Organize test code better

tests/e2e/seccomp.rs

@@ -0,0 +1,124 @@
+use crate::common::*;
+
+#[test]
+fn seccomp_on_by_default_blocks_unshare() {
+    let output = sandbox(&[])
+        .args(["--", "unshare", "--user", "--map-root-user", "/bin/true"])
+        .output()
+        .expect("agent-sandbox binary failed to execute");
+
+    assert!(
+        !output.status.success(),
+        "expected unshare(2) to be blocked by default seccomp filter, but it succeeded"
+    );
+}
+
+#[test]
+fn seccomp_off_allows_blocked_syscall() {
+    let output = sandbox(&["--no-seccomp"])
+        .args(["--", "unshare", "--user", "--map-root-user", "/bin/true"])
+        .output()
+        .expect("agent-sandbox binary failed to execute");
+
+    assert!(
+        output.status.success(),
+        "expected unshare(2) to succeed without seccomp, stderr: {}",
+        String::from_utf8_lossy(&output.stderr)
+    );
+}
+
+#[test]
+fn seccomp_dry_run_emits_seccomp_arg() {
+    let output = sandbox(&["--dry-run"])
+        .args(["--", "/bin/true"])
+        .output()
+        .expect("agent-sandbox binary failed to execute");
+
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    assert!(
+        stdout.contains("--seccomp"),
+        "expected --seccomp in dry-run output, got: {stdout}"
+    );
+}
+
+#[test]
+fn seccomp_dry_run_no_seccomp_omits_arg() {
+    let output = sandbox(&["--dry-run", "--no-seccomp"])
+        .args(["--", "/bin/true"])
+        .output()
+        .expect("agent-sandbox binary failed to execute");
+
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    assert!(
+        !stdout.contains("--seccomp"),
+        "expected no --seccomp in dry-run output with --no-seccomp, got: {stdout}"
+    );
+}
+
+#[test]
+fn seccomp_normal_workload_succeeds() {
+    let output = sandbox(&[])
+        .args(["--", "bash", "-c", "ls /etc > /dev/null && date"])
+        .output()
+        .expect("agent-sandbox binary failed to execute");
+
+    assert!(
+        output.status.success(),
+        "expected normal workload to succeed under default seccomp, stderr: {}",
+        String::from_utf8_lossy(&output.stderr)
+    );
+}
+#[test]
+fn seccomp_bash_pthread_fallback_works() {
+    // Verifies the ENOSYS-not-EPERM choice for clone3 doesn't break libc's
+    // clone3 -> clone fallback path that bash uses internally.
+    let output = sandbox(&[])
+        .args(["--", "bash", "-c", "true"])
+        .output()
+        .expect("agent-sandbox binary failed to execute");
+
+    assert!(
+        output.status.success(),
+        "expected bash to succeed under default seccomp (clone3 fallback), stderr: {}",
+        String::from_utf8_lossy(&output.stderr)
+    );
+}
+
+#[test]
+fn seccomp_blocks_tiocsti() {
+    // TIOCSTI (0x5412) injects keystrokes into the terminal input queue.
+    // Without --new-session, this is the primary defense against CVE-2017-5226.
+    //
+    // On kernels >= 6.2 with CONFIG_LEGACY_TIOCSTI=n, the kernel blocks TIOCSTI
+    // before seccomp sees it. We test with --no-seccomp first to detect that and
+    // skip, so the test only asserts our filter's behaviour.
+    let baseline = sandbox(&["--no-seccomp"])
+        .args([
+            "--",
+            "python3",
+            "-c",
+            "import fcntl; fcntl.ioctl(0, 0x5412, b'x')",
+        ])
+        .output()
+        .expect("agent-sandbox binary failed to execute");
+
+    if !baseline.status.success() {
+        // Kernel already blocks TIOCSTI; seccomp filter is untestable here.
+        return;
+    }
+
+    let output = sandbox(&[])
+        .args([
+            "--",
+            "python3",
+            "-c",
+            "import fcntl; fcntl.ioctl(0, 0x5412, b'x')",
+        ])
+        .output()
+        .expect("agent-sandbox binary failed to execute");
+
+    assert!(
+        !output.status.success(),
+        "expected TIOCSTI to be blocked by seccomp filter"
+    );
+}