diff options
author | netblue30 <netblue30@yahoo.com> | 2016-04-15 15:34:19 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-04-15 15:34:19 -0400 |
commit | 3ee0df541e284074662c7c916951fb37aac4abef (patch) | |
tree | b176830d33d229d83426314b639d55d72874ac68 | |
parent | merged 0ad profile from Fred-Barclay (diff) | |
download | firejail-3ee0df541e284074662c7c916951fb37aac4abef.tar.gz firejail-3ee0df541e284074662c7c916951fb37aac4abef.tar.zst firejail-3ee0df541e284074662c7c916951fb37aac4abef.zip |
x11 fixes
-rw-r--r-- | src/firejail/x11.c | 6 | ||||
-rwxr-xr-x | test/icedove-x11.exp | 82 | ||||
-rwxr-xr-x | test/test-apps-x11.sh | 20 | ||||
-rwxr-xr-x | test/xterm-x11.exp | 82 |
4 files changed, 186 insertions, 4 deletions
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index ef1095a49..985ca9337 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -170,7 +170,7 @@ void x11_start_xephyr(int argc, char **argv) { | |||
170 | 170 | ||
171 | // unfortunately, xephyr does a number of weird things when started by root user!!! | 171 | // unfortunately, xephyr does a number of weird things when started by root user!!! |
172 | if (getuid() == 0) { | 172 | if (getuid() == 0) { |
173 | fprintf(stderr, "Error: this feature is not available when running as root\n"); | 173 | fprintf(stderr, "Error: X11 sandboxing is not available when running as root\n"); |
174 | exit(1); | 174 | exit(1); |
175 | } | 175 | } |
176 | 176 | ||
@@ -292,7 +292,7 @@ void x11_start_xpra(int argc, char **argv) { | |||
292 | 292 | ||
293 | // unfortunately, xpra does a number of weird things when started by root user!!! | 293 | // unfortunately, xpra does a number of weird things when started by root user!!! |
294 | if (getuid() == 0) { | 294 | if (getuid() == 0) { |
295 | fprintf(stderr, "Error: this feature is not available when running as root\n"); | 295 | fprintf(stderr, "Error: X11 sandboxing is not available when running as root\n"); |
296 | exit(1); | 296 | exit(1); |
297 | } | 297 | } |
298 | 298 | ||
@@ -410,7 +410,7 @@ void x11_start(int argc, char **argv) { | |||
410 | 410 | ||
411 | // unfortunately, xpra does a number of weird things when started by root user!!! | 411 | // unfortunately, xpra does a number of weird things when started by root user!!! |
412 | if (getuid() == 0) { | 412 | if (getuid() == 0) { |
413 | fprintf(stderr, "Error: this feature is not available when running as root\n"); | 413 | fprintf(stderr, "Error: X11 sandboxing is not available when running as root\n"); |
414 | exit(1); | 414 | exit(1); |
415 | } | 415 | } |
416 | 416 | ||
diff --git a/test/icedove-x11.exp b/test/icedove-x11.exp new file mode 100755 index 000000000..6f8eee90d --- /dev/null +++ b/test/icedove-x11.exp | |||
@@ -0,0 +1,82 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --name=test --net=br0 --x11 icedove\r" | ||
8 | sleep 10 | ||
9 | |||
10 | spawn $env(SHELL) | ||
11 | send -- "firejail --list\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 3\n";exit} | ||
14 | ":firejail" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
18 | "icedove" | ||
19 | } | ||
20 | sleep 1 | ||
21 | |||
22 | # grsecurity exit | ||
23 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
26 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
27 | "cannot open" {puts "grsecurity not present\n"} | ||
28 | } | ||
29 | |||
30 | send -- "firejail --name=blablabla\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 4\n";exit} | ||
33 | "Child process initialized" | ||
34 | } | ||
35 | sleep 2 | ||
36 | |||
37 | spawn $env(SHELL) | ||
38 | send -- "firemon --seccomp\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 5\n";exit} | ||
41 | ":firejail" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
45 | "icedove" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
49 | "Seccomp: 2" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
53 | "name=blablabla" | ||
54 | } | ||
55 | sleep 2 | ||
56 | send -- "firemon --caps\r" | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 6\n";exit} | ||
59 | ":firejail" | ||
60 | } | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
63 | "icedove" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
67 | "CapBnd" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
71 | "0000000000000000" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
75 | "name=blablabla" | ||
76 | } | ||
77 | sleep 1 | ||
78 | send -- "firejail --shutdown=test\r" | ||
79 | sleep 3 | ||
80 | |||
81 | puts "\nall done\n" | ||
82 | |||
diff --git a/test/test-apps-x11.sh b/test/test-apps-x11.sh index 6521fa2b0..93d984501 100755 --- a/test/test-apps-x11.sh +++ b/test/test-apps-x11.sh | |||
@@ -1,5 +1,14 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | 2 | ||
3 | which xterm | ||
4 | if [ "$?" -eq 0 ]; | ||
5 | then | ||
6 | echo "TESTING: xterm x11" | ||
7 | ./xterm-x11.exp | ||
8 | else | ||
9 | echo "TESTING: xterm not found" | ||
10 | fi | ||
11 | |||
3 | which firefox | 12 | which firefox |
4 | if [ "$?" -eq 0 ]; | 13 | if [ "$?" -eq 0 ]; |
5 | then | 14 | then |
@@ -22,8 +31,17 @@ which transmission-gtk | |||
22 | if [ "$?" -eq 0 ]; | 31 | if [ "$?" -eq 0 ]; |
23 | then | 32 | then |
24 | echo "TESTING: transmission-gtk x11" | 33 | echo "TESTING: transmission-gtk x11" |
25 | ./transmission-gtk.exp | 34 | ./transmission-gtk-x11.exp |
26 | else | 35 | else |
27 | echo "TESTING: transmission-gtk not found" | 36 | echo "TESTING: transmission-gtk not found" |
28 | fi | 37 | fi |
29 | 38 | ||
39 | which icedove | ||
40 | if [ "$?" -eq 0 ]; | ||
41 | then | ||
42 | echo "TESTING: icedove x11" | ||
43 | ./icedove-x11.exp | ||
44 | else | ||
45 | echo "TESTING: chromium not found" | ||
46 | fi | ||
47 | |||
diff --git a/test/xterm-x11.exp b/test/xterm-x11.exp new file mode 100755 index 000000000..592f77659 --- /dev/null +++ b/test/xterm-x11.exp | |||
@@ -0,0 +1,82 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --name=test --net=br0 --x11 xterm\r" | ||
8 | sleep 10 | ||
9 | |||
10 | spawn $env(SHELL) | ||
11 | send -- "firejail --list\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 3\n";exit} | ||
14 | ":firejail" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
18 | "xterm" | ||
19 | } | ||
20 | sleep 1 | ||
21 | |||
22 | # grsecurity exit | ||
23 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
26 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
27 | "cannot open" {puts "grsecurity not present\n"} | ||
28 | } | ||
29 | |||
30 | send -- "firejail --name=blablabla\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 4\n";exit} | ||
33 | "Child process initialized" | ||
34 | } | ||
35 | sleep 2 | ||
36 | |||
37 | spawn $env(SHELL) | ||
38 | send -- "firemon --seccomp\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 5\n";exit} | ||
41 | ":firejail" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
45 | "xterm" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
49 | "Seccomp: 2" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
53 | "name=blablabla" | ||
54 | } | ||
55 | sleep 1 | ||
56 | send -- "firemon --caps\r" | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 6\n";exit} | ||
59 | ":firejail" | ||
60 | } | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
63 | "xterm" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
67 | "CapBnd" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
71 | "0000000000000000" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
75 | "name=blablabla" | ||
76 | } | ||
77 | sleep 1 | ||
78 | send -- "firejail --shutdown=test\r" | ||
79 | sleep 3 | ||
80 | |||
81 | puts "\nall done\n" | ||
82 | |||