How to use isSupportedLSM method of host Package

Best Syzkaller code snippet using host.isSupportedLSM

syscalls_linux.go

Source:syscalls_linux.go

...21	log.Logf(2, "checking support for %v", c.Name)22	if strings.HasPrefix(c.CallName, "syz_") {23		return isSupportedSyzkall(sandbox, c)24	}25	if reason := isSupportedLSM(c); reason != "" {26		return false, reason27	}28	if strings.HasPrefix(c.Name, "socket$") ||29		strings.HasPrefix(c.Name, "socketpair$") {30		return isSupportedSocket(c)31	}32	if strings.HasPrefix(c.Name, "openat$") {33		return isSupportedOpenAt(c)34	}35	if strings.HasPrefix(c.Name, "mount$") {36		return isSupportedMount(c, sandbox)37	}38	if c.Name == "ioctl$EXT4_IOC_SHUTDOWN" && sandbox == "none" {39		// Don't shutdown root filesystem.40		return false, "unsafe with sandbox=none"41	}42	// There are 3 possible strategies for detecting supported syscalls:43	// 1. Executes all syscalls with presumably invalid arguments and check for ENOprog.44	//    But not all syscalls are safe to execute. For example, pause will hang,45	//    while setpgrp will push the process into own process group.46	// 2. Check presence of /sys/kernel/debug/tracing/events/syscalls/sys_enter_* files.47	//    This requires root and CONFIG_FTRACE_SYSCALLS. Also it lies for some syscalls.48	//    For example, on x86_64 it says that sendfile is not present (only sendfile64).49	// 3. Check sys_syscallname in /proc/kallsyms.50	//    Requires CONFIG_KALLSYMS.51	// Kallsyms seems to be the most reliable and fast. That's what we use first.52	// If kallsyms is not present, we fallback to execution of syscalls.53	kallsymsOnce.Do(func() {54		kallsyms, _ := ioutil.ReadFile("/proc/kallsyms")55		if len(kallsyms) == 0 {56			return57		}58		kallsymsSyscallSet = parseKallsyms(kallsyms, target.Arch)59	})60	if !testFallback && len(kallsymsSyscallSet) != 0 {61		r, v := isSupportedKallsyms(c)62		return r, v63	}64	return isSupportedTrial(c)65}66func parseKallsyms(kallsyms []byte, arch string) map[string]bool {67	set := make(map[string]bool)68	var re *regexp.Regexp69	switch arch {70	case "386", "amd64":71		re = regexp.MustCompile(` T (__ia32_|__x64_)?sys_([^\n]+)\n`)72	case "arm", "arm64":73		re = regexp.MustCompile(` T (__arm64_)?sys_([^\n]+)\n`)74	case "ppc64le":75		re = regexp.MustCompile(` T ()?sys_([^\n]+)\n`)76	case "mips64le":77		re = regexp.MustCompile(` T sys_(mips_)?([^\n]+)\n`)78	default:79		panic("unsupported arch for kallsyms parsing")80	}81	matches := re.FindAllSubmatch(kallsyms, -1)82	for _, m := range matches {83		name := string(m[2])84		log.Logf(2, "found in kallsyms: %v", name)85		set[name] = true86	}87	return set88}89func isSupportedKallsyms(c *prog.Syscall) (bool, string) {90	name := c.CallName91	if newname := kallsymsRenameMap[name]; newname != "" {92		name = newname93	}94	if !kallsymsSyscallSet[name] {95		return false, fmt.Sprintf("sys_%v is not present in /proc/kallsyms", name)96	}97	return true, ""98}99func isSupportedTrial(c *prog.Syscall) (bool, string) {100	switch c.CallName {101	// These known to cause hangs.102	case "exit", "pause":103		return true, ""104	}105	trialMu.Lock()106	defer trialMu.Unlock()107	if res, ok := trialSupported[c.NR]; ok {108		return res, "ENOSYS"109	}110	cmd := osutil.Command(os.Args[0])111	cmd.Env = []string{fmt.Sprintf("SYZ_TRIAL_TEST=%v", c.NR)}112	_, err := osutil.Run(10*time.Second, cmd)113	res := err != nil114	trialSupported[c.NR] = res115	return res, "ENOSYS"116}117func init() {118	str := os.Getenv("SYZ_TRIAL_TEST")119	if str == "" {120		return121	}122	nr, err := strconv.Atoi(str)123	if err != nil {124		panic(err)125	}126	arg := ^uintptr(0) - 1e4 // something as invalid as possible127	_, _, err = syscall.Syscall6(uintptr(nr), arg, arg, arg, arg, arg, arg)128	if err == syscall.ENOSYS {129		os.Exit(0)130	}131	os.Exit(1)132}133// Some syscall names diverge in __NR_* consts and kallsyms.134// umount2 is renamed to umount in arch/x86/entry/syscalls/syscall_64.tbl.135// Where umount is renamed to oldumount is unclear.136var (137	kallsymsOnce       sync.Once138	kallsymsSyscallSet map[string]bool139	kallsymsRenameMap  = map[string]string{140		"umount":  "oldumount",141		"umount2": "umount",142		"stat":    "newstat",143	}144	trialMu         sync.Mutex145	trialSupported  = make(map[uint64]bool)146	filesystems     []byte147	filesystemsOnce sync.Once148	lsmOnce         sync.Once149	lsmError        error150	lsmDisabled     map[string]bool151)152// The function is lengthy as it handles all pseudo-syscalls,153// but it does not seem to cause comprehension problems as there is no shared state.154// Splitting this per-syscall will only increase code size.155func isSupportedSyzkall(sandbox string, c *prog.Syscall) (bool, string) {156	switch c.CallName {157	case "syz_open_dev":158		return isSupportedSyzOpenDev(sandbox, c)159	case "syz_open_procfs":160		return true, ""161	case "syz_open_pts":162		return true, ""163	case "syz_emit_ethernet", "syz_extract_tcp_res":164		reason := checkNetInjection()165		return reason == "", reason166	case "syz_usb_connect", "syz_usb_connect_ath9k", "syz_usb_disconnect",167		"syz_usb_control_io", "syz_usb_ep_write", "syz_usb_ep_read":168		reason := checkUSBEmulation()169		return reason == "", reason170	case "syz_kvm_setup_cpu":171		switch c.Name {172		case "syz_kvm_setup_cpu$x86":173			if runtime.GOARCH == "amd64" || runtime.GOARCH == "386" {174				return true, ""175			}176		case "syz_kvm_setup_cpu$arm64":177			if runtime.GOARCH == "arm64" {178				return true, ""179			}180		}181		return false, "unsupported arch"182	case "syz_init_net_socket":183		// Unfortunately this only works with sandbox none at the moment.184		// The problem is that setns of a network namespace requires CAP_SYS_ADMIN185		// in the target namespace, and we've lost all privs in the init namespace186		// during creation of a user namespace.187		if ok, reason := onlySandboxNone(sandbox); !ok {188			return false, reason189		}190		return isSupportedSocket(c)191	case "syz_genetlink_get_family_id":192		fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, syscall.NETLINK_GENERIC)193		if fd == -1 {194			return false, fmt.Sprintf("socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) failed: %v", err)195		}196		syscall.Close(fd)197		return true, ""198	case "syz_mount_image":199		if ok, reason := onlySandboxNone(sandbox); !ok {200			return ok, reason201		}202		fstype, ok := extractStringConst(c.Args[0].Type)203		if !ok {204			panic("syz_mount_image arg is not string")205		}206		return isSupportedFilesystem(fstype)207	case "syz_read_part_table":208		return onlySandboxNone(sandbox)209	case "syz_execute_func":210		return true, ""211	}212	panic("unknown syzkall: " + c.Name)213}214func isSupportedSyzOpenDev(sandbox string, c *prog.Syscall) (bool, string) {215	if _, ok := c.Args[0].Type.(*prog.ConstType); ok {216		// This is for syz_open_dev$char/block.217		return true, ""218	}219	fname, ok := extractStringConst(c.Args[0].Type)220	if !ok {221		panic("first open arg is not a pointer to string const")222	}223	if !strings.Contains(fname, "#") {224		panic(fmt.Sprintf("%v does not contain # in the file name (should be openat)", c.Name))225	}226	if checkUSBEmulation() == "" {227		// These entries might not be available at boot time,228		// but will be created by connected USB devices.229		USBDevicePrefixes := []string{230			"/dev/hidraw", "/dev/usb/hiddev", "/dev/input/",231		}232		for _, prefix := range USBDevicePrefixes {233			if strings.HasPrefix(fname, prefix) {234				return true, ""235			}236		}237	}238	var check func(dev string) bool239	check = func(dev string) bool {240		if !strings.Contains(dev, "#") {241			// Note: don't try to open them all, some can hang (e.g. /dev/snd/pcmC#D#p).242			return osutil.IsExist(dev)243		}244		for i := 0; i < 10; i++ {245			if check(strings.Replace(dev, "#", strconv.Itoa(i), 1)) {246				return true247			}248		}249		return false250	}251	if !check(fname) {252		return false, fmt.Sprintf("file %v does not exist", fname)253	}254	return onlySandboxNoneOrNamespace(sandbox)255}256func isSupportedLSM(c *prog.Syscall) string {257	lsmOnce.Do(func() {258		data, err := ioutil.ReadFile("/sys/kernel/security/lsm")259		if err != nil {260			// securityfs may not be mounted, but it does not mean261			// that no LSMs are enabled.262			if !os.IsNotExist(err) {263				lsmError = err264			}265			return266		}267		lsmDisabled = make(map[string]bool)268		for _, lsm := range []string{"selinux", "apparmor", "smack"} {269			if !strings.Contains(string(data), lsm) {270				lsmDisabled[lsm] = true...

isSupportedLSM

Using AI Code Generation

1import (2func main() {3	if len(os.Args) != 2 {4		fmt.Fprintf(os.Stderr, "Usage: %s <datastore>\n", os.Args[0])5		os.Exit(1)6	}7	vcenter := os.Getenv("VCENTER")8	username := os.Getenv("VCENTER_USERNAME")9	password := os.Getenv("VCENTER_PASSWORD")10	if vcenter == "" {11		fmt.Fprintf(os.Stderr, "VCENTER environment variable is not set\n")12		os.Exit(1)13	}14	if username == "" {15		fmt.Fprintf(os.Stderr, "VCENTER_USERNAME environment variable is not set\n")16		os.Exit(1)17	}18	if password == "" {19		fmt.Fprintf(os.Stderr, "VCENTER_PASSWORD environment variable is not set\n")20		os.Exit(1)21	}22	if err != nil {23		fmt.Fprintf(os.Stderr, "Error parsing vCenter URL: %s\n", err)24		os.Exit(1)25	}26	ctx, cancel := context.WithCancel(context.Background())27	defer cancel()28	c, err := govmomi.NewClient(ctx, u, true)29	if err != nil {30		fmt.Fprintf(os.Stderr, "Error connecting to vCenter: %s\n", err)31		os.Exit(1)32	}33	f := find.NewFinder(c.Client, true)34	dc, err := f.DefaultDatacenter(ctx)35	if err != nil {36		fmt.Fprintf(os.Stderr, "Error getting default datacenter: %s\n", err)37		os.Exit(1)38	}39	f.SetDatacenter(dc)40	ds, err := f.Datastore(ctx, datastore)41	if err != nil {42		fmt.Fprintf(os.Stderr

isSupportedLSM

Using AI Code Generation

1import (2func main() {3	if len(os.Args) != 2 {4		fmt.Println("Usage: go run 2.go <vCenter IP>")5		os.Exit(1)6	}7	if err != nil {8		fmt.Println(err)9		os.Exit(1)10	}11	u.User = url.UserPassword("administrator", "VMware1!")12	c, err := govmomi.NewClient(context.Background(), u, true)13	if err != nil {14		fmt.Println(err)15		os.Exit(1)16	}17	f := find.NewFinder(c.Client, true)18	dc, err := f.DefaultDatacenter(context.Background())19	if err != nil {20		fmt.Println(err)21		os.Exit(1)22	}23	f.SetDatacenter(dc)24	hosts, err := f.HostSystemList(context.Background(), "*")25	if err != nil {26		fmt.Println(err)27		os.Exit(1)28	}29	for _, host := range hosts {30		fmt.Printf("Host: %s\n", host.Name())31		for _, lsm := range supportedLSM {32			fmt.Printf("\tLSM: %s\n", lsm)33		}34	}35	hs := types.HostStorageSystem{36		Host: host.Reference(),37	}38	hsSystem, err := host.ConfigManager.StorageSystem(context.Background())39	if err != nil {40		fmt.Println(err)41		os.Exit(1)42	}43	supported, err := hsSystem.IsSupportedLsm(context.Background(), hs, "LSM1")44	if err != nil {45		fmt.Println(err)46		os.Exit(1)47	}48	fmt.Printf("LSM1 is supported on host %s: %t\n", host.Name(), supported)49}

isSupportedLSM

Using AI Code Generation

1import (2func init() {3	logrus.SetLevel(logrus.DebugLevel)4	logrus.SetFormatter(&logrus.TextFormatter{5	})6}7func main() {8	drivers.Init(drivers.InitOpts{9		Config: &mock.Driver{10			Mock: &testutils.MockDriver{11				VolumeDriver: &test.MockDriver{},12			},13		},14	})15	drivers.Init(drivers.InitOpts{16		Config: &test.Driver{},17	})18	drivers.Init(drivers.InitOpts{

isSupportedLSM

Using AI Code Generation

1import (2func main() {3	if len(os.Args) != 2 {4		fmt.Printf("Usage: %s <driver name>\n", os.Args[0])5		os.Exit(1)6	}7	d, err := drivers.New(os.Args[1], nil)8	if err != nil {9		fmt.Println(err)10		os.Exit(1)11	}12	supported, err := d.IsSupported(api.OptVolumeLabels, nil)13	if err != nil {14		fmt.Println(err)15		os.Exit(1)16	}17	fmt.Printf("LSM is supported: %v\n", supported)18	d, err = drivers.New("ssh", nil)19	if err != nil {20		fmt.Println(err)21		os.Exit(1)22	}23	supported, err = d.IsSupported(api.OptVolumeLabels, nil)24	if err != nil {25		fmt.Println(err)26		os.Exit(1)27	}28	fmt.Printf("LSM is supported: %v\n", supported)29	d, err = drivers.New("test", nil)30	if err != nil {31		fmt.Println(err)32		os.Exit(1)33	}34	supported, err = d.IsSupported(api.OptVolumeLabels, nil)35	if err != nil {36		fmt.Println(err)37		os.Exit(1)38	}39	fmt.Printf("LSM is supported: %v\n", supported)40}

isSupportedLSM

Using AI Code Generation

1import (2func main() {3	err := syscall.Statfs("/", &stat)4	if err != nil {5		fmt.Println(err)6		os.Exit(1)7	}8	fmt.Println(stat)9}

isSupportedLSM

Using AI Code Generation

1func main() {2	host := host.NewHost()3	supported, err := host.IsSupportedLSM()4	if err != nil {5		fmt.Println(err)6	}7	fmt.Println(supported)8}

isSupportedLSM

Using AI Code Generation

1import "fmt"2import "github.com/akshaytm/LSM9DS1"3func main() {4host, err := LSM9DS1.NewHost()5if err != nil {6fmt.Println("Error:", err)7}8fmt.Println("LSM9DS1 is supported:", host.IsSupportedLSM())9}

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.