summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--regress/sys/kern/tame/generic/Makefile8
-rw-r--r--regress/sys/kern/tame/generic/actions.c102
-rw-r--r--regress/sys/kern/tame/generic/main.c242
-rw-r--r--regress/sys/kern/tame/generic/manager.c122
-rw-r--r--regress/sys/kern/tame/generic/manager.h (renamed from regress/sys/kern/tame/generic/actions.h)27
-rw-r--r--regress/sys/kern/tame/generic/tests.out101
6 files changed, 343 insertions, 259 deletions
diff --git a/regress/sys/kern/tame/generic/Makefile b/regress/sys/kern/tame/generic/Makefile
index 0fe1d788497..65815a42431 100644
--- a/regress/sys/kern/tame/generic/Makefile
+++ b/regress/sys/kern/tame/generic/Makefile
@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.2 2015/09/10 11:18:10 semarie Exp $
+# $OpenBSD: Makefile,v 1.3 2015/09/24 06:25:54 semarie Exp $
PROG= generic
-SRCS+= main.c manager.c actions.c
+SRCS+= main.c manager.c
NOMAN= yes
-CFLAGS+= -Wall
+CFLAGS+= -Wall -Werror
REGRESS_TARGETS+= test_normal test_systrace
REGRESS_SKIP_TARGETS+= test_systrace
@@ -15,7 +15,7 @@ test_systrace: ${PROG}
systrace -A ./${PROG} | diff -I OpenBSD -u ${.CURDIR}/tests.out -
regenerate: ${PROG}
- echo '# $$OpenBSD: Makefile,v 1.2 2015/09/10 11:18:10 semarie Exp $$' > ${.CURDIR}/tests.out
+ echo '# $$OpenBSD: Makefile,v 1.3 2015/09/24 06:25:54 semarie Exp $$' > ${.CURDIR}/tests.out
./${PROG} | tee -a ${.CURDIR}/tests.out
.include <bsd.regress.mk>
diff --git a/regress/sys/kern/tame/generic/actions.c b/regress/sys/kern/tame/generic/actions.c
deleted file mode 100644
index e25e9723528..00000000000
--- a/regress/sys/kern/tame/generic/actions.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/* $OpenBSD: actions.c,v 1.3 2015/09/10 11:18:10 semarie Exp $ */
-/*
- * Copyright (c) 2015 Sebastien Marie <semarie@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <sys/resource.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-
-#include <errno.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <time.h>
-#include <unistd.h>
-
-#include "actions.h"
-
-int
-execute_action(action_t action, va_list opts)
-{
- errno = 0;
-
- switch (action) {
- case AC_EXIT:
- /* should be catched by manager.c (before been here) */
- _exit(ENOTSUP);
- /* NOTREACHED */
-
- case AC_KILL:
- kill(0, SIGINT);
- break;
-
- case AC_INET:
- socket(AF_INET, SOCK_STREAM, 0);
- break;
-
- case AC_TAME:
- tame(va_arg(opts, char *), NULL);
- break;
-
- case AC_ALLOWED_SYSCALLS:
- clock_getres(CLOCK_MONOTONIC, NULL);
- clock_gettime(CLOCK_MONOTONIC, NULL);
- /* fchdir(); */
- getdtablecount();
- getegid();
- geteuid();
- getgid();
- getgroups(0, NULL);
- getitimer(ITIMER_REAL, NULL);
- getlogin();
- getpgid(0);
- getpgrp();
- getpid();
- getppid();
- /* getresgid(); */
- /* getresuid(); */
- { struct rlimit rl; getrlimit(RLIMIT_CORE, &rl); }
- getsid(0);
- getthrid();
- { struct timeval tp; gettimeofday(&tp, NULL); }
- getuid();
- geteuid();
- issetugid();
- /* nanosleep(); */
- /* sigreturn(); */
- umask(0000);
- /* wait4(); */
-
- break;
-
- case AC_OPENFILE_RDONLY:
- {
- const char *filename = va_arg(opts, const char *);
- int fd = open(filename, O_RDONLY);
- if (fd != -1)
- close(fd);
- }
- break;
- }
-
- return (errno);
-}
diff --git a/regress/sys/kern/tame/generic/main.c b/regress/sys/kern/tame/generic/main.c
index 8dcf800a659..5789398bf6a 100644
--- a/regress/sys/kern/tame/generic/main.c
+++ b/regress/sys/kern/tame/generic/main.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: main.c,v 1.3 2015/09/18 08:34:22 semarie Exp $ */
+/* $OpenBSD: main.c,v 1.4 2015/09/24 06:25:54 semarie Exp $ */
/*
* Copyright (c) 2015 Sebastien Marie <semarie@openbsd.org>
*
@@ -15,19 +15,124 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#include <sys/resource.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <stdarg.h>
#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+
+#include "manager.h"
+
+static void
+test_nop()
+{
+ /* nop */
+}
+
+static void
+test_inet()
+{
+ int fd = socket(AF_INET, SOCK_STREAM, 0);
+ int saved_errno = errno;
+ close(fd);
+ errno = saved_errno ? saved_errno : errno;
+}
-#include "actions.h"
+static void
+test_kill()
+{
+ kill(0, SIGINT);
+}
-void start_test(int *ret, int ntest, const char *req, const char *paths[], ...);
+static void
+test_allowed_syscalls()
+{
+ clock_getres(CLOCK_MONOTONIC, NULL);
+ clock_gettime(CLOCK_MONOTONIC, NULL);
+ /* fchdir(); */
+ getdtablecount();
+ getegid();
+ geteuid();
+ getgid();
+ getgroups(0, NULL);
+ getitimer(ITIMER_REAL, NULL);
+ getlogin();
+ getpgid(0);
+ getpgrp();
+ getpid();
+ getppid();
+ /* getresgid(); */
+ /* getresuid(); */
+ { struct rlimit rl; getrlimit(RLIMIT_CORE, &rl); }
+ getsid(0);
+ getthrid();
+ { struct timeval tp; gettimeofday(&tp, NULL); }
+ getuid();
+ geteuid();
+ issetugid();
+ /* nanosleep(); */
+ /* sigreturn(); */
+ umask(0000);
+ /* wait4(); */
+}
-#define start_test1(ret,ntest,req,path,...) \
- do { \
- const char *_paths[] = {path, NULL}; \
- start_test(ret,ntest,req,_paths,__VA_ARGS__); \
- } while (0)
+static void
+open_close(const char *filename)
+{
+ int fd;
+ int saved_errno;
+
+ errno = 0;
+ printf("\n open_close(\"%s\")", filename);
+ fd = open(filename, O_RDONLY);
+ saved_errno = errno;
+ printf(" fd=%d errno=%d", fd, errno);
+ if (fd != -1)
+ close(fd);
+ errno = saved_errno;
+}
+
+static void
+test_wpaths()
+{
+ /* absolute file */
+ open_close("/etc/passwd");
+
+ /* relative */
+ open_close("generic");
+
+ /* relative */
+ open_close("../../../../../../../../../../../../../../../etc/passwd");
+
+ /* ENOENT */
+ open_close("/nonexistent");
+
+ /* calling exit to flush stdout */
+ printf("\n");
+ exit(EXIT_SUCCESS);
+}
+
+static void
+test_tame()
+{
+ const char *wpaths[] = { "/sbin", NULL };
+
+ if (tame("stdio rpath", wpaths) != 0)
+ _exit(errno);
+}
int
main(int argc, char *argv[])
@@ -42,91 +147,72 @@ main(int argc, char *argv[])
*/
/* _exit is always allowed, and nothing else under flags=0 */
- start_test(&ret, 1, "", NULL, AC_EXIT);
- start_test(&ret, 2, "", NULL, AC_INET, AC_EXIT);
+ start_test(&ret, "", NULL, test_nop);
+ start_test(&ret, "", NULL, test_inet);
/* test coredump */
- start_test(&ret, 3, "abort", NULL, AC_INET, AC_EXIT);
+ start_test(&ret, "abort", NULL, test_inet);
/* inet under inet is ok */
- start_test(&ret, 4, "inet", NULL, AC_INET, AC_EXIT);
+ start_test(&ret, "inet", NULL, test_inet);
/* kill under inet is forbidden */
- start_test(&ret, 5, "inet", NULL, AC_KILL, AC_EXIT);
+ start_test(&ret, "inet", NULL, test_kill);
/* kill under proc is allowed */
- start_test(&ret, 6, "proc", NULL, AC_KILL, AC_EXIT);
-
- /* tests several permitted syscalls */
- start_test(&ret, 7, "dns", NULL, AC_ALLOWED_SYSCALLS, AC_EXIT);
- start_test(&ret, 8, "inet", NULL, AC_ALLOWED_SYSCALLS, AC_EXIT);
-
- /* these TAME_* don't have "permitted syscalls" */
+ start_test(&ret, "proc", NULL, test_kill);
+
+ /* tests TAME_SELF for permitted syscalls */
+ start_test(&ret, "malloc", NULL, test_allowed_syscalls);
+ start_test(&ret, "rw", NULL, test_allowed_syscalls);
+ start_test(&ret, "stdio", NULL, test_allowed_syscalls);
+ start_test(&ret, "rpath", NULL, test_allowed_syscalls);
+ start_test(&ret, "wpath", NULL, test_allowed_syscalls);
+ start_test(&ret, "tmppath", NULL, test_allowed_syscalls);
+ start_test(&ret, "inet", NULL, test_allowed_syscalls);
+ start_test(&ret, "unix", NULL, test_allowed_syscalls);
+ start_test(&ret, "cmsg", NULL, test_allowed_syscalls);
+ start_test(&ret, "dns", NULL, test_allowed_syscalls);
+ start_test(&ret, "getpw", NULL, test_allowed_syscalls);
+
+ /* tests req without TAME_SELF for "permitted syscalls" */
// XXX it is a documentation bug
- start_test(&ret, 9, "proc", NULL, AC_ALLOWED_SYSCALLS, AC_EXIT);
+ start_test(&ret, "ioctl", NULL, test_allowed_syscalls);
+ start_test(&ret, "proc", NULL, test_allowed_syscalls);
+ start_test(&ret, "cpath", NULL, test_allowed_syscalls);
+ start_test(&ret, "abort", NULL, test_allowed_syscalls);
+ start_test(&ret, "fattr", NULL, test_allowed_syscalls);
/*
- * test absolute whitelist path
+ * test whitelist path
*/
- /* without wpaths */
- start_test(&ret, 10, "rpath", NULL,
- AC_OPENFILE_RDONLY, "/etc/passwd",
- AC_EXIT);
- /* exact match */
- start_test1(&ret, 11, "rpath", "/etc/passwd",
- AC_OPENFILE_RDONLY, "/etc/passwd",
- AC_EXIT);
- /* subdir match */
- start_test1(&ret, 12, "rpath", "/etc/",
- AC_OPENFILE_RDONLY, "/etc/passwd",
- AC_EXIT);
- /* same without trailing '/' */
- start_test1(&ret, 13, "rpath", "/etc",
- AC_OPENFILE_RDONLY, "/etc/passwd",
- AC_EXIT);
- /* failing one */
- start_test1(&ret, 14, "rpath", "/bin",
- AC_OPENFILE_RDONLY, "/etc/passwd",
- AC_EXIT);
+ start_test(&ret, "stdio rpath", NULL, test_wpaths);
+ // XXX start_test1(&ret, "stdio rpath", "/", test_wpaths);
+ start_test1(&ret, "stdio rpath", "/etc", test_wpaths);
+ start_test1(&ret, "stdio rpath", "/etc/", test_wpaths);
+ start_test1(&ret, "stdio rpath", "/etc/passwd", test_wpaths);
+ // XXX start_test1(&ret, "stdio rpath", "/etc/passwd/", test_wpaths);
+ start_test1(&ret, "stdio rpath", "/bin", test_wpaths);
+ start_test1(&ret, "stdio rpath", "generic", test_wpaths);
+ start_test1(&ret, "stdio rpath", "", test_wpaths);
+ start_test1(&ret, "stdio rpath", ".", test_wpaths);
/*
- * test relative whitelist path
+ * test tame(2) arguments
*/
- /* without wpaths */
- start_test(&ret, 15, "rpath", NULL,
- AC_OPENFILE_RDONLY, "generic",
- AC_EXIT);
- /* exact match */
- start_test1(&ret, 16, "rpath", "generic",
- AC_OPENFILE_RDONLY, "generic",
- AC_EXIT);
- /* subdir match */
- start_test1(&ret, 17, "rpath", "./",
- AC_OPENFILE_RDONLY, "generic",
- AC_EXIT);
- /* same without trailing '/' */
- start_test1(&ret, 18, "rpath", ".",
- AC_OPENFILE_RDONLY, "generic",
- AC_EXIT);
- /* failing one */
- start_test1(&ret, 19, "rpath", ".",
- AC_OPENFILE_RDONLY, "../../../../../../../../../../../../../../../etc/passwd",
- AC_EXIT);
-
- /* tame: test reducing flags */
- start_test1(&ret, 20, "rpath wpath", NULL,
- AC_TAME, "rpath",
- AC_EXIT);
-
- /* tame: test adding flags */
- start_test1(&ret, 21, "rpath", NULL,
- AC_TAME, "rpath wpath",
- AC_EXIT);
-
- /* tame: test replacing flags */
- start_test1(&ret, 22, "rpath", NULL,
- AC_TAME, "wpath",
- AC_EXIT);
+ /* same request */
+ start_test(&ret, "stdio rpath", NULL, test_tame);
+ /* same request (stdio = malloc rw) */
+ start_test(&ret, "malloc rw rpath", NULL, test_tame);
+ /* reduce request */
+ start_test(&ret, "stdio rpath wpath", NULL, test_tame);
+ /* reduce request (with same/other wpaths) */
+ start_test1(&ret, "stdio rpath wpath", "/sbin", test_tame);
+ start_test1(&ret, "stdio rpath wpath", "/", test_tame);
+ /* add request */
+ start_test(&ret, "stdio", NULL, test_tame);
+ /* change request */
+ start_test(&ret, "cmsg", NULL, test_tame);
return (ret);
}
diff --git a/regress/sys/kern/tame/generic/manager.c b/regress/sys/kern/tame/generic/manager.c
index 138d27f5ef3..76b7965c79a 100644
--- a/regress/sys/kern/tame/generic/manager.c
+++ b/regress/sys/kern/tame/generic/manager.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: manager.c,v 1.2 2015/09/10 11:18:10 semarie Exp $ */
+/* $OpenBSD: manager.c,v 1.3 2015/09/24 06:25:54 semarie Exp $ */
/*
* Copyright (c) 2015 Sebastien Marie <semarie@openbsd.org>
*
@@ -28,12 +28,8 @@
#include <string.h>
#include <unistd.h>
-#include "actions.h"
-
extern char *__progname;
-int execute_action(action_t, va_list);
-
static const char *
coredump_name()
{
@@ -71,13 +67,13 @@ check_coredump()
static int
-clear_coredump(int *ret, int ntest)
+clear_coredump(int *ret, const char *test_name)
{
int saved_errno = errno;
int u;
if (((u = unlink(coredump_name())) != 0) && (errno != ENOENT)) {
- warn("test(%d): clear_coredump", ntest);
+ warn("test(%s): clear_coredump", test_name);
*ret = EXIT_FAILURE;
return (-1);
}
@@ -151,70 +147,116 @@ out:
return (ret);
}
+/* mainly stolen from src/bin/cat/cat.c */
+static int
+drainfd(int rfd, int wfd)
+{
+ char buf[1024];
+ ssize_t nr, nw, off;
+
+ while ((nr = read(rfd, buf, sizeof(buf))) != -1 && nr != 0)
+ for (off = 0; nr; nr -= nw, off += nw)
+ if ((nw = write(wfd, buf + off, (size_t)nr)) == 0 ||
+ nw == -1)
+ return (-1);
+ if (nr < 0)
+ return (-1);
+
+ return (0);
+}
void
-start_test(int *ret, int ntest, const char *request, const char *paths[], ...)
+_start_test(int *ret, const char *test_name, const char *request,
+ const char *paths[], void (*test_func)(void))
{
- static int ntest_check = 0;
+ int fildes[2];
pid_t pid;
int status;
- va_list ap;
- action_t action;
int i;
-#ifndef DEBUG
- /* check ntest (useful for dev) */
- if (ntest != ++ntest_check)
- errx(EXIT_FAILURE,
- "invalid test number: should be %d but is %d",
- ntest_check, ntest);
-#endif /* DEBUG */
+ /* early print testname */
+ printf("test(%s): tame=(\"%s\",{", test_name, request);
+ for (i = 0; paths && paths[i] != NULL; i++)
+ printf("\"%s\",", paths[i]);
+ printf("NULL})");
/* unlink previous coredump (if exists) */
- if (clear_coredump(ret, ntest) == -1)
+ if (clear_coredump(ret, test_name) == -1)
return;
-
+
+ /* flush outputs (for STDOUT_FILENO manipulation) */
+ if (fflush(NULL) != 0) {
+ warn("test(%s) fflush", test_name);
+ *ret = EXIT_FAILURE;
+ return;
+ }
+
+ /* make pipe to grab output */
+ if (pipe(fildes) != 0) {
+ warn("test(%s) pipe", test_name);
+ *ret = EXIT_FAILURE;
+ return;
+ }
+
/* fork and launch the test */
switch (pid = fork()) {
case -1:
- warn("test(%d) fork", ntest);
+ (void)close(fildes[0]);
+ (void)close(fildes[1]);
+
+ warn("test(%s) fork", test_name);
*ret = EXIT_FAILURE;
return;
case 0:
- /* create a new session (for AC_KILL) */
+ /* output to pipe */
+ (void)close(fildes[0]);
+ while (dup2(fildes[1], STDOUT_FILENO) == -1)
+ if (errno != EINTR)
+ err(errno, "dup2");
+
+ /* create a new session (for kill) */
setsid();
- /* XXX redirect output to /dev/null ? */
+ /* set tame policy */
if (tame(request, paths) != 0)
err(errno, "tame");
-
- va_start(ap, paths);
- while ((action = va_arg(ap, action_t)) != AC_EXIT) {
- execute_action(action, ap);
- if (errno != 0)
- _exit(errno);
- }
- va_end(ap);
+
+ /* reset errno and launch test */
+ errno = 0;
+ test_func();
+
+ if (errno != 0)
+ _exit(errno);
_exit(EXIT_SUCCESS);
/* NOTREACHED */
}
+ /* copy pipe to output */
+ (void)close(fildes[1]);
+ if (drainfd(fildes[0], STDOUT_FILENO) != 0) {
+ warn("test(%s): drainfd", test_name);
+ *ret = EXIT_FAILURE;
+ return;
+ }
+ if (close(fildes[0]) != 0) {
+ warn("test(%s): close", test_name);
+ *ret = EXIT_FAILURE;
+ return;
+ }
+
/* wait for test to terminate */
while (waitpid(pid, &status, 0) < 0) {
if (errno == EAGAIN)
continue;
- warn("test(%d): waitpid", ntest);
+ warn("test(%s): waitpid", test_name);
*ret = EXIT_FAILURE;
return;
}
/* show status and details */
- printf("test(%d): tame=(\"%s\",{", ntest, request);
- for (i = 0; paths && paths[i] != NULL; i++)
- printf("\"%s\",", paths[i]);
- printf("NULL}) status=%d", status);
+ printf(" status=%d", status);
if (WIFCONTINUED(status))
printf(" continued");
@@ -236,7 +278,7 @@ start_test(int *ret, int ntest, const char *request, const char *paths[], ...)
switch(coredump) {
case -1: /* error */
- warn("test(%d): check_coredump", ntest);
+ warn("test(%s): check_coredump", test_name);
*ret = EXIT_FAILURE;
return;
@@ -249,8 +291,8 @@ start_test(int *ret, int ntest, const char *request, const char *paths[], ...)
break;
default:
- warnx("test(%d): unknown coredump code %d",
- ntest, coredump);
+ warnx("test(%s): unknown coredump code %d",
+ test_name, coredump);
*ret = EXIT_FAILURE;
return;
}
@@ -262,7 +304,7 @@ start_test(int *ret, int ntest, const char *request, const char *paths[], ...)
int syscall = grab_syscall(pid);
switch (syscall) {
case -1: /* error */
- warn("test(%d): grab_syscall pid=%d", ntest,
+ warn("test(%s): grab_syscall pid=%d", test_name,
pid);
*ret = EXIT_FAILURE;
return;
diff --git a/regress/sys/kern/tame/generic/actions.h b/regress/sys/kern/tame/generic/manager.h
index 17b9e1fb2fa..0960e366d5a 100644
--- a/regress/sys/kern/tame/generic/actions.h
+++ b/regress/sys/kern/tame/generic/manager.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: actions.h,v 1.1 2015/08/24 09:21:10 semarie Exp $ */
+/* $OpenBSD: manager.h,v 1.1 2015/09/24 06:25:54 semarie Exp $ */
/*
* Copyright (c) 2015 Sebastien Marie <semarie@openbsd.org>
*
@@ -14,16 +14,19 @@
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#ifndef _ACTIONS_H_
-#define _ACTIONS_H_
+#ifndef _MANAGER_H_
+#define _MANAGER_H_
-typedef enum {
- AC_EXIT,
- AC_KILL,
- AC_INET,
- AC_TAME,
- AC_ALLOWED_SYSCALLS,
- AC_OPENFILE_RDONLY,
-} action_t;
+void _start_test(int *ret, const char *test_name, const char *request,
+ const char *paths[], void (*test_func)(void));
-#endif /* _ACTIONS_H_ */
+#define start_test(ret,req,paths,func) \
+ _start_test(ret,#func,req,paths,func)
+
+#define start_test1(ret,req,path,func) \
+ do { \
+ const char *_paths[] = {path, NULL}; \
+ start_test(ret,req,_paths,func); \
+ } while (0)
+
+#endif /* _MANAGER_H_ */
diff --git a/regress/sys/kern/tame/generic/tests.out b/regress/sys/kern/tame/generic/tests.out
index 95b99314c2e..e167b3c8f9f 100644
--- a/regress/sys/kern/tame/generic/tests.out
+++ b/regress/sys/kern/tame/generic/tests.out
@@ -1,23 +1,78 @@
-# $OpenBSD: tests.out,v 1.2 2015/09/10 11:18:10 semarie Exp $
-test(1): tame=("",{NULL}) status=0 exit=0
-test(2): tame=("",{NULL}) status=9 signal=9 tamed_syscall=97
-test(3): tame=("abort",{NULL}) status=134 signal=6 coredump=present tamed_syscall=97
-test(4): tame=("inet",{NULL}) status=0 exit=0
-test(5): tame=("inet",{NULL}) status=9 signal=9 tamed_syscall=37
-test(6): tame=("proc",{NULL}) status=2 signal=2 tamed_syscall=not_found
-test(7): tame=("dns",{NULL}) status=0 exit=0
-test(8): tame=("inet",{NULL}) status=0 exit=0
-test(9): tame=("proc",{NULL}) status=9 signal=9 tamed_syscall=89
-test(10): tame=("rpath",{NULL}) status=0 exit=0
-test(11): tame=("rpath",{"/etc/passwd",NULL}) status=0 exit=0
-test(12): tame=("rpath",{"/etc/",NULL}) status=0 exit=0
-test(13): tame=("rpath",{"/etc",NULL}) status=0 exit=0
-test(14): tame=("rpath",{"/bin",NULL}) status=512 exit=2 (errno: "No such file or directory")
-test(15): tame=("rpath",{NULL}) status=0 exit=0
-test(16): tame=("rpath",{"generic",NULL}) status=0 exit=0
-test(17): tame=("rpath",{"./",NULL}) status=0 exit=0
-test(18): tame=("rpath",{".",NULL}) status=0 exit=0
-test(19): tame=("rpath",{".",NULL}) status=512 exit=2 (errno: "No such file or directory")
-test(20): tame=("rpath wpath",{NULL}) status=0 exit=0
-test(21): tame=("rpath",{NULL}) status=256 exit=1 (errno: "Operation not permitted")
-test(22): tame=("rpath",{NULL}) status=256 exit=1 (errno: "Operation not permitted")
+# $OpenBSD: tests.out,v 1.3 2015/09/24 06:25:54 semarie Exp $
+test(test_nop): tame=("",{NULL}) status=0 exit=0
+test(test_inet): tame=("",{NULL}) status=9 signal=9 tamed_syscall=97
+test(test_inet): tame=("abort",{NULL}) status=134 signal=6 coredump=present tamed_syscall=97
+test(test_inet): tame=("inet",{NULL}) status=0 exit=0
+test(test_kill): tame=("inet",{NULL}) status=9 signal=9 tamed_syscall=37
+test(test_kill): tame=("proc",{NULL}) status=2 signal=2 tamed_syscall=not_found
+test(test_allowed_syscalls): tame=("malloc",{NULL}) status=0 exit=0
+test(test_allowed_syscalls): tame=("rw",{NULL}) status=0 exit=0
+test(test_allowed_syscalls): tame=("stdio",{NULL}) status=0 exit=0
+test(test_allowed_syscalls): tame=("rpath",{NULL}) status=0 exit=0
+test(test_allowed_syscalls): tame=("wpath",{NULL}) status=0 exit=0
+test(test_allowed_syscalls): tame=("tmppath",{NULL}) status=0 exit=0
+test(test_allowed_syscalls): tame=("inet",{NULL}) status=0 exit=0
+test(test_allowed_syscalls): tame=("unix",{NULL}) status=0 exit=0
+test(test_allowed_syscalls): tame=("cmsg",{NULL}) status=0 exit=0
+test(test_allowed_syscalls): tame=("dns",{NULL}) status=0 exit=0
+test(test_allowed_syscalls): tame=("getpw",{NULL}) status=0 exit=0
+test(test_allowed_syscalls): tame=("ioctl",{NULL}) status=9 signal=9 tamed_syscall=89
+test(test_allowed_syscalls): tame=("proc",{NULL}) status=9 signal=9 tamed_syscall=89
+test(test_allowed_syscalls): tame=("cpath",{NULL}) status=9 signal=9 tamed_syscall=89
+test(test_allowed_syscalls): tame=("abort",{NULL}) status=134 signal=6 coredump=present tamed_syscall=89
+test(test_allowed_syscalls): tame=("fattr",{NULL}) status=9 signal=9 tamed_syscall=89
+test(test_wpaths): tame=("stdio rpath",{NULL})
+ open_close("/etc/passwd") fd=3 errno=0
+ open_close("generic") fd=3 errno=0
+ open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3 errno=0
+ open_close("/nonexistent") fd=-1 errno=2
+ status=0 exit=0
+test(test_wpaths): tame=("stdio rpath",{"/etc",NULL})
+ open_close("/etc/passwd") fd=3 errno=0
+ open_close("generic") fd=-1 errno=2
+ open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3 errno=0
+ open_close("/nonexistent") fd=-1 errno=2
+ status=0 exit=0
+test(test_wpaths): tame=("stdio rpath",{"/etc/",NULL})
+ open_close("/etc/passwd") fd=3 errno=0
+ open_close("generic") fd=-1 errno=2
+ open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3 errno=0
+ open_close("/nonexistent") fd=-1 errno=2
+ status=0 exit=0
+test(test_wpaths): tame=("stdio rpath",{"/etc/passwd",NULL})
+ open_close("/etc/passwd") fd=3 errno=0
+ open_close("generic") fd=-1 errno=2
+ open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3 errno=0
+ open_close("/nonexistent") fd=-1 errno=2
+ status=0 exit=0
+test(test_wpaths): tame=("stdio rpath",{"/bin",NULL})
+ open_close("/etc/passwd") fd=-1 errno=2
+ open_close("generic") fd=-1 errno=2
+ open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1 errno=2
+ open_close("/nonexistent") fd=-1 errno=2
+ status=0 exit=0
+test(test_wpaths): tame=("stdio rpath",{"generic",NULL})
+ open_close("/etc/passwd") fd=-1 errno=2
+ open_close("generic") fd=3 errno=0
+ open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1 errno=2
+ open_close("/nonexistent") fd=-1 errno=2
+ status=0 exit=0
+test(test_wpaths): tame=("stdio rpath",{"",NULL})
+ open_close("/etc/passwd") fd=-1 errno=2
+ open_close("generic") fd=3 errno=0
+ open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1 errno=2
+ open_close("/nonexistent") fd=-1 errno=2
+ status=0 exit=0
+test(test_wpaths): tame=("stdio rpath",{".",NULL})
+ open_close("/etc/passwd") fd=-1 errno=2
+ open_close("generic") fd=3 errno=0
+ open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1 errno=2
+ open_close("/nonexistent") fd=-1 errno=2
+ status=0 exit=0
+test(test_tame): tame=("stdio rpath",{NULL}) status=0 exit=0
+test(test_tame): tame=("malloc rw rpath",{NULL}) status=0 exit=0
+test(test_tame): tame=("stdio rpath wpath",{NULL}) status=0 exit=0
+test(test_tame): tame=("stdio rpath wpath",{"/sbin",NULL}) status=256 exit=1 (errno: "Operation not permitted")
+test(test_tame): tame=("stdio rpath wpath",{"/",NULL}) status=256 exit=1 (errno: "Operation not permitted")
+test(test_tame): tame=("stdio",{NULL}) status=256 exit=1 (errno: "Operation not permitted")
+test(test_tame): tame=("cmsg",{NULL}) status=256 exit=1 (errno: "Operation not permitted")