重构seccomp部分

src/rules/c_cpp.c

@@ -4,7 +4,7 @@
 #include "../runner.h"
 
 
-int c_cpp_seccomp(struct config *_config) {
+int c_cpp_seccomp_rules(struct config *_config) {
     int syscalls_whitelist[] = {SCMP_SYS(read), SCMP_SYS(fstat),
                                 SCMP_SYS(mmap), SCMP_SYS(mprotect),
                                 SCMP_SYS(munmap), SCMP_SYS(open),

tests/test.py

@@ -3,6 +3,7 @@ import _judger
 from unittest import TestCase, main
 
 from testcase.integration.test import IntegrationTest
+from testcase.seccomp.test import SeccompTest
 
 ver = _judger.VERSION
 print "Judger version %d.%d.%d" % ((ver >> 16) & 0xff, (ver >> 8) & 0xff, ver & 0xff)

tests/testcase/seccomp/execve.c

@@ -0,0 +1,13 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+int main()
+{
+    char *argv[] = {"/bin/echo", "Helloworld", NULL};
+    char *env[] = {NULL};
+
+    execve("/bin/echo", argv, env);
+    perror("execve");
+    exit(EXIT_FAILURE);
+}

tests/testcase/seccomp/fork.c

@@ -0,0 +1,17 @@
+#include <unistd.h>
+#include <stdio.h>
+
+int main()
+{
+    pid_t pid = fork();
+    if (pid > 0) {
+        printf("i'm parent");
+    }
+    else if (pid == 0) {
+        printf("i'm children");
+    }
+    else {
+        printf("fork failed");
+    }
+    return 0;
+}

tests/testcase/seccomp/test.py

@@ -0,0 +1,60 @@
+# coding=utf-8
+import _judger
+import signal
+import os
+
+from .. import base
+
+
+class SeccompTest(base.BaseTestCase):
+    def setUp(self):
+        print "Running", self._testMethodName
+        self.config = {"max_cpu_time": 1000,
+                       "max_real_time": 3000,
+                       "max_memory": 1024 * 1024 * 128,
+                       "max_process_number": 10,
+                       "max_output_size": 1024 * 1024,
+                       "exe_path": "/bin/ls",
+                       "input_path": "/dev/null",
+                       "output_path": "/dev/null",
+                       "error_path": "/dev/null",
+                       "args": [],
+                       "env": ["env=judger_test", "test=judger"],
+                       "log_path": "judger_test.log",
+                       "seccomp_rule_name": None,
+                       "uid": 0,
+                       "gid": 0}
+        self.workspace = self.init_workspace("integration")
+
+    def _compile_c(self, src_name, extra_flags=None):
+        return super(SeccompTest, self)._compile_c("seccomp/" + src_name, extra_flags)
+
+    def test_fork(self):
+        config = self.config
+        config["max_memory"] = 1024 * 1024 * 1024
+        config["exe_path"] = self._compile_c("fork.c")
+        config["output_path"] = config["error_path"] = self.output_path()
+        result = _judger.run(**config)
+
+        # without seccomp
+        self.assertEqual(result["result"], _judger.RESULT_SUCCESS)
+
+        # with seccomp
+        config["seccomp_rule_name"] = "c_cpp"
+        result = _judger.run(**config)
+        self.assertEqual(result["result"], _judger.RESULT_RUNTIME_ERROR)
+
+    def test_execve(self):
+        config = self.config
+        config["max_memory"] = 1024 * 1024 * 1024
+        config["exe_path"] = self._compile_c("execve.c")
+        config["output_path"] = config["error_path"] = self.output_path()
+        result = _judger.run(**config)
+        # without seccomp
+        self.assertEqual(result["result"], _judger.RESULT_SUCCESS)
+        self.assertEqual("Helloworld\n", self.output_content(config["output_path"]))
+
+        # with seccomp
+        config["seccomp_rule_name"] = "c_cpp"
+        result = _judger.run(**config)
+        self.assertEqual(result["result"], _judger.RESULT_RUNTIME_ERROR)