From: Lennart Poettering Date: Wed, 13 Sep 2017 17:56:35 +0000 (+0200) Subject: tests: let's make sure the seccomp filter lists remain properly ordered X-Git-Tag: v235~107^2~3 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=25e94f8c75ffdb1ff173de70b579609d8d5717f5;p=platform%2Fupstream%2Fsystemd.git tests: let's make sure the seccomp filter lists remain properly ordered It's too easy to corrupt the order, hence let's check for the right order automatically as part of testing. --- diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c index 5056a08..4d63b68 100644 --- a/src/test/test-seccomp.c +++ b/src/test/test-seccomp.c @@ -612,6 +612,36 @@ static void test_lock_personality(void) { assert_se(wait_for_terminate_and_warn("lockpersonalityseccomp", pid, true) == EXIT_SUCCESS); } +static void test_filter_sets_ordered(void) { + size_t i; + + /* Ensure "@default" always remains at the beginning of the list */ + assert_se(SYSCALL_FILTER_SET_DEFAULT == 0); + assert_se(streq(syscall_filter_sets[0].name, "@default")); + + for (i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) { + const char *k, *p = NULL; + + /* Make sure each group has a description */ + assert_se(!isempty(syscall_filter_sets[0].help)); + + /* Make sure the groups are ordered alphabetically, except for the first entry */ + assert_se(i < 2 || strcmp(syscall_filter_sets[i-1].name, syscall_filter_sets[i].name) < 0); + + NULSTR_FOREACH(k, syscall_filter_sets[i].value) { + + /* Ensure each syscall list is in itself ordered, but groups before names */ + assert_se(!p || + (*p == '@' && *k != '@') || + (((*p == '@' && *k == '@') || + (*p != '@' && *k != '@')) && + strcmp(p, k) < 0)); + + p = k; + } + } +} + int main(int argc, char *argv[]) { log_set_max_level(LOG_DEBUG); @@ -629,6 +659,7 @@ int main(int argc, char *argv[]) { test_restrict_archs(); test_load_syscall_filter_set_raw(); test_lock_personality(); + test_filter_sets_ordered(); return 0; }