#!/bin/sh

set -e

# shellcheck source=snap-confine/tests/common.sh
. "${srcdir:-.}/snap-confine/tests/common.sh"

get_common_syscalls >"$TMP"/tmpl
cat >>"$TMP"/tmpl <<EOF
# what we are testing
EOF

for i in 'CLONE_NEWNE' 'CLONE_NETNETT' 'CL0NE_NEWNET' ; do
    printf "Test bad seccomp arg filtering (setns - %s)" "$i"
    cat "$TMP"/tmpl >"$TMP"/snap.name.app
    echo "setns - $i" >>"$TMP"/snap.name.app

    if $L snap.name.app /bin/true 2>/dev/null; then
        # true returned successfully, bad arg test failed
        cat "$TMP"/snap.name.app
        FAIL
    fi

    # all good
    PASS
done
