Some of this was taken from Tycho's original patch.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
Signed-off-by: Paul Moore <paul@paul-moore.com>
48-sim-32b_args
49-sim-64b_comparisons
50-sim-hash_collision
+51-live-user_notification
uint32_t val = (uint32_t)(-1);
scmp_filter_ctx ctx = NULL;
- rc = seccomp_api_set(4);
+ rc = seccomp_api_set(5);
if (rc != 0)
return EOPNOTSUPP;
from seccomp import *
def test():
- set_api(4)
+ set_api(5)
f = SyscallFilter(ALLOW)
if f.get_attr(Attr.ACT_DEFAULT) != ALLOW:
--- /dev/null
+/**
+ * Seccomp Library test program
+ *
+ * Copyright (c) 2019 Cisco Systems, Inc. <pmoore2@cisco.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#include <seccomp.h>
+#include <signal.h>
+#include <syscall.h>
+#include <errno.h>
+#include <stdlib.h>
+
+#include "util.h"
+
+#define MAGIC 0x1122334455667788UL
+
+int main(int argc, char *argv[])
+{
+ int rc, fd = -1, status;
+ struct seccomp_notif *req = NULL;
+ struct seccomp_notif_resp *resp = NULL;
+ scmp_filter_ctx ctx = NULL;
+ pid_t pid = 0;
+
+ ctx = seccomp_init(SCMP_ACT_ALLOW);
+ if (ctx == NULL)
+ return ENOMEM;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_NOTIFY, SCMP_SYS(getpid), 0, NULL);
+ if (rc)
+ goto out;
+
+ rc = seccomp_load(ctx);
+ if (rc < 0)
+ goto out;
+
+ rc = seccomp_notify_fd(ctx);
+ if (rc < 0)
+ goto out;
+ fd = rc;
+
+ pid = fork();
+ if (pid == 0)
+ exit(syscall(SCMP_SYS(getpid)) != MAGIC);
+
+ rc = seccomp_notify_alloc(&req, &resp);
+ if (rc)
+ goto out;
+
+ rc = seccomp_notify_receive(fd, req);
+ if (rc)
+ goto out;
+ if (req->data.nr != SCMP_SYS(getpid)) {
+ rc = -EFAULT;
+ goto out;
+ }
+ rc = seccomp_notify_id_valid(fd, req->id);
+ if (rc)
+ goto out;
+
+ resp->id = req->id;
+ resp->val = MAGIC;
+ resp->error = 0;
+ resp->flags = 0;
+ rc = seccomp_notify_respond(fd, resp);
+ if (rc)
+ goto out;
+
+ if (waitpid(pid, &status, 0) != pid) {
+ rc = -EFAULT;
+ goto out;
+ }
+
+ if (!WIFEXITED(status)) {
+ rc = -EFAULT;
+ goto out;
+ }
+ if (WEXITSTATUS(status)) {
+ rc = -EFAULT;
+ goto out;
+ }
+
+out:
+ if (fd >= 0)
+ close(fd);
+ if (pid)
+ kill(pid, SIGKILL);
+ seccomp_notify_free(req, resp);
+ seccomp_release(ctx);
+
+ if (rc != 0)
+ return (rc < 0 ? -rc : rc);
+ return 160;
+}
--- /dev/null
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2019 Cisco Systems, Inc. <pmoore2@cisco.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import os
+import signal
+import sys
+
+import util
+
+from seccomp import *
+
+def test():
+ magic = os.getuid() + 1
+ f = SyscallFilter(ALLOW)
+ f.add_rule(NOTIFY, "getuid")
+ f.load()
+ pid = os.fork()
+ if pid == 0:
+ val = os.getuid()
+ if val != magic:
+ raise RuntimeError("Response return value failed")
+ quit(1)
+ quit(0)
+ else:
+ notify = f.receive_notify()
+ if notify.syscall != resolve_syscall(Arch(), "getuid"):
+ raise RuntimeError("Notification failed")
+ f.respond_notify(NotificationResponse(notify, magic, 0, 0))
+ wpid, rc = os.waitpid(pid, 0)
+ if os.WIFEXITED(rc) == 0:
+ raise RuntimeError("Child process error")
+ if os.WEXITSTATUS(rc) != 0:
+ raise RuntimeError("Child process error")
+ quit(160)
+
+test()
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
--- /dev/null
+#
+# libseccomp regression test automation data
+#
+# Copyright Cisco Systems 2019
+# Author: Tycho Andersen <tycho@tycho.ws>
+#
+
+test type: live
+
+# Testname API Result
+51-live-user_notification 5 ALLOW
47-live-kill_process \
48-sim-32b_args \
49-sim-64b_comparisons \
- 50-sim-hash_collision
+ 50-sim-hash_collision \
+ 51-live-user_notification
EXTRA_DIST_TESTPYTHON = \
util.py \
47-live-kill_process.tests \
48-sim-32b_args.tests \
49-sim-64b_comparisons.tests \
- 50-sim-hash_collision.tests
+ 50-sim-hash_collision.tests \
+ 51-live-user_notification.tests
EXTRA_DIST_TESTSCRIPTS = \
38-basic-pfc_coverage.sh 38-basic-pfc_coverage.pfc