yanguangshaonian
/
aya
mirror of https://github.com/aya-rs/aya
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
fix-verifier-blixt
linker-bindep
gh-pages
aya-v0.13.1
aya-obj-v0.2.1
aya-log-v0.2.1
aya-log-common-v0.1.15
aya-ebpf-bindings-v0.1.1
aya-ebpf-cty-v0.2.2
aya-v0.13.0
aya-obj-v0.2.0
aya-log-ebpf-v0.1.0
aya-log-ebpf-macros-v0.1.0
aya-log-parser-v0.1.13
aya-ebpf-v0.1.0
aya-ebpf-macros-v0.1.0
aya-ebpf-bindings-v0.1.0
aya-ebpf-cty-v0.2.1
aya-log-v0.2.0
aya-log-common-v0.1.14
aya-v0.12.0
aya-obj-v0.1.0
aya-log-common-v0.1.13
aya-log-v0.1.13
aya-log-common-v0.1.11
aya-log-v0.1.11
aya-log-common-v0.1.10
aya-log-v0.1.10
aya-v0.11.0
aya-log-common-v0.1.9
aya-log-v0.1.9
aya-v0.10.7
aya-v0.10.6
aya-log-v0.1.1
aya-v0.10.5
aya-v0.10.4
aya-v0.10.3
aya-v0.10.2
aya-v0.10.1
aya-v0.10.0
aya-ebpf-macros-v0.1.1
aya-ebpf-v0.1.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'de60de67cd'
${ noResults }
aya/test/integration-test/src/tests/lsm.rs

69 lines
2.4 KiB
Rust
Raw Blame History

use std::{
fs::File,
io::{ErrorKind, Write},
net::TcpListener,
path::Path,
};
use aya::{
programs::{lsm_cgroup::LsmCgroup, Lsm},
util::KernelVersion,
Btf, Ebpf,
};
use nix::unistd::getpid;
#[test]
#[ignore = "Lsm program type requires a special kernel config to be enabled and github runners dont allow us to configure kernel parameters for linux vms[waiting on this pr: 1063]"]
fn lsm_cgroup() {
let kernel_version = KernelVersion::current().unwrap();
if kernel_version < KernelVersion::new(6, 0, 0) {
eprintln!("skipping lsm_cgroup test on kernel {kernel_version:?}");
return;
}
let mut bpf: Ebpf = Ebpf::load(crate::TEST).unwrap();
let prog: &mut LsmCgroup = bpf
.program_mut("test_lsmcgroup")
.unwrap()
.try_into()
.unwrap();
let btf = Btf::from_sys_fs().expect("could not get btf from sys");
prog.load("socket_bind", &btf).unwrap();
assert_matches::assert_matches!(TcpListener::bind("127.0.0.1:12345"), Ok(_));
let cgroup_path = Path::new("/sys/fs/cgroup/lsm_cgroup_test");
prog.attach(File::open(cgroup_path).unwrap()).unwrap();
let pid = getpid();
let mut f =
File::create(cgroup_path.join("cgroup.procs")).expect("could not open cgroup procs");
write!(&mut f, "{pid}").expect("could not write into procs file");
assert_matches::assert_matches!(TcpListener::bind("127.0.0.1:12345"), Err(e) => assert_eq!(
e.kind(), ErrorKind::PermissionDenied));
}
#[test]
#[ignore = "Lsm program type requires a special kernel config to be enabled and github runners dont allow us to configure kernel parameters for linux vms[waiting on this pr: 1063]"]
fn lsm() {
let kernel_version = KernelVersion::current().unwrap();
if kernel_version < KernelVersion::new(5, 7, 0) {
eprintln!("skipping lsm test on kernel {kernel_version:?}");
return;
}
let mut bpf: Ebpf = Ebpf::load(crate::TEST).unwrap();
let prog: &mut Lsm = bpf.program_mut("test_lsm").unwrap().try_into().unwrap();
let btf = Btf::from_sys_fs().expect("could not get btf from sys");
prog.load("socket_bind", &btf).unwrap();
assert_matches::assert_matches!(TcpListener::bind("127.0.0.1:12345"), Ok(_));
prog.attach().unwrap();
assert_matches::assert_matches!(TcpListener::bind("127.0.0.1:12345"), Err(e) => assert_eq!(
e.kind(), ErrorKind::PermissionDenied)
);
}
Reference in New Issue View Git Blame Copy Permalink