RubyGems - script_core - Versions diffs - 0.2.6 → 0.2.7 - Mend

script_core 0.2.6 → 0.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (191) hide show

data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.sh ADDED

@@ -0,0 +1,46 @@
+#!/bin/bash
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2019 Oracle and/or its affiliates.  All rights reserved.
+# Author: Tom Hromatka <tom.hromatka@oracle.com>
+#
+####
+# functions
+#
+# Dependency check
+#
+# Arguments:
+#     1    Dependency to check for
+#
+function check_deps() {
+	[[ -z "$1" ]] && return
+	which "$1" >& /dev/null
+	return $?
+}
+#
+# Dependency verification
+#
+# Arguments:
+#     1    Dependency to check for
+#
+function verify_deps() {
+	[[ -z "$1" ]] && return
+	if ! check_deps "$1"; then
+		echo "error: install \"$1\" and include it in your \$PATH"
+		exit 1
+	fi
+}
+####
+# functions
+verify_deps diff
+# compare output to the known good output, fail if different
+./55-basic-pfc_binary_tree | \
+	diff -q ${srcdir:=.}/55-basic-pfc_binary_tree.pfc - > /dev/null

data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.tests ADDED

@@ -0,0 +1,11 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2019 Oracle and/or its affiliates.  All rights reserved.
+# Author: Tom Hromatka <tom.hromatka@oracle.com>
+#
+test type: basic
+# Test command
+55-basic-pfc_binary_tree.sh

data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.c ADDED

@@ -0,0 +1,90 @@
+/**
+ * Seccomp Library test program
+ *
+ * Copyright (c) 2020 Red Hat <gscrivan@redhat.com>
+ * Author: Giuseppe Scrivano <gscrivan@redhat.com>
+ */
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+#include <errno.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <seccomp.h>
+unsigned int arch_list[] = {
+	SCMP_ARCH_NATIVE,
+	SCMP_ARCH_X86,
+	SCMP_ARCH_X86_64,
+	SCMP_ARCH_X32,
+	SCMP_ARCH_ARM,
+	SCMP_ARCH_AARCH64,
+	SCMP_ARCH_MIPS,
+	SCMP_ARCH_MIPS64,
+	SCMP_ARCH_MIPS64N32,
+	SCMP_ARCH_MIPSEL,
+	SCMP_ARCH_MIPSEL64,
+	SCMP_ARCH_MIPSEL64N32,
+	SCMP_ARCH_PPC,
+	SCMP_ARCH_PPC64,
+	SCMP_ARCH_PPC64LE,
+	SCMP_ARCH_S390,
+	SCMP_ARCH_S390X,
+	SCMP_ARCH_PARISC,
+	SCMP_ARCH_PARISC64,
+	SCMP_ARCH_RISCV64,
+	-1
+};
+static int test_arch(int arch, int init)
+{
+	int n, iter = 0;
+	for (iter = init; iter < init + 1000; iter++) {
+		char *name;
+		name = seccomp_syscall_resolve_num_arch(arch, iter);
+		if (name == NULL)
+			continue;
+		n = seccomp_syscall_resolve_name_arch(arch, name);
+		if (n != iter)
+			return 1;
+	}
+	return 0;
+}
+int main(int argc, char *argv[])
+{
+	int iter = 0;
+	for (iter = 0; arch_list[iter] != -1; iter++) {
+		int init = 0;
+		if (arch_list[iter] == SCMP_ARCH_X32)
+			init = 0x40000000;
+		else if (arch_list[iter] == SCMP_ARCH_MIPS)
+			init = 4000;
+		else if (arch_list[iter] == SCMP_ARCH_MIPS64)
+			init = 5000;
+		else if (arch_list[iter] == SCMP_ARCH_MIPS64N32)
+			init = 6000;
+		if (test_arch(arch_list[iter], init) < 0)
+			return 1;
+	}
+	return 0;
+}

data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.py ADDED

@@ -0,0 +1,65 @@
+#!/usr/bin/env python
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2020 Red Hat <gscrivan@redhat.com>
+# Author: Giuseppe Scrivano <gscrivan@redhat.com>
+#
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+import argparse
+import sys
+import util
+from seccomp import *
+arch_list = ["x86",
+             "x86_64",
+             "x32",
+             "arm",
+             "aarch64",
+             "mipsel",
+             "mipsel64",
+             "mipsel64n32",
+             "ppc64le",
+             "riscv64"]
+def test_arch(arch, init):
+    for i in range(init, init + 1000):
+        sys_name = resolve_syscall(arch, i)
+        if sys_name is None:
+            continue
+        n = resolve_syscall(i, sys_name)
+        if i != n:
+            raise RuntimeError("Test failure")
+def test():
+    for i in arch_list:
+        init = 0
+        if i == "x32":
+            init = 0x40000000
+        elif i == "mipsel":
+            init = 4000
+        elif i == "mipsel64":
+            init = 5000
+        elif i == "mipsel64n32":
+            init = 6000
+        test_arch(Arch(i), init)
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;

data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.tests ADDED

@@ -0,0 +1,11 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2020 Red Hat <gscrivan@redhat.com>
+# Author: Giuseppe Scrivano <gscrivan@redhat.com>
+#
+test type: basic
+# Test command
+56-basic-iterate_syscalls

data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.c ADDED

@@ -0,0 +1,64 @@
+/**
+ * Seccomp Library test program
+ *
+ * Copyright (c) 2020 Cisco Systems, Inc. <pmoore2@cisco.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ */
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+#include <errno.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <seccomp.h>
+#include "util.h"
+int main(int argc, char *argv[])
+{
+	int rc;
+	int fd;
+	scmp_filter_ctx ctx = NULL;
+	rc = seccomp_api_set(3);
+	if (rc != 0)
+		return EOPNOTSUPP;
+	ctx = seccomp_init(SCMP_ACT_ALLOW);
+	if (ctx == NULL) {
+		rc = ENOMEM;
+		goto out;
+	}
+	rc = seccomp_attr_set(ctx, SCMP_FLTATR_API_SYSRAWRC, 1);
+	if (rc != 0)
+		goto out;
+	/* we must use a closed/invalid fd for this to work */
+	fd = dup(2);
+	close(fd);
+	rc = seccomp_export_pfc(ctx, fd);
+	if (rc == -EBADF)
+		rc = 0;
+	else
+		rc = -1;
+out:
+	seccomp_release(ctx);
+	return (rc < 0 ? -rc : rc);
+}

data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.py ADDED

@@ -0,0 +1,46 @@
+#!/usr/bin/env python
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2020 Cisco Systems, Inc. <pmoore2@cisco.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+import argparse
+import sys
+import os
+import util
+from seccomp import *
+def test():
+    # this test really isn't conclusive, but considering how python does error
+    # handling it may be the best we can do
+    f = SyscallFilter(ALLOW)
+    dummy = open("/dev/null", "w")
+    os.close(dummy.fileno())
+    try:
+        f = f.export_pfc(dummy)
+    except RuntimeError:
+        pass
+test()
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;

data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.tests ADDED

@@ -0,0 +1,11 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2020 Cisco Systems, Inc. <pmoore2@cisco.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+test type: basic
+# Test command
+57-basic-rawsysrc

data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.c ADDED

@@ -0,0 +1,116 @@
+/**
+ * Seccomp Library test program
+ *
+ * Copyright (c) 2019 Cisco Systems, Inc. <pmoore2@cisco.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ */
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#include <seccomp.h>
+#include <signal.h>
+#include <syscall.h>
+#include <errno.h>
+#include <stdlib.h>
+#include "util.h"
+#define MAGIC 0x1122334455667788UL
+int main(int argc, char *argv[])
+{
+	int rc, fd = -1, status;
+	struct seccomp_notif *req = NULL;
+	struct seccomp_notif_resp *resp = NULL;
+	scmp_filter_ctx ctx = NULL;
+	pid_t pid = 0;
+	ctx = seccomp_init(SCMP_ACT_ALLOW);
+	if (ctx == NULL)
+		return ENOMEM;
+	rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1);
+	if (rc)
+		goto out;
+	rc = seccomp_rule_add(ctx, SCMP_ACT_NOTIFY, SCMP_SYS(getpid), 0, NULL);
+	if (rc)
+		goto out;
+	rc  = seccomp_load(ctx);
+	if (rc < 0)
+		goto out;
+	rc = seccomp_notify_fd(ctx);
+	if (rc < 0)
+		goto out;
+	fd = rc;
+	pid = fork();
+	if (pid == 0)
+		exit(syscall(SCMP_SYS(getpid)) != MAGIC);
+	rc = seccomp_notify_alloc(&req, &resp);
+	if (rc)
+		goto out;
+	rc = seccomp_notify_receive(fd, req);
+	if (rc)
+		goto out;
+	if (req->data.nr != SCMP_SYS(getpid)) {
+		rc = -EFAULT;
+		goto out;
+	}
+	rc = seccomp_notify_id_valid(fd, req->id);
+	if (rc)
+		goto out;
+	resp->id = req->id;
+	resp->val = MAGIC;
+	resp->error = 0;
+	resp->flags = 0;
+	rc = seccomp_notify_respond(fd, resp);
+	if (rc)
+		goto out;
+	if (waitpid(pid, &status, 0) != pid) {
+		rc = -EFAULT;
+		goto out;
+	}
+	if (!WIFEXITED(status)) {
+		rc = -EFAULT;
+		goto out;
+	}
+	if (WEXITSTATUS(status)) {
+		rc = -EFAULT;
+		goto out;
+	}
+out:
+	if (fd >= 0)
+		close(fd);
+	if (pid)
+		kill(pid, SIGKILL);
+	seccomp_notify_free(req, resp);
+	seccomp_release(ctx);
+	if (rc != 0)
+		return (rc < 0 ? -rc : rc);
+	return 160;
+}