Re: [libseccomp-discuss] [RFC PATCH v1 3/3] tests: add python versions of the existing tests

[Paul M. <pm...@re...>]

On Wednesday, October 24, 2012 02:22:56 PM Daniel J Walsh wrote:
> > f.add_rule_exactly(ALLOW, "read", Arg(0, Arg.EQ, sys.stdin.fileno())); +
> > f.add_rule_exactly(ALLOW, "write", Arg(0, Arg.EQ, sys.stdout.fileno())); +
> > f.add_rule_exactly(ALLOW, "write", Arg(0, Arg.EQ, sys.stderr.fileno()));
> 
> I will give you sys.stderr and you change it to fileno, not me.

Thanks for taking a look and sending your comments.

I think the problem here is that these are syscall arguments, which are scalar 
values by definition, and putting code in the Python binding/shim to translate 
every possible Python object into the correct scalar value for seccomp seems 
like a loosing battle, especially when the caller can usually do it in such a 
trivial manner.

I might be convinced to do it for a few special cases, file objects, being one 
of them, if you could point me to a Python example that demonstrates type 
specific behavior, for example:

	if (type(object) == FILE_OBJECT)
		fd = object.fileno()
	else (type(object) == SCALAR)
		fd = object
	else
		eject(mailman)

> I don't like Arg.EQ, I would prefer EQ, and maybe make this the default?

Sure, I can move EQ and friends up to the top level of the module, no problem 
there.  As for making it the default, I'm tempted to leave it as is since I 
think it makes more sense with all three arguments being explicit; after all, 
a comparison takes three items: a variable to compare, a comparison operator, 
and a value to compare against.

> BTW You can probably do most of this in your python code.  (__init__.py)

You lost me here, can you elaborate?

-- 
paul moore
security and virtualization @ redhat