seccomp: add unit test for seccomp filtering - focaccia-qemu - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Daniel P. Berrangé <berrange@redhat.com>	2021-07-29 13:15:43 +0100
committer	Daniel P. Berrangé <berrange@redhat.com>	2022-02-16 18:52:40 +0000
commit	d2ea8dac705fe9bca9b6b26a7aeb063d1a406f7a (patch)
tree	41563216a16a629fe69ba4bc891e385828cb272c /scripts/qemugdb/tcg.py
parent	8f46f56260cb7eaf1bcc77366c8ce69af9bd5bec (diff)
download	focaccia-qemu-d2ea8dac705fe9bca9b6b26a7aeb063d1a406f7a.tar.gz focaccia-qemu-d2ea8dac705fe9bca9b6b26a7aeb063d1a406f7a.zip

seccomp: add unit test for seccomp filtering

The handling of some syscalls / libc function is quite subtle. For
example, 'fork' at a libc level doesn't always correspond to 'fork'
at a syscall level, since the 'clone' syscall is preferred usually.

The unit test will help to detect these kind of problems. A point of
difficulty in writing a test though is that the QEMU build process may
already be confined by seccomp. For example, if running inside a
container. Since we can't predict what filtering might have been applied
already, we are quite conservative and skip all tests if we see any kind
of seccomp filter active.

Acked-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

Diffstat (limited to 'scripts/qemugdb/tcg.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: