api: add a seccomp_version() API call

pcmoore · pcmoore · commit 58a7c20d4c2d · 2016-02-18T13:58:25.000-05:00
This will allow callers to dynamically query the libseccomp library
to determine the version information.  We do not currently plan on
exposing this API via any of the supported language bindings.

Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
diff --git a/doc/Makefile.am b/doc/Makefile.am
@@ -42,4 +42,5 @@ dist_man3_MANS = \
 	man/man3/seccomp_syscall_resolve_name.3 \
 	man/man3/seccomp_syscall_resolve_name_arch.3 \
 	man/man3/seccomp_syscall_resolve_name_rewrite.3 \
-	man/man3/seccomp_syscall_resolve_num_arch.3
+	man/man3/seccomp_syscall_resolve_num_arch.3 \
+	man/man3/seccomp_version.3
diff --git a/doc/man/man3/seccomp_version.3 b/doc/man/man3/seccomp_version.3
@@ -0,0 +1,87 @@
+.TH "seccomp_version" 3 "18 February 2016" "paul@paul-moore.com" "libseccomp Documentation"
+.\" //////////////////////////////////////////////////////////////////////////
+.SH NAME
+.\" //////////////////////////////////////////////////////////////////////////
+seccomp_version \- Query the libseccomp version information
+.\" //////////////////////////////////////////////////////////////////////////
+.SH SYNOPSIS
+.\" //////////////////////////////////////////////////////////////////////////
+.nf
+.B #include <seccomp.h>
+.sp
+.B struct scmp_version {
+.B 	unsigned int major;
+.B 	unsigned int minor;
+.B 	unsigned int micro;
+.B }
+.sp
+.BI "const struct scmp_version *seccomp_version(" void ");"
+.sp
+Link with \fI\-lseccomp\fP.
+.fi
+.\" //////////////////////////////////////////////////////////////////////////
+.SH DESCRIPTION
+.\" //////////////////////////////////////////////////////////////////////////
+.P
+The
+.BR seccomp_version ()
+and
+.BR seccomp_reset ()
+functions return a pointer to a
+.B scmp_version
+struct which contains the version information of the currently loaded
+libseccomp library.  This function can be used by applications that need to
+verify that they are linked to a specific libseccomp version at runtime.
+.P
+The caller should not attempt to free the returned
+.B scmp_version
+struct when finished.
+.\" //////////////////////////////////////////////////////////////////////////
+.SH RETURN VALUE
+.\" //////////////////////////////////////////////////////////////////////////
+The
+.BR seccomp_version ()
+function returns a pointer to a
+.B scmp_version
+structure on success, NULL on failure.  The caller should not attempt to free
+the returned structure.
+.\" //////////////////////////////////////////////////////////////////////////
+.SH EXAMPLES
+.\" //////////////////////////////////////////////////////////////////////////
+.nf
+#include <seccomp.h>
+
+int main(int argc, char *argv[])
+{
+	const struct scmp_version *ver;
+
+	ver = seccomp_version();
+	if (ver == NULL)
+		goto err;
+
+	/* ... */
+
+	return 0;
+
+err:
+	return \-1;
+}
+.fi
+.\" //////////////////////////////////////////////////////////////////////////
+.SH NOTES
+.\" //////////////////////////////////////////////////////////////////////////
+.P
+While the seccomp filter can be generated independent of the kernel, kernel
+support is required to load and enforce the seccomp filter generated by
+libseccomp.
+.P
+The libseccomp project site, with more information and the source code
+repository, can be found at https://github.com/seccomp/libseccomp.  This tool,
+as well as the libseccomp library, is currently under development, please
+report any bugs at the project site or directly to the author.
+.\" //////////////////////////////////////////////////////////////////////////
+.SH AUTHOR
+.\" //////////////////////////////////////////////////////////////////////////
+Paul Moore <paul@paul-moore.com>
+.\" //////////////////////////////////////////////////////////////////////////
+
diff --git a/include/seccomp.h.in b/include/seccomp.h.in
@@ -39,6 +39,12 @@ extern "C" {
 #define SCMP_VER_MINOR		@VERSION_MINOR@
 #define SCMP_VER_MICRO		@VERSION_MICRO@
 
+struct scmp_version {
+	unsigned int major;
+	unsigned int minor;
+	unsigned int micro;
+};
+
 /*
  * types
  */
@@ -252,6 +258,15 @@ struct scmp_arg_cmp {
  * functions
  */
 
+/**
+ * Query the library version information
+ *
+ * This function returns a pointer to a populated scmp_version struct, the
+ * caller does not need to free the structure when finished.
+ *
+ */
+const struct scmp_version *seccomp_version(void);
+
 /**
  * Initialize the filter state
  * @param def_action the default filter action
diff --git a/src/api.c b/src/api.c
@@ -38,6 +38,12 @@
 
 #define API	__attribute__((visibility("default")))
 
+const struct scmp_version library_version = {
+	.major = SCMP_VER_MAJOR,
+	.minor = SCMP_VER_MINOR,
+	.micro = SCMP_VER_MICRO,
+};
+
 /**
  * Validate a filter context
  * @param ctx the filter context
@@ -66,6 +72,12 @@ static int _syscall_valid(int syscall)
 	return 0;
 }
 
+/* NOTE - function header comment in include/seccomp.h */
+API const struct scmp_version *seccomp_version(void)
+{
+	return &library_version;
+}
+
 /* NOTE - function header comment in include/seccomp.h */
 API scmp_filter_ctx seccomp_init(uint32_t def_action)
 {
diff --git a/tests/.gitignore b/tests/.gitignore
@@ -35,3 +35,4 @@ util.pyc
 28-sim-arch_x86
 29-sim-pseudo_syscall
 30-sim-socket_syscalls
+31-basic-version_check
diff --git a/tests/31-basic-version_check.c b/tests/31-basic-version_check.c
@@ -0,0 +1,41 @@
+/**
+ * Seccomp Library test program
+ *
+ * Copyright (c) 2016 Red Hat <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <errno.h>
+#include <unistd.h>
+
+#include <seccomp.h>
+
+int main(int argc, char *argv[])
+{
+	const struct scmp_version *ver;
+
+	ver = seccomp_version();
+	if (ver == NULL)
+		return -1;
+
+	if (ver->major != SCMP_VER_MAJOR ||
+	    ver->minor != SCMP_VER_MINOR ||
+	    ver->micro != SCMP_VER_MICRO)
+		return -2;
+
+	return 0;
+}
diff --git a/tests/31-basic-version_check.py b/tests/31-basic-version_check.py
@@ -0,0 +1,35 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2016 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+# NOTE: this is a NULL test since we don't support the seccomp_version() API
+#       via the libseccomp python bindings
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/tests/31-basic-version_check.tests b/tests/31-basic-version_check.tests
@@ -0,0 +1,11 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2016 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+
+test type: basic
+
+# Test command
+31-basic-version_check
diff --git a/tests/Makefile.am b/tests/Makefile.am
@@ -58,7 +58,8 @@ check_PROGRAMS = \
 	27-sim-bpf_blk_state \
 	28-sim-arch_x86 \
 	29-sim-pseudo_syscall \
-	30-sim-socket_syscalls
+	30-sim-socket_syscalls \
+	31-basic-version_check
 
 EXTRA_DIST_TESTPYTHON = \
 	util.py \
@@ -91,7 +92,8 @@ EXTRA_DIST_TESTPYTHON = \
 	27-sim-bpf_blk_state.py \
 	28-sim-arch_x86.py \
 	29-sim-pseudo_syscall.py \
-	30-sim-socket_syscalls.py
+	30-sim-socket_syscalls.py \
+	31-basic-version_check.py
 
 EXTRA_DIST_TESTCFGS = \
 	01-sim-allow.tests \
@@ -123,7 +125,8 @@ EXTRA_DIST_TESTCFGS = \
 	27-sim-bpf_blk_state.tests \
 	28-sim-arch_x86.tests \
 	29-sim-pseudo_syscall.tests \
-	30-sim-socket_syscalls.tests
+	30-sim-socket_syscalls.tests \
+	31-basic-version_check.tests
 
 EXTRA_DIST_TESTSCRIPTS = regression testdiff testgen
 

-Original file line number
+Diff line change
@@ @@ -0,0 +1,11 @@ @@
 +#
 +# libseccomp regression test automation data
 +#
 +# Copyright (c) 2016 Red Hat <[email protected]>
 +# Author: Paul Moore <[email protected]>
 +#
++
 +test type: basic
++
 +# Test command
 +31-basic-version_check