]>
Commit | Line | Data |
---|---|---|
8befd5cc MG |
1 | #!/usr/bin/env python |
2 | ||
3 | # | |
4 | # Seccomp Library test program | |
5 | # | |
6 | # Copyright (c) 2013 Red Hat <pmoore@redhat.com> | |
7 | # Author: Paul Moore <paul@paul-moore.com> | |
8 | # | |
9 | ||
10 | # | |
11 | # This library is free software; you can redistribute it and/or modify it | |
12 | # under the terms of version 2.1 of the GNU Lesser General Public License as | |
13 | # published by the Free Software Foundation. | |
14 | # | |
15 | # This library is distributed in the hope that it will be useful, but WITHOUT | |
16 | # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | |
17 | # FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License | |
18 | # for more details. | |
19 | # | |
20 | # You should have received a copy of the GNU Lesser General Public License | |
21 | # along with this library; if not, see <http://www.gnu.org/licenses>. | |
22 | # | |
23 | ||
24 | import argparse | |
25 | import sys | |
26 | ||
27 | import util | |
28 | ||
29 | from seccomp import * | |
30 | ||
31 | def test(): | |
32 | action = util.parse_action(sys.argv[1]) | |
33 | if not action == ALLOW: | |
34 | quit(1) | |
35 | util.install_trap() | |
36 | f = SyscallFilter(TRAP) | |
37 | f.set_attr(Attr.CTL_TSYNC, 1) | |
38 | # NOTE: additional syscalls required for python | |
39 | f.add_rule(ALLOW, "stat") | |
40 | f.add_rule(ALLOW, "fstat") | |
41 | f.add_rule(ALLOW, "open") | |
42 | f.add_rule(ALLOW, "openat") | |
43 | f.add_rule(ALLOW, "mmap") | |
44 | f.add_rule(ALLOW, "munmap") | |
45 | f.add_rule(ALLOW, "read") | |
46 | f.add_rule(ALLOW, "write") | |
47 | f.add_rule(ALLOW, "close") | |
48 | f.add_rule(ALLOW, "rt_sigaction") | |
49 | f.add_rule(ALLOW, "rt_sigreturn") | |
50 | f.add_rule(ALLOW, "sigreturn") | |
51 | f.add_rule(ALLOW, "brk") | |
52 | f.add_rule(ALLOW, "exit_group") | |
53 | f.load() | |
54 | try: | |
55 | util.write_file("/dev/null") | |
56 | except OSError as ex: | |
57 | quit(ex.errno) | |
58 | quit(160) | |
59 | ||
60 | test() | |
61 | ||
62 | # kate: syntax python; | |
63 | # kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; |