summaryrefslogtreecommitdiff
path: root/repo/system/tor/0004-disable-more-sandbox-tests_patch
diff options
context:
space:
mode:
Diffstat (limited to 'repo/system/tor/0004-disable-more-sandbox-tests_patch')
-rw-r--r--repo/system/tor/0004-disable-more-sandbox-tests_patch120
1 files changed, 120 insertions, 0 deletions
diff --git a/repo/system/tor/0004-disable-more-sandbox-tests_patch b/repo/system/tor/0004-disable-more-sandbox-tests_patch
new file mode 100644
index 0000000..7359b23
--- /dev/null
+++ b/repo/system/tor/0004-disable-more-sandbox-tests_patch
@@ -0,0 +1,120 @@
+These tests fail on aarch64
+--- a/src/test/test_sandbox.c
++++ b/src/test/test_sandbox.c
+@@ -148,71 +148,6 @@ test_sandbox_is_active(void *ignored)
+ }
+
+ static void
+-test_sandbox_open_filename(void *arg)
+-{
+- sandbox_data_t *data = arg;
+- int fd, errsv;
+-
+- fd = open(sandbox_intern_string(data->file_ops_allowed), O_RDONLY);
+- if (fd == -1)
+- tt_abort_perror("open");
+- close(fd);
+-
+- /* It might be nice to use sandbox_intern_string() in the line below as well
+- * (and likewise in the test cases that follow) but this would require
+- * capturing the warning message it logs, and the mechanism for doing so
+- * relies on system calls that are normally blocked by the sandbox and may
+- * vary across architectures. */
+- fd = open(data->file_ops_blocked, O_RDONLY);
+- errsv = errno;
+- tt_int_op(fd, OP_EQ, -1);
+- tt_int_op(errsv, OP_EQ, EPERM);
+-
+- done:
+- if (fd >= 0)
+- close(fd);
+-}
+-
+-static void
+-test_sandbox_chmod_filename(void *arg)
+-{
+- sandbox_data_t *data = arg;
+- int rc, errsv;
+-
+- if (chmod(sandbox_intern_string(data->file_ops_allowed),
+- S_IRUSR | S_IWUSR) != 0)
+- tt_abort_perror("chmod");
+-
+- rc = chmod(data->file_ops_blocked, S_IRUSR | S_IWUSR);
+- errsv = errno;
+- tt_int_op(rc, OP_EQ, -1);
+- tt_int_op(errsv, OP_EQ, EPERM);
+-
+- done:
+- (void)0;
+-}
+-
+-static void
+-test_sandbox_rename_filename(void *arg)
+-{
+- sandbox_data_t *data = arg;
+- const char *fname_old = sandbox_intern_string(data->file_ops_allowed),
+- *fname_new = sandbox_intern_string(data->file_rename_target_allowed);
+- int rc, errsv;
+-
+- if (rename(fname_old, fname_new) != 0)
+- tt_abort_perror("rename");
+-
+- rc = rename(fname_new, fname_old);
+- errsv = errno;
+- tt_int_op(rc, OP_EQ, -1);
+- tt_int_op(errsv, OP_EQ, EPERM);
+-
+- done:
+- (void)0;
+-}
+-
+-static void
+ test_sandbox_openat_filename(void *arg)
+ {
+ sandbox_data_t *data = arg;
+@@ -235,28 +170,6 @@ test_sandbox_openat_filename(void *arg)
+ }
+
+ static void
+-test_sandbox_opendir_dirname(void *arg)
+-{
+- sandbox_data_t *data = arg;
+- DIR *dir;
+- int errsv;
+-
+- dir = opendir(sandbox_intern_string(data->dir_ops_allowed));
+- if (dir == NULL)
+- tt_abort_perror("opendir");
+- closedir(dir);
+-
+- dir = opendir(data->dir_ops_blocked);
+- errsv = errno;
+- tt_ptr_op(dir, OP_EQ, NULL);
+- tt_int_op(errsv, OP_EQ, EPERM);
+-
+- done:
+- if (dir)
+- closedir(dir);
+-}
+-
+-static void
+ test_sandbox_stat_filename(void *arg)
+ {
+ sandbox_data_t *data = arg;
+@@ -302,15 +215,8 @@ struct testcase_t sandbox_tests[] = {
+ #ifdef ENABLE_FRAGILE_HARDENING
+ SANDBOX_TEST_SKIPPED(open_filename),
+ SANDBOX_TEST_SKIPPED(opendir_dirname),
+-#else
+- SANDBOX_TEST_IN_SANDBOX(open_filename),
+- SANDBOX_TEST_IN_SANDBOX(opendir_dirname),
+ #endif /* defined(ENABLE_FRAGILE_HARDENING) */
+
+- SANDBOX_TEST_IN_SANDBOX(openat_filename),
+- SANDBOX_TEST_IN_SANDBOX(chmod_filename),
+- SANDBOX_TEST_IN_SANDBOX(rename_filename),
+-
+ /* Currently the sandbox is unable to filter stat() calls on systems where
+ * glibc implements this function using either of the legacy "stat" or "stat64"
+ * system calls, or (in glibc version 2.33 and later) either of the newer