| 1 | #!/usr/bin/perl |
| 2 | use strict; |
| 3 | use warnings; |
| 4 | |
| 5 | use Test::More tests => 3; |
| 6 | BEGIN { use_ok('Linux::Seccomp', ':all') }; |
| 7 | |
| 8 | |
| 9 | my $fail = 0; |
| 10 | foreach my $constname (qw( |
| 11 | SCMP_ACT_ALLOW SCMP_ACT_KILL SCMP_ACT_TRAP |
| 12 | SCMP_ARCH_AARCH64 SCMP_ARCH_ARM SCMP_ARCH_MIPS SCMP_ARCH_MIPS64 |
| 13 | SCMP_ARCH_MIPS64N32 SCMP_ARCH_MIPSEL SCMP_ARCH_MIPSEL64 |
| 14 | SCMP_ARCH_MIPSEL64N32 SCMP_ARCH_NATIVE SCMP_ARCH_PPC SCMP_ARCH_PPC64 |
| 15 | SCMP_ARCH_PPC64LE SCMP_ARCH_S390 SCMP_ARCH_S390X SCMP_ARCH_X32 |
| 16 | SCMP_ARCH_X86 SCMP_ARCH_X86_64 SCMP_CMP_EQ SCMP_CMP_GE SCMP_CMP_GT |
| 17 | SCMP_CMP_LE SCMP_CMP_LT SCMP_CMP_MASKED_EQ SCMP_CMP_NE |
| 18 | SCMP_FLTATR_ACT_BADARCH SCMP_FLTATR_ACT_DEFAULT SCMP_FLTATR_CTL_NNP |
| 19 | SCMP_FLTATR_CTL_TSYNC SCMP_VER_MAJOR SCMP_VER_MICRO SCMP_VER_MINOR |
| 20 | _SCMP_CMP_MAX _SCMP_CMP_MIN _SCMP_FLTATR_MAX _SCMP_FLTATR_MIN |
| 21 | __NR_SCMP_ERROR __NR_SCMP_UNDEF |
| 22 | __NR__llseek __NR__newselect __NR__sysctl __NR_accept __NR_accept4 |
| 23 | __NR_access __NR_afs_syscall __NR_alarm __NR_arch_prctl |
| 24 | __NR_arm_fadvise64_64 __NR_arm_sync_file_range __NR_bdflush __NR_bind |
| 25 | __NR_break __NR_breakpoint __NR_cachectl __NR_cacheflush __NR_chmod |
| 26 | __NR_chown __NR_chown32 __NR_connect __NR_creat __NR_create_module |
| 27 | __NR_dup2 __NR_epoll_create __NR_epoll_ctl_old __NR_epoll_wait |
| 28 | __NR_epoll_wait_old __NR_eventfd __NR_fadvise64 __NR_fadvise64_64 |
| 29 | __NR_fchown32 __NR_fcntl64 __NR_fork __NR_fstat64 __NR_fstatat64 |
| 30 | __NR_fstatfs64 __NR_ftime __NR_ftruncate64 __NR_futimesat |
| 31 | __NR_get_kernel_syms __NR_get_mempolicy __NR_get_thread_area |
| 32 | __NR_getdents __NR_getegid32 __NR_geteuid32 __NR_getgid32 |
| 33 | __NR_getgroups32 __NR_getpeername __NR_getpgrp __NR_getpmsg |
| 34 | __NR_getrandom __NR_getresgid32 __NR_getresuid32 __NR_getrlimit |
| 35 | __NR_getsockname __NR_getsockopt __NR_getuid32 __NR_gtty __NR_idle |
| 36 | __NR_inotify_init __NR_ioperm __NR_iopl __NR_ipc __NR_kexec_file_load |
| 37 | __NR_lchown __NR_lchown32 __NR_link __NR_listen __NR_lock __NR_lstat |
| 38 | __NR_lstat64 __NR_mbind __NR_membarrier __NR_memfd_create |
| 39 | __NR_migrate_pages __NR_mkdir __NR_mknod __NR_mmap __NR_mmap2 |
| 40 | __NR_modify_ldt __NR_move_pages __NR_mpx __NR_msgctl __NR_msgget |
| 41 | __NR_msgrcv __NR_msgsnd __NR_multiplexer __NR_newfstatat |
| 42 | __NR_nfsservctl __NR_nice __NR_oldfstat __NR_oldlstat __NR_oldolduname |
| 43 | __NR_oldstat __NR_olduname __NR_oldwait4 __NR_open __NR_pause |
| 44 | __NR_pciconfig_iobase __NR_pciconfig_read __NR_pciconfig_write |
| 45 | __NR_pipe __NR_poll __NR_prof __NR_profil __NR_putpmsg |
| 46 | __NR_query_module __NR_readdir __NR_readlink __NR_recv __NR_recvfrom |
| 47 | __NR_recvmmsg __NR_recvmsg __NR_rename __NR_rmdir __NR_rtas |
| 48 | __NR_s390_pci_mmio_read __NR_s390_pci_mmio_write |
| 49 | __NR_s390_runtime_instr __NR_security __NR_select __NR_semctl |
| 50 | __NR_semget __NR_semop __NR_semtimedop __NR_send __NR_sendfile64 |
| 51 | __NR_sendmmsg __NR_sendmsg __NR_sendto __NR_set_mempolicy |
| 52 | __NR_set_thread_area __NR_set_tls __NR_setfsgid32 __NR_setfsuid32 |
| 53 | __NR_setgid32 __NR_setgroups32 __NR_setregid32 __NR_setresgid32 |
| 54 | __NR_setresuid32 __NR_setreuid32 __NR_setsockopt __NR_setuid32 |
| 55 | __NR_sgetmask __NR_shmat __NR_shmctl __NR_shmdt __NR_shmget |
| 56 | __NR_shutdown __NR_sigaction __NR_signal __NR_signalfd __NR_sigpending |
| 57 | __NR_sigprocmask __NR_sigreturn __NR_sigsuspend __NR_socket |
| 58 | __NR_socketcall __NR_socketpair __NR_spu_create __NR_spu_run |
| 59 | __NR_ssetmask __NR_stat __NR_stat64 __NR_statfs64 __NR_stime __NR_stty |
| 60 | __NR_subpage_prot __NR_swapcontext __NR_switch_endian __NR_symlink |
| 61 | __NR_sync_file_range __NR_sync_file_range2 __NR_sys_debug_setcontext |
| 62 | __NR_syscall __NR_sysfs __NR_sysmips __NR_time __NR_timerfd |
| 63 | __NR_truncate64 __NR_tuxcall __NR_ugetrlimit __NR_ulimit __NR_umount |
| 64 | __NR_unlink __NR_uselib __NR_userfaultfd __NR_usr26 __NR_usr32 |
| 65 | __NR_ustat __NR_utime __NR_utimes __NR_vfork __NR_vm86 __NR_vm86old |
| 66 | __NR_vserver __NR_waitpid __PNR__llseek __PNR__newselect __PNR__sysctl |
| 67 | __PNR_accept __PNR_accept4 __PNR_access __PNR_afs_syscall __PNR_alarm |
| 68 | __PNR_arch_prctl __PNR_arm_fadvise64_64 __PNR_arm_sync_file_range |
| 69 | __PNR_bdflush __PNR_bind __PNR_break __PNR_breakpoint __PNR_cachectl |
| 70 | __PNR_cacheflush __PNR_chmod __PNR_chown __PNR_chown32 __PNR_connect |
| 71 | __PNR_creat __PNR_create_module __PNR_dup2 __PNR_epoll_create |
| 72 | __PNR_epoll_ctl_old __PNR_epoll_wait __PNR_epoll_wait_old __PNR_eventfd |
| 73 | __PNR_fadvise64 __PNR_fadvise64_64 __PNR_fchown32 __PNR_fcntl64 |
| 74 | __PNR_fork __PNR_fstat64 __PNR_fstatat64 __PNR_fstatfs64 __PNR_ftime |
| 75 | __PNR_ftruncate64 __PNR_futimesat __PNR_get_kernel_syms |
| 76 | __PNR_get_mempolicy __PNR_get_thread_area __PNR_getdents |
| 77 | __PNR_getegid32 __PNR_geteuid32 __PNR_getgid32 __PNR_getgroups32 |
| 78 | __PNR_getpeername __PNR_getpgrp __PNR_getpmsg __PNR_getrandom |
| 79 | __PNR_getresgid32 __PNR_getresuid32 __PNR_getrlimit __PNR_getsockname |
| 80 | __PNR_getsockopt __PNR_getuid32 __PNR_gtty __PNR_idle |
| 81 | __PNR_inotify_init __PNR_ioperm __PNR_iopl __PNR_ipc |
| 82 | __PNR_kexec_file_load __PNR_lchown __PNR_lchown32 __PNR_link |
| 83 | __PNR_listen __PNR_lock __PNR_lstat __PNR_lstat64 __PNR_mbind |
| 84 | __PNR_membarrier __PNR_memfd_create __PNR_migrate_pages __PNR_mkdir |
| 85 | __PNR_mknod __PNR_mmap __PNR_mmap2 __PNR_modify_ldt __PNR_move_pages |
| 86 | __PNR_mpx __PNR_msgctl __PNR_msgget __PNR_msgrcv __PNR_msgsnd |
| 87 | __PNR_multiplexer __PNR_newfstatat __PNR_nfsservctl __PNR_nice |
| 88 | __PNR_oldfstat __PNR_oldlstat __PNR_oldolduname __PNR_oldstat |
| 89 | __PNR_olduname __PNR_oldwait4 __PNR_open __PNR_pause |
| 90 | __PNR_pciconfig_iobase __PNR_pciconfig_read __PNR_pciconfig_write |
| 91 | __PNR_pipe __PNR_poll __PNR_prof __PNR_profil __PNR_putpmsg |
| 92 | __PNR_query_module __PNR_readdir __PNR_readlink __PNR_recv |
| 93 | __PNR_recvfrom __PNR_recvmmsg __PNR_recvmsg __PNR_rename __PNR_rmdir |
| 94 | __PNR_rtas __PNR_s390_pci_mmio_read __PNR_s390_pci_mmio_write |
| 95 | __PNR_s390_runtime_instr __PNR_security __PNR_select __PNR_semctl |
| 96 | __PNR_semget __PNR_semop __PNR_semtimedop __PNR_send __PNR_sendfile64 |
| 97 | __PNR_sendmmsg __PNR_sendmsg __PNR_sendto __PNR_set_mempolicy |
| 98 | __PNR_set_thread_area __PNR_set_tls __PNR_setfsgid32 __PNR_setfsuid32 |
| 99 | __PNR_setgid32 __PNR_setgroups32 __PNR_setregid32 __PNR_setresgid32 |
| 100 | __PNR_setresuid32 __PNR_setreuid32 __PNR_setsockopt __PNR_setuid32 |
| 101 | __PNR_sgetmask __PNR_shmat __PNR_shmctl __PNR_shmdt __PNR_shmget |
| 102 | __PNR_shutdown __PNR_sigaction __PNR_signal __PNR_signalfd |
| 103 | __PNR_sigpending __PNR_sigprocmask __PNR_sigreturn __PNR_sigsuspend |
| 104 | __PNR_socket __PNR_socketcall __PNR_socketpair __PNR_spu_create |
| 105 | __PNR_spu_run __PNR_ssetmask __PNR_stat __PNR_stat64 __PNR_statfs64 |
| 106 | __PNR_stime __PNR_stty __PNR_subpage_prot __PNR_swapcontext |
| 107 | __PNR_switch_endian __PNR_symlink __PNR_sync_file_range |
| 108 | __PNR_sync_file_range2 __PNR_sys_debug_setcontext __PNR_syscall |
| 109 | __PNR_sysfs __PNR_sysmips __PNR_time __PNR_timerfd __PNR_truncate64 |
| 110 | __PNR_tuxcall __PNR_ugetrlimit __PNR_ulimit __PNR_umount __PNR_unlink |
| 111 | __PNR_uselib __PNR_userfaultfd __PNR_usr26 __PNR_usr32 __PNR_ustat |
| 112 | __PNR_utime __PNR_utimes __PNR_vfork __PNR_vm86 __PNR_vm86old |
| 113 | __PNR_vserver __PNR_waitpid)) { |
| 114 | next if (eval "my \$a = $constname; 1"); |
| 115 | if ($@ =~ /^Your vendor has not defined Linux::Seccomp macro $constname/) { |
| 116 | print "# pass: $@"; |
| 117 | } else { |
| 118 | print "# fail: $@"; |
| 119 | $fail = 1; |
| 120 | } |
| 121 | |
| 122 | } |
| 123 | |
| 124 | ok( $fail == 0 , 'Constants' ); |
| 125 | |
| 126 | my $got_sigsys = 0; |
| 127 | $SIG{SYS} = sub { $got_sigsys = 1 }; |
| 128 | |
| 129 | my $ctx = Linux::Seccomp->new(SCMP_ACT_ALLOW); |
| 130 | $ctx->rule_add(SCMP_ACT_TRAP, syscall_resolve_name('mkdir')); |
| 131 | $ctx->load; |
| 132 | |
| 133 | mkdir 'testdir'; |
| 134 | ok $got_sigsys, 'filter with SCMP_ACT_TRAP on mkdir() works'; |