arg: """ self._arg.arg = arg self._arg.op = op - if isinstance(datum_a, file): - self._arg.datum_a = datum_a.fileno() - else: - self._arg.datum_a = datum_a - if isinstance(datum_b, file): - self._arg.datum_b = datum_b.fileno() - else: - self._arg.datum_b = datum_b + self._arg.datum_a = datum_a + self._arg.datum_b = datum_b def to_c(self): """ Convert the object into a C structure. diff --git a/tests/07-sim-db_bug_looping.py b/tests/07-sim-db_bug_looping.py index 0b6e988..3314a3e 100755 --- a/tests/07-sim-db_bug_looping.py +++ b/tests/07-sim-db_bug_looping.py @@ -32,9 +32,9 @@ def test(args): f = SyscallFilter(KILL) # the next three seccomp_rule_add_exact() calls for read must go together # in this order to catch an infinite loop. - f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdout)) + f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdout.fileno())) f.add_rule(ALLOW, "read", Arg(1, EQ, 0)) - f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin)) + f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) return f args = util.get_opt() diff --git a/tests/16-sim-arch_basic.py b/tests/16-sim-arch_basic.py index 4484ac5..d29a5ff 100755 --- a/tests/16-sim-arch_basic.py +++ b/tests/16-sim-arch_basic.py @@ -38,9 +38,9 @@ def test(args): f.add_arch(Arch.X32) if not f.exist_arch(Arch.ARM): f.add_arch(Arch.ARM) - f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin)) - f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout)) - f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr)) + f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) f.add_rule(ALLOW, "close") f.add_rule(ALLOW, "socket") f.add_rule(ALLOW, "connect") diff --git a/tests/17-sim-arch_merge.py b/tests/17-sim-arch_merge.py index 0221764..44e9cc4 100755 --- a/tests/17-sim-arch_merge.py +++ b/tests/17-sim-arch_merge.py @@ -37,9 +37,9 @@ def test(args): if not f64.exist_arch(Arch.X86_64): f64.add_arch(Arch.X86_64) f64.remove_arch(Arch.NATIVE) - f32.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin)) - f32.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout)) - f32.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr)) + f32.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) + f32.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) + f32.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) f32.add_rule(ALLOW, "close") f64.add_rule(ALLOW, "socket") f64.add_rule(ALLOW, "connect") -- cgit v1.2.1