diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2024-09-18 18:53:19 +0200 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2024-09-19 21:32:56 +0200 |
| commit | c07e10628b6add9ee9664956a28d3f727c9848f8 (patch) | |
| tree | b5fdc96790838d9022ae8dc73ed34980fd307831 | |
| parent | seccomp-util: pass negative fds as is to fsync() and friends (diff) | |
| download | systemd-c07e10628b6add9ee9664956a28d3f727c9848f8.tar.xz systemd-c07e10628b6add9ee9664956a28d3f727c9848f8.zip | |
test: add tests for seccomp_suppress_sync()
| -rw-r--r-- | src/test/test-seccomp.c | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c index 74d950ad1c..459708ee00 100644 --- a/src/test/test-seccomp.c +++ b/src/test/test-seccomp.c @@ -18,6 +18,7 @@ #include "capability-util.h" #include "fd-util.h" #include "fileio.h" +#include "fs-util.h" #include "macro.h" #include "memory-util.h" #include "missing_sched.h" @@ -1229,4 +1230,55 @@ TEST(restrict_suid_sgid) { assert_se(wait_for_terminate_and_check("suidsgidseccomp", pid, WAIT_LOG) == EXIT_SUCCESS); } +static void test_seccomp_suppress_sync_child(void) { + _cleanup_(unlink_and_freep) char *path = NULL; + _cleanup_close_ int fd = -EBADF; + + ASSERT_OK(tempfn_random("/tmp/seccomp_suppress_sync", NULL, &path)); + ASSERT_OK_ERRNO(fd = open(path, O_RDWR | O_CREAT | O_SYNC | O_CLOEXEC, 0666)); + fd = safe_close(fd); + + ASSERT_ERROR_ERRNO(fdatasync(-1), EBADF); + ASSERT_ERROR_ERRNO(fsync(-1), EBADF); + ASSERT_ERROR_ERRNO(syncfs(-1), EBADF); + + ASSERT_ERROR_ERRNO(fdatasync(INT_MAX), EBADF); + ASSERT_ERROR_ERRNO(fsync(INT_MAX), EBADF); + ASSERT_ERROR_ERRNO(syncfs(INT_MAX), EBADF); + + ASSERT_OK(seccomp_suppress_sync()); + + ASSERT_ERROR_ERRNO(fd = open(path, O_RDWR | O_CREAT | O_SYNC | O_CLOEXEC, 0666), EINVAL); + + ASSERT_OK_ERRNO(fdatasync(INT_MAX)); + ASSERT_OK_ERRNO(fsync(INT_MAX)); + ASSERT_OK_ERRNO(syncfs(INT_MAX)); + + ASSERT_ERROR_ERRNO(fdatasync(-1), EBADF); + ASSERT_ERROR_ERRNO(fsync(-1), EBADF); + ASSERT_ERROR_ERRNO(syncfs(-1), EBADF); +} + +TEST(seccomp_suppress_sync) { + pid_t pid; + + if (!is_seccomp_available()) { + log_notice("Seccomp not available, skipping %s", __func__); + return; + } + if (!have_seccomp_privs()) { + log_notice("Not privileged, skipping %s", __func__); + return; + } + + ASSERT_OK_ERRNO(pid = fork()); + + if (pid == 0) { + test_seccomp_suppress_sync_child(); + _exit(EXIT_SUCCESS); + } + + ASSERT_EQ(wait_for_terminate_and_check("seccomp_suppress_sync", pid, WAIT_LOG), EXIT_SUCCESS); +} + DEFINE_TEST_MAIN(LOG_DEBUG); |