add seccomp tests for rust panic

Signed-off-by: George Pisaltu <[email protected]>

Author: georgepisaltu

tests/conftest.py

@@ -327,12 +327,19 @@ def bin_seccomp_paths(test_session_root_path):
             'demo_malicious'
         )
     )
+    demo_panic = os.path.normpath(
+        os.path.join(
+            release_binaries_path,
+            'demo_panic'
+        )
+    )
 
     yield {
         'demo_basic_jailer': demo_basic_jailer,
         'demo_advanced_jailer': demo_advanced_jailer,
         'demo_harmless': demo_harmless,
-        'demo_malicious': demo_malicious
+        'demo_malicious': demo_malicious,
+        'demo_panic': demo_panic
     }
 
 

tests/integration_tests/security/demo_seccomp/src/bin/demo_panic.rs

@@ -0,0 +1,9 @@
+// Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+fn main() {
+    unsafe {
+        // Simulate a Firecracker panic by aborting.
+        // The Firecracker build is configured with panic = "abort".
+        unsafe { libc::abort() };
+    }
+}

tests/integration_tests/security/demo_seccomp/src/bin/seccomp_rules/mod.rs

@@ -1,21 +1,23 @@
 // Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
-use seccomp::{allow_syscall, SyscallRuleSet};
+use seccomp::{allow_syscall, allow_syscall_if, SyscallRuleSet};
 
 /// Returns a list of rules that allow syscalls required for running a rust program.
 pub fn rust_required_rules() -> Vec<SyscallRuleSet> {
     vec![
-        allow_syscall(libc::SYS_sigaltstack),
-        allow_syscall(libc::SYS_munmap),
         allow_syscall(libc::SYS_exit_group),
+        allow_syscall(libc::SYS_futex),
+        allow_syscall(libc::SYS_munmap),
+        allow_syscall(libc::SYS_rt_sigaction),
+        allow_syscall(libc::SYS_rt_sigprocmask),
+        allow_syscall(libc::SYS_sigaltstack),
+        allow_syscall(libc::SYS_tkill),
     ]
 }
 
 /// Returns a list of rules that allow syscalls required for executing another program.
 pub fn jailer_required_rules() -> Vec<SyscallRuleSet> {
     vec![
-        allow_syscall(libc::SYS_rt_sigprocmask),
-        allow_syscall(libc::SYS_rt_sigaction),
         allow_syscall(libc::SYS_execve),
         allow_syscall(libc::SYS_mmap),
         allow_syscall(libc::SYS_mprotect),

tests/integration_tests/security/test_seccomp.py

@@ -78,6 +78,30 @@ def test_advanced_seccomp_malicious(bin_seccomp_paths):
     assert outcome.returncode == -31
 
 
+def test_advanced_seccomp_panic(bin_seccomp_paths):
+    """
+    Test `demo_panic`.
+
+    Test that the advanced demo jailer allows the panic demo binary.
+    """
+    # pylint: disable=redefined-outer-name
+    # pylint: disable=subprocess-run-check
+    # The fixture pattern causes a pylint false positive for that rule.
+
+    demo_advanced_jailer = bin_seccomp_paths['demo_advanced_jailer']
+    demo_panic = bin_seccomp_paths['demo_panic']
+
+    assert os.path.exists(demo_advanced_jailer)
+    assert os.path.exists(demo_panic)
+
+    outcome = utils.run_cmd([demo_advanced_jailer, demo_panic],
+                            no_shell=True,
+                            ignore_return_code=True)
+
+    # The demo harmless binary should have terminated gracefully.
+    assert outcome.returncode == -6
+
+
 def test_seccomp_applies_to_all_threads(test_microvm_with_api):
     """Test all Firecracker threads get default seccomp level 2."""
     test_microvm = test_microvm_with_api