|
Packit Service |
8eee21 |
#!/usr/bin/env python
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
#
|
|
Packit Service |
8eee21 |
# Seccomp Library test program
|
|
Packit Service |
8eee21 |
#
|
|
Packit Service |
8eee21 |
# Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
|
|
Packit Service |
8eee21 |
# Author: Tom Hromatka <tom.hromatka@oracle.com>
|
|
Packit Service |
8eee21 |
#
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
#
|
|
Packit Service |
8eee21 |
# This library is free software; you can redistribute it and/or modify it
|
|
Packit Service |
8eee21 |
# under the terms of version 2.1 of the GNU Lesser General Public License as
|
|
Packit Service |
8eee21 |
# published by the Free Software Foundation.
|
|
Packit Service |
8eee21 |
#
|
|
Packit Service |
8eee21 |
# This library is distributed in the hope that it will be useful, but WITHOUT
|
|
Packit Service |
8eee21 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
Packit Service |
8eee21 |
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
|
|
Packit Service |
8eee21 |
# for more details.
|
|
Packit Service |
8eee21 |
#
|
|
Packit Service |
8eee21 |
# You should have received a copy of the GNU Lesser General Public License
|
|
Packit Service |
8eee21 |
# along with this library; if not, see <http://www.gnu.org/licenses>.
|
|
Packit Service |
8eee21 |
#
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
import argparse
|
|
Packit Service |
8eee21 |
import os
|
|
Packit Service |
8eee21 |
import sys
|
|
Packit Service |
8eee21 |
import threading
|
|
Packit Service |
8eee21 |
import time
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
import util
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
from seccomp import *
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
def child_start(param):
|
|
Packit Service |
8eee21 |
param = 1
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
try:
|
|
Packit Service |
8eee21 |
fd = os.open("/dev/null", os.O_WRONLY)
|
|
Packit Service |
8eee21 |
except IOError as ex:
|
|
Packit Service |
8eee21 |
param = ex.errno
|
|
Packit Service |
8eee21 |
quit(ex.errno)
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
def test():
|
|
Packit Service |
8eee21 |
f = SyscallFilter(KILL_PROCESS)
|
|
Packit Service |
8eee21 |
f.add_rule(ALLOW, "clone")
|
|
Packit Service |
8eee21 |
f.add_rule(ALLOW, "exit")
|
|
Packit Service |
8eee21 |
f.add_rule(ALLOW, "exit_group")
|
|
Packit Service |
8eee21 |
f.add_rule(ALLOW, "futex")
|
|
Packit Service |
8eee21 |
f.add_rule(ALLOW, "madvise")
|
|
Packit Service |
8eee21 |
f.add_rule(ALLOW, "mmap")
|
|
Packit Service |
8eee21 |
f.add_rule(ALLOW, "mprotect")
|
|
Packit Service |
8eee21 |
f.add_rule(ALLOW, "munmap")
|
|
Packit Service |
8eee21 |
f.add_rule(ALLOW, "nanosleep")
|
|
Packit Service |
8eee21 |
f.add_rule(ALLOW, "set_robust_list")
|
|
Packit Service |
8eee21 |
f.load()
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
param = 0
|
|
Packit Service |
8eee21 |
threading.Thread(target = child_start, args = (param, ))
|
|
Packit Service |
8eee21 |
thread.start()
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
time.sleep(1)
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
quit(-errno.EACCES)
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
test()
|
|
Packit Service |
8eee21 |
|
|
Packit Service |
8eee21 |
# kate: syntax python;
|
|
Packit Service |
8eee21 |
# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
|