1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
These tests fail on aarch64
--- a/src/test/test_sandbox.c
+++ b/src/test/test_sandbox.c
@@ -148,71 +148,6 @@ test_sandbox_is_active(void *ignored)
}
static void
-test_sandbox_open_filename(void *arg)
-{
- sandbox_data_t *data = arg;
- int fd, errsv;
-
- fd = open(sandbox_intern_string(data->file_ops_allowed), O_RDONLY);
- if (fd == -1)
- tt_abort_perror("open");
- close(fd);
-
- /* It might be nice to use sandbox_intern_string() in the line below as well
- * (and likewise in the test cases that follow) but this would require
- * capturing the warning message it logs, and the mechanism for doing so
- * relies on system calls that are normally blocked by the sandbox and may
- * vary across architectures. */
- fd = open(data->file_ops_blocked, O_RDONLY);
- errsv = errno;
- tt_int_op(fd, OP_EQ, -1);
- tt_int_op(errsv, OP_EQ, EPERM);
-
- done:
- if (fd >= 0)
- close(fd);
-}
-
-static void
-test_sandbox_chmod_filename(void *arg)
-{
- sandbox_data_t *data = arg;
- int rc, errsv;
-
- if (chmod(sandbox_intern_string(data->file_ops_allowed),
- S_IRUSR | S_IWUSR) != 0)
- tt_abort_perror("chmod");
-
- rc = chmod(data->file_ops_blocked, S_IRUSR | S_IWUSR);
- errsv = errno;
- tt_int_op(rc, OP_EQ, -1);
- tt_int_op(errsv, OP_EQ, EPERM);
-
- done:
- (void)0;
-}
-
-static void
-test_sandbox_rename_filename(void *arg)
-{
- sandbox_data_t *data = arg;
- const char *fname_old = sandbox_intern_string(data->file_ops_allowed),
- *fname_new = sandbox_intern_string(data->file_rename_target_allowed);
- int rc, errsv;
-
- if (rename(fname_old, fname_new) != 0)
- tt_abort_perror("rename");
-
- rc = rename(fname_new, fname_old);
- errsv = errno;
- tt_int_op(rc, OP_EQ, -1);
- tt_int_op(errsv, OP_EQ, EPERM);
-
- done:
- (void)0;
-}
-
-static void
test_sandbox_openat_filename(void *arg)
{
sandbox_data_t *data = arg;
@@ -235,28 +170,6 @@ test_sandbox_openat_filename(void *arg)
}
static void
-test_sandbox_opendir_dirname(void *arg)
-{
- sandbox_data_t *data = arg;
- DIR *dir;
- int errsv;
-
- dir = opendir(sandbox_intern_string(data->dir_ops_allowed));
- if (dir == NULL)
- tt_abort_perror("opendir");
- closedir(dir);
-
- dir = opendir(data->dir_ops_blocked);
- errsv = errno;
- tt_ptr_op(dir, OP_EQ, NULL);
- tt_int_op(errsv, OP_EQ, EPERM);
-
- done:
- if (dir)
- closedir(dir);
-}
-
-static void
test_sandbox_stat_filename(void *arg)
{
sandbox_data_t *data = arg;
@@ -302,15 +215,8 @@ struct testcase_t sandbox_tests[] = {
#ifdef ENABLE_FRAGILE_HARDENING
SANDBOX_TEST_SKIPPED(open_filename),
SANDBOX_TEST_SKIPPED(opendir_dirname),
-#else
- SANDBOX_TEST_IN_SANDBOX(open_filename),
- SANDBOX_TEST_IN_SANDBOX(opendir_dirname),
#endif /* defined(ENABLE_FRAGILE_HARDENING) */
- SANDBOX_TEST_IN_SANDBOX(openat_filename),
- SANDBOX_TEST_IN_SANDBOX(chmod_filename),
- SANDBOX_TEST_IN_SANDBOX(rename_filename),
-
/* Currently the sandbox is unable to filter stat() calls on systems where
* glibc implements this function using either of the legacy "stat" or "stat64"
* system calls, or (in glibc version 2.33 and later) either of the newer
|