3 files changed, 49 insertions, 0 deletions
diff --git a/README b/README
index 9b2347f90..556dd158f 100644
--- a/README
+++ b/README
@@ -99,6 +99,8 @@ announ (https://github.com/announ)
 Antonio Russo (https://github.com/aerusso)
        - enumerate root directories in apparmor profile
        - fix join-or-start
+aoand (https://github.com/aoand)
+        - seccomp fix: allow numeric syscalls
 Austin Morton (https://github.com/apmorton)
        - deterministic-exit-code option
        - private-cwd options
diff --git a/test/filters/filters.sh b/test/filters/filters.sh
index 114978f65..10e50539b 100755
--- a/test/filters/filters.sh
+++ b/test/filters/filters.sh
@@ -110,6 +110,9 @@ echo "TESTING: seccomp chmod profile - seccomp lists (test/filters/seccomp-chmod
 echo "TESTING: seccomp empty (test/filters/seccomp-empty.exp)"
 ./seccomp-empty.exp
+echo "TESTING: seccomp numeric (test/filters/seccomp-numeric.exp)"
+./seccomp-numeric.exp
 if [ "$(uname -m)" = "x86_64" ]; then
        echo "TESTING: seccomp dual filter (test/filters/seccomp-dualfilter.exp)"
        ./seccomp-dualfilter.exp
diff --git a/test/filters/seccomp-numeric.exp b/test/filters/seccomp-numeric.exp
new file mode 100755
index 000000000..77f6d60b0
--- /dev/null
+++ b/test/filters/seccomp-numeric.exp
@@ -0,0 +1,44 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2019 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "touch seccomp-test-file\r"
+after 100
+send --  "firejail --seccomp=unlinkat:ENOENT,mkdir:ENOENT rm seccomp-test-file\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "No such file or directory"
+}
+after 100
+send --  "firejail --seccomp=\\\$263:ENOENT,mkdir:ENOENT rm seccomp-test-file\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "No such file or directory"
+}
+after 100
+send --  "firejail --seccomp=unlinkat:ENOENT,mkdir:ENOENT mkdir seccomp-test-dir\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "No such file or directory"
+}
+after 100
+send --  "firejail --seccomp=unlinkat:ENOENT,\\\$83:ENOENT mkdir seccomp-test-dir\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "No such file or directory"
+}
+after 100
+send -- "rm seccomp-test-file\r"
+#send -- "rm -fr seccomp-test-dir\r"
+after 100
+puts "all done\n"

diff --git a/README b/README index 9b2347f90..556dd158f 100644 --- a/README +++ b/README
@@ -99,6 +99,8 @@ announ (https://github.com/announ)
99	Antonio Russo (https://github.com/aerusso)	99	Antonio Russo (https://github.com/aerusso)
100	- enumerate root directories in apparmor profile	100	- enumerate root directories in apparmor profile
101	- fix join-or-start	101	- fix join-or-start
		102	aoand (https://github.com/aoand)
		103	- seccomp fix: allow numeric syscalls
102	Austin Morton (https://github.com/apmorton)	104	Austin Morton (https://github.com/apmorton)
103	- deterministic-exit-code option	105	- deterministic-exit-code option
104	- private-cwd options	106	- private-cwd options


diff --git a/test/filters/filters.sh b/test/filters/filters.sh index 114978f65..10e50539b 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh
@@ -110,6 +110,9 @@ echo "TESTING: seccomp chmod profile - seccomp lists (test/filters/seccomp-chmod
110	echo "TESTING: seccomp empty (test/filters/seccomp-empty.exp)"	110	echo "TESTING: seccomp empty (test/filters/seccomp-empty.exp)"
111	./seccomp-empty.exp	111	./seccomp-empty.exp
112		112
		113	echo "TESTING: seccomp numeric (test/filters/seccomp-numeric.exp)"
		114	./seccomp-numeric.exp
		115
113	if [ "$(uname -m)" = "x86_64" ]; then	116	if [ "$(uname -m)" = "x86_64" ]; then
114	echo "TESTING: seccomp dual filter (test/filters/seccomp-dualfilter.exp)"	117	echo "TESTING: seccomp dual filter (test/filters/seccomp-dualfilter.exp)"
115	./seccomp-dualfilter.exp	118	./seccomp-dualfilter.exp


diff --git a/test/filters/seccomp-numeric.exp b/test/filters/seccomp-numeric.exp new file mode 100755 index 000000000..77f6d60b0 --- /dev/null +++ b/test/filters/seccomp-numeric.exp
@@ -0,0 +1,44 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2019 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "touch seccomp-test-file\r"
		11	after 100
		12
		13	send -- "firejail --seccomp=unlinkat:ENOENT,mkdir:ENOENT rm seccomp-test-file\r"
		14	expect {
		15	timeout {puts "TESTING ERROR 0\n";exit}
		16	"No such file or directory"
		17	}
		18	after 100
		19
		20	send -- "firejail --seccomp=\\\$263:ENOENT,mkdir:ENOENT rm seccomp-test-file\r"
		21	expect {
		22	timeout {puts "TESTING ERROR 1\n";exit}
		23	"No such file or directory"
		24	}
		25	after 100
		26
		27	send -- "firejail --seccomp=unlinkat:ENOENT,mkdir:ENOENT mkdir seccomp-test-dir\r"
		28	expect {
		29	timeout {puts "TESTING ERROR 2\n";exit}
		30	"No such file or directory"
		31	}
		32	after 100
		33
		34	send -- "firejail --seccomp=unlinkat:ENOENT,\\\$83:ENOENT mkdir seccomp-test-dir\r"
		35	expect {
		36	timeout {puts "TESTING ERROR 3\n";exit}
		37	"No such file or directory"
		38	}
		39	after 100
		40
		41	send -- "rm seccomp-test-file\r"
		42	#send -- "rm -fr seccomp-test-dir\r"
		43	after 100
		44	puts "all done\n"