merge: seccomp fixes

src/libpostexecseccomp/libpostexecseccomp.h

@@ -20,6 +20,6 @@
 #ifndef LIBPOSTEXECSECCOMP_H
 #define LIBPOSTEXECSECCOMP_H
 
-#define RUN_SECCOMP_POSTEXEC	"/run/firejail/mnt/seccomp.postexec"
+#define RUN_SECCOMP_POSTEXEC	"/run/firejail/mnt/seccomp/seccomp.postexec"
 
 #endif

test/filters/seccomp-debug.exp

@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
+# Copyright (C) 2014-2019 Firejail Authors
 # License GPL v2
 
 set timeout 10
@@ -13,7 +13,7 @@ after 100
 send --  "firejail --debug sleep 1; echo done\r"
 expect {
 	timeout {puts "TESTING ERROR 0\n";exit}
-	"seccomp entries in /run/firejail/mnt/seccomp"
+	"seccomp entries in /run/firejail/mnt/seccomp/seccomp"
 }
 expect {
 	timeout {puts "TESTING ERROR 2\n";exit}
@@ -38,15 +38,15 @@ expect {
 }
 expect {
 	timeout {puts "TESTING ERROR 6\n";exit}
-	"Installing /run/firejail/mnt/seccomp seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 7\n";exit}
-	"Installing /run/firejail/mnt/seccomp.32 seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 8\n";exit}
-	"Installing /run/firejail/mnt/seccomp.protocol seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 9\n";exit}
@@ -58,15 +58,15 @@ after 100
 send --  "firejail --debug --ignore=seccomp sleep 1; echo done\r"
 expect {
 	timeout {puts "TESTING ERROR 10\n";exit}
-	"Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 11\n";exit}
-	"Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 12\n";exit}
+	"Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" {puts "TESTING ERROR 11\n";exit}
+	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 12\n";exit}
 	"Child process initialized"
 }
 expect {
 	timeout {puts "TESTING ERROR 13\n";exit}
-	"Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 14\n";exit}
-	"Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 15\n";exit}
-	"Installing /run/firejail/mnt/seccomp.protocol seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" {puts "TESTING ERROR 14\n";exit}
+	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 15\n";exit}
+	"Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 16\n";exit}
@@ -78,18 +78,18 @@ after 100
 send --  "firejail --debug --ignore=protocol sleep 1; echo done\r"
 expect {
 	timeout {puts "TESTING ERROR 17\n";exit}
-	"Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 18\n";exit}
+	"Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" {puts "TESTING ERROR 18\n";exit}
 	"Child process initialized"
 }
 expect {
 	timeout {puts "TESTING ERROR 19\n";exit}
-	"Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 20\n";exit}
-	"Installing /run/firejail/mnt/seccomp seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" {puts "TESTING ERROR 20\n";exit}
+	"Installing /run/firejail/mnt/seccomp/seccomp seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 21\n";exit}
-	"Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 22\n";exit}
-	"Installing /run/firejail/mnt/seccomp.32 seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" {puts "TESTING ERROR 22\n";exit}
+	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 23\n";exit}
@@ -105,7 +105,7 @@ expect {
 }
 expect {
 	timeout {puts "TESTING ERROR 25\n";exit}
-	"Installing /run/firejail/mnt/seccomp.mdwx seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 26\n";exit}
@@ -117,18 +117,18 @@ expect {
 send --  "firejail --debug --seccomp.block-secondary sleep 1; echo done\r"
 expect {
 	timeout {puts "TESTING ERROR 27\n";exit}
-	"Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 28\n";exit}
+	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 28\n";exit}
 	"Child process initialized"
 }
 expect {
 	timeout {puts "TESTING ERROR 29\n";exit}
-	"Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 30\n";exit}
-	"Installing /run/firejail/mnt/seccomp seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 30\n";exit}
+	"Installing /run/firejail/mnt/seccomp/seccomp seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 31\n";exit}
-	"Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 32\n";exit}
-	"Installing /run/firejail/mnt/seccomp.protocol seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 32\n";exit}
+	"Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 33\n";exit}
@@ -140,13 +140,13 @@ after 100
 send --  "firejail --debug --profile=block-secondary.profile sleep 1; echo done\r"
 expect {
 	timeout {puts "TESTING ERROR 33\n";exit}
-	"Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 34\n";exit}
+	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 34\n";exit}
 	"Child process initialized"
 }
 expect {
 	timeout {puts "TESTING ERROR 35\n";exit}
-	"Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit}
-	"Installing /run/firejail/mnt/seccomp seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit}
+	"Installing /run/firejail/mnt/seccomp/seccomp seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 37\n";exit}

test/filters/seccomp-join.exp

@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
+# Copyright (C) 2014-2019 Firejail Authors
 # License GPL v2
 
 set timeout 10
@@ -20,15 +20,15 @@ set spawn_id $id1
 send --  "firejail --name=jointesting --debug\r"
 expect {
 	timeout {puts "TESTING ERROR 0\n";exit}
-	"Installing /run/firejail/mnt/seccomp seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 1\n";exit}
-	"Installing /run/firejail/mnt/seccomp.32 seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 2\n";exit}
-	"Installing /run/firejail/mnt/seccomp.protocol seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter"
 }
 sleep 1
 
@@ -37,15 +37,15 @@ set spawn_id $id2
 send --  "firejail --debug --join=jointesting\r"
 expect {
 	timeout {puts "TESTING ERROR 3\n";exit}
-	"Installing /run/firejail/mnt/seccomp seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 4\n";exit}
-	"Installing /run/firejail/mnt/seccomp.32 seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 5\n";exit}
-	"Installing /run/firejail/mnt/seccomp.protocol seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter"
 }
 sleep 1
 
@@ -64,16 +64,16 @@ set spawn_id $id1
 send --  "firejail --name=jointesting --seccomp.block-secondary --debug\r"
 expect {
 	timeout {puts "TESTING ERROR 10\n";exit}
-	"Installing /run/firejail/mnt/seccomp seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 11\n";exit}
-	"Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 12\n";exit}
-	"Installing /run/firejail/mnt/seccomp.block_secondary seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 12\n";exit}
+	"Installing /run/firejail/mnt/seccomp/seccomp.block_secondary seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 13\n";exit}
-	"Installing /run/firejail/mnt/seccomp.protocol seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter"
 }
 sleep 1
 
@@ -81,15 +81,15 @@ set spawn_id $id2
 send --  "firejail --debug --join=jointesting\r"
 expect {
 	timeout {puts "TESTING ERROR 14\n";exit}
-	"Installing /run/firejail/mnt/seccomp seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 15\n";exit}
-	"Installing /run/firejail/mnt/seccomp.block_secondary seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp.block_secondary seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 16\n";exit}
-	"Installing /run/firejail/mnt/seccomp.protocol seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter"
 }
 sleep 1
 
@@ -106,7 +106,7 @@ set spawn_id $id1
 send --  "firejail --name=jointesting --noprofile --protocol=inet --debug\r"
 expect {
 	timeout {puts "TESTING ERROR 22\n";exit}
-	"Installing /run/firejail/mnt/seccomp.protocol seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter"
 }
 sleep 1
 
@@ -115,9 +115,9 @@ set spawn_id $id2
 send --  "firejail --debug --join=jointesting\r"
 expect {
 	timeout {puts "TESTING ERROR 23\n";exit}
-	"Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 24\n";exit}
-	"Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 25\n";exit}
-	"Installing /run/firejail/mnt/seccomp.protocol seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" {puts "TESTING ERROR 24\n";exit}
+	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 25\n";exit}
+	"Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter"
 }
 sleep 1
 
@@ -134,7 +134,7 @@ set spawn_id $id1
 send --  "firejail --name=jointesting --noprofile --memory-deny-write-execute --debug\r"
 expect {
 	timeout {puts "TESTING ERROR 32\n";exit}
-	"Installing /run/firejail/mnt/seccomp.mdwx seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter"
 }
 sleep 1
 
@@ -143,10 +143,10 @@ set spawn_id $id2
 send --  "firejail --debug --join=jointesting\r"
 expect {
 	timeout {puts "TESTING ERROR 33\n";exit}
-	"Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 34\n";exit}
-	"Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit}
-	"Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 36\n";exit}
-	"Installing /run/firejail/mnt/seccomp.mdwx seccomp filter"
+	"Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" {puts "TESTING ERROR 34\n";exit}
+	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit}
+	"Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" {puts "TESTING ERROR 36\n";exit}
+	"Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter"
 }
 sleep 1
 

test/filters/seccomp-run-files.exp

@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 # This file is part of Firejail project
-# Copyright (C) 2014-2018 Firejail Authors
+# Copyright (C) 2014-2019 Firejail Authors
 # License GPL v2
 
 set timeout 10
@@ -10,18 +10,18 @@ match_max 100000
 send --  "firejail --debug\r"
 expect {
 	timeout {puts "TESTING ERROR 0\n";exit}
-	"/run/firejail/mnt/seccomp seccomp filter"
+	"/run/firejail/mnt/seccomp/seccomp seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 1\n";exit}
-	"/run/firejail/mnt/seccomp.32 seccomp filter"
+	"/run/firejail/mnt/seccomp/seccomp.32 seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 2\n";exit}
-	"/run/firejail/mnt/seccomp.protocol seccomp filter"
+	"/run/firejail/mnt/seccomp/seccomp.protocol seccomp filter"
 }
 after 100
-send -- "ls -l /run/firejail/mnt | grep -c seccomp\r"
+send -- "ls -l /run/firejail/mnt/seccomp | grep -c seccomp\r"
 expect {
 	timeout {puts "TESTING ERROR 3\n";exit}
 	"5"
@@ -32,16 +32,16 @@ sleep 1
 send --  "firejail --ignore=seccomp --debug\r"
 expect {
 	timeout {puts "TESTING ERROR 4\n";exit}
-	"/run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 5\n";exit}
-	"/run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 6\n";exit}
-	"/run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 7\n";exit}
-	"/run/firejail/mnt/seccomp.protocol seccomp filter"
+	"/run/firejail/mnt/seccomp/seccomp seccomp filter" {puts "TESTING ERROR 5\n";exit}
+	"/run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 6\n";exit}
+	"/run/firejail/mnt/seccomp/seccomp.64 seccomp filter" {puts "TESTING ERROR 7\n";exit}
+	"Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter"
 }
 after 100
-send -- "ls -l /run/firejail/mnt | grep -c seccomp\r"
+send -- "ls -l /run/firejail/mnt/seccomp | grep -c seccomp\r"
 expect {
 	timeout {puts "TESTING ERROR 8\n";exit}
-	"2"
+	"3"
 }
 send -- "exit\r"
 sleep 1
@@ -49,22 +49,22 @@ sleep 1
 send --  "firejail --ignore=protocol --debug\r"
 expect {
 	timeout {puts "TESTING ERROR 9\n";exit}
-	"/run/firejail/mnt/seccomp seccomp filter"
+	"/run/firejail/mnt/seccomp/seccomp seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 10\n";exit}
-	"/run/firejail/mnt/seccomp.32 seccomp filter"
+	"/run/firejail/mnt/seccomp/seccomp.32 seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 11\n";exit}
-	"/run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 12\n";exit}
+	"/run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" {puts "TESTING ERROR 12\n";exit}
 	"monitoring"
 }
 after 100
 send -- "ls -l /run/firejail/mnt | grep -c seccomp\r"
 expect {
 	timeout {puts "TESTING ERROR 13\n";exit}
-	"3"
+	"4"
 }
 send -- "exit\r"
 sleep 1
@@ -72,22 +72,22 @@ sleep 1
 send --  "firejail --memory-deny-write-execute --debug\r"
 expect {
 	timeout {puts "TESTING ERROR 14\n";exit}
-	"/run/firejail/mnt/seccomp.mdwx seccomp filter"
+	"/run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 15\n";exit}
-	"/run/firejail/mnt/seccomp seccomp filter"
+	"/run/firejail/mnt/seccomp/seccomp seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 16\n";exit}
-	"/run/firejail/mnt/seccomp.32 seccomp filter"
+	"/run/firejail/mnt/seccomp/seccomp.32 seccomp filter"
 }
 expect {
 	timeout {puts "TESTING ERROR 17\n";exit}
-	"/run/firejail/mnt/seccomp.protocol seccomp filter"
+	"/run/firejail/mnt/seccomp/seccomp.protocol seccomp filter"
 }
 after 100
-send -- "ls -l /run/firejail/mnt | grep -c seccomp\r"
+send -- "ls -l /run/firejail/mnt/seccomp | grep -c seccomp\r"
 expect {
 	timeout {puts "TESTING ERROR 18\n";exit}
 	"6"