rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null
if has_seccomp_support "${SWTPM_EXE}"; then
- seccomp_params="--seccomp action=none"
+ SWTPM_TEST_SECCOMP_OPT="--seccomp action=none"
fi
run_swtpm ${SWTPM_INTERFACE} \
--tpmstate dir=$TPM_PATH \
- --pid file=$PID_FILE \
- ${seccomp_params}
+ --pid file=$PID_FILE
display_processes_by_name "$SWTPM"
rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null
if has_seccomp_support "${SWTPM_EXE}"; then
- seccomp_params="--seccomp action=none"
+ SWTPM_TEST_SECCOMP_OPT="--seccomp action=none"
fi
-run_swtpm ${SWTPM_INTERFACE} --tpm2 ${seccomp_params}
+run_swtpm ${SWTPM_INTERFACE} --tpm2
display_processes_by_name "$SWTPM"
exit 1
fi
- ${SWTPM_EXE} cuse $@ -n ${SWTPM_DEV_NAME##*/}
+ ${SWTPM_EXE} cuse $@ ${SWTPM_TEST_SECCOMP_OPT} \
+ -n ${SWTPM_DEV_NAME##*/}
rc=$?
if [ $rc -ne 0 ]; then
echo "Could not run ${SWTPM_EXE} using ${iface}"
fi
${SWTPM_EXE} socket $@ \
+ ${SWTPM_TEST_SECCOMP_OPT} \
--server type=tcp,port=${SWTPM_SERVER_PORT}${swtpm_server_disconnect} \
--ctrl type=tcp,port=${SWTPM_CTRL_PORT} &
rc=$?
fi
${SWTPM_EXE} socket $@ \
+ ${SWTPM_TEST_SECCOMP_OPT} \
--server type=tcp,port=${SWTPM_SERVER_PORT}${swtpm_server_disconnect} \
--ctrl type=unixio,path=${SWTPM_CTRL_UNIX_PATH} &
rc=$?
fi
${SWTPM_EXE} socket $@ \
+ ${SWTPM_TEST_SECCOMP_OPT} \
--server type=unixio,path=${SWTPM_CMD_UNIX_PATH} \
--ctrl type=tcp,port=${SWTPM_CTRL_PORT} &
rc=$?
fi
${SWTPM_EXE} socket $@ \
+ ${SWTPM_TEST_SECCOMP_OPT} \
--server type=unixio,path=${SWTPM_CMD_UNIX_PATH} \
--ctrl type=unixio,path=${SWTPM_CTRL_UNIX_PATH} &
rc=$?
if ! has_seccomp_support "${swtpm_exe}"; then
return 0
fi
+ if [ -n "${SWTPM_TEST_SECCOMP_OPT}" ]; then
+ return 0
+ fi
tmp=$(grep -E "^Seccomp" /proc/self/status |
cut -d":" -f2 |
cmd = swtpm_exe + " socket --fd=" + str(_fd.fileno())
cmd += " --ctrl type=unixio,clientfd=" + str(_ctrlfd.fileno())
cmd += " --pid file=" + pidfile + " --tpmstate dir=" + tpmpath
+ if os.getenv('SWTPM_TEST_SECCOMP_OPT'):
+ cmd += " " + os.getenv('SWTPM_TEST_SECCOMP_OPT')
print("Running child cmd: %s" % cmd)
try:
if sys.version_info[0] >= 3:
--tpmstate dir=$TPMDIR,mode=$FILEMODE \
--pid file=$PID_FILE \
--log fd=100,level=20 \
- --flags not-need-init &
+ --flags not-need-init \
+ ${SWTPM_TEST_SECCOMP_OPT} &
PID=$!
exec 100>&-
# that causes the swtpm process to exit upon connection close
TPMDIR=`mktemp -d`
-$SWTPM_EXE socket --flags not-need-init -p $PORT --tpmstate dir=$TPMDIR -t &>/dev/null &
+$SWTPM_EXE socket \
+ --flags not-need-init \
+ -p $PORT \
+ --tpmstate dir=$TPMDIR \
+ -t \
+ ${SWTPM_TEST_SECCOMP_OPT} &>/dev/null &
PID=$!
if wait_port_open $PORT $PID 4; then
--pid $PIDPARAM \
--ctrl type=unixio,path=$SWTPM_CTRL_UNIX_PATH,mode=${FILEMODE}${FOWNER} \
--log file=$LOG_FILE,level=20 \
- $RUNAS &
+ $RUNAS \
+ ${SWTPM_TEST_SECCOMP_OPT} &
PID=$!
exec 100>&-
exec 101>&-
# use a pseudo terminal
exec 100<>/dev/ptmx
-$SWTPM_EXE chardev --fd 100 --tpmstate dir=$TPMDIR --pid file=$PID_FILE --ctrl type=unixio,path=$SOCK_PATH &
+$SWTPM_EXE chardev \
+ --fd 100 \
+ --tpmstate dir=$TPMDIR \
+ --pid file=$PID_FILE \
+ --ctrl type=unixio,path=$SOCK_PATH \
+ ${SWTPM_TEST_SECCOMP_OPT} &
PID=$!
if wait_for_file $PID_FILE 3; then
--server port=65431,disconnect=true,bindaddr=$BINDADDR \
--tpmstate dir=$TPMDIR \
--pid file=$PID_FILE \
- --ctrl type=unixio,path=$SOCK_PATH &
+ --ctrl type=unixio,path=$SOCK_PATH \
+ ${SWTPM_TEST_SECCOMP_OPT} &
PID=$!
if wait_for_file $PID_FILE 3; then
--pid file=$PID_FILE \
--ctrl type=unixio,path=$SOCK_PATH \
--key pwdfile=${TESTDIR}/data/tpmstate2/pwdfile.txt,kdf=sha512 \
- --flags not-need-init &
+ --flags not-need-init \
+ ${SWTPM_TEST_SECCOMP_OPT} &
PID=$!
if wait_for_file $PID_FILE 3; then
--pid file=$PID_FILE \
--ctrl type=unixio,path=$SOCK_PATH \
--key pwdfile=${TESTDIR}/data/tpmstate2/pwdfile.txt,kdf=sha512 \
- --flags not-need-init &
+ --flags not-need-init \
+ ${SWTPM_TEST_SECCOMP_OPT} &
PID=$!
if wait_for_file $PID_FILE 3; then
--tpmstate dir=$TPMDIR \
-t \
--pid file=$PID_FILE \
- --log file=$LOG_FILE,level=20 &
+ --log file=$LOG_FILE,level=20 \
+ ${SWTPM_TEST_SECCOMP_OPT} &
PID=$!
if wait_for_file $PID_FILE 3; then
--tpmstate dir=$TPMDIR \
--pid file=$PID_FILE \
--ctrl type=unixio,path=$SWTPM_CTRL_UNIX_PATH \
- --log file=$LOG_FILE,level=20 &
+ --log file=$LOG_FILE,level=20 \
+ ${SWTPM_TEST_SECCOMP_OPT} &
exec 100>&-
echo -n "Test $i: "
$TPMAUTHORING \
--tpm-state $TPMDIR \
- --tpm "$SWTPM_EXE socket" \
+ --tpm "$SWTPM_EXE socket ${SWTPM_TEST_SECCOMP_OPT}" \
--swtpm_ioctl "$SWTPM_IOCTL" \
${PARAMETERS[$i]} 2>&1 >/dev/null
--tpm-state ${workdir} \
--logfile ${workdir}/logfile \
--config ${workdir}/swtpm_setup.conf \
- --tpm "${SWTPM_EXE} socket" \
+ --tpm "${SWTPM_EXE} socket ${SWTPM_TEST_SECCOMP_OPT}" \
--swtpm_ioctl ${SWTPM_IOCTL} \
--take-ownership \
${params} \
--create-ek-cert \
--config ${workdir}/swtpm_setup.conf \
--logfile ${workdir}/logfile \
- --tpm "${SWTPM} socket" \
+ --tpm "${SWTPM} socket ${SWTPM_TEST_SECCOMP_OPT}" \
--swtpm_ioctl ${SWTPM_IOCTL}
if [ $? -ne 0 ]; then
--tpmstate dir=$TPMDIR \
--pid file=$PID_FILE \
--ctrl type=unixio,path=$SOCK_PATH,mode=${FILEMODE}${FOWNER} \
- --tpm2 &
+ --tpm2 \
+ ${SWTPM_TEST_SECCOMP_OPT} &
PID=$!
if wait_for_file $PID_FILE 3; then
--pid file=$PID_FILE \
--ctrl type=unixio,path=$SOCK_PATH \
--log file=$LOGFILE,level=20 \
- --tpm2 &
+ --tpm2 \
+ ${SWTPM_TEST_SECCOMP_OPT} &
PID=$!
if wait_for_file $PID_FILE 3; then
--ctrl type=unixio,path=$SOCK_PATH \
--key pwdfile=${TESTDIR}/data/tpm2state2/pwdfile.txt,kdf=sha512 \
--tpm2 \
- --flags not-need-init &
+ --flags not-need-init \
+ ${SWTPM_TEST_SECCOMP_OPT} &
PID=$!
if wait_for_file $PID_FILE 3; then
--ctrl type=unixio,path=$SOCK_PATH \
--key pwdfile=${TESTDIR}/data/tpm2state2/pwdfile.txt,kdf=sha512 \
--tpm2 \
- --flags not-need-init &
+ --flags not-need-init \
+ ${SWTPM_TEST_SECCOMP_OPT} &
PID=$!
if wait_for_file $PID_FILE 3; then
echo -n "Test $i: "
$TPMAUTHORING \
--tpm-state $TPMDIR \
- --tpm "$SWTPM_EXE socket" \
+ --tpm "$SWTPM_EXE socket ${SWTPM_TEST_SECCOMP_OPT}" \
--swtpm_ioctl "$SWTPM_IOCTL" \
${PARAMETERS[$i]} 2>&1 >/dev/null
--pid file=$PID_FILE \
--ctrl type=unixio,path=$SOCK_PATH \
--log file=$LOGFILE,level=20 \
- --tpm2 &
+ --tpm2 \
+ ${SWTPM_TEST_SECCOMP_OPT} &
if wait_for_file $PID_FILE 3; then
echo "Error: (1) Socket TPM did not write pidfile."
--pid file=$PID_FILE \
--ctrl type=unixio,path=$SOCK_PATH \
--log file=$LOGFILE,level=20 \
- --tpm2 &
+ --tpm2 \
+ ${SWTPM_TEST_SECCOMP_OPT} &
if wait_for_file $PID_FILE 3; then
echo "Error: (2) Socket TPM did not write pidfile."
--pid file=$PID_FILE \
--ctrl type=unixio,path=$SOCK_PATH \
--log file=$LOGFILE,level=20 \
- --tpm2 &
+ --tpm2 \
+ ${SWTPM_TEST_SECCOMP_OPT} &
if wait_for_file $PID_FILE 3; then
echo "Error: (3) Socket TPM did not write pidfile."
--pid file=$PID_FILE \
--ctrl type=unixio,path=$SOCK_PATH \
--log file=$LOGFILE,level=20 \
- --tpm2 &
+ --tpm2 \
+ ${SWTPM_TEST_SECCOMP_OPT} &
if wait_for_file $PID_FILE 3; then
echo "Error: (3) Socket TPM did not write pidfile."
--pid file=$PID_FILE \
--ctrl type=unixio,path=$SOCK_PATH \
--log file=$LOGFILE,level=20 \
- --tpm2 &
+ --tpm2 \
+ ${SWTPM_TEST_SECCOMP_OPT} &
if wait_for_file $PID_FILE 3; then
echo "Error: (3) Socket TPM did not write pidfile."
--pid file=$PID_FILE \
--ctrl type=unixio,path=$SOCK_PATH \
--log file=$LOGFILE,level=20 \
- --tpm2 &
+ --tpm2 \
+ ${SWTPM_TEST_SECCOMP_OPT} &
if wait_for_file $PID_FILE 3; then
echo "Error: (3) Socket TPM did not write pidfile."
--pid file=$PID_FILE \
--ctrl type=unixio,path=$SOCK_PATH \
--log file=$LOGFILE,level=20 \
- --tpm2 &
+ --tpm2 \
+ ${SWTPM_TEST_SECCOMP_OPT} &
if wait_for_file $PID_FILE 3; then
echo "Error: (3) Socket TPM did not write pidfile."
--pid file=$PID_FILE \
--ctrl type=unixio,path=$SOCK_PATH \
--log file=$LOGFILE,level=20 \
- --tpm2 &
+ --tpm2 \
+ ${SWTPM_TEST_SECCOMP_OPT} &
if wait_for_file $PID_FILE 3; then
echo "Error: (3) Socket TPM did not write pidfile."
--pid file=$PID_FILE \
--ctrl type=unixio,path=$SOCK_PATH \
--log file=$LOGFILE,level=20 \
- --tpm2 &
+ --tpm2 \
+ ${SWTPM_TEST_SECCOMP_OPT} &
if wait_for_file $PID_FILE 3; then
echo "Error: (3) Socket TPM did not write pidfile."
--pid file=$PID_FILE \
--ctrl type=unixio,path=$SOCK_PATH \
--log file=$LOGFILE,level=20 \
- --tpm2 &
+ --tpm2 \
+ ${SWTPM_TEST_SECCOMP_OPT} &
if wait_for_file $PID_FILE 3; then
echo "Error: (3) Socket TPM did not write pidfile."
--pid file=$PID_FILE \
--ctrl type=unixio,path=$SOCK_PATH \
--log file=$LOGFILE,level=20 \
- --tpm2 &
+ --tpm2 \
+ ${SWTPM_TEST_SECCOMP_OPT} &
if wait_for_file $PID_FILE 3; then
echo "Error: (3) Socket TPM did not write pidfile."
--pid file=$PID_FILE \
--ctrl type=unixio,path=$SOCK_PATH \
--log file=$LOGFILE,level=20 \
- --tpm2 &
+ --tpm2 \
+ ${SWTPM_TEST_SECCOMP_OPT} &
if wait_for_file $PID_FILE 3; then
echo "Error: (3) Socket TPM did not write pidfile."
--create-platform-cert \
--config ${workdir}/swtpm_setup.conf \
--logfile ${workdir}/logfile \
- --tpm "${SWTPM} socket" \
+ --tpm "${SWTPM} socket ${SWTPM_TEST_SECCOMP_OPT}" \
--swtpm_ioctl ${SWTPM_IOCTL}
if [ $? -ne 0 ]; then
--create-ek-cert \
--config ${workdir}/swtpm_setup.conf \
--logfile ${workdir}/logfile \
- --tpm "${SWTPM} socket" \
+ --tpm "${SWTPM} socket ${SWTPM_TEST_SECCOMP_OPT}" \
--swtpm_ioctl ${SWTPM_IOCTL} \
--overwrite
rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null
-$SWTPM_EXE chardev --tpm2 --vtpm-proxy --tpmstate dir=$TPM_PATH --ctrl type=unixio,path=$SOCK_PATH --pid file=$PID_FILE &>$LOGFILE &
+$SWTPM_EXE chardev \
+ --tpm2 \
+ --vtpm-proxy \
+ --tpmstate dir=$TPM_PATH \
+ --ctrl type=unixio,path=$SOCK_PATH \
+ --pid file=$PID_FILE \
+ ${SWTPM_TEST_SECCOMP_OPT} &>$LOGFILE &
sleep 0.5
PID=$(ps aux | grep $SWTPM | grep -E " file=${PID_FILE}\$" | gawk '{print $2}')
$SWTPM_EXE chardev --vtpm-proxy \
--tpmstate dir=$TPM_PATH \
--ctrl type=unixio,path=$SOCK_PATH \
- --pid file=$PID_FILE &>$LOGFILE &
+ --pid file=$PID_FILE \
+ ${SWTPM_TEST_SECCOMP_OPT} &>$LOGFILE &
sleep 0.5
PID=$(ps aux | grep $SWTPM | grep -E " file=${PID_FILE}\$" | gawk '{print $2}')