A number of the tests made assumptions about the native architecture which would cause problems when there was a byte-ordering mis-match between the native system and the architectures used in the test.
Signed-off-by: Paul Moore <[email protected]> --- tests/16-sim-arch_basic.c | 45 ++++++++++++++++--------------------- tests/16-sim-arch_basic.py | 16 +++++-------- tests/17-sim-arch_merge.c | 29 +++++++++++------------- tests/17-sim-arch_merge.py | 10 +++----- tests/19-sim-missing_syscalls.c | 15 ++++++------ tests/19-sim-missing_syscalls.py | 5 ++-- tests/23-sim-arch_all_le_basic.c | 45 ++++++++++++++++--------------------- tests/23-sim-arch_all_le_basic.py | 16 +++++-------- tests/26-sim-arch_all_be_basic.c | 18 ++++++--------- tests/26-sim-arch_all_be_basic.py | 5 +--- 10 files changed, 84 insertions(+), 120 deletions(-) diff --git a/tests/16-sim-arch_basic.c b/tests/16-sim-arch_basic.c index 7a41d78..d63a1c4 100644 --- a/tests/16-sim-arch_basic.c +++ b/tests/16-sim-arch_basic.c @@ -40,32 +40,25 @@ int main(int argc, char *argv[]) if (ctx == NULL) goto out; - if (seccomp_arch_exist(ctx, SCMP_ARCH_X86)) { - rc = seccomp_arch_add(ctx, SCMP_ARCH_X86); - if (rc != 0) - goto out; - } - if (seccomp_arch_exist(ctx, SCMP_ARCH_X86_64)) { - rc = seccomp_arch_add(ctx, SCMP_ARCH_X86_64); - if (rc != 0) - goto out; - } - if (seccomp_arch_exist(ctx, SCMP_ARCH_X32)) { - rc = seccomp_arch_add(ctx, SCMP_ARCH_X32); - if (rc != 0) - goto out; - } - if (seccomp_arch_exist(ctx, SCMP_ARCH_ARM)) { - rc = seccomp_arch_add(ctx, SCMP_ARCH_ARM); - if (rc != 0) - goto out; - } - - if (seccomp_arch_exist(ctx, SCMP_ARCH_MIPSEL)) { - rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL); - if (rc != 0) - goto out; - } + rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE); + if (rc != 0) + goto out; + + rc = seccomp_arch_add(ctx, SCMP_ARCH_X86); + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_X86_64); + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_X32); + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_ARM); + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL); + if (rc != 0) + goto out; rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); diff --git a/tests/16-sim-arch_basic.py b/tests/16-sim-arch_basic.py index 21272eb..b067d1b 100755 --- a/tests/16-sim-arch_basic.py +++ b/tests/16-sim-arch_basic.py @@ -30,16 +30,12 @@ from seccomp import * def test(args): f = SyscallFilter(KILL) - if not f.exist_arch(Arch.X86): - f.add_arch(Arch.X86) - if not f.exist_arch(Arch.X86_64): - f.add_arch(Arch.X86_64) - if not f.exist_arch(Arch.X32): - f.add_arch(Arch.X32) - if not f.exist_arch(Arch.ARM): - f.add_arch(Arch.ARM) - if not f.exist_arch(Arch.MIPSEL): - f.add_arch(Arch.MIPSEL) + f.remove_arch(Arch.NATIVE) + f.add_arch(Arch.X86) + f.add_arch(Arch.X86_64) + f.add_arch(Arch.X32) + f.add_arch(Arch.ARM) + f.add_arch(Arch.MIPSEL) f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) diff --git a/tests/17-sim-arch_merge.c b/tests/17-sim-arch_merge.c index 46d9601..cb0e33c 100644 --- a/tests/17-sim-arch_merge.c +++ b/tests/17-sim-arch_merge.c @@ -43,22 +43,19 @@ int main(int argc, char *argv[]) if (ctx_64 == NULL) goto out_all; - if (seccomp_arch_exist(ctx_32, SCMP_ARCH_X86) == -EEXIST) { - rc = seccomp_arch_add(ctx_32, SCMP_ARCH_X86); - if (rc != 0) - goto out_all; - rc = seccomp_arch_remove(ctx_32, SCMP_ARCH_NATIVE); - if (rc != 0) - goto out_all; - } - if (seccomp_arch_exist(ctx_64, SCMP_ARCH_X86_64) == -EEXIST) { - rc = seccomp_arch_add(ctx_64, SCMP_ARCH_X86_64); - if (rc != 0) - goto out_all; - rc = seccomp_arch_remove(ctx_64, SCMP_ARCH_NATIVE); - if (rc != 0) - goto out_all; - } + rc = seccomp_arch_remove(ctx_32, SCMP_ARCH_NATIVE); + if (rc != 0) + goto out; + rc = seccomp_arch_remove(ctx_64, SCMP_ARCH_NATIVE); + if (rc != 0) + goto out; + + rc = seccomp_arch_add(ctx_32, SCMP_ARCH_X86); + if (rc != 0) + goto out_all; + rc = seccomp_arch_add(ctx_64, SCMP_ARCH_X86_64); + if (rc != 0) + goto out_all; rc = seccomp_rule_add(ctx_32, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); diff --git a/tests/17-sim-arch_merge.py b/tests/17-sim-arch_merge.py index 44e9cc4..84cf840 100755 --- a/tests/17-sim-arch_merge.py +++ b/tests/17-sim-arch_merge.py @@ -31,12 +31,10 @@ from seccomp import * def test(args): f32 = SyscallFilter(KILL) f64 = SyscallFilter(KILL) - if not f32.exist_arch(Arch.X86): - f32.add_arch(Arch.X86) - f32.remove_arch(Arch.NATIVE) - if not f64.exist_arch(Arch.X86_64): - f64.add_arch(Arch.X86_64) - f64.remove_arch(Arch.NATIVE) + f32.remove_arch(Arch.NATIVE) + f64.remove_arch(Arch.NATIVE) + f32.add_arch(Arch.X86) + f64.add_arch(Arch.X86_64) f32.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) f32.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) f32.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) diff --git a/tests/19-sim-missing_syscalls.c b/tests/19-sim-missing_syscalls.c index 84c197b..fec9185 100644 --- a/tests/19-sim-missing_syscalls.c +++ b/tests/19-sim-missing_syscalls.c @@ -40,14 +40,13 @@ int main(int argc, char *argv[]) if (ctx == NULL) goto out; - if (seccomp_arch_native() != SCMP_ARCH_X86) { - rc = seccomp_arch_add(ctx, SCMP_ARCH_X86); - if (rc != 0) - goto out; - rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE); - if (rc != 0) - goto out; - } + rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE); + if (rc != 0) + goto out; + + rc = seccomp_arch_add(ctx, SCMP_ARCH_X86); + if (rc != 0) + goto out; rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(tuxcall), 0); if (rc != 0) diff --git a/tests/19-sim-missing_syscalls.py b/tests/19-sim-missing_syscalls.py index 38408b1..7c6d2f2 100755 --- a/tests/19-sim-missing_syscalls.py +++ b/tests/19-sim-missing_syscalls.py @@ -30,9 +30,8 @@ from seccomp import * def test(args): f = SyscallFilter(KILL) - if not system_arch() == Arch.X86: - f.add_arch(Arch.X86) - f.remove_arch(Arch.NATIVE) + f.remove_arch(Arch.NATIVE) + f.add_arch(Arch.X86) f.add_rule(ALLOW, "tuxcall") try: f.add_rule_exactly(ALLOW, "tuxcall") diff --git a/tests/23-sim-arch_all_le_basic.c b/tests/23-sim-arch_all_le_basic.c index d1b0a27..92f5eb7 100644 --- a/tests/23-sim-arch_all_le_basic.c +++ b/tests/23-sim-arch_all_le_basic.c @@ -39,32 +39,25 @@ int main(int argc, char *argv[]) if (ctx == NULL) goto out; - if (seccomp_arch_exist(ctx, SCMP_ARCH_X86)) { - rc = seccomp_arch_add(ctx, SCMP_ARCH_X86); - if (rc != 0) - goto out; - } - if (seccomp_arch_exist(ctx, SCMP_ARCH_X86_64)) { - rc = seccomp_arch_add(ctx, SCMP_ARCH_X86_64); - if (rc != 0) - goto out; - } - if (seccomp_arch_exist(ctx, SCMP_ARCH_X32)) { - rc = seccomp_arch_add(ctx, SCMP_ARCH_X32); - if (rc != 0) - goto out; - } - if (seccomp_arch_exist(ctx, SCMP_ARCH_ARM)) { - rc = seccomp_arch_add(ctx, SCMP_ARCH_ARM); - if (rc != 0) - goto out; - } - - if (seccomp_arch_exist(ctx, SCMP_ARCH_MIPSEL)) { - rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL); - if (rc != 0) - goto out; - } + rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE); + if (rc != 0) + goto out; + + rc = seccomp_arch_add(ctx, SCMP_ARCH_X86); + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_X86_64); + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_X32); + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_ARM); + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL); + if (rc != 0) + goto out; rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); diff --git a/tests/23-sim-arch_all_le_basic.py b/tests/23-sim-arch_all_le_basic.py index eb3f478..a126e7e 100755 --- a/tests/23-sim-arch_all_le_basic.py +++ b/tests/23-sim-arch_all_le_basic.py @@ -30,16 +30,12 @@ from seccomp import * def test(args): f = SyscallFilter(KILL) - if not f.exist_arch(Arch.X86): - f.add_arch(Arch.X86) - if not f.exist_arch(Arch.X86_64): - f.add_arch(Arch.X86_64) - if not f.exist_arch(Arch.X32): - f.add_arch(Arch.X32) - if not f.exist_arch(Arch.ARM): - f.add_arch(Arch.ARM) - if not f.exist_arch(Arch.MIPSEL): - f.add_arch(Arch.MIPSEL) + f.remove_arch(Arch.NATIVE) + f.add_arch(Arch.X86) + f.add_arch(Arch.X86_64) + f.add_arch(Arch.X32) + f.add_arch(Arch.ARM) + f.add_arch(Arch.MIPSEL) f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) diff --git a/tests/26-sim-arch_all_be_basic.c b/tests/26-sim-arch_all_be_basic.c index 8fd62a2..253138b 100644 --- a/tests/26-sim-arch_all_be_basic.c +++ b/tests/26-sim-arch_all_be_basic.c @@ -38,17 +38,13 @@ int main(int argc, char *argv[]) if (ctx == NULL) goto out; - /* - * Remove the native arch token. We will add the arch tokens - * ourselves. - */ - seccomp_arch_remove(ctx, seccomp_arch_native()); - - if (seccomp_arch_exist(ctx, SCMP_ARCH_MIPS)) { - rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPS); - if (rc != 0) - goto out; - } + rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE); + if (rc != 0) + goto out; + + rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPS); + if (rc != 0) + goto out; rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); diff --git a/tests/26-sim-arch_all_be_basic.py b/tests/26-sim-arch_all_be_basic.py index a2a58d1..e8870d3 100755 --- a/tests/26-sim-arch_all_be_basic.py +++ b/tests/26-sim-arch_all_be_basic.py @@ -29,11 +29,8 @@ from seccomp import * def test(args): f = SyscallFilter(KILL) - # Remove the native arch token. We will add the arch tokens - # ourselves. f.remove_arch(Arch.NATIVE) - if not f.exist_arch(Arch.MIPS): - f.add_arch(Arch.MIPS) + f.add_arch(Arch.MIPS) f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) ------------------------------------------------------------------------------ Start Your Social Network Today - Download eXo Platform Build your Enterprise Intranet with eXo Platform Software Java Based Open Source Intranet - Social, Extensible, Cloud Ready Get Started Now And Turn Your Intranet Into A Collaboration Platform http://p.sf.net/sfu/ExoPlatform _______________________________________________ libseccomp-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
