Robust security tests #23
Description
The most important tests, of course, are tests that verify our sandbox is secure. We would like to check that the particular system call failed with a permission error. Currently, test code itself verifies that a particular operation has failed, but IMO this approach is a bit fragile. I think we should separate it.
Each security test should contain a simple program that tries to do something bad and some pattern. The program is then executed in a sandbox and under strace. Finally, test runner makes sure that the strace log matches the pattern (i.e. contains certain lines).