diff options
| -rw-r--r-- | src/sandbox.c | 5 | ||||
| -rwxr-xr-x | tests/access-1.sh | 3 | ||||
| -rwxr-xr-x | tests/chmod-1.sh | 5 | ||||
| -rwxr-xr-x | tests/chown-1.sh | 3 | ||||
| -rwxr-xr-x | tests/fchmodat-1.sh | 3 | ||||
| -rwxr-xr-x | tests/fchownat-2.sh | 3 | ||||
| -rwxr-xr-x | tests/futimesat-2.sh | 3 | ||||
| -rwxr-xr-x | tests/linkat-2.sh | 3 | ||||
| -rwxr-xr-x | tests/linkat_static-2.sh | 3 | ||||
| -rwxr-xr-x | tests/mkdir-3.sh | 2 | ||||
| -rwxr-xr-x | tests/open_static-1.sh | 3 | ||||
| -rwxr-xr-x | tests/openat_static-1.sh | 3 | ||||
| -rwxr-xr-x | tests/openat_static-2.sh | 3 | ||||
| -rwxr-xr-x | tests/remove-1.sh | 3 | ||||
| -rwxr-xr-x | tests/rmdir-2.sh | 4 | ||||
| -rwxr-xr-x | tests/unlink-1.sh | 3 | ||||
| -rwxr-xr-x | tests/unlink_static-1.sh | 3 | ||||
| -rwxr-xr-x | tests/utimensat-2.sh | 3 | ||||
| -rwxr-xr-x | tests/utimensat_static-2.sh | 3 |
19 files changed, 21 insertions, 40 deletions
diff --git a/src/sandbox.c b/src/sandbox.c index 0fda106..69ab18e 100644 --- a/src/sandbox.c +++ b/src/sandbox.c @@ -340,8 +340,9 @@ int main(int argc, char **argv) } else dputs(sandbox_footer); - if (sandbox_log_presence && shell_exit == 0) - shell_exit = 1; + if (!is_env_on(ENV_SANDBOX_TESTING)) + if (sandbox_log_presence && shell_exit == 0) + shell_exit = 1; return shell_exit; oom_error: diff --git a/tests/access-1.sh b/tests/access-1.sh index efa1e18..047dc82 100755 --- a/tests/access-1.sh +++ b/tests/access-1.sh @@ -3,6 +3,5 @@ addwrite $PWD -export SANDBOX_LOG=$PWD/sb.log access-0 -1 rwx / || exit 1 -test ! -e sb.log +test ! -e sandbox.log diff --git a/tests/chmod-1.sh b/tests/chmod-1.sh index f857eac..aab5b34 100755 --- a/tests/chmod-1.sh +++ b/tests/chmod-1.sh @@ -3,7 +3,7 @@ addwrite $PWD -rm -rf deny link sb.log +rm -rf deny link ( set -e mkdir deny @@ -16,6 +16,5 @@ chmod-0 0 link 0666 || exit 1 # this *should* trigger a sandbox violation adddeny $PWD/deny -export SANDBOX_LOG=$PWD/sb.log chmod-0 -1 link 0666 || exit 1 -test -s sb.log +test -s sandbox.log diff --git a/tests/chown-1.sh b/tests/chown-1.sh index 4a4b778..a7845eb 100755 --- a/tests/chown-1.sh +++ b/tests/chown-1.sh @@ -16,6 +16,5 @@ chown-0 0 link ${SB_UID} ${SB_GID} || exit 1 # this *should* trigger a sandbox violation adddeny $PWD/deny -export SANDBOX_LOG=$PWD/sb.log chown-0 -1 link ${SB_UID} ${SB_GID} || exit 1 -test -s sb.log +test -s sandbox.log diff --git a/tests/fchmodat-1.sh b/tests/fchmodat-1.sh index 570a2bf..3af9ad1 100755 --- a/tests/fchmodat-1.sh +++ b/tests/fchmodat-1.sh @@ -16,6 +16,5 @@ fchmodat-0 0 AT_FDCWD link 0666 0 || exit 1 # this *should* trigger a sandbox violation adddeny $PWD/deny -export SANDBOX_LOG=$PWD/sb.log fchmodat-0 -1 AT_FDCWD link 0666 0 || exit 1 -test -s sb.log +test -s sandbox.log diff --git a/tests/fchownat-2.sh b/tests/fchownat-2.sh index 5c67616..cc5f651 100755 --- a/tests/fchownat-2.sh +++ b/tests/fchownat-2.sh @@ -16,6 +16,5 @@ fchownat-0 0 AT_FDCWD link ${SB_UID} ${SB_GID} 0 || exit 1 # this *should* trigger a sandbox violation adddeny $PWD/deny -export SANDBOX_LOG=$PWD/sb.log fchownat-0 -1 AT_FDCWD link ${SB_UID} ${SB_GID} 0 || exit 1 -test -s sb.log +test -s sandbox.log diff --git a/tests/futimesat-2.sh b/tests/futimesat-2.sh index 8542c2e..35e5845 100755 --- a/tests/futimesat-2.sh +++ b/tests/futimesat-2.sh @@ -2,6 +2,5 @@ # basic functionality check (violations are caught) adddeny $PWD -export SANDBOX_LOG=$PWD/sb.log futimesat-0 -1,EACCES AT_FDCWD . NULL || exit 1 -test -s sb.log +test -s sandbox.log diff --git a/tests/linkat-2.sh b/tests/linkat-2.sh index 9574070..8fe5c75 100755 --- a/tests/linkat-2.sh +++ b/tests/linkat-2.sh @@ -5,6 +5,5 @@ addwrite $PWD touch file || exit 1 adddeny $PWD -export SANDBOX_LOG=$PWD/sb.log linkat-0 -1,EACCES AT_FDCWD file AT_FDCWD file-linked 0 || exit 1 -test -s sb.log +test -s sandbox.log diff --git a/tests/linkat_static-2.sh b/tests/linkat_static-2.sh index 5a3d64b..5adb545 100755 --- a/tests/linkat_static-2.sh +++ b/tests/linkat_static-2.sh @@ -6,7 +6,6 @@ addwrite $PWD touch file || exit 1 adddeny $PWD -export SANDBOX_LOG=$PWD/sb.log # we cant check exit status as ptrace code kills child linkat-0 -1,EACCES AT_FDCWD file AT_FDCWD file-linked 0 #|| exit 1 -test -s sb.log +test -s sandbox.log diff --git a/tests/mkdir-3.sh b/tests/mkdir-3.sh index db9027e..10e8723 100755 --- a/tests/mkdir-3.sh +++ b/tests/mkdir-3.sh @@ -9,8 +9,6 @@ addwrite $PWD chmod -R a+rwx base 2>/dev/null rm -rf base -export SANDBOX_LOG=$PWD/sb.log - set -e mkdir -p base/d diff --git a/tests/open_static-1.sh b/tests/open_static-1.sh index 0143402..faf91d0 100755 --- a/tests/open_static-1.sh +++ b/tests/open_static-1.sh @@ -6,8 +6,7 @@ addwrite $PWD open_static-0 3 ok "O_WRONLY|O_CREAT" 0666 || exit 1 open_static-0 3 ok O_RDONLY 0666 || exit 1 -export SANDBOX_LOG=$PWD/sb.log mkdir deny || exit 1 adddeny $PWD/deny open_static-0 -1 deny/not-ok "O_WRONLY|O_CREAT" 0666 -test -e sb.log +test -e sandbox.log diff --git a/tests/openat_static-1.sh b/tests/openat_static-1.sh index a00b19c..929fc51 100755 --- a/tests/openat_static-1.sh +++ b/tests/openat_static-1.sh @@ -6,8 +6,7 @@ addwrite $PWD openat_static-0 3 AT_FDCWD ok "O_WRONLY|O_CREAT" 0666 || exit 1 openat_static-0 3 AT_FDCWD ok O_RDONLY 0666 || exit 1 -export SANDBOX_LOG=$PWD/sb.log mkdir deny || exit 1 adddeny $PWD/deny openat_static-0 -1 AT_FDCWD deny/not-ok "O_WRONLY|O_CREAT" 0666 -test -e sb.log +test -e sandbox.log diff --git a/tests/openat_static-2.sh b/tests/openat_static-2.sh index 00a948e..577767f 100755 --- a/tests/openat_static-2.sh +++ b/tests/openat_static-2.sh @@ -6,8 +6,7 @@ addwrite $PWD openat_static-0 3 AT_FDCWD ok "O_WRONLY|O_CREAT" 0666 || exit 1 openat_static-0 3 AT_FDCWD ok O_RDONLY 0666 || exit 1 -export SANDBOX_LOG=$PWD/sb.log mkdir deny || exit 1 adddeny $PWD/deny openat_static-0 -1 AT_FDCWD $PWD/deny/not-ok "O_WRONLY|O_CREAT" 0666 -test -e sb.log +test -e sandbox.log diff --git a/tests/remove-1.sh b/tests/remove-1.sh index 2ebcda3..20f34fd 100755 --- a/tests/remove-1.sh +++ b/tests/remove-1.sh @@ -2,7 +2,6 @@ # make sure we catch openat with relative path [ "${at_xfail}" = "yes" ] && exit 77 # see trace-0 -export SANDBOX_LOG=$PWD/sb.log adddeny "${PWD}" remove-0 -1 f -test -e sb.log +test -e sandbox.log diff --git a/tests/rmdir-2.sh b/tests/rmdir-2.sh index 7cb4717..27a4dc8 100755 --- a/tests/rmdir-2.sh +++ b/tests/rmdir-2.sh @@ -1,8 +1,6 @@ #!/bin/sh # make sure symlinks don't fail -export SANDBOX_LOG=$PWD/sb.log - addwrite $PWD mkdir reject || exit 1 @@ -11,4 +9,4 @@ adddeny $PWD/reject ln -s reject foo || exit 1 rmdir-0 -1,ENOTDIR foo || exit 1 [ -e foo ] || exit 1 -! test -e sb.log +! test -e sandbox.log diff --git a/tests/unlink-1.sh b/tests/unlink-1.sh index 62e23ea..e8fcb81 100755 --- a/tests/unlink-1.sh +++ b/tests/unlink-1.sh @@ -2,7 +2,6 @@ # make sure we catch openat with relative path [ "${at_xfail}" = "yes" ] && exit 77 # see trace-0 -export SANDBOX_LOG=$PWD/sb.log adddeny "${PWD}" unlink-0 -1 f -test -e sb.log +test -e sandbox.log diff --git a/tests/unlink_static-1.sh b/tests/unlink_static-1.sh index 62cb6b7..9585862 100755 --- a/tests/unlink_static-1.sh +++ b/tests/unlink_static-1.sh @@ -2,9 +2,8 @@ # make sure we catch openat with relative path [ "${at_xfail}" = "yes" ] && exit 77 # see trace-0 -export SANDBOX_LOG=$PWD/sb.log touch f test -e f || exit 1 adddeny "${PWD}" unlink_static-0 -1,EPERM f -test -e sb.log -a -e f +test -e sandbox.log -a -e f diff --git a/tests/utimensat-2.sh b/tests/utimensat-2.sh index 110da4e..d8ec8bb 100755 --- a/tests/utimensat-2.sh +++ b/tests/utimensat-2.sh @@ -2,6 +2,5 @@ # basic functionality check (violations are caught) adddeny $PWD -export SANDBOX_LOG=$PWD/sb.log utimensat-0 -1,EACCES AT_FDCWD . NULL 0 || exit 1 -test -s sb.log +test -s sandbox.log diff --git a/tests/utimensat_static-2.sh b/tests/utimensat_static-2.sh index 8f190fd..c232f1f 100755 --- a/tests/utimensat_static-2.sh +++ b/tests/utimensat_static-2.sh @@ -3,7 +3,6 @@ [ "${at_xfail}" = "yes" ] && exit 77 # see trace-0 adddeny $PWD -export SANDBOX_LOG=$PWD/sb.log # we cant check exit status as ptrace code kills child utimensat_static-0 -1,EACCES AT_FDCWD . NULL 0 #|| exit 1 -test -s sb.log +test -s sandbox.log |