def test_ioctls_unlimited(self): fd = os.open("/dev/null", os.O_RDONLY) iocs = cap.Ioctls(fd) self.assertIs(iocs._ioctls, None) copy = cap.Ioctls(iocs) self.assertIs(copy._ioctls, None) cap.ioctls_limit(fd, iocs)
def test_ioctls_limit(self): fd = os.open("/dev/null", os.O_RDONLY) cap.enter() self.assertTrue(cap.sandboxed()) cap.ioctls_limit(fd, cap.Ioctls({termios.FIONREAD})) try: py_fcntl.ioctl(fd, termios.FIONREAD) except EnvironmentError as ee: # ENOTTY is fine, we're sending a stupid ioctl to a device # that doesn't know about it. The point is that capsicum # permitted it. if ee.errno != errno.ENOTTY: raise # Capsicum rejects ioctls outside the set we've limited # ourselves to above. with self.assertRaises(EnvironmentError) as cm: py_fcntl.ioctl(fd, termios.TIOCGETD) self.assertEqual(cm.exception.errno, cap.ENOTCAPABLE) # Capsicum rejects requests to increase privileges: with self.assertRaises(EnvironmentError) as cm: cap.ioctls_limit(fd, cap.Ioctls({termios.FIONREAD, termios.TIOCGETD})) self.assertEqual(cm.exception.errno, cap.ENOTCAPABLE) self.assertItemsEqual(cap.Ioctls(fd)._ioctls, [termios.FIONREAD])
def test_fromfile(self): fd = os.open("/dev/null", os.O_RDONLY) fp = open("/dev/null") self.assertEqual(cap._cffi.buffer(cap.Rights(fd)._rights), cap._cffi.buffer(cap.right.ALL._rights)) cap.Rights(fp) self.assertEqual(cap.Fcntls(fd)._flags, cap.fcntl.ALL) cap.Fcntls(fp) self.assertIs(cap.Ioctls(fd)._ioctls, None) cap.Ioctls(fp)
def test_limits_ebadf(self): with self.assertRaises(EnvironmentError) as cm: cap.limit(-1, cap.right.NONE) self.assertEqual(cm.exception.errno, errno.EBADF) with self.assertRaises(EnvironmentError) as cm: cap.fcntls_limit(-1, cap.Fcntls([])) self.assertEqual(cm.exception.errno, errno.EBADF) with self.assertRaises(EnvironmentError) as cm: cap.ioctls_limit(-1, cap.Ioctls([])) self.assertEqual(cm.exception.errno, errno.EBADF)
def test_fromfile_ebadf(self): with self.assertRaises(EnvironmentError) as cm: cap.Rights(-1) self.assertEqual(cm.exception.errno, errno.EBADF) with self.assertRaises(EnvironmentError) as cm: cap.Fcntls(-1) self.assertEqual(cm.exception.errno, errno.EBADF) with self.assertRaises(EnvironmentError) as cm: cap.Ioctls(-1) self.assertEqual(cm.exception.errno, errno.EBADF)
def test_copy_ctors(self): cap.Rights(cap.Rights()) cap.Fcntls(cap.Fcntls()) cap.Ioctls(cap.Ioctls())
def test_ioctls_obj(self): cap.Ioctls() cap.Ioctls({termios.TCION})