#!/bin/sh

set -e

. "${srcdir:-.}/snap-confine/tests/common.sh"

get_common_syscalls >"$TMP"/tmpl
cat >>"$TMP"/tmpl <<EOF
# what we are testing
EOF

for i in 'PR_GET_SECCOM' 'PR_GET_SECCOMPP' 'PR_GET_SECC0MP' ; do
    printf "Test bad seccomp arg filtering (prctl %s)" "$i"
    cat "$TMP"/tmpl >"$TMP"/snap.name.app
    echo "prctl $i" >>"$TMP"/snap.name.app

    if $L snap.name.app /bin/true 2>/dev/null; then
        # true returned successfully, bad arg test failed
        cat "$TMP"/snap.name.app
        FAIL
    fi

    # all good
    PASS
done

for i in 'PR_CAP_AMBIENT_RAIS' 'PR_CAP_AMBIENT_RAISEE' ; do
    printf "Test bad seccomp arg filtering (prctl PR_CAP_AMBIENT %s)" "$i"
    cat "$TMP"/tmpl >"$TMP"/snap.name.app
    echo "prctl PR_CAP_AMBIENT $i" >>"$TMP"/snap.name.app

    if $L snap.name.app /bin/true 2>/dev/null; then
        # true returned successfully, bad arg test failed
        cat "$TMP"/snap.name.app
        FAIL
    fi

    # all good
    PASS
done
