Add /sys to whitelist mode

2026-03-25 22:22:35 +01:00
parent dccf2309a5
commit 0bd91ffad2
2 changed files with 16 additions and 0 deletions
--- a/tests/integration.rs
+++ b/tests/integration.rs
@@ -325,6 +325,20 @@ fn empty_home_rejected() {
    );
 }

+#[test]
+fn whitelist_sys_is_readable() {
+    let output = sandbox(&["--whitelist"])
+        .args(["--", "bash", "-c", "cat /sys/class/net/lo/address"])
+        .output()
+        .expect("agent-sandbox binary failed to execute");
+
+    let stdout = String::from_utf8_lossy(&output.stdout).trim().to_string();
+    assert_eq!(
+        stdout, "00:00:00:00:00:00",
+        "expected loopback address from /sys, got: {stdout}"
+    );
+}
+
 #[test]
 fn new_session_isolates_sid() {
    let inner_sid = read_sid_inside_sandbox(&[]);