From: Dmitry V. Levin Date: Mon, 11 Apr 2016 15:09:09 +0000 (+0000) Subject: tests: add seccomp-strict.test X-Git-Tag: v4.12~431 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b19945bebcc2a9918878b2526653fc759ed7d187;p=strace tests: add seccomp-strict.test * tests/seccomp-strict.c: New file. * tests/seccomp-strict.test: New test. * tests/.gitignore: Add seccomp-strict. * tests/Makefile.am (check_PROGRAMS): Likewise. (DECODER_TESTS): Add seccomp-strict.test. --- diff --git a/tests/.gitignore b/tests/.gitignore index 222255f1..12b0c533 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -128,6 +128,7 @@ sched_xetparam sched_xetscheduler scm_rights seccomp +seccomp-strict select sendfile sendfile64 diff --git a/tests/Makefile.am b/tests/Makefile.am index 183ff7c7..1e492f53 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -177,6 +177,7 @@ check_PROGRAMS = \ sched_xetscheduler \ scm_rights \ seccomp \ + seccomp-strict \ select \ sendfile \ sendfile64 \ @@ -373,6 +374,7 @@ DECODER_TESTS = \ sched_xetparam.test \ sched_xetscheduler.test \ scm_rights-fd.test \ + seccomp-strict.test \ seccomp.test \ select.test \ sendfile.test \ diff --git a/tests/seccomp-strict.c b/tests/seccomp-strict.c new file mode 100644 index 00000000..348bd2eb --- /dev/null +++ b/tests/seccomp-strict.c @@ -0,0 +1,70 @@ +/* + * Check how seccomp SECCOMP_SET_MODE_STRICT is decoded. + * + * Copyright (c) 2016 Dmitry V. Levin + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "tests.h" +#include + +#if defined __NR_seccomp && defined __NR_exit + +# include +# include +# include +# include + +int +main(void) +{ + static const char text1[] = + "seccomp(SECCOMP_SET_MODE_STRICT, 0, NULL) = 0\n"; + static const char text2[] = "+++ exited with 0 +++\n"; + const unsigned long addr = (unsigned long) 0xfacefeeddeadbeef; + int rc = 0; + + assert(syscall(__NR_seccomp, -1L, -1L, addr) == -1); + printf("seccomp(%#x /* SECCOMP_SET_MODE_??? */, %u, %#lx) = -1 %s (%m)\n", + -1, -1, addr, ENOSYS == errno ? "ENOSYS" : "EINVAL"); + fflush(stdout); + + if (syscall(__NR_seccomp, 0, 0, 0)) { + printf("seccomp(SECCOMP_SET_MODE_STRICT, 0, NULL) = -1 %s (%m)\n", + ENOSYS == errno ? "ENOSYS" : "EINVAL"); + fflush(stdout); + } else { + rc += write(1, text1, LENGTH_OF(text1)) != LENGTH_OF(text1); + } + + rc += write(1, text2, LENGTH_OF(text2)) != LENGTH_OF(text2); + return !!syscall(__NR_exit, rc); +} + +#else + +SKIP_MAIN_UNDEFINED("__NR_seccomp && __NR_exit") + +#endif diff --git a/tests/seccomp-strict.test b/tests/seccomp-strict.test new file mode 100755 index 00000000..62f66b8a --- /dev/null +++ b/tests/seccomp-strict.test @@ -0,0 +1,6 @@ +#!/bin/sh + +# Check how seccomp SECCOMP_SET_MODE_STRICT is decoded. + +. "${srcdir=.}/init.sh" +run_strace_match_diff -e trace=seccomp