forked from seccomp/libseccomp
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add the regression tests for the libseccomp crate that is Rust language bindings for the libseccomp library. You can run the tests as follows: ```sh $ ./configure --enable-rust $ make $ cd tests && make check-build $ ./regression -m rust ``` Signed-off-by: Manabu Sugimoto <Manabu.Sugimoto@sony.com> Signed-off-by: mayank <mayank.mrinal@sony.com>
- Loading branch information
Showing
71 changed files
with
3,993 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
// SPDX-License-Identifier: LGPL-2.1-only | ||
// | ||
// Copyright 2023 Sony Group Corporation | ||
// | ||
// Seccomp Library test program | ||
// | ||
|
||
use anyhow::Result; | ||
use libseccomp::*; | ||
use utils::*; | ||
|
||
fn main() -> Result<()> { | ||
let opts = util_getopt(); | ||
let ctx = ScmpFilterContext::new_filter(ScmpAction::Allow)?; | ||
|
||
util_filter_output(&opts, &ctx) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
// SPDX-License-Identifier: LGPL-2.1-only | ||
// | ||
// Copyright 2023 Sony Group Corporation | ||
// | ||
// Seccomp Library test program | ||
// | ||
|
||
use anyhow::Result; | ||
use libseccomp::*; | ||
use utils::*; | ||
|
||
fn main() -> Result<()> { | ||
let opts = util_getopt(); | ||
let mut ctx = ScmpFilterContext::new_filter(ScmpAction::KillThread)?; | ||
|
||
ctx.add_rule_exact(ScmpAction::Allow, ScmpSyscall::from_name("read")?)?; | ||
ctx.add_rule_exact(ScmpAction::Allow, ScmpSyscall::from_name("write")?)?; | ||
ctx.add_rule_exact(ScmpAction::Allow, ScmpSyscall::from_name("close")?)?; | ||
ctx.add_rule_exact(ScmpAction::Allow, ScmpSyscall::from_name("rt_sigreturn")?)?; | ||
|
||
util_filter_output(&opts, &ctx) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
// SPDX-License-Identifier: LGPL-2.1-only | ||
// | ||
// Copyright 2023 Sony Group Corporation | ||
// | ||
// Seccomp Library test program | ||
// | ||
|
||
use anyhow::Result; | ||
use libseccomp::*; | ||
use std::io::{stderr, stdin, stdout}; | ||
use std::os::unix::io::AsRawFd; | ||
use utils::*; | ||
|
||
fn main() -> Result<()> { | ||
let opts = util_getopt(); | ||
let mut ctx = ScmpFilterContext::new_filter(ScmpAction::KillThread)?; | ||
|
||
ctx.add_rule_conditional_exact( | ||
ScmpAction::Allow, | ||
ScmpSyscall::from_name("read")?, | ||
&[scmp_cmp!($arg0 == stdin().as_raw_fd() as u64)], | ||
)?; | ||
ctx.add_rule_conditional_exact( | ||
ScmpAction::Allow, | ||
ScmpSyscall::from_name("write")?, | ||
&[scmp_cmp!($arg0 == stdout().as_raw_fd() as u64)], | ||
)?; | ||
ctx.add_rule_conditional_exact( | ||
ScmpAction::Allow, | ||
ScmpSyscall::from_name("write")?, | ||
&[scmp_cmp!($arg0 == stderr().as_raw_fd() as u64)], | ||
)?; | ||
ctx.add_rule_exact(ScmpAction::Allow, ScmpSyscall::from_name("close")?)?; | ||
ctx.add_rule_exact(ScmpAction::Allow, ScmpSyscall::from_name("rt_sigreturn")?)?; | ||
|
||
util_filter_output(&opts, &ctx) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
// SPDX-License-Identifier: LGPL-2.1-only | ||
// | ||
// Copyright 2023 Sony Group Corporation | ||
// | ||
// Seccomp Library test program | ||
// | ||
|
||
use anyhow::Result; | ||
use libseccomp::*; | ||
use std::io::{stderr, stdin, stdout}; | ||
use std::os::unix::io::AsRawFd; | ||
use utils::*; | ||
|
||
fn main() -> Result<()> { | ||
let opts = util_getopt(); | ||
let mut ctx = ScmpFilterContext::new_filter(ScmpAction::KillThread)?; | ||
|
||
ctx.add_rule(ScmpAction::Allow, ScmpSyscall::from_name("openat")?)?; | ||
ctx.add_rule(ScmpAction::Allow, ScmpSyscall::from_name("close")?)?; | ||
ctx.add_rule_conditional( | ||
ScmpAction::Allow, | ||
ScmpSyscall::from_name("read")?, | ||
&[ | ||
scmp_cmp!($arg0 == stdin().as_raw_fd() as u64), | ||
scmp_cmp!($arg1 != 0), | ||
scmp_cmp!($arg2 < libc::ssize_t::MAX as u64), | ||
], | ||
)?; | ||
ctx.add_rule_conditional( | ||
ScmpAction::Allow, | ||
ScmpSyscall::from_name("write")?, | ||
&[ | ||
scmp_cmp!($arg0 == stdout().as_raw_fd() as u64), | ||
scmp_cmp!($arg1 != 0), | ||
scmp_cmp!($arg2 < libc::ssize_t::MAX as u64), | ||
], | ||
)?; | ||
ctx.add_rule_conditional( | ||
ScmpAction::Allow, | ||
ScmpSyscall::from_name("write")?, | ||
&[ | ||
scmp_cmp!($arg0 == stderr().as_raw_fd() as u64), | ||
scmp_cmp!($arg1 != 0), | ||
scmp_cmp!($arg2 < libc::ssize_t::MAX as u64), | ||
], | ||
)?; | ||
ctx.add_rule(ScmpAction::Allow, ScmpSyscall::from_name("close")?)?; | ||
ctx.add_rule(ScmpAction::Allow, ScmpSyscall::from_name("rt_sigreturn")?)?; | ||
|
||
util_filter_output(&opts, &ctx) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
// SPDX-License-Identifier: LGPL-2.1-only | ||
// | ||
// Copyright 2023 Sony Group Corporation | ||
// | ||
// Seccomp Library test program | ||
// | ||
|
||
use anyhow::Result; | ||
use libseccomp::*; | ||
use utils::*; | ||
|
||
fn main() -> Result<()> { | ||
let opts = util_getopt(); | ||
let mut ctx = ScmpFilterContext::new_filter(ScmpAction::KillThread)?; | ||
|
||
ctx.add_rule(ScmpAction::Allow, ScmpSyscall::from_name("brk")?)?; | ||
|
||
// same syscall, many chains | ||
for iter in 0..100 { | ||
ctx.add_rule_conditional( | ||
ScmpAction::Allow, | ||
ScmpSyscall::from_name("chdir")?, | ||
&[ | ||
scmp_cmp!($arg0 == iter), | ||
scmp_cmp!($arg1 != 0), | ||
scmp_cmp!($arg2 < libc::ssize_t::MAX as u64), | ||
], | ||
)?; | ||
} | ||
|
||
// many syscalls, same chain | ||
let mut ctr = 0; | ||
for iter in 0..10000 { | ||
if ctr >= 100 { | ||
break; | ||
} | ||
|
||
let syscall = ScmpSyscall::from(iter); | ||
if syscall == ScmpSyscall::from_name("chdir")? { | ||
continue; | ||
} | ||
|
||
if syscall.get_name().is_ok() { | ||
ctx.add_rule_conditional(ScmpAction::Allow, iter, &[scmp_cmp!($arg0 != 0)])?; | ||
ctr += 1; | ||
} | ||
} | ||
|
||
ctx.add_rule(ScmpAction::Allow, ScmpSyscall::from_name("close")?)?; | ||
|
||
util_filter_output(&opts, &ctx) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
// SPDX-License-Identifier: LGPL-2.1-only | ||
// | ||
// Copyright 2023 Sony Group Corporation | ||
// | ||
// Seccomp Library test program | ||
// | ||
|
||
use anyhow::Result; | ||
use libseccomp::*; | ||
use utils::*; | ||
|
||
fn main() -> Result<()> { | ||
let opts = util_getopt(); | ||
let mut ctx = ScmpFilterContext::new_filter(ScmpAction::KillThread)?; | ||
|
||
set_api(3)?; | ||
|
||
ctx.add_rule(ScmpAction::Allow, ScmpSyscall::from_name("read")?)?; | ||
ctx.add_rule(ScmpAction::Log, ScmpSyscall::from_name("rt_sigreturn")?)?; | ||
ctx.add_rule( | ||
ScmpAction::Errno(libc::EPERM), | ||
ScmpSyscall::from_name("write")?, | ||
)?; | ||
ctx.add_rule(ScmpAction::Trap, ScmpSyscall::from_name("close")?)?; | ||
ctx.add_rule(ScmpAction::Trace(1234), ScmpSyscall::from_name("openat")?)?; | ||
ctx.add_rule(ScmpAction::KillProcess, ScmpSyscall::from_name("fstatfs")?)?; | ||
|
||
util_filter_output(&opts, &ctx) | ||
} |
Oops, something went wrong.