|
Packit |
56e23f |
#!/usr/bin/env python
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
#
|
|
Packit |
56e23f |
# Seccomp Library test program
|
|
Packit |
56e23f |
#
|
|
Packit |
56e23f |
# Copyright (c) 2019 Oracle and/or its affiliates. All rights reserved.
|
|
Packit |
56e23f |
# Author: Tom Hromatka <tom.hromatka@oracle.com>
|
|
Packit |
56e23f |
#
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
#
|
|
Packit |
56e23f |
# This library is free software; you can redistribute it and/or modify it
|
|
Packit |
56e23f |
# under the terms of version 2.1 of the GNU Lesser General Public License as
|
|
Packit |
56e23f |
# published by the Free Software Foundation.
|
|
Packit |
56e23f |
#
|
|
Packit |
56e23f |
# This library is distributed in the hope that it will be useful, but WITHOUT
|
|
Packit |
56e23f |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
Packit |
56e23f |
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
|
|
Packit |
56e23f |
# for more details.
|
|
Packit |
56e23f |
#
|
|
Packit |
56e23f |
# You should have received a copy of the GNU Lesser General Public License
|
|
Packit |
56e23f |
# along with this library; if not, see <http://www.gnu.org/licenses>.
|
|
Packit |
56e23f |
#
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
import argparse
|
|
Packit |
56e23f |
import sys
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
import util
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
from seccomp import *
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
def test(args):
|
|
Packit |
56e23f |
set_api(1)
|
|
Packit |
56e23f |
f = SyscallFilter(ERRNO(100))
|
|
Packit |
56e23f |
f.remove_arch(Arch())
|
|
Packit |
56e23f |
f.add_arch(Arch("x86_64"))
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
# libseccomp utilizes a hash table to manage BPF blocks. It currently
|
|
Packit |
56e23f |
# employs MurmurHash3 where the key is the hashed values of the BPF
|
|
Packit |
56e23f |
# instruction blocks, the accumulator start, and the accumulator end.
|
|
Packit |
56e23f |
# Changes to the hash algorithm will likely affect this test.
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
# The following rules were derived from an issue reported by Tor:
|
|
Packit |
56e23f |
# https://github.com/seccomp/libseccomp/issues/148
|
|
Packit |
56e23f |
#
|
|
Packit |
56e23f |
# In the steps below, syscall 1001 is configured similarly to how
|
|
Packit |
56e23f |
# Tor configured socket. The fairly complex rules below led to
|
|
Packit |
56e23f |
# a hash collision with rt_sigaction (syscall 1000) in this test.
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
f.add_rule_exactly(ALLOW, 1001, Arg(0, EQ, 1), Arg(1, MASKED_EQ, 0xf, 2),
|
|
Packit |
56e23f |
Arg(2, EQ, 3))
|
|
Packit |
56e23f |
f.add_rule_exactly(ALLOW, 1001, Arg(0, EQ, 1), Arg(1, MASKED_EQ, 0xf, 1))
|
|
Packit |
56e23f |
f.add_rule_exactly(ALLOW, 1000, Arg(0, EQ, 2))
|
|
Packit |
56e23f |
f.add_rule_exactly(ALLOW, 1000, Arg(0, EQ, 1))
|
|
Packit |
56e23f |
return f
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
args = util.get_opt()
|
|
Packit |
56e23f |
ctx = test(args)
|
|
Packit |
56e23f |
util.filter_output(args, ctx)
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
# kate: syntax python;
|
|
Packit |
56e23f |
# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
|