diff --git a/.gitignore b/.gitignore index 30793847cb..554d1985b9 100644 --- a/.gitignore +++ b/.gitignore @@ -28,7 +28,7 @@ src/fldd/fldd uids.h seccomp seccomp.debug -seccomp.i386 -seccomp.amd64 +seccomp.32 +seccomp.64 seccomp.block_secondary seccomp.mdwx diff --git a/Makefile.in b/Makefile.in index 9111a3c95b..e20aa5b621 100644 --- a/Makefile.in +++ b/Makefile.in @@ -2,7 +2,7 @@ all: apps man filters MYLIBS = src/lib APPS = src/firejail src/firemon src/firecfg src/libtrace src/libtracelog src/ftee src/faudit src/fnet src/fseccomp src/fcopy src/fldd src/libpostexecseccomp MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 -SECCOMP_FILTERS = seccomp seccomp.debug seccomp.i386 seccomp.amd64 seccomp.block_secondary seccomp.mdwx +SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.64 seccomp.block_secondary seccomp.mdwx prefix=@prefix@ exec_prefix=@exec_prefix@ @@ -43,8 +43,8 @@ filters: src/fseccomp ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP) src/fseccomp/fseccomp default seccomp src/fseccomp/fseccomp default seccomp.debug allow-debuggers - src/fseccomp/fseccomp secondary 32 seccomp.i386 - src/fseccomp/fseccomp secondary 64 seccomp.amd64 + src/fseccomp/fseccomp secondary 32 seccomp.32 + src/fseccomp/fseccomp secondary 64 seccomp.64 src/fseccomp/fseccomp secondary block seccomp.block_secondary src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx endif @@ -103,8 +103,8 @@ ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP) install -c -m 0755 src/fseccomp/fseccomp $(DESTDIR)/$(libdir)/firejail/. install -c -m 0644 seccomp $(DESTDIR)/$(libdir)/firejail/. install -c -m 0644 seccomp.debug $(DESTDIR)/$(libdir)/firejail/. - install -c -m 0644 seccomp.i386 $(DESTDIR)/$(libdir)/firejail/. - install -c -m 0644 seccomp.amd64 $(DESTDIR)/$(libdir)/firejail/. + install -c -m 0644 seccomp.32 $(DESTDIR)/$(libdir)/firejail/. + install -c -m 0644 seccomp.64 $(DESTDIR)/$(libdir)/firejail/. install -c -m 0644 seccomp.block_secondary $(DESTDIR)/$(libdir)/firejail/. install -c -m 0644 seccomp.mdwx $(DESTDIR)/$(libdir)/firejail/. endif diff --git a/platform/rpm/old-mkrpm.sh b/platform/rpm/old-mkrpm.sh index 505171d1c6..7d817c7e25 100755 --- a/platform/rpm/old-mkrpm.sh +++ b/platform/rpm/old-mkrpm.sh @@ -36,9 +36,9 @@ install -m 644 /usr/lib/firejail/libtracelog.so firejail-$VERSION/usr/lib/firej install -m 644 /usr/lib/firejail/libtrace.so firejail-$VERSION/usr/lib/firejail/. install -m 644 /usr/lib/firejail/libpostexecseccomp.so firejail-$VERSION/usr/lib/firejail/. install -m 644 /usr/lib/firejail/seccomp firejail-$VERSION/usr/lib/firejail/. -install -m 644 /usr/lib/firejail/seccomp.amd64 firejail-$VERSION/usr/lib/firejail/. +install -m 644 /usr/lib/firejail/seccomp.64 firejail-$VERSION/usr/lib/firejail/. install -m 644 /usr/lib/firejail/seccomp.debug firejail-$VERSION/usr/lib/firejail/. -install -m 644 /usr/lib/firejail/seccomp.i386 firejail-$VERSION/usr/lib/firejail/. +install -m 644 /usr/lib/firejail/seccomp.32 firejail-$VERSION/usr/lib/firejail/. install -m 644 /usr/lib/firejail/seccomp.block_secondary firejail-$VERSION/usr/lib/firejail/. install -m 644 /usr/lib/firejail/seccomp.mdwx firejail-$VERSION/usr/lib/firejail/. @@ -492,9 +492,9 @@ rm -rf %{buildroot} /usr/lib/firejail/fnet /usr/lib/firejail/fseccomp /usr/lib/firejail/seccomp -/usr/lib/firejail/seccomp.amd64 +/usr/lib/firejail/seccomp.64 /usr/lib/firejail/seccomp.debug -/usr/lib/firejail/seccomp.i386 +/usr/lib/firejail/seccomp.32 /usr/lib/firejail/seccomp.block_secondary /usr/lib/firejail/seccomp.mdwx diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 435b9527d9..60a43a6005 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -54,15 +54,15 @@ #define RUN_SECCOMP_PROTOCOL "/run/firejail/mnt/seccomp.protocol" // protocol filter #define RUN_SECCOMP_CFG "/run/firejail/mnt/seccomp" // configured filter -#define RUN_SECCOMP_AMD64 "/run/firejail/mnt/seccomp.amd64" // amd64 filter installed on i386 architectures -#define RUN_SECCOMP_I386 "/run/firejail/mnt/seccomp.i386" // i386 filter installed on amd64 architectures +#define RUN_SECCOMP_64 "/run/firejail/mnt/seccomp.64" // 64bit arch filter installed on 32bit architectures +#define RUN_SECCOMP_32 "/run/firejail/mnt/seccomp.32" // 32bit arch filter installed on 64bit architectures #define RUN_SECCOMP_MDWX "/run/firejail/mnt/seccomp.mdwx" // filter for memory-deny-write-execute #define RUN_SECCOMP_BLOCK_SECONDARY "/run/firejail/mnt/seccomp.block_secondary" // secondary arch blocking filter #define RUN_SECCOMP_POSTEXEC "/run/firejail/mnt/seccomp.postexec" // filter for post-exec library #define PATH_SECCOMP_DEFAULT (LIBDIR "/firejail/seccomp") // default filter built during make #define PATH_SECCOMP_DEFAULT_DEBUG (LIBDIR "/firejail/seccomp.debug") // default filter built during make -#define PATH_SECCOMP_AMD64 (LIBDIR "/firejail/seccomp.amd64") // amd64 filter built during make -#define PATH_SECCOMP_I386 (LIBDIR "/firejail/seccomp.i386") // i386 filter built during make +#define PATH_SECCOMP_64 (LIBDIR "/firejail/seccomp.64") // 64bit arch filter built during make +#define PATH_SECCOMP_32 (LIBDIR "/firejail/seccomp.32") // 32bit arch filter built during make #define PATH_SECCOMP_MDWX (LIBDIR "/firejail/seccomp.mdwx") // filter for memory-deny-write-execute built during make #define PATH_SECCOMP_BLOCK_SECONDARY (LIBDIR "/firejail/seccomp.block_secondary") // secondary arch blocking filter built during make diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c index bf1ef04695..0b447e03bf 100644 --- a/src/firejail/preproc.c +++ b/src/firejail/preproc.c @@ -79,8 +79,8 @@ void preproc_mount_mnt_dir(void) { copy_file(PATH_SECCOMP_BLOCK_SECONDARY, RUN_SECCOMP_BLOCK_SECONDARY, getuid(), getgid(), 0644); // root needed else { //copy default seccomp files - copy_file(PATH_SECCOMP_I386, RUN_SECCOMP_I386, getuid(), getgid(), 0644); // root needed - copy_file(PATH_SECCOMP_AMD64, RUN_SECCOMP_AMD64, getuid(), getgid(), 0644); // root needed + copy_file(PATH_SECCOMP_32, RUN_SECCOMP_32, getuid(), getgid(), 0644); // root needed + copy_file(PATH_SECCOMP_64, RUN_SECCOMP_64, getuid(), getgid(), 0644); // root needed } if (arg_allow_debuggers) copy_file(PATH_SECCOMP_DEFAULT_DEBUG, RUN_SECCOMP_CFG, getuid(), getgid(), 0644); // root needed diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c index 7b45e25742..e75863c3a8 100644 --- a/src/firejail/seccomp.c +++ b/src/firejail/seccomp.c @@ -137,22 +137,22 @@ int seccomp_load(const char *fname) { exit(1); } -// i386 filter installed on amd64 architectures -#if defined(__x86_64__) +// 32 bit arch filter installed on 64 bit architectures +#if defined(__LP64__) static void seccomp_filter_32(void) { - if (seccomp_load(RUN_SECCOMP_I386) == 0) { + if (seccomp_load(RUN_SECCOMP_32) == 0) { if (arg_debug) - printf("Dual i386/amd64 seccomp filter configured\n"); + printf("Dual 32/64 bit seccomp filter configured\n"); } } #endif -// amd64 filter installed on i386 architectures -#if defined(__i386__) +// 64 bit arch filter installed on 32 bit architectures +#if defined(__ILP32__) static void seccomp_filter_64(void) { - if (seccomp_load(RUN_SECCOMP_AMD64) == 0) { + if (seccomp_load(RUN_SECCOMP_64) == 0) { if (arg_debug) - printf("Dual i386/amd64 seccomp filter configured\n"); + printf("Dual 32/64 bit seccomp filter configured\n"); } } #endif @@ -177,10 +177,10 @@ int seccomp_filter_drop(void) { if (arg_seccomp_block_secondary) seccomp_filter_block_secondary(); else { -#if defined(__x86_64__) +#if defined(__LP64__) seccomp_filter_32(); #endif -#if defined(__i386__) +#if defined(__ILP32__) seccomp_filter_64(); #endif } @@ -190,10 +190,10 @@ int seccomp_filter_drop(void) { if (arg_seccomp_block_secondary) seccomp_filter_block_secondary(); else { -#if defined(__x86_64__) +#if defined(__LP64__) seccomp_filter_32(); #endif -#if defined(__i386__) +#if defined(__ILP32__) seccomp_filter_64(); #endif } diff --git a/src/fseccomp/seccomp_print.c b/src/fseccomp/seccomp_print.c index 3793e125db..e8df2bda5c 100644 --- a/src/fseccomp/seccomp_print.c +++ b/src/fseccomp/seccomp_print.c @@ -90,7 +90,7 @@ static int detect_filter_type(void) { } - // testing for secondare amd64 filter + // testing for secondary 64 bit filter const struct sock_filter start_secondary_64[] = { VALIDATE_ARCHITECTURE_64, EXAMINE_SYSCALL, @@ -102,7 +102,7 @@ static int detect_filter_type(void) { return sizeof(start_secondary_64) / sizeof(struct sock_filter); } - // testing for secondare i386 filter + // testing for secondary 32 bit filter const struct sock_filter start_secondary_32[] = { VALIDATE_ARCHITECTURE_32, EXAMINE_SYSCALL, diff --git a/src/fseccomp/seccomp_secondary.c b/src/fseccomp/seccomp_secondary.c index dd69b58ccb..da6a693e63 100644 --- a/src/fseccomp/seccomp_secondary.c +++ b/src/fseccomp/seccomp_secondary.c @@ -108,7 +108,7 @@ void seccomp_secondary_64(const char *fname) { write_filter(fname, sizeof(filter), filter); } -// i386 filter installed on amd64 architectures +// 32 bit arch filter installed on 64 bit architectures void seccomp_secondary_32(const char *fname) { // hardcoded syscall values struct sock_filter filter[] = { diff --git a/src/include/seccomp.h b/src/include/seccomp.h index 2f2b2384d7..133b6ce720 100644 --- a/src/include/seccomp.h +++ b/src/include/seccomp.h @@ -91,10 +91,64 @@ struct seccomp_data { #if defined(__i386__) # define ARCH_NR AUDIT_ARCH_I386 +# define ARCH_32 AUDIT_ARCH_I386 +# define ARCH_64 AUDIT_ARCH_X86_64 #elif defined(__x86_64__) # define ARCH_NR AUDIT_ARCH_X86_64 +# define ARCH_32 AUDIT_ARCH_I386 +# define ARCH_64 AUDIT_ARCH_X86_64 +#elif defined(__aarch64__) +# define ARCH_NR AUDIT_ARCH_AARCH64 +# define ARCH_32 AUDIT_ARCH_ARM +# define ARCH_64 AUDIT_ARCH_AARCH64 #elif defined(__arm__) # define ARCH_NR AUDIT_ARCH_ARM +# define ARCH_32 AUDIT_ARCH_ARM +# define ARCH_64 AUDIT_ARCH_AARCH64 +#elif defined(__mips__) && __BYTE_ORDER == __BIG_ENDIAN && _MIPS_SIM == _MIPS_SIM_ABI32 +# define ARCH_NR AUDIT_ARCH_MIPS +# define ARCH_32 AUDIT_ARCH_MIPS +# define ARCH_64 AUDIT_ARCH_MIPS64 +#elif defined(__mips__) && __BYTE_ORDER == __LITTLE_ENDIAN && _MIPS_SIM == _MIPS_SIM_ABI32 +# define ARCH_NR AUDIT_ARCH_MIPSEL +# define ARCH_32 AUDIT_ARCH_MIPSEL +# define ARCH_64 AUDIT_ARCH_MIPSEL64 +#elif defined(__mips__) && __BYTE_ORDER == __BIG_ENDIAN && _MIPS_SIM == _MIPS_SIM_ABI64 +# define ARCH_NR AUDIT_ARCH_MIPS64 +# define ARCH_32 AUDIT_ARCH_MIPS +# define ARCH_64 AUDIT_ARCH_MIPS64 +#elif defined(__mips__) && __BYTE_ORDER == __LITTLE_ENDIAN && _MIPS_SIM == _MIPS_SIM_ABI64 +# define ARCH_NR AUDIT_ARCH_MIPSEL64 +# define ARCH_32 AUDIT_ARCH_MIPSEL +# define ARCH_64 AUDIT_ARCH_MIPSEL64 +#elif defined(__mips__) && __BYTE_ORDER == __BIG_ENDIAN && _MIPS_SIM == _MIPS_SIM_NABI32 +# define ARCH_NR AUDIT_ARCH_MIPS64N32 +# define ARCH_32 AUDIT_ARCH_MIPS64N32 +# define ARCH_64 AUDIT_ARCH_MIPS64 +#elif defined(__mips__) && __BYTE_ORDER == __LITTLE_ENDIAN && _MIPS_SIM == _MIPS_SIM_NABI32 +# define ARCH_NR AUDIT_ARCH_MIPSEL64N32 +# define ARCH_32 AUDIT_ARCH_MIPSEL64N32 +# define ARCH_64 AUDIT_ARCH_MIPSEL64 +#elif defined(__powerpc64__) && __BYTE_ORDER == __BIG_ENDIAN +# define ARCH_NR AUDIT_ARCH_PPC64 +# define ARCH_32 AUDIT_ARCH_PPC +# define ARCH_64 AUDIT_ARCH_PPC64 +#elif defined(__powerpc64__) && __BYTE_ORDER == __LITTLE_ENDIAN +# define ARCH_NR AUDIT_ARCH_PPC64LE +# define ARCH_32 AUDIT_ARCH_PPC +# define ARCH_64 AUDIT_ARCH_PPC64LE +#elif defined(__powerpc__) +# define ARCH_NR AUDIT_ARCH_PPC +# define ARCH_32 AUDIT_ARCH_PPC +# define ARCH_64 AUDIT_ARCH_PPC64LE +#elif defined(__s390x__) +# define ARCH_NR AUDIT_ARCH_S390X +# define ARCH_32 AUDIT_ARCH_S390 +# define ARCH_64 AUDIT_ARCH_S390X +#elif defined(__s390__) +# define ARCH_NR AUDIT_ARCH_S390 +# define ARCH_32 AUDIT_ARCH_S390 +# define ARCH_64 AUDIT_ARCH_S390X #else # warning "Platform does not support seccomp filter yet" # define ARCH_NR 0 @@ -112,12 +166,12 @@ struct seccomp_data { #define VALIDATE_ARCHITECTURE_64 \ BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \ - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, AUDIT_ARCH_X86_64, 1, 0), \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_64, 1, 0), \ BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) #define VALIDATE_ARCHITECTURE_32 \ BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \ - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, AUDIT_ARCH_I386, 1, 0), \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_32, 1, 0), \ BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) #if defined(__x86_64__) diff --git a/test/filters/seccomp-debug-32.exp b/test/filters/seccomp-debug-32.exp index 6983758c33..098b309f53 100755 --- a/test/filters/seccomp-debug-32.exp +++ b/test/filters/seccomp-debug-32.exp @@ -43,7 +43,7 @@ expect { } expect { timeout {puts "TESTING ERROR 7\n";exit} - "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" + "Installing /run/firejail/mnt/seccomp.64 seccomp filter" } expect { timeout {puts "TESTING ERROR 9\n";exit} @@ -56,13 +56,13 @@ send -- "firejail --debug --ignore=seccomp sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 10\n";exit} "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 11\n";exit} - "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 12\n";exit} + "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 12\n";exit} "Child process initialized" } expect { timeout {puts "TESTING ERROR 13\n";exit} "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 14\n";exit} - "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 15\n";exit} + "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 15\n";exit} "done" } after 100 @@ -82,7 +82,7 @@ expect { expect { timeout {puts "TESTING ERROR 21\n";exit} "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 22\n";exit} - "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" + "Installing /run/firejail/mnt/seccomp.64 seccomp filter" } expect { timeout {puts "TESTING ERROR 23\n";exit} @@ -110,12 +110,12 @@ expect { send -- "firejail --debug --seccomp.block-secondary sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 27\n";exit} - "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 28\n";exit} + "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 28\n";exit} "Child process initialized" } expect { timeout {puts "TESTING ERROR 29\n";exit} - "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 30\n";exit} + "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 30\n";exit} "Installing /run/firejail/mnt/seccomp seccomp filter" } expect { @@ -128,12 +128,12 @@ after 100 send -- "firejail --debug --profile=block-secondary.profile sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 33\n";exit} - "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 34\n";exit} + "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 34\n";exit} "Child process initialized" } expect { timeout {puts "TESTING ERROR 35\n";exit} - "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 35\n";exit} + "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 35\n";exit} "Installing /run/firejail/mnt/seccomp seccomp filter" } expect { diff --git a/test/filters/seccomp-debug.exp b/test/filters/seccomp-debug.exp index 7a4a13991e..4986a6bf6f 100755 --- a/test/filters/seccomp-debug.exp +++ b/test/filters/seccomp-debug.exp @@ -31,7 +31,7 @@ expect { after 100 -# amd64 architecture +# 64 bit architecture send -- "firejail --debug sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 5\n";exit} @@ -43,7 +43,7 @@ expect { } expect { timeout {puts "TESTING ERROR 7\n";exit} - "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" + "Installing /run/firejail/mnt/seccomp.32 seccomp filter" } expect { timeout {puts "TESTING ERROR 8\n";exit} @@ -55,18 +55,18 @@ expect { } after 100 -# amd64 architecture - ignore seccomp +# 64 bit architecture - ignore seccomp send -- "firejail --debug --ignore=seccomp sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 10\n";exit} "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 11\n";exit} - "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 12\n";exit} + "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 12\n";exit} "Child process initialized" } expect { timeout {puts "TESTING ERROR 13\n";exit} "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 14\n";exit} - "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 15\n";exit} + "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 15\n";exit} "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" } expect { @@ -75,7 +75,7 @@ expect { } after 100 -# amd64 architecture - ignore protocol +# 64 bit architecture - ignore protocol send -- "firejail --debug --ignore=protocol sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 17\n";exit} @@ -90,7 +90,7 @@ expect { expect { timeout {puts "TESTING ERROR 21\n";exit} "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 22\n";exit} - "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" + "Installing /run/firejail/mnt/seccomp.32 seccomp filter" } expect { timeout {puts "TESTING ERROR 23\n";exit} @@ -114,21 +114,21 @@ expect { } -# amd64 architecture - seccomp.block-secondary +# 64 bit architecture - seccomp.block-secondary send -- "firejail --debug --seccomp.block-secondary sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 27\n";exit} - "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 28\n";exit} + "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 28\n";exit} "Child process initialized" } expect { timeout {puts "TESTING ERROR 29\n";exit} - "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 30\n";exit} + "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 30\n";exit} "Installing /run/firejail/mnt/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 31\n";exit} - "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 32\n";exit} + "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 32\n";exit} "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" } expect { @@ -137,16 +137,16 @@ expect { } after 100 -# amd64 architecture - seccomp.block-secondary, profile +# 64 bit architecture - seccomp.block-secondary, profile send -- "firejail --debug --profile=block-secondary.profile sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 33\n";exit} - "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 34\n";exit} + "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 34\n";exit} "Child process initialized" } expect { timeout {puts "TESTING ERROR 35\n";exit} - "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 35\n";exit} + "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit} "Installing /run/firejail/mnt/seccomp seccomp filter" } expect {