simplify sandbox test

tests/test_sandbox.c

@@ -7,7 +7,7 @@
 
 START_TEST(test_create) {
   zathura_t* zathura = zathura_create();
-  zathura->global.sandbox = ZATHURA_SANDBOX_TEST;
+  zathura->global.sandbox = ZATHURA_SANDBOX_STRICT;
   fail_unless(zathura != NULL, "Could not create strictly sandboxed session", NULL);
   fail_unless(zathura_init(zathura) == true, "Could not initialize strictly sandboxed session", NULL);
   zathura_free(zathura);

zathura/seccomp-filters.c

@@ -117,7 +117,7 @@ out:
 }
 
 int
-seccomp_enable_strict_filter(bool test)
+seccomp_enable_strict_filter(void)
 {
   /* prevent child processes from getting more priv e.g. via setuid, capabilities, ... */
   if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
@@ -224,11 +224,10 @@ seccomp_enable_strict_filter(bool test)
   ADD_RULE("errno", SCMP_ACT_ERRNO(EPERM), sched_setattr, 0);
   ADD_RULE("errno", SCMP_ACT_ERRNO(EPERM), sched_getattr, 0);
 
-/* check test flag, allow additional syscalls for test mode */
+  /* required for testing only */
-  if (test) {
+  ALLOW_RULE(timer_create);
-    ALLOW_RULE(timer_create);
+  ALLOW_RULE(timer_delete);
-    ALLOW_RULE(timer_delete);
+  
-  }
 
   /* Special requirements for ioctl, allowed on stdout/stderr */
   ADD_RULE("allow", SCMP_ACT_ALLOW, ioctl, 1, SCMP_CMP(0, SCMP_CMP_EQ, 1));

zathura/seccomp-filters.h

@@ -3,8 +3,6 @@
 #ifndef ZATHURA_SECCOMP_FILTERS_H
 #define ZATHURA_SECCOMP_FILTERS_H
 
-#include <stdbool.h>
-
 /* basic filter */
 /* this mode allows normal use */
 /* only dangerous syscalls are blacklisted */
@@ -12,6 +10,6 @@ int seccomp_enable_basic_filter(void);
 
 /* strict filter before document parsing */
 /* this filter is to be enabled after most of the initialisation of zathura has finished */
-int seccomp_enable_strict_filter(bool test);
+int seccomp_enable_strict_filter(void);
 
 #endif

zathura/zathura.c

@@ -448,22 +448,13 @@ zathura_init(zathura_t* zathura)
       break;
     case ZATHURA_SANDBOX_STRICT:
       girara_debug("Strict sandbox preventing write and network access.");
-      if (seccomp_enable_strict_filter(false) != 0) {
+      if (seccomp_enable_strict_filter() != 0) {
         girara_error("Failed to initialize strict seccomp filter.");
         goto error_free;
       }
       /* unset the input method to avoid communication with external services */
       unsetenv("GTK_IM_MODULE");
       break;
-    case ZATHURA_SANDBOX_TEST:
-      girara_debug("Strict sandbox preventing write and network access, testmode.");
-      if (seccomp_enable_strict_filter(true) != 0) {
-        girara_error("Failed to initialize test seccomp filter.");
-        goto error_free;
-      }
-      /* unset the input method to avoid communication with external services */
-      unsetenv("GTK_IM_MODULE");
-      break;
   }
 #endif
 

zathura/zathura.h

@@ -86,7 +86,6 @@ typedef enum {
   ZATHURA_SANDBOX_NONE,
   ZATHURA_SANDBOX_NORMAL,
   ZATHURA_SANDBOX_STRICT,
-  ZATHURA_SANDBOX_TEST
 } zathura_sandbox_t;
 
 /* forward declaration for types from database.h */