From 26ae0b23436a51b09b9be726ef97e27f36579fc9 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Wed, 28 Aug 2019 11:15:18 -0400
Subject: seccomp numeric testing

---
 README                           |  2 ++
 test/filters/filters.sh          |  3 +++
 test/filters/seccomp-numeric.exp | 44 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 49 insertions(+)
 create mode 100755 test/filters/seccomp-numeric.exp

diff --git a/README b/README
index 9b2347f90..556dd158f 100644
--- a/README
+++ b/README
@@ -99,6 +99,8 @@ announ (https://github.com/announ)
 Antonio Russo (https://github.com/aerusso)
 	- enumerate root directories in apparmor profile
 	- fix join-or-start
+aoand (https://github.com/aoand)
+	- seccomp fix: allow numeric syscalls
 Austin Morton (https://github.com/apmorton)
 	- deterministic-exit-code option
 	- private-cwd options
diff --git a/test/filters/filters.sh b/test/filters/filters.sh
index 114978f65..10e50539b 100755
--- a/test/filters/filters.sh
+++ b/test/filters/filters.sh
@@ -110,6 +110,9 @@ echo "TESTING: seccomp chmod profile - seccomp lists (test/filters/seccomp-chmod
 echo "TESTING: seccomp empty (test/filters/seccomp-empty.exp)"
 ./seccomp-empty.exp
 
+echo "TESTING: seccomp numeric (test/filters/seccomp-numeric.exp)"
+./seccomp-numeric.exp
+
 if [ "$(uname -m)" = "x86_64" ]; then
         echo "TESTING: seccomp dual filter (test/filters/seccomp-dualfilter.exp)"
         ./seccomp-dualfilter.exp
diff --git a/test/filters/seccomp-numeric.exp b/test/filters/seccomp-numeric.exp
new file mode 100755
index 000000000..77f6d60b0
--- /dev/null
+++ b/test/filters/seccomp-numeric.exp
@@ -0,0 +1,44 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2019 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "touch seccomp-test-file\r"
+after 100
+
+send --  "firejail --seccomp=unlinkat:ENOENT,mkdir:ENOENT rm seccomp-test-file\r"
+expect {
+	timeout {puts "TESTING ERROR 0\n";exit}
+	"No such file or directory"
+}
+after 100
+
+send --  "firejail --seccomp=\\\$263:ENOENT,mkdir:ENOENT rm seccomp-test-file\r"
+expect {
+	timeout {puts "TESTING ERROR 1\n";exit}
+	"No such file or directory"
+}
+after 100
+
+send --  "firejail --seccomp=unlinkat:ENOENT,mkdir:ENOENT mkdir seccomp-test-dir\r"
+expect {
+	timeout {puts "TESTING ERROR 2\n";exit}
+	"No such file or directory"
+}
+after 100
+
+send --  "firejail --seccomp=unlinkat:ENOENT,\\\$83:ENOENT mkdir seccomp-test-dir\r"
+expect {
+	timeout {puts "TESTING ERROR 3\n";exit}
+	"No such file or directory"
+}
+after 100
+
+send -- "rm seccomp-test-file\r"
+#send -- "rm -fr seccomp-test-dir\r"
+after 100
+puts "all done\n"
-- 
cgit v1.2.3-54-g00ecf