diff options
Diffstat (limited to 'test/filters')
-rwxr-xr-x | test/filters/caps.exp | 72 | ||||
-rwxr-xr-x | test/filters/noroot.exp | 156 | ||||
-rwxr-xr-x | test/filters/protocol.exp | 180 | ||||
-rw-r--r-- | test/filters/protocol1.profile | 1 | ||||
-rw-r--r-- | test/filters/protocol2.profile | 1 | ||||
-rwxr-xr-x | test/filters/seccomp-bad-empty.exp | 38 | ||||
-rw-r--r-- | test/filters/seccomp-bad-empty.profile | 1 | ||||
-rw-r--r-- | test/filters/seccomp-bad-empty2.profile | 1 | ||||
-rw-r--r-- | test/filters/seccomp.profile | 1 | ||||
-rwxr-xr-x | test/filters/syscall_test | bin | 0 -> 9552 bytes | |||
-rw-r--r-- | test/filters/syscall_test.c | 82 | ||||
-rwxr-xr-x | test/filters/syscall_test32 | bin | 0 -> 6868 bytes |
12 files changed, 533 insertions, 0 deletions
diff --git a/test/filters/caps.exp b/test/filters/caps.exp new file mode 100755 index 000000000..034d6a733 --- /dev/null +++ b/test/filters/caps.exp | |||
@@ -0,0 +1,72 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --caps.keep=chown,fowner --noprofile\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 2 | ||
16 | |||
17 | send -- "cat /proc/self/status\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 2\n";exit} | ||
20 | "CapBnd: 0000000000000009" | ||
21 | } | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 3\n";exit} | ||
24 | "Seccomp:" | ||
25 | } | ||
26 | send -- "exit\r" | ||
27 | sleep 1 | ||
28 | |||
29 | send -- "firejail --caps.drop=all --noprofile\r" | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 4\n";exit} | ||
32 | "Child process initialized" | ||
33 | } | ||
34 | sleep 2 | ||
35 | |||
36 | send -- "cat /proc/self/status\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 5\n";exit} | ||
39 | "CapBnd: 0000000000000000" | ||
40 | } | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 6\n";exit} | ||
43 | "Seccomp:" | ||
44 | } | ||
45 | send -- "exit\r" | ||
46 | sleep 1 | ||
47 | |||
48 | send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r" | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 7\n";exit} | ||
51 | "Child process initialized" | ||
52 | } | ||
53 | sleep 2 | ||
54 | |||
55 | send -- "cat /proc/self/status\r" | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 8\n";exit} | ||
58 | "CapBnd:" | ||
59 | } | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 9\n";exit} | ||
62 | "fffffff0" | ||
63 | } | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 10\n";exit} | ||
66 | "Seccomp:" | ||
67 | } | ||
68 | send -- "exit\r" | ||
69 | sleep 1 | ||
70 | |||
71 | |||
72 | puts "\nall done\n" | ||
diff --git a/test/filters/noroot.exp b/test/filters/noroot.exp new file mode 100755 index 000000000..a1f6ce88d --- /dev/null +++ b/test/filters/noroot.exp | |||
@@ -0,0 +1,156 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --noprofile --noroot --caps.drop=all --seccomp\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "cat /proc/self/status\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "CapBnd: 0000000000000000" | ||
21 | } | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 2\n";exit} | ||
24 | "Seccomp:" | ||
25 | } | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 3\n";exit} | ||
28 | "2" | ||
29 | } | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 4\n";exit} | ||
32 | "Cpus_allowed:" | ||
33 | } | ||
34 | puts "\n" | ||
35 | |||
36 | send -- "ping 0\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 5\n";exit} | ||
39 | "Operation not permitted" | ||
40 | } | ||
41 | send -- "whoami\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 6\n";exit} | ||
44 | $env(USER) | ||
45 | } | ||
46 | send -- "sudo -s\r" | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 8\n";exit} | ||
49 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | ||
50 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
51 | } | ||
52 | send -- "cat /proc/self/uid_map | wc -l\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 7\n";exit} | ||
55 | "1" | ||
56 | } | ||
57 | send -- "cat /proc/self/gid_map | wc -l\r" | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 8\n";exit} | ||
60 | "3" | ||
61 | } | ||
62 | |||
63 | puts "\n" | ||
64 | send -- "exit\r" | ||
65 | sleep 2 | ||
66 | |||
67 | |||
68 | |||
69 | send -- "firejail --name=test --noroot --noprofile\r" | ||
70 | expect { | ||
71 | timeout {puts "TESTING ERROR 9\n";exit} | ||
72 | "Child process initialized" | ||
73 | } | ||
74 | sleep 1 | ||
75 | |||
76 | send -- "cat /proc/self/status\r" | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 10\n";exit} | ||
79 | "CapBnd:" | ||
80 | } | ||
81 | expect { | ||
82 | timeout {puts "TESTING ERROR 11\n";exit} | ||
83 | "ffffffff" | ||
84 | } | ||
85 | expect { | ||
86 | timeout {puts "TESTING ERROR 12\n";exit} | ||
87 | "Seccomp:" | ||
88 | } | ||
89 | expect { | ||
90 | timeout {puts "TESTING ERROR 13\n";exit} | ||
91 | "0" | ||
92 | } | ||
93 | expect { | ||
94 | timeout {puts "TESTING ERROR 14\n";exit} | ||
95 | "Cpus_allowed:" | ||
96 | } | ||
97 | puts "\n" | ||
98 | |||
99 | send -- "whoami\r" | ||
100 | expect { | ||
101 | timeout {puts "TESTING ERROR 15\n";exit} | ||
102 | $env(USER) | ||
103 | } | ||
104 | send -- "sudo -s\r" | ||
105 | expect { | ||
106 | timeout {puts "TESTING ERROR 16\n";exit} | ||
107 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | ||
108 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
109 | } | ||
110 | send -- "ping 0\r" | ||
111 | expect { | ||
112 | timeout {puts "TESTING ERROR 17\n";exit} | ||
113 | "Operation not permitted" | ||
114 | } | ||
115 | send -- "cat /proc/self/uid_map | wc -l\r" | ||
116 | expect { | ||
117 | timeout {puts "TESTING ERROR 18\n";exit} | ||
118 | "1" | ||
119 | } | ||
120 | send -- "cat /proc/self/gid_map | wc -l\r" | ||
121 | expect { | ||
122 | timeout {puts "TESTING ERROR 19\n";exit} | ||
123 | "3" | ||
124 | } | ||
125 | |||
126 | |||
127 | |||
128 | spawn $env(SHELL) | ||
129 | send -- "firejail --debug --join=test\r" | ||
130 | expect { | ||
131 | timeout {puts "TESTING ERROR 20\n";exit} | ||
132 | "User namespace detected" | ||
133 | } | ||
134 | expect { | ||
135 | timeout {puts "TESTING ERROR 21\n";exit} | ||
136 | "Joining user namespace" | ||
137 | } | ||
138 | sleep 1 | ||
139 | |||
140 | send -- "sudo -s\r" | ||
141 | expect { | ||
142 | timeout {puts "TESTING ERROR 22\n";exit} | ||
143 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | ||
144 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
145 | } | ||
146 | send -- "cat /proc/self/uid_map | wc -l\r" | ||
147 | expect { | ||
148 | timeout {puts "TESTING ERROR 23\n";exit} | ||
149 | "1" | ||
150 | } | ||
151 | send -- "cat /proc/self/gid_map | wc -l\r" | ||
152 | expect { | ||
153 | timeout {puts "TESTING ERROR 24\n";exit} | ||
154 | "3" | ||
155 | } | ||
156 | puts "\nall done\n" | ||
diff --git a/test/filters/protocol.exp b/test/filters/protocol.exp new file mode 100755 index 000000000..cf552da56 --- /dev/null +++ b/test/filters/protocol.exp | |||
@@ -0,0 +1,180 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --noprofile --protocol=unix ./syscall_test socket\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 1\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
14 | "socket AF_INET" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
18 | "Operation not supported" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1.3\n";exit} | ||
22 | "socket AF_INET6" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 1.4\n";exit} | ||
26 | "Operation not supported" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 1.5\n";exit} | ||
30 | "socket AF_NETLINK" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 1.6\n";exit} | ||
34 | "Operation not supported" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 1.7\n";exit} | ||
38 | "socket AF_UNIX" | ||
39 | } | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 1.8\n";exit} | ||
42 | "socket AF_PACKETX" | ||
43 | } | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 1.9\n";exit} | ||
46 | "Operation not supported" | ||
47 | } | ||
48 | sleep 1 | ||
49 | |||
50 | send -- "firejail --noprofile --protocol=inet6,packet ./syscall_test socket\r" | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 2\n";exit} | ||
53 | "Child process initialized" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
57 | "socket AF_INET" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
61 | "Operation not supported" | ||
62 | } | ||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 2.3\n";exit} | ||
65 | "socket AF_INET6" | ||
66 | } | ||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 2.4\n";exit} | ||
69 | "socket AF_NETLINK" | ||
70 | } | ||
71 | expect { | ||
72 | timeout {puts "TESTING ERROR 2.5\n";exit} | ||
73 | "Operation not supported" | ||
74 | } | ||
75 | expect { | ||
76 | timeout {puts "TESTING ERROR 2.6\n";exit} | ||
77 | "socket AF_UNIX" | ||
78 | } | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 2.7\n";exit} | ||
81 | "Operation not supported" | ||
82 | } | ||
83 | expect { | ||
84 | timeout {puts "TESTING ERROR 2.8\n";exit} | ||
85 | "socket AF_PACKETX" | ||
86 | } | ||
87 | expect { | ||
88 | timeout {puts "TESTING ERROR 2.9\n";exit} | ||
89 | "after socket" | ||
90 | } | ||
91 | sleep 1 | ||
92 | |||
93 | # profile testing | ||
94 | send -- "firejail --profile=protocol1.profile ./syscall_test socket\r" | ||
95 | expect { | ||
96 | timeout {puts "TESTING ERROR 3\n";exit} | ||
97 | "Child process initialized" | ||
98 | } | ||
99 | expect { | ||
100 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
101 | "socket AF_INET" | ||
102 | } | ||
103 | expect { | ||
104 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
105 | "Operation not supported" | ||
106 | } | ||
107 | expect { | ||
108 | timeout {puts "TESTING ERROR 3.3\n";exit} | ||
109 | "socket AF_INET6" | ||
110 | } | ||
111 | expect { | ||
112 | timeout {puts "TESTING ERROR 3.4\n";exit} | ||
113 | "Operation not supported" | ||
114 | } | ||
115 | expect { | ||
116 | timeout {puts "TESTING ERROR 3.5\n";exit} | ||
117 | "socket AF_NETLINK" | ||
118 | } | ||
119 | expect { | ||
120 | timeout {puts "TESTING ERROR 3.6\n";exit} | ||
121 | "Operation not supported" | ||
122 | } | ||
123 | expect { | ||
124 | timeout {puts "TESTING ERROR 3.7\n";exit} | ||
125 | "socket AF_UNIX" | ||
126 | } | ||
127 | expect { | ||
128 | timeout {puts "TESTING ERROR 3.8\n";exit} | ||
129 | "socket AF_PACKETX" | ||
130 | } | ||
131 | expect { | ||
132 | timeout {puts "TESTING ERROR 3.9\n";exit} | ||
133 | "Operation not supported" | ||
134 | } | ||
135 | sleep 1 | ||
136 | |||
137 | send -- "firejail --profile=protocol2.profile ./syscall_test socket\r" | ||
138 | expect { | ||
139 | timeout {puts "TESTING ERROR 4\n";exit} | ||
140 | "Child process initialized" | ||
141 | } | ||
142 | expect { | ||
143 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
144 | "socket AF_INET" | ||
145 | } | ||
146 | expect { | ||
147 | timeout {puts "TESTING ERROR 4.2\n";exit} | ||
148 | "Operation not supported" | ||
149 | } | ||
150 | expect { | ||
151 | timeout {puts "TESTING ERROR 4.3\n";exit} | ||
152 | "socket AF_INET6" | ||
153 | } | ||
154 | expect { | ||
155 | timeout {puts "TESTING ERROR 4.4\n";exit} | ||
156 | "socket AF_NETLINK" | ||
157 | } | ||
158 | expect { | ||
159 | timeout {puts "TESTING ERROR 4.5\n";exit} | ||
160 | "Operation not supported" | ||
161 | } | ||
162 | expect { | ||
163 | timeout {puts "TESTING ERROR 4.6\n";exit} | ||
164 | "socket AF_UNIX" | ||
165 | } | ||
166 | expect { | ||
167 | timeout {puts "TESTING ERROR 4.7\n";exit} | ||
168 | "Operation not supported" | ||
169 | } | ||
170 | expect { | ||
171 | timeout {puts "TESTING ERROR 4.8\n";exit} | ||
172 | "socket AF_PACKETX" | ||
173 | } | ||
174 | expect { | ||
175 | timeout {puts "TESTING ERROR 4.9\n";exit} | ||
176 | "after socket" | ||
177 | } | ||
178 | sleep 1 | ||
179 | |||
180 | puts "\nall done\n" | ||
diff --git a/test/filters/protocol1.profile b/test/filters/protocol1.profile new file mode 100644 index 000000000..3e1ea2a29 --- /dev/null +++ b/test/filters/protocol1.profile | |||
@@ -0,0 +1 @@ | |||
protocol unix | |||
diff --git a/test/filters/protocol2.profile b/test/filters/protocol2.profile new file mode 100644 index 000000000..b7eb4ab91 --- /dev/null +++ b/test/filters/protocol2.profile | |||
@@ -0,0 +1 @@ | |||
protocol inet6,packet | |||
diff --git a/test/filters/seccomp-bad-empty.exp b/test/filters/seccomp-bad-empty.exp new file mode 100755 index 000000000..631d67743 --- /dev/null +++ b/test/filters/seccomp-bad-empty.exp | |||
@@ -0,0 +1,38 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --seccomp=\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Error: empty syscall lists are not allowed" | ||
11 | } | ||
12 | |||
13 | send -- "firejail --seccomp.drop=\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 2\n";exit} | ||
16 | "Error: empty syscall lists are not allowed" | ||
17 | } | ||
18 | |||
19 | send -- "firejail --seccomp.keep=\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 4\n";exit} | ||
22 | "Error: empty syscall lists are not allowed" | ||
23 | } | ||
24 | |||
25 | send -- "firejail --profile=seccomp-bad-empty.profile\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 6\n";exit} | ||
28 | "Error: line 1 in seccomp-bad-empty.profile is invalid" | ||
29 | } | ||
30 | |||
31 | send -- "firejail --profile=seccomp-bad-empty2.profile\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 7\n";exit} | ||
34 | "Error: line 1 in seccomp-bad-empty2.profile is invalid" | ||
35 | } | ||
36 | sleep 1 | ||
37 | puts "\nall done\n" | ||
38 | |||
diff --git a/test/filters/seccomp-bad-empty.profile b/test/filters/seccomp-bad-empty.profile new file mode 100644 index 000000000..2d4fcde7c --- /dev/null +++ b/test/filters/seccomp-bad-empty.profile | |||
@@ -0,0 +1 @@ | |||
seccomp.drop | |||
diff --git a/test/filters/seccomp-bad-empty2.profile b/test/filters/seccomp-bad-empty2.profile new file mode 100644 index 000000000..c4e6c9f74 --- /dev/null +++ b/test/filters/seccomp-bad-empty2.profile | |||
@@ -0,0 +1 @@ | |||
seccomp.keep | |||
diff --git a/test/filters/seccomp.profile b/test/filters/seccomp.profile new file mode 100644 index 000000000..cb0b15aee --- /dev/null +++ b/test/filters/seccomp.profile | |||
@@ -0,0 +1 @@ | |||
seccomp chmod,fchmod,fchmodat | |||
diff --git a/test/filters/syscall_test b/test/filters/syscall_test new file mode 100755 index 000000000..bf29c5b99 --- /dev/null +++ b/test/filters/syscall_test | |||
Binary files differ | |||
diff --git a/test/filters/syscall_test.c b/test/filters/syscall_test.c new file mode 100644 index 000000000..422af619d --- /dev/null +++ b/test/filters/syscall_test.c | |||
@@ -0,0 +1,82 @@ | |||
1 | // This file is part of Firejail project | ||
2 | // Copyright (C) 2014-2016 Firejail Authors | ||
3 | // License GPL v2 | ||
4 | |||
5 | #include <stdlib.h> | ||
6 | #include <stdio.h> | ||
7 | #include <unistd.h> | ||
8 | #include <sys/types.h> | ||
9 | #include <sys/socket.h> | ||
10 | #include <linux/netlink.h> | ||
11 | #include <net/ethernet.h> | ||
12 | #include <sys/mount.h> | ||
13 | |||
14 | int main(int argc, char **argv) { | ||
15 | if (argc != 2) { | ||
16 | printf("Usage: test [sleep|socket|mkdir|mount]\n"); | ||
17 | return 1; | ||
18 | } | ||
19 | |||
20 | if (strcmp(argv[1], "sleep") == 0) { | ||
21 | printf("before sleep\n"); | ||
22 | sleep(1); | ||
23 | printf("after sleep\n"); | ||
24 | } | ||
25 | else if (strcmp(argv[1], "socket") == 0) { | ||
26 | int sock; | ||
27 | |||
28 | printf("testing socket AF_INET\n"); | ||
29 | if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { | ||
30 | perror("socket"); | ||
31 | } | ||
32 | else | ||
33 | close(sock); | ||
34 | |||
35 | printf("testing socket AF_INET6\n"); | ||
36 | if ((sock = socket(AF_INET6, SOCK_STREAM, 0)) < 0) { | ||
37 | perror("socket"); | ||
38 | } | ||
39 | else | ||
40 | close(sock); | ||
41 | |||
42 | printf("testing socket AF_NETLINK\n"); | ||
43 | if ((sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE)) < 0) { | ||
44 | perror("socket"); | ||
45 | } | ||
46 | else | ||
47 | close(sock); | ||
48 | |||
49 | printf("testing socket AF_UNIX\n"); | ||
50 | if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) { | ||
51 | perror("socket"); | ||
52 | } | ||
53 | else | ||
54 | close(sock); | ||
55 | |||
56 | // root needed to be able to handle this | ||
57 | printf("testing socket AF_PACKETX\n"); | ||
58 | if ((sock = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ARP))) < 0) { | ||
59 | perror("socket"); | ||
60 | } | ||
61 | else | ||
62 | close(sock); | ||
63 | printf("after socket\n"); | ||
64 | } | ||
65 | else if (strcmp(argv[1], "mkdir") == 0) { | ||
66 | printf("before mkdir\n"); | ||
67 | mkdir("tmp", 0777); | ||
68 | printf("after mkdir\n"); | ||
69 | } | ||
70 | else if (strcmp(argv[1], "mount") == 0) { | ||
71 | printf("before mount\n"); | ||
72 | if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) { | ||
73 | perror("mount"); | ||
74 | } | ||
75 | printf("after mount\n"); | ||
76 | } | ||
77 | else { | ||
78 | fprintf(stderr, "Error: invalid argument\n"); | ||
79 | return 1; | ||
80 | } | ||
81 | return 0; | ||
82 | } | ||
diff --git a/test/filters/syscall_test32 b/test/filters/syscall_test32 new file mode 100755 index 000000000..8d72f58c4 --- /dev/null +++ b/test/filters/syscall_test32 | |||
Binary files differ | |||