mirror of
https://github.com/netbirdio/gvisor.git
synced 2026-05-22 17:12:49 -07:00
Michael Pratt
b23b36e701
NETLINK_KOBJECT_UEVENT sockets send udev-style messages for device events. gVisor doesn't have any device events, so our sockets don't need to do anything once created. systemd's device manager needs to be able to create one of these sockets. It also wants to install a BPF filter on the socket. Since we'll never send any messages, the filter would never be invoked, thus we just fake it out. Fixes #1117 Updates #1119 PiperOrigin-RevId: 278405893
84 lines
2.5 KiB
C++
84 lines
2.5 KiB
C++
// Copyright 2019 The gVisor Authors.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
#include <linux/filter.h>
|
|
#include <linux/netlink.h>
|
|
#include <sys/socket.h>
|
|
#include <sys/types.h>
|
|
#include <unistd.h>
|
|
|
|
#include "gtest/gtest.h"
|
|
#include "test/syscalls/linux/socket_netlink_util.h"
|
|
#include "test/syscalls/linux/socket_test_util.h"
|
|
#include "test/util/file_descriptor.h"
|
|
#include "test/util/test_util.h"
|
|
|
|
// Tests for NETLINK_KOBJECT_UEVENT sockets.
|
|
//
|
|
// gVisor never sends any messages on these sockets, so we don't test the events
|
|
// themselves.
|
|
|
|
namespace gvisor {
|
|
namespace testing {
|
|
|
|
namespace {
|
|
|
|
// SO_PASSCRED can be enabled. Since no messages are sent in gVisor, we don't
|
|
// actually test receiving credentials.
|
|
TEST(NetlinkUeventTest, PassCred) {
|
|
FileDescriptor fd =
|
|
ASSERT_NO_ERRNO_AND_VALUE(NetlinkBoundSocket(NETLINK_KOBJECT_UEVENT));
|
|
|
|
EXPECT_THAT(setsockopt(fd.get(), SOL_SOCKET, SO_PASSCRED, &kSockOptOn,
|
|
sizeof(kSockOptOn)),
|
|
SyscallSucceeds());
|
|
}
|
|
|
|
// SO_DETACH_FILTER fails without a filter already installed.
|
|
TEST(NetlinkUeventTest, DetachNoFilter) {
|
|
FileDescriptor fd =
|
|
ASSERT_NO_ERRNO_AND_VALUE(NetlinkBoundSocket(NETLINK_KOBJECT_UEVENT));
|
|
|
|
int opt;
|
|
EXPECT_THAT(
|
|
setsockopt(fd.get(), SOL_SOCKET, SO_DETACH_FILTER, &opt, sizeof(opt)),
|
|
SyscallFailsWithErrno(ENOENT));
|
|
}
|
|
|
|
// We can attach a BPF filter.
|
|
TEST(NetlinkUeventTest, AttachFilter) {
|
|
FileDescriptor fd =
|
|
ASSERT_NO_ERRNO_AND_VALUE(NetlinkBoundSocket(NETLINK_KOBJECT_UEVENT));
|
|
|
|
// Minimal BPF program: a single ret.
|
|
struct sock_filter filter = {0x6, 0, 0, 0};
|
|
struct sock_fprog prog = {};
|
|
prog.len = 1;
|
|
prog.filter = &filter;
|
|
|
|
EXPECT_THAT(
|
|
setsockopt(fd.get(), SOL_SOCKET, SO_ATTACH_FILTER, &prog, sizeof(prog)),
|
|
SyscallSucceeds());
|
|
|
|
int opt;
|
|
EXPECT_THAT(
|
|
setsockopt(fd.get(), SOL_SOCKET, SO_DETACH_FILTER, &opt, sizeof(opt)),
|
|
SyscallSucceeds());
|
|
}
|
|
|
|
} // namespace
|
|
|
|
} // namespace testing
|
|
} // namespace gvisor
|