integration-test: add LSM

1 month ago · d2eb1c563e
parent b4f07ca1de
commit d2eb1c563e
3 changed files with 51 additions and 11 deletions
--- a/test/integration-ebpf/src/test.rs
+++ b/test/integration-ebpf/src/test.rs
@ -4,24 +4,18 @@
 use aya_ebpf::{
    bindings::{bpf_ret_code, xdp_action},
-    macros::{flow_dissector, kprobe, kretprobe, tracepoint, uprobe, uretprobe, xdp},
+    macros::{flow_dissector, kprobe, kretprobe, lsm, tracepoint, uprobe, uretprobe, xdp},
    programs::{
-        FlowDissectorContext, ProbeContext, RetProbeContext, TracePointContext, XdpContext,
+        FlowDissectorContext, LsmContext, ProbeContext, RetProbeContext, TracePointContext,
        XdpContext,
    },
 };
 #[cfg(not(test))]
 extern crate ebpf_panic;
 #[xdp]
-fn pass(ctx: XdpContext) -> u32 {
+fn pass(_ctx: XdpContext) -> u32 {
-    match unsafe { try_pass(ctx) } {
+    xdp_action::XDP_PASS
        Ok(ret) => ret,
        Err(_) => xdp_action::XDP_ABORTED,
    }
 }
 unsafe fn try_pass(_ctx: XdpContext) -> Result<u32, u32> {
    Ok(xdp_action::XDP_PASS)
 }
 #[kprobe]
@ -55,3 +49,8 @@ fn test_flow(_ctx: FlowDissectorContext) -> u32 {
    // Linux kernel for inspiration.
    bpf_ret_code::BPF_FLOW_DISSECTOR_CONTINUE
 }
 #[lsm(hook = "file_open")]
 fn test_file_open(_ctx: LsmContext) -> i32 {
    -1 // Disallow.
 }
--- a/test/integration-test/src/tests.rs
+++ b/test/integration-test/src/tests.rs
@ -8,6 +8,7 @@ mod iter;
 mod linear_data_structures;
 mod load;
 mod log;
 mod lsm;
 mod map_pin;
 mod raw_tracepoint;
 mod rbpf;
--- a/test/integration-test/src/tests/lsm.rs
+++ b/test/integration-test/src/tests/lsm.rs
@ -0,0 +1,40 @@
 use assert_matches::assert_matches;
 use aya::{
    Btf, Ebpf,
    programs::{Lsm, ProgramError, ProgramType},
    sys::SyscallError,
    sys::is_program_supported,
 };
 #[test]
 fn lsm() {
    let btf = Btf::from_sys_fs().unwrap();
    let mut bpf: Ebpf = Ebpf::load(crate::TEST).unwrap();
    let prog = bpf.program_mut("test_file_open").unwrap();
    let prog: &mut Lsm = prog.try_into().unwrap();
    prog.load("file_open", &btf).unwrap();
    assert_matches!(std::fs::File::open("/proc/self/exe"), Ok(_));
    let link_id = {
        let result = prog.attach();
        if !is_program_supported(ProgramType::Lsm).unwrap() {
            assert_matches!(result, Err(ProgramError::SyscallError(SyscallError { call, io_error })) => {
                assert_eq!(call, "bpf_raw_tracepoint_open");
                assert_eq!(io_error.raw_os_error(), Some(524));
            });
            eprintln!("skipping test - lsm program not supported");
            return;
        }
        result.unwrap()
    };
    assert_matches!(std::fs::File::open("/proc/self/exe"), Err(e) => assert_eq!(
        e.kind(), std::io::ErrorKind::PermissionDenied)
    );
    prog.detach(link_id).unwrap();
    assert_matches!(std::fs::File::open("/proc/self/exe"), Ok(_));
 }