diff options
author | davidovski <david@davidovski.xyz> | 2022-05-07 13:50:28 +0100 |
---|---|---|
committer | davidovski <david@davidovski.xyz> | 2022-05-07 13:50:28 +0100 |
commit | 213021de0aaf5439db7d58ca1447db4ae6af92be (patch) | |
tree | a2adcfe44a186f9a61b92c5ca80d38b6f4017fa0 /repo/util/tor/0004-disable-more-sandbox-tests_patch | |
parent | fd7adb2f3a9d9d239c90742366aec369966a3a03 (diff) |
added tor and xss-lock
Diffstat (limited to 'repo/util/tor/0004-disable-more-sandbox-tests_patch')
-rw-r--r-- | repo/util/tor/0004-disable-more-sandbox-tests_patch | 120 |
1 files changed, 120 insertions, 0 deletions
diff --git a/repo/util/tor/0004-disable-more-sandbox-tests_patch b/repo/util/tor/0004-disable-more-sandbox-tests_patch new file mode 100644 index 0000000..7359b23 --- /dev/null +++ b/repo/util/tor/0004-disable-more-sandbox-tests_patch @@ -0,0 +1,120 @@ +These tests fail on aarch64 +--- a/src/test/test_sandbox.c ++++ b/src/test/test_sandbox.c +@@ -148,71 +148,6 @@ test_sandbox_is_active(void *ignored) + } + + static void +-test_sandbox_open_filename(void *arg) +-{ +- sandbox_data_t *data = arg; +- int fd, errsv; +- +- fd = open(sandbox_intern_string(data->file_ops_allowed), O_RDONLY); +- if (fd == -1) +- tt_abort_perror("open"); +- close(fd); +- +- /* It might be nice to use sandbox_intern_string() in the line below as well +- * (and likewise in the test cases that follow) but this would require +- * capturing the warning message it logs, and the mechanism for doing so +- * relies on system calls that are normally blocked by the sandbox and may +- * vary across architectures. */ +- fd = open(data->file_ops_blocked, O_RDONLY); +- errsv = errno; +- tt_int_op(fd, OP_EQ, -1); +- tt_int_op(errsv, OP_EQ, EPERM); +- +- done: +- if (fd >= 0) +- close(fd); +-} +- +-static void +-test_sandbox_chmod_filename(void *arg) +-{ +- sandbox_data_t *data = arg; +- int rc, errsv; +- +- if (chmod(sandbox_intern_string(data->file_ops_allowed), +- S_IRUSR | S_IWUSR) != 0) +- tt_abort_perror("chmod"); +- +- rc = chmod(data->file_ops_blocked, S_IRUSR | S_IWUSR); +- errsv = errno; +- tt_int_op(rc, OP_EQ, -1); +- tt_int_op(errsv, OP_EQ, EPERM); +- +- done: +- (void)0; +-} +- +-static void +-test_sandbox_rename_filename(void *arg) +-{ +- sandbox_data_t *data = arg; +- const char *fname_old = sandbox_intern_string(data->file_ops_allowed), +- *fname_new = sandbox_intern_string(data->file_rename_target_allowed); +- int rc, errsv; +- +- if (rename(fname_old, fname_new) != 0) +- tt_abort_perror("rename"); +- +- rc = rename(fname_new, fname_old); +- errsv = errno; +- tt_int_op(rc, OP_EQ, -1); +- tt_int_op(errsv, OP_EQ, EPERM); +- +- done: +- (void)0; +-} +- +-static void + test_sandbox_openat_filename(void *arg) + { + sandbox_data_t *data = arg; +@@ -235,28 +170,6 @@ test_sandbox_openat_filename(void *arg) + } + + static void +-test_sandbox_opendir_dirname(void *arg) +-{ +- sandbox_data_t *data = arg; +- DIR *dir; +- int errsv; +- +- dir = opendir(sandbox_intern_string(data->dir_ops_allowed)); +- if (dir == NULL) +- tt_abort_perror("opendir"); +- closedir(dir); +- +- dir = opendir(data->dir_ops_blocked); +- errsv = errno; +- tt_ptr_op(dir, OP_EQ, NULL); +- tt_int_op(errsv, OP_EQ, EPERM); +- +- done: +- if (dir) +- closedir(dir); +-} +- +-static void + test_sandbox_stat_filename(void *arg) + { + sandbox_data_t *data = arg; +@@ -302,15 +215,8 @@ struct testcase_t sandbox_tests[] = { + #ifdef ENABLE_FRAGILE_HARDENING + SANDBOX_TEST_SKIPPED(open_filename), + SANDBOX_TEST_SKIPPED(opendir_dirname), +-#else +- SANDBOX_TEST_IN_SANDBOX(open_filename), +- SANDBOX_TEST_IN_SANDBOX(opendir_dirname), + #endif /* defined(ENABLE_FRAGILE_HARDENING) */ + +- SANDBOX_TEST_IN_SANDBOX(openat_filename), +- SANDBOX_TEST_IN_SANDBOX(chmod_filename), +- SANDBOX_TEST_IN_SANDBOX(rename_filename), +- + /* Currently the sandbox is unable to filter stat() calls on systems where + * glibc implements this function using either of the legacy "stat" or "stat64" + * system calls, or (in glibc version 2.33 and later) either of the newer |