From 81749f1fe87e489c4e2e7408a0fae9370c3810b3 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Mon, 15 Apr 2024 19:09:30 +0200
Subject: Adding upstream version 2.5.5.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 tests/54-live-binary_tree.py | 96 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 96 insertions(+)
 create mode 100755 tests/54-live-binary_tree.py

(limited to 'tests/54-live-binary_tree.py')

diff --git a/tests/54-live-binary_tree.py b/tests/54-live-binary_tree.py
new file mode 100755
index 0000000..2bc7386
--- /dev/null
+++ b/tests/54-live-binary_tree.py
@@ -0,0 +1,96 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2018 Oracle and/or its affiliates.  All rights reserved.
+# Author: Tom Hromatka <tom.hromatka@oracle.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+denylist = [
+    "times",
+    "ptrace",
+    "getuid",
+    "syslog",
+    "getgid",
+    "setuid",
+    "setgid",
+    "geteuid",
+    "getegid",
+    "setpgid",
+    "getppid",
+    "getpgrp",
+    "setsid",
+    "setreuid",
+    "setregid",
+    "getgroups",
+    "setgroups",
+    "setresuid",
+    "getresuid",
+    "setresgid",
+    "getresgid",
+    "getpgid",
+    "setfsuid",
+    "setfsgid",
+]
+
+def test():
+    action = util.parse_action(sys.argv[1])
+    if not action == ALLOW:
+        quit(1)
+    util.install_trap()
+    f = SyscallFilter(TRAP)
+    f.set_attr(Attr.CTL_TSYNC, 1)
+    f.set_attr(Attr.CTL_OPTIMIZE, 2)
+    # NOTE: additional syscalls required for python
+    f.add_rule(ALLOW, "stat")
+    f.add_rule(ALLOW, "fstat")
+    f.add_rule(ALLOW, "open")
+    f.add_rule(ALLOW, "openat")
+    f.add_rule(ALLOW, "mmap")
+    f.add_rule(ALLOW, "munmap")
+    f.add_rule(ALLOW, "read")
+    f.add_rule(ALLOW, "write")
+    f.add_rule(ALLOW, "close")
+    f.add_rule(ALLOW, "rt_sigaction")
+    f.add_rule(ALLOW, "rt_sigreturn")
+    f.add_rule(ALLOW, "sigreturn")
+    f.add_rule(ALLOW, "sigaltstack")
+    f.add_rule(ALLOW, "brk")
+    f.add_rule(ALLOW, "exit_group")
+
+    for syscall in denylist:
+        f.add_rule(KILL, syscall)
+
+    f.load()
+    try:
+        util.write_file("/dev/null")
+    except OSError as ex:
+        quit(ex.errno)
+    quit(160)
+
+test()
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
-- 
cgit v1.2.3