diff options
| author | Philipp Stephani | 2020-12-17 11:20:55 +0100 |
|---|---|---|
| committer | Philipp Stephani | 2021-04-10 21:01:46 +0200 |
| commit | f3a7536aa29e6690c66f69174079ba51d40c0443 (patch) | |
| tree | 5f16989652dc6294245f5dc767bbf51cfd9a7983 /test | |
| parent | 2d17e0124e4232db6344b18cec466eb31920e675 (diff) | |
| download | emacs-scratch/seccomp-helper-binary.tar.gz emacs-scratch/seccomp-helper-binary.zip | |
Add a helper binary to create a basic Secure Computing filter.scratch/seccomp-helper-binary
The binary uses the 'seccomp' helper library. The library isn't
needed to load the generated Secure Computing filter.
* configure.ac: Check for 'seccomp' header and library.
* lib-src/seccomp-filter.c: New helper binary to generate a generic
Secure Computing filter for GNU/Linux.
* lib-src/Makefile.in (DONT_INSTALL): Add 'seccomp-filter' helper
binary if possible.
(all): Add Secure Computing filter file if possible.
(seccomp-filter$(EXEEXT)): Compile helper binary.
(seccomp-filter.bpf seccomp-filter.pfc): Generate filter files.
* test/src/emacs-tests.el (emacs-tests/seccomp/allows-stdout)
(emacs-tests/seccomp/forbids-subprocess): New unit tests.
* test/Makefile.in (src/emacs-tests.log): Add dependency on the helper
binary.
Diffstat (limited to 'test')
| -rw-r--r-- | test/Makefile.in | 2 | ||||
| l--------- | test/src/emacs-resources/seccomp-filter.bpf | 1 | ||||
| -rw-r--r-- | test/src/emacs-tests.el | 49 |
3 files changed, 52 insertions, 0 deletions
diff --git a/test/Makefile.in b/test/Makefile.in index ba354289e28..91a8ea141c3 100644 --- a/test/Makefile.in +++ b/test/Makefile.in | |||
| @@ -276,6 +276,8 @@ $(test_module): $(test_module:${SO}=.c) ../src/emacs-module.h | |||
| 276 | $(srcdir)/../lib/timespec.c $(srcdir)/../lib/gettime.c | 276 | $(srcdir)/../lib/timespec.c $(srcdir)/../lib/gettime.c |
| 277 | endif | 277 | endif |
| 278 | 278 | ||
| 279 | src/emacs-tests.log: ../lib-src/seccomp-filter.c | ||
| 280 | |||
| 279 | ## Check that there is no 'automated' subdirectory, which would | 281 | ## Check that there is no 'automated' subdirectory, which would |
| 280 | ## indicate an incomplete merge from an older version of Emacs where | 282 | ## indicate an incomplete merge from an older version of Emacs where |
| 281 | ## the tests were arranged differently. | 283 | ## the tests were arranged differently. |
diff --git a/test/src/emacs-resources/seccomp-filter.bpf b/test/src/emacs-resources/seccomp-filter.bpf new file mode 120000 index 00000000000..b3d603d0aeb --- /dev/null +++ b/test/src/emacs-resources/seccomp-filter.bpf | |||
| @@ -0,0 +1 @@ | |||
| ../../../lib-src/seccomp-filter.bpf \ No newline at end of file | |||
diff --git a/test/src/emacs-tests.el b/test/src/emacs-tests.el index 7618a9c6752..89d811f8b4e 100644 --- a/test/src/emacs-tests.el +++ b/test/src/emacs-tests.el | |||
| @@ -25,7 +25,9 @@ | |||
| 25 | 25 | ||
| 26 | (require 'cl-lib) | 26 | (require 'cl-lib) |
| 27 | (require 'ert) | 27 | (require 'ert) |
| 28 | (require 'ert-x) | ||
| 28 | (require 'rx) | 29 | (require 'rx) |
| 30 | (require 'subr-x) | ||
| 29 | 31 | ||
| 30 | (ert-deftest emacs-tests/seccomp/absent-file () | 32 | (ert-deftest emacs-tests/seccomp/absent-file () |
| 31 | (skip-unless (string-match-p (rx bow "SECCOMP" eow) | 33 | (skip-unless (string-match-p (rx bow "SECCOMP" eow) |
| @@ -128,4 +130,51 @@ to `make-temp-file', which see." | |||
| 128 | (concat "--seccomp=" filter)) | 130 | (concat "--seccomp=" filter)) |
| 129 | 0))))) | 131 | 0))))) |
| 130 | 132 | ||
| 133 | (ert-deftest emacs-tests/seccomp/allows-stdout () | ||
| 134 | (skip-unless (string-match-p (rx bow "SECCOMP" eow) | ||
| 135 | system-configuration-features)) | ||
| 136 | (let ((emacs | ||
| 137 | (expand-file-name invocation-name invocation-directory)) | ||
| 138 | (filter (ert-resource-file "seccomp-filter.bpf")) | ||
| 139 | (process-environment nil)) | ||
| 140 | (skip-unless (file-executable-p emacs)) | ||
| 141 | (skip-unless (file-readable-p filter)) | ||
| 142 | ;; The --seccomp option is processed early, without filename | ||
| 143 | ;; handlers. Therefore remote or quoted filenames wouldn't work. | ||
| 144 | (should-not (file-remote-p filter)) | ||
| 145 | (cl-callf file-name-unquote filter) | ||
| 146 | (with-temp-buffer | ||
| 147 | (let ((status (call-process | ||
| 148 | emacs nil t nil | ||
| 149 | "--quick" "--batch" | ||
| 150 | (concat "--seccomp=" filter) | ||
| 151 | (format "--eval=%S" '(message "Hi"))))) | ||
| 152 | (ert-info ((format "Process output: %s" (buffer-string))) | ||
| 153 | (should (eql status 0))) | ||
| 154 | (should (equal (string-trim (buffer-string)) "Hi")))))) | ||
| 155 | |||
| 156 | (ert-deftest emacs-tests/seccomp/forbids-subprocess () | ||
| 157 | (skip-unless (string-match-p (rx bow "SECCOMP" eow) | ||
| 158 | system-configuration-features)) | ||
| 159 | (let ((emacs | ||
| 160 | (expand-file-name invocation-name invocation-directory)) | ||
| 161 | (filter (ert-resource-file "seccomp-filter.bpf")) | ||
| 162 | (process-environment nil)) | ||
| 163 | (skip-unless (file-executable-p emacs)) | ||
| 164 | (skip-unless (file-readable-p filter)) | ||
| 165 | ;; The --seccomp option is processed early, without filename | ||
| 166 | ;; handlers. Therefore remote or quoted filenames wouldn't work. | ||
| 167 | (should-not (file-remote-p filter)) | ||
| 168 | (cl-callf file-name-unquote filter) | ||
| 169 | (with-temp-buffer | ||
| 170 | (let ((status | ||
| 171 | (call-process | ||
| 172 | emacs nil t nil | ||
| 173 | "--quick" "--batch" | ||
| 174 | (concat "--seccomp=" filter) | ||
| 175 | (format "--eval=%S" `(call-process ,emacs nil nil nil | ||
| 176 | "--version"))))) | ||
| 177 | (ert-info ((format "Process output: %s" (buffer-string))) | ||
| 178 | (should-not (eql status 0))))))) | ||
| 179 | |||
| 131 | ;;; emacs-tests.el ends here | 180 | ;;; emacs-tests.el ends here |