summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2016-08-20 07:54:20 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2016-08-20 07:54:20 -0400
commitccf7230e0b4e74d21ba9030793b4486250d30507 (patch)
treef260e93febf31c5183dbd1b8e991dbad5e4f7016
parentsmall fixes for command args (diff)
downloadfirejail-ccf7230e0b4e74d21ba9030793b4486250d30507.tar.gz
firejail-ccf7230e0b4e74d21ba9030793b4486250d30507.tar.zst
firejail-ccf7230e0b4e74d21ba9030793b4486250d30507.zip
compile time config option for overlayfs
Diffstat
-rwxr-xr-xconfigure17
-rw-r--r--configure.ac9
-rw-r--r--src/firejail/Makefile.in3
-rw-r--r--src/firejail/checkcfg.c8
-rw-r--r--src/firejail/fs.c3
-rw-r--r--src/firejail/main.c4
-rw-r--r--src/firejail/sandbox.c2
-rw-r--r--src/firejail/x11.c22
-rw-r--r--src/lib/common.c2
-rwxr-xr-xtest/dist-compile/compile.sh39
10 files changed, 80 insertions, 29 deletions
diff --git a/configure b/configure
index 29792969c..5505b01c2 100755
--- a/configure
+++ b/configure
@@ -636,6 +636,7 @@ HAVE_GLOBALCFG
636HAVE_BIND 636HAVE_BIND
637HAVE_CHROOT 637HAVE_CHROOT
638HAVE_SECCOMP 638HAVE_SECCOMP
639HAVE_OVERLAYFS
639EXTRA_LDFLAGS 640EXTRA_LDFLAGS
640EGREP 641EGREP
641GREP 642GREP
@@ -694,6 +695,7 @@ ac_subst_files=''
694ac_user_opts=' 695ac_user_opts='
695enable_option_checking 696enable_option_checking
696enable_apparmor 697enable_apparmor
698enable_overlayfs
697enable_seccomp 699enable_seccomp
698enable_chroot 700enable_chroot
699enable_bind 701enable_bind
@@ -1325,6 +1327,7 @@ Optional Features:
1325 --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) 1327 --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
1326 --enable-FEATURE[=ARG] include FEATURE [ARG=yes] 1328 --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
1327 --enable-apparmor enable apparmor 1329 --enable-apparmor enable apparmor
1330 --disable-overlayfs disable overlayfs
1328 --disable-seccomp disable seccomp 1331 --disable-seccomp disable seccomp
1329 --disable-chroot disable chroot 1332 --disable-chroot disable chroot
1330 --disable-bind disable bind 1333 --disable-bind disable bind
@@ -3511,6 +3514,19 @@ if test "x$enable_apparmor" = "xyes"; then :
3511fi 3514fi
3512 3515
3513 3516
3517HAVE_OVERLAYFS=""
3518# Check whether --enable-overlayfs was given.
3519if test "${enable_overlayfs+set}" = set; then :
3520 enableval=$enable_overlayfs;
3521fi
3522
3523if test "x$enable_overlayfs" != "xno"; then :
3524
3525 HAVE_OVERLAYFS="-DHAVE_OVERLAYFS"
3526
3527
3528fi
3529
3514HAVE_SECCOMP="" 3530HAVE_SECCOMP=""
3515# Check whether --enable-seccomp was given. 3531# Check whether --enable-seccomp was given.
3516if test "${enable_seccomp+set}" = set; then : 3532if test "${enable_seccomp+set}" = set; then :
@@ -4922,6 +4938,7 @@ echo " user namespace: $HAVE_USERNS"
4922echo " X11 sandboxing support: $HAVE_X11" 4938echo " X11 sandboxing support: $HAVE_X11"
4923echo " whitelisting: $HAVE_WHITELIST" 4939echo " whitelisting: $HAVE_WHITELIST"
4924echo " file transfer support: $HAVE_FILE_TRANSFER" 4940echo " file transfer support: $HAVE_FILE_TRANSFER"
4941echo " overlayfs support: $HAVE_OVERLAYFS"
4925echo " fatal warnings: $HAVE_FATAL_WARNINGS" 4942echo " fatal warnings: $HAVE_FATAL_WARNINGS"
4926echo " busybox workaround: $BUSYBOX_WORKAROUND" 4943echo " busybox workaround: $BUSYBOX_WORKAROUND"
4927printf " uid_min: "; grep UID_MIN uids.h 4944printf " uid_min: "; grep UID_MIN uids.h
diff --git a/configure.ac b/configure.ac
index 149f76eae..2a5bd5e54 100644
--- a/configure.ac
+++ b/configure.ac
@@ -30,6 +30,14 @@ AS_IF([test "x$enable_apparmor" = "xyes"], [
30]) 30])
31AC_SUBST([EXTRA_LDFLAGS]) 31AC_SUBST([EXTRA_LDFLAGS])
32 32
33HAVE_OVERLAYFS=""
34AC_ARG_ENABLE([overlayfs],
35 AS_HELP_STRING([--disable-overlayfs], [disable overlayfs]))
36AS_IF([test "x$enable_overlayfs" != "xno"], [
37 HAVE_OVERLAYFS="-DHAVE_OVERLAYFS"
38 AC_SUBST(HAVE_OVERLAYFS)
39])
40
33HAVE_SECCOMP="" 41HAVE_SECCOMP=""
34AC_ARG_ENABLE([seccomp], 42AC_ARG_ENABLE([seccomp],
35 AS_HELP_STRING([--disable-seccomp], [disable seccomp])) 43 AS_HELP_STRING([--disable-seccomp], [disable seccomp]))
@@ -156,6 +164,7 @@ echo " user namespace: $HAVE_USERNS"
156echo " X11 sandboxing support: $HAVE_X11" 164echo " X11 sandboxing support: $HAVE_X11"
157echo " whitelisting: $HAVE_WHITELIST" 165echo " whitelisting: $HAVE_WHITELIST"
158echo " file transfer support: $HAVE_FILE_TRANSFER" 166echo " file transfer support: $HAVE_FILE_TRANSFER"
167echo " overlayfs support: $HAVE_OVERLAYFS"
159echo " fatal warnings: $HAVE_FATAL_WARNINGS" 168echo " fatal warnings: $HAVE_FATAL_WARNINGS"
160echo " busybox workaround: $BUSYBOX_WORKAROUND" 169echo " busybox workaround: $BUSYBOX_WORKAROUND"
161printf " uid_min: "; grep UID_MIN uids.h 170printf " uid_min: "; grep UID_MIN uids.h
diff --git a/src/firejail/Makefile.in b/src/firejail/Makefile.in
index 15253b5ab..f56137308 100644
--- a/src/firejail/Makefile.in
+++ b/src/firejail/Makefile.in
@@ -19,13 +19,14 @@ HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@
19HAVE_WHITELIST=@HAVE_WHITELIST@ 19HAVE_WHITELIST=@HAVE_WHITELIST@
20HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ 20HAVE_GLOBALCFG=@HAVE_GLOBALCFG@
21HAVE_APPARMOR=@HAVE_APPARMOR@ 21HAVE_APPARMOR=@HAVE_APPARMOR@
22HAVE_OVERLAYFS=@HAVE_OVERLAYFS@
22EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ 23EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@
23 24
24H_FILE_LIST = $(sort $(wildcard *.[h])) 25H_FILE_LIST = $(sort $(wildcard *.[h]))
25C_FILE_LIST = $(sort $(wildcard *.c)) 26C_FILE_LIST = $(sort $(wildcard *.c))
26OBJS = $(C_FILE_LIST:.c=.o) 27OBJS = $(C_FILE_LIST:.c=.o)
27BINOBJS = $(foreach file, $(OBJS), $file) 28BINOBJS = $(foreach file, $(OBJS), $file)
28CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_APPARMOR) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security 29CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security
29LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread 30LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread
30 31
31%.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/libnetlink.h ../include/pid.h 32%.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/libnetlink.h ../include/pid.h
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 019b54773..f5ea7439b 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -272,6 +272,14 @@ void print_compiletime_support(void) {
272#endif 272#endif
273 ); 273 );
274 274
275 printf("\t- overlayfs support is %s\n",
276#ifdef HAVE_OVERLAYFS
277 "enabled"
278#else
279 "disabled"
280#endif
281 );
282
275 printf("\t- file and directory whitelisting support is %s\n", 283 printf("\t- file and directory whitelisting support is %s\n",
276#ifdef HAVE_WHITELIST 284#ifdef HAVE_WHITELIST
277 "enabled" 285 "enabled"
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 63ffa8bff..ddb25c2dd 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -815,6 +815,7 @@ void fs_basic_fs(void) {
815 815
816 816
817 817
818#ifdef HAVE_OVERLAYFS
818char *fs_check_overlay_dir(const char *subdirname, int allow_reuse) { 819char *fs_check_overlay_dir(const char *subdirname, int allow_reuse) {
819 // create ~/.firejail directory 820 // create ~/.firejail directory
820 struct stat s; 821 struct stat s;
@@ -1121,7 +1122,7 @@ void fs_overlayfs(void) {
1121 free(oroot); 1122 free(oroot);
1122 free(odiff); 1123 free(odiff);
1123} 1124}
1124 1125#endif
1125 1126
1126 1127
1127#ifdef HAVE_CHROOT 1128#ifdef HAVE_CHROOT
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 8e18ec724..c366390cc 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -264,6 +264,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
264 printf("\n"); 264 printf("\n");
265 exit(0); 265 exit(0);
266 } 266 }
267#ifdef HAVE_OVERLAYFS
267 else if (strcmp(argv[i], "--overlay-clean") == 0) { 268 else if (strcmp(argv[i], "--overlay-clean") == 0) {
268 char *path; 269 char *path;
269 if (asprintf(&path, "%s/.firejail", cfg.homedir) == -1) 270 if (asprintf(&path, "%s/.firejail", cfg.homedir) == -1)
@@ -281,6 +282,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
281 } 282 }
282 exit(0); 283 exit(0);
283 } 284 }
285#endif
284#ifdef HAVE_X11 286#ifdef HAVE_X11
285 else if (strcmp(argv[i], "--x11") == 0) { 287 else if (strcmp(argv[i], "--x11") == 0) {
286 if (checkcfg(CFG_X11)) { 288 if (checkcfg(CFG_X11)) {
@@ -1279,6 +1281,7 @@ int main(int argc, char **argv) {
1279 profile_check_line(line, 0, NULL); // will exit if something wrong 1281 profile_check_line(line, 0, NULL); // will exit if something wrong
1280 profile_add(line); 1282 profile_add(line);
1281 } 1283 }
1284#ifdef HAVE_OVERLAYFS
1282 else if (strcmp(argv[i], "--overlay") == 0) { 1285 else if (strcmp(argv[i], "--overlay") == 0) {
1283 if (cfg.chrootdir) { 1286 if (cfg.chrootdir) {
1284 fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); 1287 fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n");
@@ -1353,6 +1356,7 @@ int main(int argc, char **argv) {
1353 } 1356 }
1354 arg_overlay = 1; 1357 arg_overlay = 1;
1355 } 1358 }
1359#endif
1356 else if (strncmp(argv[i], "--profile=", 10) == 0) { 1360 else if (strncmp(argv[i], "--profile=", 10) == 0) {
1357 if (arg_noprofile) { 1361 if (arg_noprofile) {
1358 fprintf(stderr, "Error: --noprofile and --profile options are mutually exclusive\n"); 1362 fprintf(stderr, "Error: --noprofile and --profile options are mutually exclusive\n");
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index c40ff1d03..a33c81937 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -500,9 +500,11 @@ int sandbox(void* sandbox_arg) {
500 } 500 }
501 else 501 else
502#endif 502#endif
503#ifdef HAVE_OVERLAYFS
503 if (arg_overlay) 504 if (arg_overlay)
504 fs_overlayfs(); 505 fs_overlayfs();
505 else 506 else
507#endif
506 fs_basic_fs(); 508 fs_basic_fs();
507 509
508 //**************************** 510 //****************************
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
index ed6fa3741..3d0918b2c 100644
--- a/src/firejail/x11.c
+++ b/src/firejail/x11.c
@@ -26,6 +26,7 @@
26#include <stdlib.h> 26#include <stdlib.h>
27#include <dirent.h> 27#include <dirent.h>
28#include <sys/mount.h> 28#include <sys/mount.h>
29#include <sys/wait.h>
29 30
30#ifdef HAVE_X11 31#ifdef HAVE_X11
31// return 1 if xpra is installed on the system 32// return 1 if xpra is installed on the system
@@ -163,7 +164,7 @@ void fs_x11(void) {
163//$ DISPLAY=:22 firejail --net=eth0 --blacklist=/tmp/.X11-unix/x0 firefox 164//$ DISPLAY=:22 firejail --net=eth0 --blacklist=/tmp/.X11-unix/x0 firefox
164void x11_start_xephyr(int argc, char **argv) { 165void x11_start_xephyr(int argc, char **argv) {
165 EUID_ASSERT(); 166 EUID_ASSERT();
166 size_t i; 167 int i;
167 struct stat s; 168 struct stat s;
168 pid_t jail = 0; 169 pid_t jail = 0;
169 pid_t server = 0; 170 pid_t server = 0;
@@ -204,12 +205,12 @@ void x11_start_xephyr(int argc, char **argv) {
204 // parse xephyr_extra_params 205 // parse xephyr_extra_params
205 // very basic quoting support 206 // very basic quoting support
206 char *temp = strdup(xephyr_extra_params); 207 char *temp = strdup(xephyr_extra_params);
207 if (xephyr_extra_params != "") { 208 if (*xephyr_extra_params != '\0') {
208 if (!temp) 209 if (!temp)
209 errExit("strdup"); 210 errExit("strdup");
210 bool dquote = false; 211 bool dquote = false;
211 bool squote = false; 212 bool squote = false;
212 for (i = 0; i < strlen(xephyr_extra_params); i++) { 213 for (i = 0; i < (int) strlen(xephyr_extra_params); i++) {
213 if (temp[i] == '\"') { 214 if (temp[i] == '\"') {
214 dquote = !dquote; 215 dquote = !dquote;
215 if (dquote) temp[i] = '\0'; // replace closing quote by \0 216 if (dquote) temp[i] = '\0'; // replace closing quote by \0
@@ -229,7 +230,7 @@ void x11_start_xephyr(int argc, char **argv) {
229 exit(1); 230 exit(1);
230 } 231 }
231 232
232 for (i = 0; i < strlen(xephyr_extra_params)-1; i++) { 233 for (i = 0; i < (int) strlen(xephyr_extra_params)-1; i++) {
233 if (pos >= (sizeof(server_argv)/sizeof(*server_argv))) { 234 if (pos >= (sizeof(server_argv)/sizeof(*server_argv))) {
234 fprintf(stderr, "Error: arg count limit exceeded while parsing xephyr_extra_params\n"); 235 fprintf(stderr, "Error: arg count limit exceeded while parsing xephyr_extra_params\n");
235 exit(1); 236 exit(1);
@@ -257,7 +258,7 @@ void x11_start_xephyr(int argc, char **argv) {
257 258
258 // remove --x11 arg 259 // remove --x11 arg
259 char *jail_argv[argc+2]; 260 char *jail_argv[argc+2];
260 size_t j = 0; 261 int j = 0;
261 for (i = 0; i < argc; i++) { 262 for (i = 0; i < argc; i++) {
262 if (strcmp(argv[i], "--x11") == 0) 263 if (strcmp(argv[i], "--x11") == 0)
263 continue; 264 continue;
@@ -359,7 +360,7 @@ void x11_start_xephyr(int argc, char **argv) {
359 360
360void x11_start_xpra(int argc, char **argv) { 361void x11_start_xpra(int argc, char **argv) {
361 EUID_ASSERT(); 362 EUID_ASSERT();
362 size_t i; 363 int i;
363 struct stat s; 364 struct stat s;
364 pid_t client = 0; 365 pid_t client = 0;
365 pid_t server = 0; 366 pid_t server = 0;
@@ -464,7 +465,7 @@ void x11_start_xpra(int argc, char **argv) {
464 465
465 // build jail command 466 // build jail command
466 char *firejail_argv[argc+2]; 467 char *firejail_argv[argc+2];
467 unsigned pos = 0; 468 int pos = 0;
468 for (i = 0; i < argc; i++) { 469 for (i = 0; i < argc; i++) {
469 if (strcmp(argv[i], "--x11") == 0) 470 if (strcmp(argv[i], "--x11") == 0)
470 continue; 471 continue;
@@ -477,7 +478,7 @@ void x11_start_xpra(int argc, char **argv) {
477 } 478 }
478 firejail_argv[pos] = NULL; 479 firejail_argv[pos] = NULL;
479 480
480 assert(pos < argc+2); 481 assert(pos < (argc+2));
481 assert(!firejail_argv[pos]); 482 assert(!firejail_argv[pos]);
482 483
483 // start jail 484 // start jail
@@ -524,12 +525,13 @@ void x11_start_xpra(int argc, char **argv) {
524 break; 525 break;
525 } 526 }
526 527
527 if (arg_debug) 528 if (arg_debug) {
528 if (n == 10) 529 if (n == 10)
529 printf("failed to stop xpra server gratefully\n"); 530 printf("failed to stop xpra server gratefully\n");
530 else 531 else
531 printf("xpra server successfully stoped in %d secs\n", n); 532 printf("xpra server successfully stoped in %d secs\n", n);
532 533 }
534
533 // kill xpra server and xpra client 535 // kill xpra server and xpra client
534 kill(client, SIGTERM); 536 kill(client, SIGTERM);
535 kill(server, SIGTERM); 537 kill(server, SIGTERM);
diff --git a/src/lib/common.c b/src/lib/common.c
index fe5c62536..acb6bd3b4 100644
--- a/src/lib/common.c
+++ b/src/lib/common.c
@@ -241,7 +241,7 @@ int pid_proc_cmdline_x11(const pid_t pid) {
241 i++; 241 i++;
242 if (i >= len) 242 if (i >= len)
243 break; 243 break;
244 char *arg = buffer + i; 244 char *arg = (char *)buffer + i;
245 245
246 // detect the last command line option 246 // detect the last command line option
247 if (strcmp(arg, "--") == 0) 247 if (strcmp(arg, "--") == 0)
diff --git a/test/dist-compile/compile.sh b/test/dist-compile/compile.sh
index f762b457d..76a7162b7 100755
--- a/test/dist-compile/compile.sh
+++ b/test/dist-compile/compile.sh
@@ -12,7 +12,8 @@ arr[9]="TEST 9: compile file transfer disabled"
12arr[10]="TEST 10: compile disable whitelist" 12arr[10]="TEST 10: compile disable whitelist"
13arr[11]="TEST 11: compile disable global config" 13arr[11]="TEST 11: compile disable global config"
14arr[12]="TEST 12: compile apparmor" 14arr[12]="TEST 12: compile apparmor"
15arr[12]="TEST 13: compile busybox" 15arr[13]="TEST 13: compile busybox"
16arr[14]="TEST 14: compile overlayfs disabled"
16 17
17# remove previous reports and output file 18# remove previous reports and output file
18cleanup() { 19cleanup() {
@@ -52,8 +53,6 @@ cleanup
52# TEST 1 53# TEST 1
53#***************************************************************** 54#*****************************************************************
54# - checkout source code 55# - checkout source code
55# - check compilation
56# - install
57#***************************************************************** 56#*****************************************************************
58print_title "${arr[1]}" 57print_title "${arr[1]}"
59echo "$DIST" 58echo "$DIST"
@@ -75,7 +74,6 @@ rm output-configure output-make
75# TEST 2 74# TEST 2
76#***************************************************************** 75#*****************************************************************
77# - disable seccomp configuration 76# - disable seccomp configuration
78# - check compilation
79#***************************************************************** 77#*****************************************************************
80print_title "${arr[2]}" 78print_title "${arr[2]}"
81# seccomp 79# seccomp
@@ -94,7 +92,6 @@ rm output-configure output-make
94# TEST 3 92# TEST 3
95#***************************************************************** 93#*****************************************************************
96# - disable chroot configuration 94# - disable chroot configuration
97# - check compilation
98#***************************************************************** 95#*****************************************************************
99print_title "${arr[3]}" 96print_title "${arr[3]}"
100# seccomp 97# seccomp
@@ -113,7 +110,6 @@ rm output-configure output-make
113# TEST 4 110# TEST 4
114#***************************************************************** 111#*****************************************************************
115# - disable bind configuration 112# - disable bind configuration
116# - check compilation
117#***************************************************************** 113#*****************************************************************
118print_title "${arr[4]}" 114print_title "${arr[4]}"
119# seccomp 115# seccomp
@@ -132,7 +128,6 @@ rm output-configure output-make
132# TEST 5 128# TEST 5
133#***************************************************************** 129#*****************************************************************
134# - disable user namespace configuration 130# - disable user namespace configuration
135# - check compilation
136#***************************************************************** 131#*****************************************************************
137print_title "${arr[5]}" 132print_title "${arr[5]}"
138# seccomp 133# seccomp
@@ -170,7 +165,6 @@ rm output-configure output-make
170# TEST 7 165# TEST 7
171#***************************************************************** 166#*****************************************************************
172# - disable X11 support 167# - disable X11 support
173# - check compilation
174#***************************************************************** 168#*****************************************************************
175print_title "${arr[7]}" 169print_title "${arr[7]}"
176# seccomp 170# seccomp
@@ -190,7 +184,6 @@ rm output-configure output-make
190# TEST 8 184# TEST 8
191#***************************************************************** 185#*****************************************************************
192# - enable network restricted 186# - enable network restricted
193# - check compilation
194#***************************************************************** 187#*****************************************************************
195print_title "${arr[8]}" 188print_title "${arr[8]}"
196# seccomp 189# seccomp
@@ -210,7 +203,6 @@ rm output-configure output-make
210# TEST 9 203# TEST 9
211#***************************************************************** 204#*****************************************************************
212# - disable file transfer 205# - disable file transfer
213# - check compilation
214#***************************************************************** 206#*****************************************************************
215print_title "${arr[9]}" 207print_title "${arr[9]}"
216# seccomp 208# seccomp
@@ -229,7 +221,6 @@ rm output-configure output-make
229# TEST 10 221# TEST 10
230#***************************************************************** 222#*****************************************************************
231# - disable whitelist 223# - disable whitelist
232# - check compilation
233#***************************************************************** 224#*****************************************************************
234print_title "${arr[10]}" 225print_title "${arr[10]}"
235# seccomp 226# seccomp
@@ -248,7 +239,6 @@ rm output-configure output-make
248# TEST 11 239# TEST 11
249#***************************************************************** 240#*****************************************************************
250# - disable global config 241# - disable global config
251# - check compilation
252#***************************************************************** 242#*****************************************************************
253print_title "${arr[11]}" 243print_title "${arr[11]}"
254# seccomp 244# seccomp
@@ -267,9 +257,8 @@ rm output-configure output-make
267# TEST 12 257# TEST 12
268#***************************************************************** 258#*****************************************************************
269# - enable apparmor 259# - enable apparmor
270# - check compilation
271#***************************************************************** 260#*****************************************************************
272print_title "${arr[11]}" 261print_title "${arr[12]}"
273# seccomp 262# seccomp
274cd firejail 263cd firejail
275make distclean 264make distclean
@@ -286,9 +275,8 @@ rm output-configure output-make
286# TEST 13 275# TEST 13
287#***************************************************************** 276#*****************************************************************
288# - enable busybox workaround 277# - enable busybox workaround
289# - check compilation
290#***************************************************************** 278#*****************************************************************
291print_title "${arr[11]}" 279print_title "${arr[13]}"
292# seccomp 280# seccomp
293cd firejail 281cd firejail
294make distclean 282make distclean
@@ -301,6 +289,24 @@ cp output-configure oc13
301cp output-make om13 289cp output-make om13
302rm output-configure output-make 290rm output-configure output-make
303 291
292#*****************************************************************
293# TEST 14
294#*****************************************************************
295# - disable overlayfs
296#*****************************************************************
297print_title "${arr[14]}"
298# seccomp
299cd firejail
300make distclean
301./configure --prefix=/usr --disable-overlayfs --enable-fatal-warnings 2>&1 | tee ../output-configure
302make -j4 2>&1 | tee ../output-make
303cd ..
304grep Warning output-configure output-make > ./report-test14
305grep Error output-configure output-make >> ./report-test14
306cp output-configure oc14
307cp output-make om14
308rm output-configure output-make
309
304 310
305#***************************************************************** 311#*****************************************************************
306# PRINT REPORTS 312# PRINT REPORTS
@@ -329,3 +335,4 @@ echo ${arr[10]}
329echo ${arr[11]} 335echo ${arr[11]}
330echo ${arr[12]} 336echo ${arr[12]}
331echo ${arr[13]} 337echo ${arr[13]}
338echo ${arr[14]}
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-04 16:54:44 +0000