Commit | Line | Data |
---|---|---|
8befd5cc MG |
1 | #!/usr/bin/env python |
2 | ||
3 | # | |
4 | # Seccomp Library test program | |
5 | # | |
6 | # Copyright (c) 2012 Red Hat <pmoore@redhat.com> | |
7 | # Author: Paul Moore <paul@paul-moore.com> | |
8 | # | |
9 | ||
10 | # | |
11 | # This library is free software; you can redistribute it and/or modify it | |
12 | # under the terms of version 2.1 of the GNU Lesser General Public License as | |
13 | # published by the Free Software Foundation. | |
14 | # | |
15 | # This library is distributed in the hope that it will be useful, but WITHOUT | |
16 | # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | |
17 | # FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License | |
18 | # for more details. | |
19 | # | |
20 | # You should have received a copy of the GNU Lesser General Public License | |
21 | # along with this library; if not, see <http://www.gnu.org/licenses>. | |
22 | # | |
23 | ||
24 | import argparse | |
25 | import sys | |
26 | ||
27 | import util | |
28 | ||
29 | from seccomp import * | |
30 | ||
31 | def test(): | |
32 | # this test differs from the native test for obvious reasons | |
33 | try: | |
34 | f = SyscallFilter(ALLOW + 1) | |
35 | except RuntimeError: | |
36 | pass | |
37 | ||
38 | f = SyscallFilter(ALLOW) | |
39 | try: | |
40 | f.reset(KILL + 1) | |
41 | except ValueError: | |
42 | pass | |
43 | ||
44 | f = SyscallFilter(ALLOW) | |
45 | try: | |
46 | f.syscall_priority(-10000, 1) | |
47 | except RuntimeError: | |
48 | pass | |
49 | ||
50 | f = SyscallFilter(ALLOW) | |
51 | try: | |
52 | f.add_rule(ALLOW, "read") | |
53 | except RuntimeError: | |
54 | pass | |
55 | try: | |
56 | f.add_rule(KILL - 1, "read") | |
57 | except RuntimeError: | |
58 | pass | |
59 | try: | |
60 | f.add_rule(KILL, "read", | |
61 | Arg(0, EQ, 0), | |
62 | Arg(1, EQ, 1), | |
63 | Arg(2, EQ, 2), | |
64 | Arg(3, EQ, 3), | |
65 | Arg(4, EQ, 4), | |
66 | Arg(5, EQ, 5), | |
67 | Arg(6, EQ, 6), | |
68 | Arg(7, EQ, 7)) | |
69 | except RuntimeError: | |
70 | pass | |
71 | try: | |
72 | f.add_rule(KILL, -1001) | |
73 | except RuntimeError: | |
74 | pass | |
75 | ||
76 | f = SyscallFilter(ALLOW) | |
77 | f.remove_arch(Arch()) | |
78 | f.add_arch(Arch("x86")) | |
79 | try: | |
80 | f.add_rule_exactly(KILL, "socket", Arg(0, EQ, 2)) | |
81 | except RuntimeError: | |
82 | pass | |
83 | ||
84 | f = SyscallFilter(ALLOW) | |
85 | try: | |
86 | f.add_rule(ERRNO(0xffff), "read") | |
87 | except RuntimeError: | |
88 | pass | |
89 | ||
90 | test() | |
91 | ||
92 | # kate: syntax python; | |
93 | # kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; |