Message ID | 20231009124046.74710-5-hengqi.chen@gmail.com (mailing list archive) |
---|---|
State | Superseded |
Delegated to: | BPF |
Headers | show |
Series | seccomp: Make seccomp filter reusable | expand |
On Mon, Oct 09, 2023 at 12:40:46PM +0000, Hengqi Chen wrote: > Add a testcase to exercise the newly added SECCOMP_LOAD_FILTER > and SECCOMP_ATTACH_FILTER operations. > > Signed-off-by: Hengqi Chen <hengqi.chen@gmail.com> > --- > tools/testing/selftests/seccomp/seccomp_bpf.c | 20 +++++++++++++++++++ > 1 file changed, 20 insertions(+) > > diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c > index 38f651469968..8f7010482194 100644 > --- a/tools/testing/selftests/seccomp/seccomp_bpf.c > +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c > @@ -4735,6 +4735,26 @@ TEST(user_notification_wait_killable_fatal) > EXPECT_EQ(SIGTERM, WTERMSIG(status)); > } > > +TEST(seccomp_filter_load_and_attach) > +{ > + struct sock_filter filter[] = { > + BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), > + }; > + struct sock_fprog prog = { > + .len = (unsigned short)ARRAY_SIZE(filter), > + .filter = filter, > + }; > + int fd, ret; > + > + fd = seccomp(SECCOMP_LOAD_FILTER, 0, &prog); > + ASSERT_GT(fd, -1); > + > + ret = seccomp(SECCOMP_ATTACH_FILTER, 0, &fd); > + ASSERT_EQ(ret, 0); > + > + close(fd); > +} This is a good start -- please check all the error paths as well. Thanks for continuing to work on this!
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index 38f651469968..8f7010482194 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -4735,6 +4735,26 @@ TEST(user_notification_wait_killable_fatal) EXPECT_EQ(SIGTERM, WTERMSIG(status)); } +TEST(seccomp_filter_load_and_attach) +{ + struct sock_filter filter[] = { + BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), + }; + struct sock_fprog prog = { + .len = (unsigned short)ARRAY_SIZE(filter), + .filter = filter, + }; + int fd, ret; + + fd = seccomp(SECCOMP_LOAD_FILTER, 0, &prog); + ASSERT_GT(fd, -1); + + ret = seccomp(SECCOMP_ATTACH_FILTER, 0, &fd); + ASSERT_EQ(ret, 0); + + close(fd); +} + /* * TODO: * - expand NNP testing
Add a testcase to exercise the newly added SECCOMP_LOAD_FILTER and SECCOMP_ATTACH_FILTER operations. Signed-off-by: Hengqi Chen <hengqi.chen@gmail.com> --- tools/testing/selftests/seccomp/seccomp_bpf.c | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+)