glebfm/strace
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
strace/tests/prctl-seccomp-filter-v.c

125 lines
3.0 KiB
C
Raw Permalink Normal View History

Add copyright headers to some files which lack them Before this change, all files that exist since 20th century had copyright headers, while most files that appeared later didn't. This change fixes the inconsistency by adding missing copyright headers. It doesn't mean that copyright headers became maintained. In my view, git history provides much better information on this subject and is much more accurate than copyright headers.
2015-12-17 17:56:48 +00:00
/*
tests: rename seccomp.test to prctl-seccomp-filter-v.test * tests/.gitignore: Replace seccomp with prctl-seccomp-filter-v. * tests/Makefile.am (check_PROGRAMS): Likewise. (DECODER_TESTS): Replace seccomp.test with prctl-seccomp-filter-v.test. * tests/seccomp.c: Rename to tests/prctl-seccomp-filter-v.c. * tests/seccomp.test: Rename to tests/prctl-seccomp-filter-v.test.
2016-04-11 15:16:30 +00:00
* Check verbose decoding of prctl PR_SET_SECCOMP SECCOMP_MODE_FILTER.
*
tests/seccomp.c: use libtests * tests/seccomp.c: Use SKIP_MAIN_UNDEFINED. (main): Use perror_msg_and_fail and perror_msg_and_skip.
2016-01-05 23:17:29 +00:00
* Copyright (c) 2015-2016 Dmitry V. Levin <ldv@altlinux.org>
Update copyright headers
2018-12-24 23:46:43 +00:00
* Copyright (c) 2016-2018 The strace developers.
Add copyright headers to some files which lack them Before this change, all files that exist since 20th century had copyright headers, while most files that appeared later didn't. This change fixes the inconsistency by adding missing copyright headers. It doesn't mean that copyright headers became maintained. In my view, git history provides much better information on this subject and is much more accurate than copyright headers.
2015-12-17 17:56:48 +00:00
* All rights reserved.
*
tests: change the license to GPL-2.0-or-later strace test suite is now provided under the terms of the GNU General Public License version 2 or later, see tests/COPYING for more details.
2018-12-10 00:00:00 +00:00
* SPDX-License-Identifier: GPL-2.0-or-later
Add copyright headers to some files which lack them Before this change, all files that exist since 20th century had copyright headers, while most files that appeared later didn't. This change fixes the inconsistency by adding missing copyright headers. It doesn't mean that copyright headers became maintained. In my view, git history provides much better information on this subject and is much more accurate than copyright headers.
2015-12-17 17:56:48 +00:00
*/
tests: include tests.h instead of config.h Automatically edit tests/*.c files using the following perl one-liner: perl -0777 -pi -e \ 's/#ifdef HAVE_CONFIG_H\n# include "config\.h"\n#endif\n*/#include "tests.h"\n/' \ tests/*.c
2016-01-02 13:28:43 +00:00
#include "tests.h"
tests: add a test for SECCOMP_MODE_FILTER decoding * tests/seccomp.c: New file. * tests/seccomp.test: New test. * tests/Makefile.am (check_PROGRAMS): Add seccomp. (TESTS): Add seccomp.test. * tests/.gitignore: Add seccomp.
2015-03-19 00:40:49 +00:00
#include <stddef.h>
#include <unistd.h>
#include <stdio.h>
#include <errno.h>
Use <asm/unistd.h> instead of <sys/syscall.h> There are no users of SYS_* macros provided by <sys/syscall.h>, and definitions of __NR_* macros could be obtained directly from <asm/unistd.h>. * defs.h: Include <asm/unistd.h> instead of <sys/syscall.h>. * test/seccomp.c: Likewise. * test/threaded_execve.c: Likewise. * test/x32_lseek.c: Likewise. * test/x32_mmap.c: Likewise. * tests/_newselect.c: Likewise. * tests/access.c: Likewise. * tests/acct.c: Likewise. * tests/aio.c: Likewise. * tests/alarm.c: Likewise. * tests/attach-f-p.c: Likewise. * tests/bpf.c: Likewise. * tests/brk.c: Likewise. * tests/chmod.c: Likewise. * tests/chown.c: Likewise. * tests/chown32.c: Likewise. * tests/chroot.c: Likewise. * tests/clock_adjtime.c: Likewise. * tests/clock_nanosleep.c: Likewise. * tests/clock_xettime.c: Likewise. * tests/copy_file_range.c: Likewise. * tests/creat.c: Likewise. * tests/dup2.c: Likewise. * tests/dup3.c: Likewise. * tests/epoll_create.c: Likewise. * tests/epoll_create1.c: Likewise. * tests/epoll_ctl.c: Likewise. * tests/epoll_pwait.c: Likewise. * tests/epoll_wait.c: Likewise. * tests/eventfd.c: Likewise. * tests/execveat.c: Likewise. * tests/faccessat.c: Likewise. * tests/fchdir.c: Likewise. * tests/fchmod.c: Likewise. * tests/fchmodat.c: Likewise. * tests/fchown.c: Likewise. * tests/fchown32.c: Likewise. * tests/fchownat.c: Likewise. * tests/fcntl.c: Likewise. * tests/fcntl64.c: Likewise. * tests/fdatasync.c: Likewise. * tests/flock.c: Likewise. * tests/fstat.c: Likewise. * tests/fstat64.c: Likewise. * tests/fstatat64.c: Likewise. * tests/fstatfs.c: Likewise. * tests/fstatfs64.c: Likewise. * tests/fsync.c: Likewise. * tests/ftruncate.c: Likewise. * tests/ftruncate64.c: Likewise. * tests/futimesat.c: Likewise. * tests/get_mempolicy.c: Likewise. * tests/getcwd.c: Likewise. * tests/getdents.c: Likewise. * tests/getdents64.c: Likewise. * tests/getegid.c: Likewise. * tests/getegid32.c: Likewise. * tests/geteuid.c: Likewise. * tests/geteuid32.c: Likewise. * tests/getgid.c: Likewise. * tests/getgid32.c: Likewise. * tests/getgroups.c: Likewise. * tests/getgroups32.c: Likewise. * tests/getpgrp.c: Likewise. * tests/getrandom.c: Likewise. * tests/getresgid.c: Likewise. * tests/getresgid32.c: Likewise. * tests/getresuid.c: Likewise. * tests/getresuid32.c: Likewise. * tests/getrlimit.c: Likewise. * tests/getrusage.c: Likewise. * tests/getuid.c: Likewise. * tests/getuid32.c: Likewise. * tests/getxxid.c: Likewise. * tests/ioctl_uffdio.c: Likewise. * tests/ioperm.c: Likewise. * tests/iopl.c: Likewise. * tests/ipc.c: Likewise. * tests/kill.c: Likewise. * tests/lchown.c: Likewise. * tests/lchown32.c: Likewise. * tests/libmmsg.c: Likewise. * tests/libsocketcall.c: Likewise. * tests/link.c: Likewise. * tests/linkat.c: Likewise. * tests/llseek.c: Likewise. * tests/lseek.c: Likewise. * tests/lstat.c: Likewise. * tests/lstat64.c: Likewise. * tests/mbind.c: Likewise. * tests/membarrier.c: Likewise. * tests/memfd_create.c: Likewise. * tests/migrate_pages.c: Likewise. * tests/mkdir.c: Likewise. * tests/mkdirat.c: Likewise. * tests/mknod.c: Likewise. * tests/mknodat.c: Likewise. * tests/mlock.c: Likewise. * tests/mlock2.c: Likewise. * tests/move_pages.c: Likewise. * tests/newfstatat.c: Likewise. * tests/nsyscalls.c: Likewise. * tests/old_mmap.c: Likewise. * tests/oldselect.c: Likewise. * tests/open.c: Likewise. * tests/openat.c: Likewise. * tests/pause.c: Likewise. * tests/poll.c: Likewise. * tests/prctl-seccomp-filter-v.c: Likewise. * tests/prctl-seccomp-strict.c: Likewise. * tests/preadv2-pwritev2.c: Likewise. * tests/prlimit64.c: Likewise. * tests/pselect6.c: Likewise. * tests/ptrace.c: Likewise. * tests/readdir.c: Likewise. * tests/readlink.c: Likewise. * tests/readlinkat.c: Likewise. * tests/reboot.c: Likewise. * tests/remap_file_pages.c: Likewise. * tests/rename.c: Likewise. * tests/renameat.c: Likewise. * tests/renameat2.c: Likewise. * tests/rmdir.c: Likewise. * tests/rt_sigpending.c: Likewise. * tests/rt_sigprocmask.c: Likewise. * tests/rt_sigsuspend.c: Likewise. * tests/rt_sigtimedwait.c: Likewise. * tests/rt_tgsigqueueinfo.c: Likewise. * tests/sched_get_priority_mxx.c: Likewise. * tests/sched_rr_get_interval.c: Likewise. * tests/sched_xetaffinity.c: Likewise. * tests/sched_xetattr.c: Likewise. * tests/sched_xetparam.c: Likewise. * tests/sched_xetscheduler.c: Likewise. * tests/sched_yield.c: Likewise. * tests/seccomp-filter-v.c: Likewise. * tests/seccomp-filter.c: Likewise. * tests/seccomp-strict.c: Likewise. * tests/select.c: Likewise. * tests/sendfile.c: Likewise. * tests/sendfile64.c: Likewise. * tests/set_mempolicy.c: Likewise. * tests/setdomainname.c: Likewise. * tests/setfsgid.c: Likewise. * tests/setfsgid32.c: Likewise. * tests/setfsuid.c: Likewise. * tests/setfsuid32.c: Likewise. * tests/setgid.c: Likewise. * tests/setgid32.c: Likewise. * tests/setgroups.c: Likewise. * tests/setgroups32.c: Likewise. * tests/sethostname.c: Likewise. * tests/setregid.c: Likewise. * tests/setregid32.c: Likewise. * tests/setresgid.c: Likewise. * tests/setresgid32.c: Likewise. * tests/setresuid.c: Likewise. * tests/setresuid32.c: Likewise. * tests/setreuid.c: Likewise. * tests/setreuid32.c: Likewise. * tests/setrlimit.c: Likewise. * tests/setuid.c: Likewise. * tests/setuid32.c: Likewise. * tests/signalfd4.c: Likewise. * tests/socketcall.c: Likewise. * tests/splice.c: Likewise. * tests/stat.c: Likewise. * tests/stat64.c: Likewise. * tests/statfs.c: Likewise. * tests/statfs64.c: Likewise. * tests/swap.c: Likewise. * tests/symlink.c: Likewise. * tests/symlinkat.c: Likewise. * tests/sync.c: Likewise. * tests/sync_file_range.c: Likewise. * tests/sync_file_range2.c: Likewise. * tests/syslog.c: Likewise. * tests/tee.c: Likewise. * tests/time.c: Likewise. * tests/timer_create.c: Likewise. * tests/timer_xettime.c: Likewise. * tests/timerfd_xettime.c: Likewise. * tests/times-fail.c: Likewise. * tests/times.c: Likewise. * tests/truncate.c: Likewise. * tests/truncate64.c: Likewise. * tests/ugetrlimit.c: Likewise. * tests/umount.c: Likewise. * tests/umount2.c: Likewise. * tests/uname.c: Likewise. * tests/unix-pair-send-recv.c: Likewise. * tests/unlink.c: Likewise. * tests/unlinkat.c: Likewise. * tests/userfaultfd.c: Likewise. * tests/utimes.c: Likewise. * tests/vhangup.c: Likewise. * tests/vmsplice.c: Likewise. * tests/waitid.c: Likewise. * tests/waitpid.c: Likewise. * tests/xet_robust_list.c: Likewise. * tests/xetpgid.c: Likewise. * tests/xetpriority.c: Likewise. * tests/xettimeofday.c: Likewise.
2016-08-09 14:38:29 +00:00
#include <asm/unistd.h>
tests: add a test for SECCOMP_MODE_FILTER decoding * tests/seccomp.c: New file. * tests/seccomp.test: New test. * tests/Makefile.am (check_PROGRAMS): Add seccomp. (TESTS): Add seccomp.test. * tests/.gitignore: Add seccomp.
2015-03-19 00:40:49 +00:00
#ifdef HAVE_PRCTL
# include <sys/prctl.h>
#endif
#ifdef HAVE_LINUX_SECCOMP_H
# include <linux/seccomp.h>
#endif
Assume that <linux/filter.h> is always available <linux/filter.h> was introduced in linux 2.1.75, way before the minimal kernel version supported by strace. * configure.ac (AC_CHECK_HEADERS): Remove linux/filter.h. * seccomp.c: Assume HAVE_LINUX_FILTER_H. * tests/prctl-seccomp-filter-v.c: Likewise. * tests/seccomp-filter-v.c: Likewise. * tests/seccomp-filter.c: Likewise.
2017-07-08 01:49:00 +00:00
#include <linux/filter.h>
tests: add a test for SECCOMP_MODE_FILTER decoding * tests/seccomp.c: New file. * tests/seccomp.test: New test. * tests/Makefile.am (check_PROGRAMS): Add seccomp. (TESTS): Add seccomp.test. * tests/.gitignore: Add seccomp.
2015-03-19 00:40:49 +00:00
#if defined HAVE_PRCTL \
&& defined PR_SET_NO_NEW_PRIVS \
&& defined PR_SET_SECCOMP \
&& defined SECCOMP_MODE_FILTER \
&& defined SECCOMP_RET_ERRNO \
&& defined BPF_JUMP \
&& defined BPF_STMT
Fix preprocessor indentation Indent the C preprocessor directives to reflect their nesting using the following script: $ cppi -l $(git grep -El '^[[:space:]]*#[[:space:]]*(if|ifdef|ifndef|elif|else|endif|define|pragma)[[:space:]]' |grep -v '\.sh$') |while read f; do cppi < "$f" > "$f".cppi; mv "$f".cppi "$f" done
2018-12-30 15:35:21 +00:00
# define SOCK_FILTER_ALLOW_SYSCALL(nr) \
seccomp: print SECCOMP_* and BPF_* constants in a more compact way * seccomp.c (decode_bpf_code, decode_bpf_stmt): Replace " | " with "|". * tests/prctl-seccomp-filter-v.c: Update.
2016-04-11 20:25:01 +00:00
BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, __NR_ ## nr, 0, 1), \
BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW)
tests: add a test for SECCOMP_MODE_FILTER decoding * tests/seccomp.c: New file. * tests/seccomp.test: New test. * tests/Makefile.am (check_PROGRAMS): Add seccomp. (TESTS): Add seccomp.test. * tests/.gitignore: Add seccomp.
2015-03-19 00:40:49 +00:00
Fix preprocessor indentation Indent the C preprocessor directives to reflect their nesting using the following script: $ cppi -l $(git grep -El '^[[:space:]]*#[[:space:]]*(if|ifdef|ifndef|elif|else|endif|define|pragma)[[:space:]]' |grep -v '\.sh$') |while read f; do cppi < "$f" > "$f".cppi; mv "$f".cppi "$f" done
2018-12-30 15:35:21 +00:00
# define SOCK_FILTER_DENY_SYSCALL(nr, err) \
seccomp: print SECCOMP_* and BPF_* constants in a more compact way * seccomp.c (decode_bpf_code, decode_bpf_stmt): Replace " | " with "|". * tests/prctl-seccomp-filter-v.c: Update.
2016-04-11 20:25:01 +00:00
BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, __NR_ ## nr, 0, 1), \
BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ERRNO|(SECCOMP_RET_DATA & (err)))
tests: add a test for SECCOMP_MODE_FILTER decoding * tests/seccomp.c: New file. * tests/seccomp.test: New test. * tests/Makefile.am (check_PROGRAMS): Add seccomp. (TESTS): Add seccomp.test. * tests/.gitignore: Add seccomp.
2015-03-19 00:40:49 +00:00
Fix preprocessor indentation Indent the C preprocessor directives to reflect their nesting using the following script: $ cppi -l $(git grep -El '^[[:space:]]*#[[:space:]]*(if|ifdef|ifndef|elif|else|endif|define|pragma)[[:space:]]' |grep -v '\.sh$') |while read f; do cppi < "$f" > "$f".cppi; mv "$f".cppi "$f" done
2018-12-30 15:35:21 +00:00
# define SOCK_FILTER_KILL_PROCESS \
seccomp: print SECCOMP_* and BPF_* constants in a more compact way * seccomp.c (decode_bpf_code, decode_bpf_stmt): Replace " | " with "|". * tests/prctl-seccomp-filter-v.c: Update.
2016-04-11 20:25:01 +00:00
BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_KILL)
tests: add a test for SECCOMP_MODE_FILTER decoding * tests/seccomp.c: New file. * tests/seccomp.test: New test. * tests/Makefile.am (check_PROGRAMS): Add seccomp. (TESTS): Add seccomp.test. * tests/.gitignore: Add seccomp.
2015-03-19 00:40:49 +00:00
Fix preprocessor indentation Indent the C preprocessor directives to reflect their nesting using the following script: $ cppi -l $(git grep -El '^[[:space:]]*#[[:space:]]*(if|ifdef|ifndef|elif|else|endif|define|pragma)[[:space:]]' |grep -v '\.sh$') |while read f; do cppi < "$f" > "$f".cppi; mv "$f".cppi "$f" done
2018-12-30 15:35:21 +00:00
# define PRINT_ALLOW_SYSCALL(nr) \
seccomp: print SECCOMP_* and BPF_* constants in a more compact way * seccomp.c (decode_bpf_code, decode_bpf_stmt): Replace " | " with "|". * tests/prctl-seccomp-filter-v.c: Update.
2016-04-11 20:25:01 +00:00
printf("BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, %#x, 0, 0x1), " \
"BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), ", \
tests: add a test for SECCOMP_MODE_FILTER decoding * tests/seccomp.c: New file. * tests/seccomp.test: New test. * tests/Makefile.am (check_PROGRAMS): Add seccomp. (TESTS): Add seccomp.test. * tests/.gitignore: Add seccomp.
2015-03-19 00:40:49 +00:00
__NR_ ## nr)
Fix preprocessor indentation Indent the C preprocessor directives to reflect their nesting using the following script: $ cppi -l $(git grep -El '^[[:space:]]*#[[:space:]]*(if|ifdef|ifndef|elif|else|endif|define|pragma)[[:space:]]' |grep -v '\.sh$') |while read f; do cppi < "$f" > "$f".cppi; mv "$f".cppi "$f" done
2018-12-30 15:35:21 +00:00
# define PRINT_DENY_SYSCALL(nr, err) \
seccomp: print SECCOMP_* and BPF_* constants in a more compact way * seccomp.c (decode_bpf_code, decode_bpf_stmt): Replace " | " with "|". * tests/prctl-seccomp-filter-v.c: Update.
2016-04-11 20:25:01 +00:00
printf("BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, %#x, 0, 0x1), " \
"BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ERRNO|%#x), ", \
tests: add a test for SECCOMP_MODE_FILTER decoding * tests/seccomp.c: New file. * tests/seccomp.test: New test. * tests/Makefile.am (check_PROGRAMS): Add seccomp. (TESTS): Add seccomp.test. * tests/.gitignore: Add seccomp.
2015-03-19 00:40:49 +00:00
__NR_ ## nr, err)
static const struct sock_filter filter[] = {
/* load syscall number */
seccomp: print SECCOMP_* and BPF_* constants in a more compact way * seccomp.c (decode_bpf_code, decode_bpf_stmt): Replace " | " with "|". * tests/prctl-seccomp-filter-v.c: Update.
2016-04-11 20:25:01 +00:00
BPF_STMT(BPF_LD|BPF_W|BPF_ABS, offsetof(struct seccomp_data, nr)),
tests: add a test for SECCOMP_MODE_FILTER decoding * tests/seccomp.c: New file. * tests/seccomp.test: New test. * tests/Makefile.am (check_PROGRAMS): Add seccomp. (TESTS): Add seccomp.test. * tests/.gitignore: Add seccomp.
2015-03-19 00:40:49 +00:00
/* allow syscalls */
SOCK_FILTER_ALLOW_SYSCALL(close),
SOCK_FILTER_ALLOW_SYSCALL(exit),
SOCK_FILTER_ALLOW_SYSCALL(exit_group),
/* deny syscalls */
SOCK_FILTER_DENY_SYSCALL(sync, EBUSY),
SOCK_FILTER_DENY_SYSCALL(setsid, EPERM),
/* kill process */
SOCK_FILTER_KILL_PROCESS
};
static const struct sock_fprog prog = {
seccomp: fix decoding of sock_fprog and sock_filter structures Always print struct sock_fprog.len. Fix printing of unfetchable elements in sock_filter array. Fix printing of large sock_filter arrays. * seccomp.c (decode_fprog): Rewrite into decode_seccomp_fprog and print_seccomp_fprog. (print_seccomp_filter): Replace decode_fprog with print_seccomp_fprog. * tests/prctl-seccomp-filter-v.c (main): Update. * tests/seccomp-filter-v.c: New file. * tests/seccomp-filter-v.test: New test. * tests/.gitignore: Add seccomp-filter-v. * tests/Makefile.am (check_PROGRAMS): Likewise. (DECODER_TESTS): Add seccomp-filter-v.test.
2016-04-12 00:05:43 +00:00
.len = ARRAY_SIZE(filter),
tests: add a test for SECCOMP_MODE_FILTER decoding * tests/seccomp.c: New file. * tests/seccomp.test: New test. * tests/Makefile.am (check_PROGRAMS): Add seccomp. (TESTS): Add seccomp.test. * tests/.gitignore: Add seccomp.
2015-03-19 00:40:49 +00:00
.filter = (struct sock_filter *) filter,
};
int
main(void)
{
int fds[2];
puts("prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) = 0");
seccomp: fix decoding of sock_fprog and sock_filter structures Always print struct sock_fprog.len. Fix printing of unfetchable elements in sock_filter array. Fix printing of large sock_filter arrays. * seccomp.c (decode_fprog): Rewrite into decode_seccomp_fprog and print_seccomp_fprog. (print_seccomp_filter): Replace decode_fprog with print_seccomp_fprog. * tests/prctl-seccomp-filter-v.c (main): Update. * tests/seccomp-filter-v.c: New file. * tests/seccomp-filter-v.test: New test. * tests/.gitignore: Add seccomp-filter-v. * tests/Makefile.am (check_PROGRAMS): Likewise. (DECODER_TESTS): Add seccomp-filter-v.test.
2016-04-12 00:05:43 +00:00
printf("prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=%u, filter=[",
prog.len);
tests: add a test for SECCOMP_MODE_FILTER decoding * tests/seccomp.c: New file. * tests/seccomp.test: New test. * tests/Makefile.am (check_PROGRAMS): Add seccomp. (TESTS): Add seccomp.test. * tests/.gitignore: Add seccomp.
2015-03-19 00:40:49 +00:00
seccomp: print SECCOMP_* and BPF_* constants in a more compact way * seccomp.c (decode_bpf_code, decode_bpf_stmt): Replace " | " with "|". * tests/prctl-seccomp-filter-v.c: Update.
2016-04-11 20:25:01 +00:00
printf("BPF_STMT(BPF_LD|BPF_W|BPF_ABS, %#x), ",
tests: add a test for SECCOMP_MODE_FILTER decoding * tests/seccomp.c: New file. * tests/seccomp.test: New test. * tests/Makefile.am (check_PROGRAMS): Add seccomp. (TESTS): Add seccomp.test. * tests/.gitignore: Add seccomp.
2015-03-19 00:40:49 +00:00
(unsigned) offsetof(struct seccomp_data, nr));
PRINT_ALLOW_SYSCALL(close);
PRINT_ALLOW_SYSCALL(exit);
PRINT_ALLOW_SYSCALL(exit_group);
PRINT_DENY_SYSCALL(sync, EBUSY),
PRINT_DENY_SYSCALL(setsid, EPERM),
Rename SECCOMP_RET_KILL to SECCOMP_RET_KILL_THREAD Follow linux kernel commit v4.14-rc2~15^2~4 and rename SECCOMP_RET_KILL to SECCOMP_RET_KILL_THREAD. * xlat/seccomp_ret_action.in (SECCOMP_RET_KILL): Rename to SECCOMP_RET_KILL_THREAD. * tests/prctl-seccomp-filter-v.c (main): Update expected output. * tests/seccomp-filter-v.c (main): Likewise.
2017-11-01 02:02:21 +00:00
printf("BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_KILL_THREAD)");
tests: add a test for SECCOMP_MODE_FILTER decoding * tests/seccomp.c: New file. * tests/seccomp.test: New test. * tests/Makefile.am (check_PROGRAMS): Add seccomp. (TESTS): Add seccomp.test. * tests/.gitignore: Add seccomp.
2015-03-19 00:40:49 +00:00
seccomp: fix decoding of sock_fprog and sock_filter structures Always print struct sock_fprog.len. Fix printing of unfetchable elements in sock_filter array. Fix printing of large sock_filter arrays. * seccomp.c (decode_fprog): Rewrite into decode_seccomp_fprog and print_seccomp_fprog. (print_seccomp_filter): Replace decode_fprog with print_seccomp_fprog. * tests/prctl-seccomp-filter-v.c (main): Update. * tests/seccomp-filter-v.c: New file. * tests/seccomp-filter-v.test: New test. * tests/.gitignore: Add seccomp-filter-v. * tests/Makefile.am (check_PROGRAMS): Likewise. (DECODER_TESTS): Add seccomp-filter-v.test.
2016-04-12 00:05:43 +00:00
puts("]}) = 0");
tests: add a test for SECCOMP_MODE_FILTER decoding * tests/seccomp.c: New file. * tests/seccomp.test: New test. * tests/Makefile.am (check_PROGRAMS): Add seccomp. (TESTS): Add seccomp.test. * tests/.gitignore: Add seccomp.
2015-03-19 00:40:49 +00:00
puts("+++ exited with 0 +++");
fflush(stdout);
close(0);
close(1);
tests/seccomp.c: use libtests * tests/seccomp.c: Use SKIP_MAIN_UNDEFINED. (main): Use perror_msg_and_fail and perror_msg_and_skip.
2016-01-05 23:17:29 +00:00
if (pipe(fds))
perror_msg_and_fail("pipe");
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
perror_msg_and_skip("PR_SET_NO_NEW_PRIVS");
if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog))
perror_msg_and_skip("PR_SET_SECCOMP");
if (close(0) || close(1))
tests: add a test for SECCOMP_MODE_FILTER decoding * tests/seccomp.c: New file. * tests/seccomp.test: New test. * tests/Makefile.am (check_PROGRAMS): Add seccomp. (TESTS): Add seccomp.test. * tests/.gitignore: Add seccomp.
2015-03-19 00:40:49 +00:00
_exit(77);
_exit(0);
}
#else
tests/seccomp.c: use libtests * tests/seccomp.c: Use SKIP_MAIN_UNDEFINED. (main): Use perror_msg_and_fail and perror_msg_and_skip.
2016-01-05 23:17:29 +00:00
SKIP_MAIN_UNDEFINED("HAVE_PRCTL && PR_SET_NO_NEW_PRIVS && PR_SET_SECCOMP"
" && SECCOMP_MODE_FILTER && SECCOMP_RET_ERRNO"
" && BPF_JUMP && BPF_STMT")
tests: add a test for SECCOMP_MODE_FILTER decoding * tests/seccomp.c: New file. * tests/seccomp.test: New test. * tests/Makefile.am (check_PROGRAMS): Add seccomp. (TESTS): Add seccomp.test. * tests/.gitignore: Add seccomp.
2015-03-19 00:40:49 +00:00
#endif
Reference in New Issue Copy Permalink