seccomp numeric testing

README

@@ -99,6 +99,8 @@ announ (https://github.com/announ)
 Antonio Russo (https://github.com/aerusso)
 	- enumerate root directories in apparmor profile
 	- fix join-or-start
+aoand (https://github.com/aoand)
+	- seccomp fix: allow numeric syscalls
 Austin Morton (https://github.com/apmorton)
 	- deterministic-exit-code option
 	- private-cwd options

test/filters/filters.sh

@@ -110,6 +110,9 @@ echo "TESTING: seccomp chmod profile - seccomp lists (test/filters/seccomp-chmod
 echo "TESTING: seccomp empty (test/filters/seccomp-empty.exp)"
 ./seccomp-empty.exp
 
+echo "TESTING: seccomp numeric (test/filters/seccomp-numeric.exp)"
+./seccomp-numeric.exp
+
 if [ "$(uname -m)" = "x86_64" ]; then
         echo "TESTING: seccomp dual filter (test/filters/seccomp-dualfilter.exp)"
         ./seccomp-dualfilter.exp

test/filters/seccomp-numeric.exp

@@ -0,0 +1,44 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2019 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "touch seccomp-test-file\r"
+after 100
+
+send --  "firejail --seccomp=unlinkat:ENOENT,mkdir:ENOENT rm seccomp-test-file\r"
+expect {
+	timeout {puts "TESTING ERROR 0\n";exit}
+	"No such file or directory"
+}
+after 100
+
+send --  "firejail --seccomp=\\\$263:ENOENT,mkdir:ENOENT rm seccomp-test-file\r"
+expect {
+	timeout {puts "TESTING ERROR 1\n";exit}
+	"No such file or directory"
+}
+after 100
+
+send --  "firejail --seccomp=unlinkat:ENOENT,mkdir:ENOENT mkdir seccomp-test-dir\r"
+expect {
+	timeout {puts "TESTING ERROR 2\n";exit}
+	"No such file or directory"
+}
+after 100
+
+send --  "firejail --seccomp=unlinkat:ENOENT,\\\$83:ENOENT mkdir seccomp-test-dir\r"
+expect {
+	timeout {puts "TESTING ERROR 3\n";exit}
+	"No such file or directory"
+}
+after 100
+
+send -- "rm seccomp-test-file\r"
+#send -- "rm -fr seccomp-test-dir\r"
+after 100
+puts "all done\n"