From f1b02a0361b71488c811dc46a90238193e497e93 Mon Sep 17 00:00:00 2001
From: LiYang <qduliyang@outlook.com>
Date: Fri, 7 Oct 2016 20:31:41 +0800
Subject: [PATCH] =?UTF-8?q?=E9=87=8D=E6=9E=84seccomp=E9=83=A8=E5=88=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/rules/c_cpp.c                  |  2 +-
 tests/test.py                      |  1 +
 tests/testcase/seccomp/__init__.py |  0
 tests/testcase/seccomp/execve.c    | 13 +++++++
 tests/testcase/seccomp/fork.c      | 17 +++++++++
 tests/testcase/seccomp/test.py     | 60 ++++++++++++++++++++++++++++++
 6 files changed, 92 insertions(+), 1 deletion(-)
 create mode 100644 tests/testcase/seccomp/__init__.py
 create mode 100644 tests/testcase/seccomp/execve.c
 create mode 100644 tests/testcase/seccomp/fork.c
 create mode 100644 tests/testcase/seccomp/test.py

diff --git a/src/rules/c_cpp.c b/src/rules/c_cpp.c
index a76f02e..54b10e4 100644
--- a/src/rules/c_cpp.c
+++ b/src/rules/c_cpp.c
@@ -4,7 +4,7 @@
 #include "../runner.h"
 
 
-int c_cpp_seccomp(struct config *_config) {
+int c_cpp_seccomp_rules(struct config *_config) {
     int syscalls_whitelist[] = {SCMP_SYS(read), SCMP_SYS(fstat),
                                 SCMP_SYS(mmap), SCMP_SYS(mprotect),
                                 SCMP_SYS(munmap), SCMP_SYS(open),
diff --git a/tests/test.py b/tests/test.py
index 39ac674..863bfb5 100644
--- a/tests/test.py
+++ b/tests/test.py
@@ -3,6 +3,7 @@ import _judger
 from unittest import TestCase, main
 
 from testcase.integration.test import IntegrationTest
+from testcase.seccomp.test import SeccompTest
 
 ver = _judger.VERSION
 print "Judger version %d.%d.%d" % ((ver >> 16) & 0xff, (ver >> 8) & 0xff, ver & 0xff)
diff --git a/tests/testcase/seccomp/__init__.py b/tests/testcase/seccomp/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/tests/testcase/seccomp/execve.c b/tests/testcase/seccomp/execve.c
new file mode 100644
index 0000000..b2f409e
--- /dev/null
+++ b/tests/testcase/seccomp/execve.c
@@ -0,0 +1,13 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+int main()
+{
+    char *argv[] = {"/bin/echo", "Helloworld", NULL};
+    char *env[] = {NULL};
+
+    execve("/bin/echo", argv, env);
+    perror("execve");
+    exit(EXIT_FAILURE);
+}
\ No newline at end of file
diff --git a/tests/testcase/seccomp/fork.c b/tests/testcase/seccomp/fork.c
new file mode 100644
index 0000000..4b771b9
--- /dev/null
+++ b/tests/testcase/seccomp/fork.c
@@ -0,0 +1,17 @@
+#include <unistd.h>
+#include <stdio.h>
+
+int main()
+{
+    pid_t pid = fork();
+    if (pid > 0) {
+        printf("i'm parent");
+    }
+    else if (pid == 0) {
+        printf("i'm children");
+    }
+    else {
+        printf("fork failed");
+    }
+    return 0;
+}
\ No newline at end of file
diff --git a/tests/testcase/seccomp/test.py b/tests/testcase/seccomp/test.py
new file mode 100644
index 0000000..075e215
--- /dev/null
+++ b/tests/testcase/seccomp/test.py
@@ -0,0 +1,60 @@
+# coding=utf-8
+import _judger
+import signal
+import os
+
+from .. import base
+
+
+class SeccompTest(base.BaseTestCase):
+    def setUp(self):
+        print "Running", self._testMethodName
+        self.config = {"max_cpu_time": 1000,
+                       "max_real_time": 3000,
+                       "max_memory": 1024 * 1024 * 128,
+                       "max_process_number": 10,
+                       "max_output_size": 1024 * 1024,
+                       "exe_path": "/bin/ls",
+                       "input_path": "/dev/null",
+                       "output_path": "/dev/null",
+                       "error_path": "/dev/null",
+                       "args": [],
+                       "env": ["env=judger_test", "test=judger"],
+                       "log_path": "judger_test.log",
+                       "seccomp_rule_name": None,
+                       "uid": 0,
+                       "gid": 0}
+        self.workspace = self.init_workspace("integration")
+
+    def _compile_c(self, src_name, extra_flags=None):
+        return super(SeccompTest, self)._compile_c("seccomp/" + src_name, extra_flags)
+
+    def test_fork(self):
+        config = self.config
+        config["max_memory"] = 1024 * 1024 * 1024
+        config["exe_path"] = self._compile_c("fork.c")
+        config["output_path"] = config["error_path"] = self.output_path()
+        result = _judger.run(**config)
+
+        # without seccomp
+        self.assertEqual(result["result"], _judger.RESULT_SUCCESS)
+
+        # with seccomp
+        config["seccomp_rule_name"] = "c_cpp"
+        result = _judger.run(**config)
+        self.assertEqual(result["result"], _judger.RESULT_RUNTIME_ERROR)
+
+    def test_execve(self):
+        config = self.config
+        config["max_memory"] = 1024 * 1024 * 1024
+        config["exe_path"] = self._compile_c("execve.c")
+        config["output_path"] = config["error_path"] = self.output_path()
+        result = _judger.run(**config)
+        # without seccomp
+        self.assertEqual(result["result"], _judger.RESULT_SUCCESS)
+        self.assertEqual("Helloworld\n", self.output_content(config["output_path"]))
+
+        # with seccomp
+        config["seccomp_rule_name"] = "c_cpp"
+        result = _judger.run(**config)
+        self.assertEqual(result["result"], _judger.RESULT_RUNTIME_ERROR)