GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

tests: added test for broken seccomp

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2015-01-29 14:07:55 +01:00
parent 55c54202e1
commit 889d6ba0b7
2 changed files with 43 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
tests/Makefile.am
View File

@@ -8,6 +8,9 @@ EXTRA_DIST = ca-key.pem ca.pem common.sh server-cert.pem server-key.pem test1.co
SUBDIRS = docker-ocserv
check_PROGRAMS = test-broken-seccomp
test_broken_seccomp_LDADD = $(LDADD) -lseccomp
dist_check_SCRIPTS = test-pass test-pass-cert test-cert test-iroute test-pass-script \
test-multi-cookie test-pam test-stress full-test test-group-pass test-pass-group-cert \
ocpasswd-test test-pass-group-cert-no-pass unix-test test-pass-opt-cert \
@@ -16,7 +19,7 @@ dist_check_SCRIPTS = test-pass test-pass-cert test-cert test-iroute test-pass-sc
TESTS = test-pass test-pass-cert test-cert test-iroute test-pass-script \
test-multi-cookie full-test test-group-pass test-pass-group-cert \
ocpasswd-test test-pass-group-cert-no-pass unix-test test-pass-opt-cert \
test-cookie-timeout test-cookie-timeout-2
test-cookie-timeout test-cookie-timeout-2 test-broken-seccomp
TESTS_ENVIRONMENT = srcdir="$(srcdir)" \
top_builddir="$(top_builddir)"

39
tests/test-broken-seccomp.c Normal file
View File

@@ -0,0 +1,39 @@
#include <stdlib.h>
#include <stdio.h>
#include <seccomp.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <assert.h>
int main()
{
scmp_filter_ctx ctx;
fd_set rfds;
int fd = open("/dev/null", O_RDONLY), ret;
ctx = seccomp_init(SCMP_ACT_ERRNO(EPERM));
assert(ctx != 0);
assert(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(select), 0) == 0);
/* to allow printing and exiting */
assert(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(writev), 0) == 0);
assert(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 0) == 0);
assert(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit), 0) == 0);
assert(seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit_group), 0) == 0);
assert (seccomp_load(ctx) == 0);
FD_ZERO(&rfds);
FD_SET(fd, &rfds);
ret = select(fd+1, &rfds, NULL, NULL, NULL);
if (ret < 0) {
fprintf(stderr, "select is blocked!\n");
exit(1);
}
fprintf(stderr, "all ok\n");
exit(0);
}