From 96989965042a515a3cbcb50e9b98243b9b7d4c37 Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Mon, 31 Oct 2022 13:21:33 -0600 Subject: api: add the SCMP_FLTATR_CTL_WAITKILL filter attribute The SCMP_FLTATR_CTL_WAITKILL attribute requests that the SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV flag be passed to the seccomp(2) system call when possible, which is currently only when the SECCOMP_FILTER_FLAG_NEW_LISTENER flag is also set. Signed-off-by: Paul Moore Signed-off-by: Tom Hromatka --- tests/13-basic-attrs.c | 11 +++++++++++ tests/13-basic-attrs.py | 3 +++ tests/39-basic-api_level.c | 9 ++++++++- tests/39-basic-api_level.py | 7 ++++++- 4 files changed, 28 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/13-basic-attrs.c b/tests/13-basic-attrs.c index e3c5881..fee83b4 100644 --- a/tests/13-basic-attrs.c +++ b/tests/13-basic-attrs.c @@ -142,6 +142,17 @@ int main(int argc, char *argv[]) goto out; } + rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_WAITKILL, 1); + if (rc != 0) + goto out; + rc = seccomp_attr_get(ctx, SCMP_FLTATR_CTL_WAITKILL, &val); + if (rc != 0) + goto out; + if (val != 1) { + rc = -1; + goto out; + } + rc = 0; out: seccomp_release(ctx); diff --git a/tests/13-basic-attrs.py b/tests/13-basic-attrs.py index 48c25a0..abf4b68 100755 --- a/tests/13-basic-attrs.py +++ b/tests/13-basic-attrs.py @@ -61,6 +61,9 @@ def test(): f.set_attr(Attr.API_SYSRAWRC, 1) if f.get_attr(Attr.API_SYSRAWRC) != 1: raise RuntimeError("Failed getting Attr.API_SYSRAWRC") + f.set_attr(Attr.CTL_WAITKILL, 1) + if f.get_attr(Attr.CTL_WAITKILL) != 1: + raise RuntimeError("Failed getting Attr.CTL_WAITKILL") test() diff --git a/tests/39-basic-api_level.c b/tests/39-basic-api_level.c index 6c31be1..d3fb54b 100644 --- a/tests/39-basic-api_level.c +++ b/tests/39-basic-api_level.c @@ -75,13 +75,20 @@ int main(int argc, char *argv[]) if (api != 6) return -13; + rc = seccomp_api_set(7); + if (rc != 0) + return -14; + api = seccomp_api_get(); + if (api != 7) + return -15; + /* Attempt to set a high, invalid API level */ rc = seccomp_api_set(1024); if (rc != -EINVAL) return -1001; /* Ensure that the previously set API level didn't change */ api = seccomp_api_get(); - if (api != 6) + if (api != 7) return -1002; return 0; diff --git a/tests/39-basic-api_level.py b/tests/39-basic-api_level.py index 352568e..93f3d7b 100755 --- a/tests/39-basic-api_level.py +++ b/tests/39-basic-api_level.py @@ -65,6 +65,11 @@ def test(): if api != 6: raise RuntimeError("Failed getting API level 6") + set_api(7) + api = get_api() + if api != 7: + raise RuntimeError("Failed getting API level 7") + # Attempt to set a high, invalid API level try: set_api(1024) @@ -74,7 +79,7 @@ def test(): raise RuntimeError("Missing failure when setting invalid API level") # Ensure that the previously set API level didn't change api = get_api() - if api != 6: + if api != 7: raise RuntimeError("Failed getting old API level after setting an invalid API level") test() -- cgit v1.2.1