crtxcr/exile.h
1
0
Fork 0
Code Issues 14 Pull Requests 1 Releases Wiki Activity

test: implement test_seccomp_errno()

Browse Source
This commit is contained in:
Albert S. 2021-09-05 12:31:16 +02:00
parent 68fd1a0a87
commit 26f391f736
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
test.c
View File

@ -80,6 +80,22 @@ int test_seccomp_require_last_matchall(int argc, char *argv[])
return qssb_enable_policy(policy); return qssb_enable_policy(policy);
} }
int test_seccomp_errno(int argc, char *argv[])
{
struct qssb_policy *policy = qssb_init_policy();
policy->not_dumpable = 0;
qssb_append_syscall_policy(policy, QSSB_SYSCALL_DENY_RET_ERROR, QSSB_SYS(close));
qssb_append_syscall_default_policy(policy, QSSB_SYSCALL_ALLOW);
xqssb_enable_policy(policy);
uid_t id = getuid();
int fd = close(0);
printf("close() return code: %i, errno: %s\n", fd, strerror(errno));
return fd == -1 ? 0 : 1;
}
int test_landlock(int argc, char *argv[]) int test_landlock(int argc, char *argv[])
{ {
struct qssb_policy *policy = qssb_init_policy(); struct qssb_policy *policy = qssb_init_policy();
@ -178,6 +194,7 @@ struct dispatcher dispatchers[] = {
{ "seccomp-blacklisted-permitted", &test_seccomp_blacklisted_call_permitted, true }, { "seccomp-blacklisted-permitted", &test_seccomp_blacklisted_call_permitted, true },
{ "seccomp-x32-kill", &test_seccomp_x32_kill, false}, { "seccomp-x32-kill", &test_seccomp_x32_kill, false},
{ "seccomp-require-last-matchall", &test_seccomp_require_last_matchall, false}, { "seccomp-require-last-matchall", &test_seccomp_require_last_matchall, false},
{ "seccomp-errno", &test_seccomp_errno, true},
{ "landlock", &test_landlock, true }, { "landlock", &test_landlock, true },
{ "landlock-deny-write", &test_landlock_deny_write, true }, { "landlock-deny-write", &test_landlock_deny_write, true },
{ "no_fs", &test_nofs, false}, { "no_fs", &test_nofs, false},