From cd90ec7544436463246b854b68ddcac7cff53cac Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 14 Sep 2018 15:55:15 +0900 Subject: [PATCH] test-seccomp: add log messages when skipping tests --- src/test/test-seccomp.c | 90 +++++++++++++++++++++++++++++++++++++------------ 1 file changed, 68 insertions(+), 22 deletions(-) diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c index e05710c0..b2ac392 100644 --- a/src/test/test-seccomp.c +++ b/src/test/test-seccomp.c @@ -89,10 +89,14 @@ static void test_filter_sets(void) { unsigned i; int r; - if (!is_seccomp_available()) + if (!is_seccomp_available()) { + log_notice("Seccomp not available, skipping %s", __func__); return; - if (geteuid() != 0) + } + if (geteuid() != 0) { + log_notice("Not root, skipping %s", __func__); return; + } for (i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) { pid_t pid; @@ -161,10 +165,14 @@ static void test_restrict_namespace(void) { assert_se(namespace_flags_from_string(s, &ul) == 0 && ul == NAMESPACE_FLAGS_ALL); s = mfree(s); - if (!is_seccomp_available()) + if (!is_seccomp_available()) { + log_notice("Seccomp not available, skipping remaining tests in %s", __func__); return; - if (geteuid() != 0) + } + if (geteuid() != 0) { + log_notice("Not root, skipping remaining tests in %s", __func__); return; + } pid = fork(); assert_se(pid >= 0); @@ -224,13 +232,20 @@ static void test_restrict_namespace(void) { static void test_protect_sysctl(void) { pid_t pid; - if (!is_seccomp_available()) + if (!is_seccomp_available()) { + log_notice("Seccomp not available, skipping %s", __func__); return; - if (geteuid() != 0) + } + if (geteuid() != 0) { + log_notice("Not root, skipping %s", __func__); return; + } - if (detect_container() > 0) /* in containers _sysctl() is likely missing anyway */ + /* in containers _sysctl() is likely missing anyway */ + if (detect_container() > 0) { + log_notice("Testing in container, skipping %s", __func__); return; + } pid = fork(); assert_se(pid >= 0); @@ -257,10 +272,14 @@ static void test_protect_sysctl(void) { static void test_restrict_address_families(void) { pid_t pid; - if (!is_seccomp_available()) + if (!is_seccomp_available()) { + log_notice("Seccomp not available, skipping %s", __func__); return; - if (geteuid() != 0) + } + if (geteuid() != 0) { + log_notice("Not root, skipping %s", __func__); return; + } pid = fork(); assert_se(pid >= 0); @@ -340,13 +359,20 @@ static void test_restrict_address_families(void) { static void test_restrict_realtime(void) { pid_t pid; - if (!is_seccomp_available()) + if (!is_seccomp_available()) { + log_notice("Seccomp not available, skipping %s", __func__); return; - if (geteuid() != 0) + } + if (geteuid() != 0) { + log_notice("Not root, skipping %s", __func__); return; + } - if (detect_container() > 0) /* in containers RT privs are likely missing anyway */ + /* in containers RT privs are likely missing anyway */ + if (detect_container() > 0) { + log_notice("Testing in container, skipping %s", __func__); return; + } pid = fork(); assert_se(pid >= 0); @@ -378,10 +404,14 @@ static void test_restrict_realtime(void) { static void test_memory_deny_write_execute_mmap(void) { pid_t pid; - if (!is_seccomp_available()) + if (!is_seccomp_available()) { + log_notice("Seccomp not available, skipping %s", __func__); return; - if (geteuid() != 0) + } + if (geteuid() != 0) { + log_notice("Not root, skipping %s", __func__); return; + } pid = fork(); assert_se(pid >= 0); @@ -422,10 +452,14 @@ static void test_memory_deny_write_execute_shmat(void) { int shmid; pid_t pid; - if (!is_seccomp_available()) + if (!is_seccomp_available()) { + log_notice("Seccomp not available, skipping %s", __func__); return; - if (geteuid() != 0) + } + if (geteuid() != 0) { + log_notice("Not root, skipping %s", __func__); return; + } shmid = shmget(IPC_PRIVATE, page_size(), 0); assert_se(shmid >= 0); @@ -468,10 +502,14 @@ static void test_memory_deny_write_execute_shmat(void) { static void test_restrict_archs(void) { pid_t pid; - if (!is_seccomp_available()) + if (!is_seccomp_available()) { + log_notice("Seccomp not available, skipping %s", __func__); return; - if (geteuid() != 0) + } + if (geteuid() != 0) { + log_notice("Not root, skipping %s", __func__); return; + } pid = fork(); assert_se(pid >= 0); @@ -502,10 +540,14 @@ static void test_restrict_archs(void) { static void test_load_syscall_filter_set_raw(void) { pid_t pid; - if (!is_seccomp_available()) + if (!is_seccomp_available()) { + log_notice("Seccomp not available, skipping %s", __func__); return; - if (geteuid() != 0) + } + if (geteuid() != 0) { + log_notice("Not root, skipping %s", __func__); return; + } pid = fork(); assert_se(pid >= 0); @@ -594,10 +636,14 @@ static void test_lock_personality(void) { unsigned long current; pid_t pid; - if (!is_seccomp_available()) + if (!is_seccomp_available()) { + log_notice("Seccomp not available, skipping %s", __func__); return; - if (geteuid() != 0) + } + if (geteuid() != 0) { + log_notice("Not root, skipping %s", __func__); return; + } assert_se(opinionated_personality(¤t) >= 0); -- 2.7.4