def test_seccomp(self):
"""Test manipulation of the seccomp setting"""
self.assertEqual(prctl.get_seccomp(), False)
result = os.fork()
if result == 0:
# In child
prctl.set_seccomp(True)
# This should kill ourselves
open('/etc/resolv.conf')
# If not, kill ourselves anyway
sys.exit(0)
else:
pid, result = os.waitpid(result, 0)
self.assertTrue(os.WIFSIGNALED(result))
self.assertEqual(os.WTERMSIG(result), signal.SIGKILL)
def test_seccomp(self):
"""Test manipulation of the seccomp setting"""
self.assertEqual(prctl.get_seccomp(), False)
result = os.fork()
if result == 0:
# In child
prctl.set_seccomp(True)
# This should kill ourselves
open('/etc/resolv.conf')
# If not, kill ourselves anyway
sys.exit(0)
else:
pid, result = os.waitpid(result, 0)
self.assertTrue(os.WIFSIGNALED(result))
self.assertEqual(os.WTERMSIG(result), signal.SIGKILL)
def _child_main(self):
self.host.close()
for fd in map(int, os.listdir('/proc/self/fd')):
if fd != self.child.fileno():
try:
os.close(fd)
except OSError:
pass
resource.setrlimit(resource.RLIMIT_CPU, (1, 1))
prctl.set_seccomp(True)
while True:
sz, = struct.unpack('>L', read_exact(self.child, 4))
doc = json.loads(read_exact(self.child, sz))
if doc['cmd'] == 'eval':
resp = self.do_eval(doc)
elif doc['cmd'] == 'exit':
_exit(0)
goobs = json.dumps(resp)
write_exact(self.child, struct.pack('>L', len(goobs)))
write_exact(self.child, goobs)
def _child_main(self):
self.host.close()
for fd in map(int, os.listdir('/proc/self/fd')):
if fd != self.child.fileno():
try:
os.close(fd)
except OSError:
pass
resource.setrlimit(resource.RLIMIT_CPU, (1, 1))
prctl.set_seccomp(True)
while True:
sz, = struct.unpack('>L', read_exact(self.child, 4))
doc = json.loads(read_exact(self.child, sz))
if doc['cmd'] == 'eval':
resp = self.do_eval(doc)
elif doc['cmd'] == 'exit':
_exit(0)
goobs = json.dumps(resp)
write_exact(self.child, struct.pack('>L', len(goobs)))
write_exact(self.child, goobs)
