FFI: create a test case for sched_setscheduler() syscall

[dougsland]

Basically, inside QM sched_setscheduler() syscall is not allowed and we should prove it.
Transform the below steps into a test plan.

Steps:

1- Build source code:

gcc -o test_sched_setscheduler test_sched_setscheduler.c

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sched.h>
#include <errno.h>
#include <string.h>

int main() {
    int pid = getpid(); 
    int policy = SCHED_FIFO;  // Desired scheduling policy
    struct sched_param param;

    // Assign the maximum priority for the SCHED_FIFO policy
    param.sched_priority = sched_get_priority_max(policy);
    if (param.sched_priority == -1) {
        fprintf(stderr, "Failed to get max priority for SCHED_FIFO: %s\n", strerror(errno));
        return EXIT_FAILURE;
    }

    // Attempt to set the scheduling policy and priority
    if (sched_setscheduler(pid, policy, &param) == -1) {
        fprintf(stderr, "Failed to set scheduler: %s\n", strerror(errno));
        return EXIT_FAILURE;
    }

    printf("Scheduler set to SCHED_FIFO with priority %d\n", param.sched_priority);
    return EXIT_SUCCESS;
}

2- copy the binary to qm

cp test_sched_setscheduler /usr/lib/qm/rootfs/root/

3- Execute the test

# podman exec -it qm bash
bash-5.1# ./test_sched_setscheduler
Failed to set scheduler: Operation not permitted

Please note: the QM pull request 362 includes the patch to make sure set schedules is not allowed, to test without this restriction just test previous version or remove create_qm_seccomp_rules from setup and --security-opt seccomp=/usr/share/qm/seccomp.json from qm.container.

See also:
#362 (comment)
https://gitlab.com/CentOS/automotive/container-images/ffi-tools/-/blob/main/Containerfile?ref_type=heads

[dougsland]

cc @pbrilla-rh @Yarboa

[Yarboa]

@dougsland better add it to ffi tools
something like that:

From host partition or qm partition

podman cp ctr_name:/root/tests/FFI/bin/QM/test_sched_setscheduler .

@pbrilla-rh
This test should could exist in public repo, since it is checking seccomp

[dougsland]

@dougsland better add it to ffi tools something like that:

From host partition or qm partition

podman cp ctr_name:/root/tests/FFI/bin/QM/test_sched_setscheduler .

@pbrilla-rh This test should could exist in public repo, since it is checking seccomp

Agreed @Yarboa, opened this one to document and track the work.

[dougsland]

If no complain get raised, the tool should be included here: #371
After that, we can just include into the cycle of tests https://gitlab.com/CentOS/automotive/container-images/ffi-tools

[pengshanyu]

filed a PR: #438

[dougsland]

Resolved.

[dougsland]

talked with @pengshanyu still need to finish the tmt case.