diff options
author | netblue30 <netblue30@yahoo.com> | 2019-08-28 11:15:18 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2019-08-28 11:15:18 -0400 |
commit | 26ae0b23436a51b09b9be726ef97e27f36579fc9 (patch) | |
tree | dd8855b0f0c9ec9f651e4afdb99d5ae9e3e98bd1 | |
parent | Merge pull request #2929 from aoand/master (diff) | |
download | firejail-26ae0b23436a51b09b9be726ef97e27f36579fc9.tar.gz firejail-26ae0b23436a51b09b9be726ef97e27f36579fc9.tar.zst firejail-26ae0b23436a51b09b9be726ef97e27f36579fc9.zip |
seccomp numeric testing
-rw-r--r-- | README | 2 | ||||
-rwxr-xr-x | test/filters/filters.sh | 3 | ||||
-rwxr-xr-x | test/filters/seccomp-numeric.exp | 44 |
3 files changed, 49 insertions, 0 deletions
@@ -99,6 +99,8 @@ announ (https://github.com/announ) | |||
99 | Antonio Russo (https://github.com/aerusso) | 99 | Antonio Russo (https://github.com/aerusso) |
100 | - enumerate root directories in apparmor profile | 100 | - enumerate root directories in apparmor profile |
101 | - fix join-or-start | 101 | - fix join-or-start |
102 | aoand (https://github.com/aoand) | ||
103 | - seccomp fix: allow numeric syscalls | ||
102 | Austin Morton (https://github.com/apmorton) | 104 | Austin Morton (https://github.com/apmorton) |
103 | - deterministic-exit-code option | 105 | - deterministic-exit-code option |
104 | - private-cwd options | 106 | - private-cwd options |
diff --git a/test/filters/filters.sh b/test/filters/filters.sh index 114978f65..10e50539b 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh | |||
@@ -110,6 +110,9 @@ echo "TESTING: seccomp chmod profile - seccomp lists (test/filters/seccomp-chmod | |||
110 | echo "TESTING: seccomp empty (test/filters/seccomp-empty.exp)" | 110 | echo "TESTING: seccomp empty (test/filters/seccomp-empty.exp)" |
111 | ./seccomp-empty.exp | 111 | ./seccomp-empty.exp |
112 | 112 | ||
113 | echo "TESTING: seccomp numeric (test/filters/seccomp-numeric.exp)" | ||
114 | ./seccomp-numeric.exp | ||
115 | |||
113 | if [ "$(uname -m)" = "x86_64" ]; then | 116 | if [ "$(uname -m)" = "x86_64" ]; then |
114 | echo "TESTING: seccomp dual filter (test/filters/seccomp-dualfilter.exp)" | 117 | echo "TESTING: seccomp dual filter (test/filters/seccomp-dualfilter.exp)" |
115 | ./seccomp-dualfilter.exp | 118 | ./seccomp-dualfilter.exp |
diff --git a/test/filters/seccomp-numeric.exp b/test/filters/seccomp-numeric.exp new file mode 100755 index 000000000..77f6d60b0 --- /dev/null +++ b/test/filters/seccomp-numeric.exp | |||
@@ -0,0 +1,44 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2019 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "touch seccomp-test-file\r" | ||
11 | after 100 | ||
12 | |||
13 | send -- "firejail --seccomp=unlinkat:ENOENT,mkdir:ENOENT rm seccomp-test-file\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 0\n";exit} | ||
16 | "No such file or directory" | ||
17 | } | ||
18 | after 100 | ||
19 | |||
20 | send -- "firejail --seccomp=\\\$263:ENOENT,mkdir:ENOENT rm seccomp-test-file\r" | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 1\n";exit} | ||
23 | "No such file or directory" | ||
24 | } | ||
25 | after 100 | ||
26 | |||
27 | send -- "firejail --seccomp=unlinkat:ENOENT,mkdir:ENOENT mkdir seccomp-test-dir\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 2\n";exit} | ||
30 | "No such file or directory" | ||
31 | } | ||
32 | after 100 | ||
33 | |||
34 | send -- "firejail --seccomp=unlinkat:ENOENT,\\\$83:ENOENT mkdir seccomp-test-dir\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 3\n";exit} | ||
37 | "No such file or directory" | ||
38 | } | ||
39 | after 100 | ||
40 | |||
41 | send -- "rm seccomp-test-file\r" | ||
42 | #send -- "rm -fr seccomp-test-dir\r" | ||
43 | after 100 | ||
44 | puts "all done\n" | ||