The most important tests, of course, are tests that verify our sandbox is secure. We would like to check that the particular system call failed with a permission error. Currently, test code itself verifies that a particular operation has failed, but IMO this approach is a bit fragile. I think we should separate it.
Each security test should contain a simple program that tries to do something bad and some pattern. The program is then executed in a sandbox and under strace. Finally, test runner makes sure that the strace log matches the pattern (i.e. contains certain lines).
The most important tests, of course, are tests that verify our sandbox is secure. We would like to check that the particular system call failed with a permission error. Currently, test code itself verifies that a particular operation has failed, but IMO this approach is a bit fragile. I think we should separate it.
Each security test should contain a simple program that tries to do something bad and some pattern. The program is then executed in a sandbox and under strace. Finally, test runner makes sure that the strace log matches the pattern (i.e. contains certain lines).