You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The most important tests, of course, are tests that verify our sandbox is secure. We would like to check that the particular system call failed with a permission error. Currently, test code itself verifies that a particular operation has failed, but IMO this approach is a bit fragile. I think we should separate it.
Each security test should contain a simple program that tries to do something bad and some pattern. The program is then executed in a sandbox and under strace. Finally, test runner makes sure that the strace log matches the pattern (i.e. contains certain lines).
The text was updated successfully, but these errors were encountered:
The most important tests, of course, are tests that verify our sandbox is secure. We would like to check that the particular system call failed with a permission error. Currently, test code itself verifies that a particular operation has failed, but IMO this approach is a bit fragile. I think we should separate it.
Each security test should contain a simple program that tries to do something bad and some pattern. The program is then executed in a sandbox and under strace. Finally, test runner makes sure that the strace log matches the pattern (i.e. contains certain lines).
The text was updated successfully, but these errors were encountered: