mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-24 21:34:08 +03:00
test/test-seccomp: add test_protect_syslog
This commit is contained in:
parent
94a7b2759d
commit
97d05f3b70
@ -322,6 +322,48 @@ static void test_protect_sysctl(void) {
|
||||
assert_se(wait_for_terminate_and_check("sysctlseccomp", pid, WAIT_LOG) == EXIT_SUCCESS);
|
||||
}
|
||||
|
||||
static void test_protect_syslog(void) {
|
||||
pid_t pid;
|
||||
|
||||
log_info("/* %s */", __func__);
|
||||
|
||||
if (!is_seccomp_available()) {
|
||||
log_notice("Seccomp not available, skipping %s", __func__);
|
||||
return;
|
||||
}
|
||||
if (geteuid() != 0) {
|
||||
log_notice("Not root, skipping %s", __func__);
|
||||
return;
|
||||
}
|
||||
|
||||
/* in containers syslog() is likely missing anyway */
|
||||
if (detect_container() > 0) {
|
||||
log_notice("Testing in container, skipping %s", __func__);
|
||||
return;
|
||||
}
|
||||
|
||||
pid = fork();
|
||||
assert_se(pid >= 0);
|
||||
|
||||
if (pid == 0) {
|
||||
#if defined __NR_syslog && __NR_syslog > 0
|
||||
assert_se(syscall(__NR_syslog, -1, NULL, 0) < 0);
|
||||
assert_se(errno == EINVAL);
|
||||
#endif
|
||||
|
||||
assert_se(seccomp_protect_syslog() >= 0);
|
||||
|
||||
#if defined __NR_syslog && __NR_syslog > 0
|
||||
assert_se(syscall(__NR_syslog, 0, 0, 0) < 0);
|
||||
assert_se(errno == EPERM);
|
||||
#endif
|
||||
|
||||
_exit(EXIT_SUCCESS);
|
||||
}
|
||||
|
||||
assert_se(wait_for_terminate_and_check("syslogseccomp", pid, WAIT_LOG) == EXIT_SUCCESS);
|
||||
}
|
||||
|
||||
static void test_restrict_address_families(void) {
|
||||
pid_t pid;
|
||||
|
||||
@ -982,6 +1024,7 @@ int main(int argc, char *argv[]) {
|
||||
test_filter_sets_ordered();
|
||||
test_restrict_namespace();
|
||||
test_protect_sysctl();
|
||||
test_protect_syslog();
|
||||
test_restrict_address_families();
|
||||
test_restrict_realtime();
|
||||
test_memory_deny_write_execute_mmap();
|
||||
|
Loading…
Reference in New Issue
Block a user