yanguangshaonian
/
aya
mirror of https://github.com/aya-rs/aya
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
create-pull-request/codegen
main
fix-verifier-blixt
linker-bindep
gh-pages
aya-v0.13.1
aya-obj-v0.2.1
aya-log-v0.2.1
aya-log-common-v0.1.15
aya-ebpf-bindings-v0.1.1
aya-ebpf-cty-v0.2.2
aya-v0.13.0
aya-obj-v0.2.0
aya-log-ebpf-v0.1.0
aya-log-ebpf-macros-v0.1.0
aya-log-parser-v0.1.13
aya-ebpf-v0.1.0
aya-ebpf-macros-v0.1.0
aya-ebpf-bindings-v0.1.0
aya-ebpf-cty-v0.2.1
aya-log-v0.2.0
aya-log-common-v0.1.14
aya-v0.12.0
aya-obj-v0.1.0
aya-log-common-v0.1.13
aya-log-v0.1.13
aya-log-common-v0.1.11
aya-log-v0.1.11
aya-log-common-v0.1.10
aya-log-v0.1.10
aya-v0.11.0
aya-log-common-v0.1.9
aya-log-v0.1.9
aya-v0.10.7
aya-v0.10.6
aya-log-v0.1.1
aya-v0.10.5
aya-v0.10.4
aya-v0.10.3
aya-v0.10.2
aya-v0.10.1
aya-v0.10.0
aya-ebpf-macros-v0.1.1
aya-ebpf-v0.1.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c1fabb7b4d'
${ noResults }
aya/test/integration-test/src/tests/lsm.rs

84 lines
2.7 KiB
Rust
Raw Blame History

use std::{
fs::{write, File},
io::ErrorKind,
net::TcpListener,
path::Path,
};
use aya::{
programs::{lsm_cgroup::LsmCgroup, Lsm},
util::KernelVersion,
Btf, Ebpf,
};
#[test]
#[ignore = "LSM programs need a special kernel config, which is not supported by GitHub runners[waiting on PR: 1063]."]
fn lsm_cgroup() {
const CGROUP_PATH: &str = "/sys/fs/cgroup/lsm_cgroup_test";
let kernel_version = KernelVersion::current().unwrap();
if kernel_version < KernelVersion::new(6, 0, 0) {
eprintln!("skipping lsm_cgroup test on kernel {kernel_version:?}");
return;
}
let mut bpf: Ebpf = Ebpf::load(crate::TEST).unwrap();
let prog: &mut LsmCgroup = bpf
.program_mut("test_lsmcgroup")
.unwrap()
.try_into()
.unwrap();
let btf = Btf::from_sys_fs().expect("could not get btf from sys");
prog.load("socket_bind", &btf).unwrap();
assert_matches::assert_matches!(TcpListener::bind("127.0.0.1:12345"), Ok(_));
let cgroup_dir = Path::new(CGROUP_PATH);
std::fs::create_dir_all(CGROUP_PATH).expect("could not create cgroup dir");
let proc_path = cgroup_dir.join("cgroup.procs");
let _guard = scopeguard::guard((), |()| {
std::fs::remove_file(&proc_path).unwrap();
std::fs::remove_dir_all(cgroup_dir).unwrap();
});
let link_id = prog.attach(File::open(cgroup_dir).unwrap()).unwrap();
let _guard = scopeguard::guard((), |()| {
prog.detach(link_id).unwrap();
});
assert_matches::assert_matches!(TcpListener::bind("127.0.0.1:12345"), Ok(_));
let pid = std::process::id();
write(&proc_path, format!("{}\n", pid)).expect("could not write into procs file");
assert_matches::assert_matches!(TcpListener::bind("127.0.0.1:12345"), Err(e) => assert_eq!(
e.kind(), ErrorKind::PermissionDenied));
}
#[test]
#[ignore = "LSM programs need a special kernel config, which is not supported by GitHub runners[waiting on PR: 1063]."]
fn lsm() {
let kernel_version = KernelVersion::current().unwrap();
if kernel_version < KernelVersion::new(5, 7, 0) {
eprintln!("skipping lsm test on kernel {kernel_version:?}");
return;
}
let mut bpf: Ebpf = Ebpf::load(crate::TEST).unwrap();
let prog: &mut Lsm = bpf.program_mut("test_lsm").unwrap().try_into().unwrap();
let btf = Btf::from_sys_fs().expect("could not get btf from sys");
prog.load("socket_bind", &btf).unwrap();
assert_matches::assert_matches!(TcpListener::bind("127.0.0.1:12345"), Ok(_));
prog.attach().unwrap();
assert_matches::assert_matches!(TcpListener::bind("127.0.0.1:12345"), Err(e) => assert_eq!(
e.kind(), ErrorKind::PermissionDenied)
);
}
Reference in New Issue View Git Blame Copy Permalink