3 files changed, 48 insertions, 0 deletions
diff --git a/test/Makefile.in b/test/Makefile.in
index b6cf6493e32..670bdd6c3da 100644
--- a/test/Makefile.in
+++ b/test/Makefile.in
@@ -272,6 +272,8 @@ $(test_module): $(test_module:${SO}=.c) ../src/emacs-module.h
          $(srcdir)/../lib/timespec.c $(srcdir)/../lib/gettime.c
 endif
+src/emacs-tests.log: ../lib-src/seccomp-filter.c
 ## Check that there is no 'automated' subdirectory, which would
 ## indicate an incomplete merge from an older version of Emacs where
 ## the tests were arranged differently.
diff --git a/test/src/emacs-resources/seccomp-filter.bpf b/test/src/emacs-resources/seccomp-filter.bpf
new file mode 120000
index 00000000000..b3d603d0aeb
--- /dev/null
+++ b/test/src/emacs-resources/seccomp-filter.bpf
@@ -0,0 +1 @@
+../../../lib-src/seccomp-filter.bpf
+\ No newline at end of file
diff --git a/test/src/emacs-tests.el b/test/src/emacs-tests.el
index 7618a9c6752..e9333fe9d32 100644
--- a/test/src/emacs-tests.el
+++ b/test/src/emacs-tests.el
@@ -25,7 +25,9 @@
 (require 'cl-lib)
 (require 'ert)
+(require 'ert-x)
 (require 'rx)
+(require 'subr-x)
 (ert-deftest emacs-tests/seccomp/absent-file ()
  (skip-unless (string-match-p (rx bow "SECCOMP" eow)
@@ -128,4 +130,47 @@ to `make-temp-file', which see."
                          (concat "--seccomp=" filter))
            0)))))
+(ert-deftest emacs-tests/seccomp/allows-stdout ()
+  (let ((emacs
+         (expand-file-name invocation-name invocation-directory))
+        (filter (ert-resource-file "seccomp-filter.bpf"))
+        (process-environment nil))
+    (skip-unless (file-executable-p emacs))
+    (skip-unless (file-readable-p filter))
+    ;; The --seccomp option is processed early, without filename
+    ;; handlers.  Therefore remote or quoted filenames wouldn't work.
+    (should-not (file-remote-p filter))
+    (cl-callf file-name-unquote filter)
+    (with-temp-buffer
+      (let ((status (call-process
+                     emacs nil t nil
+                     "--quick" "--batch"
+                     (concat "--seccomp=" filter)
+                     (format "--eval=%S" '(message "Hi")))))
+        (ert-info ((format "Process output: %s" (buffer-string)))
+          (should (eql status 0)))
+        (should (equal (string-trim (buffer-string)) "Hi"))))))
+(ert-deftest emacs-tests/seccomp/forbids-subprocess ()
+  (let ((emacs
+         (expand-file-name invocation-name invocation-directory))
+        (filter (ert-resource-file "seccomp-filter.bpf"))
+        (process-environment nil))
+    (skip-unless (file-executable-p emacs))
+    (skip-unless (file-readable-p filter))
+    ;; The --seccomp option is processed early, without filename
+    ;; handlers.  Therefore remote or quoted filenames wouldn't work.
+    (should-not (file-remote-p filter))
+    (cl-callf file-name-unquote filter)
+    (with-temp-buffer
+      (let ((status
+             (call-process
+              emacs nil t nil
+              "--quick" "--batch"
+              (concat "--seccomp=" filter)
+              (format "--eval=%S" `(call-process ,emacs nil nil nil
+                                                 "--version")))))
+        (ert-info ((format "Process output: %s" (buffer-string)))
+          (should-not (eql status 0)))))))
 ;;; emacs-tests.el ends here

diff --git a/test/Makefile.in b/test/Makefile.in index b6cf6493e32..670bdd6c3da 100644 --- a/test/Makefile.in +++ b/test/Makefile.in
@@ -272,6 +272,8 @@ $(test_module): $(test_module:${SO}=.c) ../src/emacs-module.h
272	$(srcdir)/../lib/timespec.c $(srcdir)/../lib/gettime.c	272	$(srcdir)/../lib/timespec.c $(srcdir)/../lib/gettime.c
273	endif	273	endif
274		274
		275	src/emacs-tests.log: ../lib-src/seccomp-filter.c
		276
275	## Check that there is no 'automated' subdirectory, which would	277	## Check that there is no 'automated' subdirectory, which would
276	## indicate an incomplete merge from an older version of Emacs where	278	## indicate an incomplete merge from an older version of Emacs where
277	## the tests were arranged differently.	279	## the tests were arranged differently.


diff --git a/test/src/emacs-resources/seccomp-filter.bpf b/test/src/emacs-resources/seccomp-filter.bpf new file mode 120000 index 00000000000..b3d603d0aeb --- /dev/null +++ b/test/src/emacs-resources/seccomp-filter.bpf
@@ -0,0 +1 @@
			../../../lib-src/seccomp-filter.bpf \ No newline at end of file


diff --git a/test/src/emacs-tests.el b/test/src/emacs-tests.el index 7618a9c6752..e9333fe9d32 100644 --- a/test/src/emacs-tests.el +++ b/test/src/emacs-tests.el
@@ -25,7 +25,9 @@
25		25
26	(require 'cl-lib)	26	(require 'cl-lib)
27	(require 'ert)	27	(require 'ert)
		28	(require 'ert-x)
28	(require 'rx)	29	(require 'rx)
		30	(require 'subr-x)
29		31
30	(ert-deftest emacs-tests/seccomp/absent-file ()	32	(ert-deftest emacs-tests/seccomp/absent-file ()
31	(skip-unless (string-match-p (rx bow "SECCOMP" eow)	33	(skip-unless (string-match-p (rx bow "SECCOMP" eow)
@@ -128,4 +130,47 @@ to `make-temp-file', which see."
128	(concat "--seccomp=" filter))	130	(concat "--seccomp=" filter))
129	0)))))	131	0)))))
130		132
		133	(ert-deftest emacs-tests/seccomp/allows-stdout ()
		134	(let ((emacs
		135	(expand-file-name invocation-name invocation-directory))
		136	(filter (ert-resource-file "seccomp-filter.bpf"))
		137	(process-environment nil))
		138	(skip-unless (file-executable-p emacs))
		139	(skip-unless (file-readable-p filter))
		140	;; The --seccomp option is processed early, without filename
		141	;; handlers. Therefore remote or quoted filenames wouldn't work.
		142	(should-not (file-remote-p filter))
		143	(cl-callf file-name-unquote filter)
		144	(with-temp-buffer
		145	(let ((status (call-process
		146	emacs nil t nil
		147	"--quick" "--batch"
		148	(concat "--seccomp=" filter)
		149	(format "--eval=%S" '(message "Hi")))))
		150	(ert-info ((format "Process output: %s" (buffer-string)))
		151	(should (eql status 0)))
		152	(should (equal (string-trim (buffer-string)) "Hi"))))))
		153
		154	(ert-deftest emacs-tests/seccomp/forbids-subprocess ()
		155	(let ((emacs
		156	(expand-file-name invocation-name invocation-directory))
		157	(filter (ert-resource-file "seccomp-filter.bpf"))
		158	(process-environment nil))
		159	(skip-unless (file-executable-p emacs))
		160	(skip-unless (file-readable-p filter))
		161	;; The --seccomp option is processed early, without filename
		162	;; handlers. Therefore remote or quoted filenames wouldn't work.
		163	(should-not (file-remote-p filter))
		164	(cl-callf file-name-unquote filter)
		165	(with-temp-buffer
		166	(let ((status
		167	(call-process
		168	emacs nil t nil
		169	"--quick" "--batch"
		170	(concat "--seccomp=" filter)
		171	(format "--eval=%S" `(call-process ,emacs nil nil nil
		172	"--version")))))
		173	(ert-info ((format "Process output: %s" (buffer-string)))
		174	(should-not (eql status 0)))))))
		175
131	;;; emacs-tests.el ends here	176	;;; emacs-tests.el ends here