def test(): action = util.parse_action(sys.argv[1]) if not action == ALLOW: quit(1) util.install_trap() fd = os.open("/dev/null", os.O_WRONLY|os.O_CREAT, 0600) f = SyscallFilter(TRAP) # NOTE: additional syscalls required for python f.add_rule(ALLOW, "write", Arg(0, EQ, fd)) f.add_rule(ALLOW, "close") f.add_rule(ALLOW, "rt_sigaction") f.add_rule(ALLOW, "rt_sigreturn") f.add_rule(ALLOW, "exit_group") f.add_rule(ALLOW, "brk") f.load() try: if not os.write(fd, "testing") == len("testing"): raise IOError("failed to write the full test string") quit(160) except OSError as ex: quit(ex.errno) os.close(fd)
def test(): action = util.parse_action(sys.argv[1]) if not action == ALLOW: quit(1) util.install_trap() f = SyscallFilter(TRAP) # NOTE: additional syscalls required for python f.add_rule(ALLOW, "stat") f.add_rule(ALLOW, "fstat") f.add_rule(ALLOW, "open") f.add_rule(ALLOW, "openat") f.add_rule(ALLOW, "mmap") f.add_rule(ALLOW, "munmap") f.add_rule(ALLOW, "read") f.add_rule(ALLOW, "write") f.add_rule(ALLOW, "close") f.add_rule(ALLOW, "rt_sigaction") f.add_rule(ALLOW, "rt_sigreturn") f.add_rule(ALLOW, "sigreturn") f.add_rule(ALLOW, "sigaltstack") f.add_rule(ALLOW, "brk") f.add_rule(ALLOW, "exit_group") f.load() try: util.write_file("/dev/null") except OSError as ex: quit(ex.errno) quit(160)
def test(): action = util.parse_action(sys.argv[1]) if not action == ALLOW: quit(1) util.install_trap() f = SyscallFilter(TRAP) # NOTE: additional syscalls required for python f.add_rule(ALLOW, "stat") f.add_rule(ALLOW, "fstat") f.add_rule(ALLOW, "open") f.add_rule(ALLOW, "openat") f.add_rule(ALLOW, "mmap") f.add_rule(ALLOW, "munmap") f.add_rule(ALLOW, "read") f.add_rule(ALLOW, "write") f.add_rule(ALLOW, "close") f.add_rule(ALLOW, "rt_sigaction") f.add_rule(ALLOW, "rt_sigreturn") f.add_rule(ALLOW, "exit_group") f.load() try: util.write_file("/dev/null") except OSError as ex: quit(ex.errno) quit(160)
def test(): action = util.parse_action(sys.argv[1]) if not action == ALLOW: quit(1) util.install_trap() fd = os.open("/dev/null", os.O_WRONLY | os.O_CREAT) f = SyscallFilter(TRAP) # NOTE: additional syscalls required for python f.add_rule(ALLOW, "write", Arg(0, EQ, fd)) f.add_rule(ALLOW, "close") f.add_rule(ALLOW, "munmap") f.add_rule(ALLOW, "rt_sigaction") f.add_rule(ALLOW, "rt_sigreturn") f.add_rule(ALLOW, "sigaltstack") f.add_rule(ALLOW, "exit_group") f.add_rule(ALLOW, "brk") f.load() try: if not os.write(fd, b"testing") == len("testing"): raise IOError("failed to write the full test string") quit(160) except OSError as ex: quit(ex.errno) os.close(fd)
def test(): action = util.parse_action(sys.argv[1]) if action == TRAP: util.install_trap() f = SyscallFilter(action) f.add_rule_exactly(ALLOW, "rt_sigreturn") f.add_rule_exactly(ALLOW, "exit_group") f.load() try: util.write_file("/dev/null") except OSError as ex: quit(ex.errno) quit(160)
def test(): action = util.parse_action(sys.argv[1]) if action == TRAP: util.install_trap() f = SyscallFilter(action) f.add_rule(ALLOW, "rt_sigreturn") f.add_rule(ALLOW, "exit_group") f.load() try: util.write_file("/dev/null") except OSError as ex: quit(ex.errno) quit(160)