diff options
author | netblue30 <netblue30@yahoo.com> | 2016-06-10 11:22:24 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-06-10 11:22:24 -0400 |
commit | f5b452bc4276ff2abecae522d9598441899293f1 (patch) | |
tree | 81084de530711c44752cec367acecec9d27dd060 | |
parent | private-bin conversion (diff) | |
download | firejail-f5b452bc4276ff2abecae522d9598441899293f1.tar.gz firejail-f5b452bc4276ff2abecae522d9598441899293f1.tar.zst firejail-f5b452bc4276ff2abecae522d9598441899293f1.zip |
private-bin conversion
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | etc/deluge.profile | 1 | ||||
-rw-r--r-- | etc/disable-devel.inc | 2 | ||||
-rw-r--r-- | etc/evince.profile | 1 | ||||
-rw-r--r-- | etc/fbreader.profile | 3 | ||||
-rw-r--r-- | etc/filezilla.profile | 1 | ||||
-rw-r--r-- | etc/gthumb.profile | 1 | ||||
-rw-r--r-- | etc/hexchat.profile | 2 | ||||
-rw-r--r-- | etc/qbittorrent.profile | 1 | ||||
-rw-r--r-- | etc/rtorrent.profile | 1 | ||||
-rw-r--r-- | etc/transmission-gtk.profile | 1 | ||||
-rw-r--r-- | etc/transmission-qt.profile | 1 | ||||
-rw-r--r-- | etc/uget-gtk.profile | 4 | ||||
-rw-r--r-- | etc/weechat.profile | 4 | ||||
-rw-r--r-- | etc/xchat.profile | 2 | ||||
-rwxr-xr-x | test/apps/apps.sh | 9 | ||||
-rwxr-xr-x | test/apps/uget-gtk.exp | 83 |
17 files changed, 116 insertions, 3 deletions
@@ -67,7 +67,7 @@ AppImage project home: https://github.com/probonopd/AppImageKit | |||
67 | 67 | ||
68 | ## Converting profiles to private-bin - work in progress! | 68 | ## Converting profiles to private-bin - work in progress! |
69 | 69 | ||
70 | BitTorrent profiles converted to private-bin: deluge, qbittorrent, rtorrent, transmission-gtk, transmission-qt | 70 | BitTorrent: deluge, qbittorrent, rtorrent, transmission-gtk, transmission-qt, uget-gtk |
71 | 71 | ||
72 | File transfer: filezilla | 72 | File transfer: filezilla |
73 | 73 | ||
diff --git a/etc/deluge.profile b/etc/deluge.profile index 87a17423b..96df13a73 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
@@ -15,3 +15,4 @@ seccomp | |||
15 | 15 | ||
16 | shell none | 16 | shell none |
17 | private-bin deluge,sh,python,uname | 17 | private-bin deluge,sh,python,uname |
18 | whitelist /tmp/.X11-unix | ||
diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc index 071a82f76..4e401055a 100644 --- a/etc/disable-devel.inc +++ b/etc/disable-devel.inc | |||
@@ -37,7 +37,7 @@ blacklist /usr/lib/php* | |||
37 | blacklist /usr/bin/ruby | 37 | blacklist /usr/bin/ruby |
38 | blacklist /usr/lib/ruby | 38 | blacklist /usr/lib/ruby |
39 | 39 | ||
40 | # Programs using python: deluge, firefox addons, filezilla, cherrytree | 40 | # Programs using python: deluge, firefox addons, filezilla, cherrytree, xchat, hexchat |
41 | # Python 2 | 41 | # Python 2 |
42 | #blacklist /usr/bin/python2* | 42 | #blacklist /usr/bin/python2* |
43 | #blacklist /usr/lib/python2* | 43 | #blacklist /usr/lib/python2* |
diff --git a/etc/evince.profile b/etc/evince.profile index 8671c1251..320d55fad 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -13,3 +13,4 @@ seccomp | |||
13 | 13 | ||
14 | shell none | 14 | shell none |
15 | private-bin evince,evince-previewer,evince-thumbnailer | 15 | private-bin evince,evince-previewer,evince-thumbnailer |
16 | whitelist /tmp/.X11-unix | ||
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index df359e50a..f155b02af 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
@@ -15,4 +15,5 @@ protocol unix,inet,inet6 | |||
15 | seccomp | 15 | seccomp |
16 | 16 | ||
17 | shell none | 17 | shell none |
18 | private-bin fbreader,FBReader \ No newline at end of file | 18 | private-bin fbreader,FBReader |
19 | whitelist /tmp/.X11-unix | ||
diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 35663f2fa..c146dba13 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile | |||
@@ -16,3 +16,4 @@ seccomp | |||
16 | 16 | ||
17 | shell none | 17 | shell none |
18 | private-bin filezilla,uname,sh,python,lsb_release,fzputtygen,fzsftp | 18 | private-bin filezilla,uname,sh,python,lsb_release,fzputtygen,fzsftp |
19 | whitelist /tmp/.X11-unix | ||
diff --git a/etc/gthumb.profile b/etc/gthumb.profile index 68d6a52d9..2d6cd160c 100644 --- a/etc/gthumb.profile +++ b/etc/gthumb.profile | |||
@@ -15,3 +15,4 @@ seccomp | |||
15 | 15 | ||
16 | shell none | 16 | shell none |
17 | private-bin gthumb | 17 | private-bin gthumb |
18 | whitelist /tmp/.X11-unix | ||
diff --git a/etc/hexchat.profile b/etc/hexchat.profile index a584d25c5..4e829c379 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile | |||
@@ -17,3 +17,5 @@ mkdir ~/.config | |||
17 | mkdir ~/.config/hexchat | 17 | mkdir ~/.config/hexchat |
18 | whitelist ~/.config/hexchat | 18 | whitelist ~/.config/hexchat |
19 | include /etc/firejail/whitelist-common.inc | 19 | include /etc/firejail/whitelist-common.inc |
20 | |||
21 | # private-bin requires perl, python, etc. | ||
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index bb97a880b..bc87ad5c8 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -14,3 +14,4 @@ seccomp | |||
14 | 14 | ||
15 | shell none | 15 | shell none |
16 | private-bin qbittorrent | 16 | private-bin qbittorrent |
17 | whitelist /tmp/.X11-unix | ||
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index c196370a2..97c2335a8 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile | |||
@@ -14,3 +14,4 @@ seccomp | |||
14 | 14 | ||
15 | shell none | 15 | shell none |
16 | private-bin rtorrent | 16 | private-bin rtorrent |
17 | whitelist /tmp/.X11-unix | ||
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index e8d0e25e7..80d71d615 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -18,3 +18,4 @@ tracelog | |||
18 | 18 | ||
19 | shell none | 19 | shell none |
20 | private-bin transmission-gtk | 20 | private-bin transmission-gtk |
21 | whitelist /tmp/.X11-unix | ||
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index fd3a98aad..dfb600871 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -18,3 +18,4 @@ tracelog | |||
18 | 18 | ||
19 | shell none | 19 | shell none |
20 | private-bin transmission-qt | 20 | private-bin transmission-qt |
21 | whitelist /tmp/.X11-unix | ||
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index 02c7f56bf..591a82af4 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile | |||
@@ -17,3 +17,7 @@ mkdir ~/.config | |||
17 | mkdir ~/.config/uGet | 17 | mkdir ~/.config/uGet |
18 | whitelist ~/.config/uGet | 18 | whitelist ~/.config/uGet |
19 | include /etc/firejail/whitelist-common.inc | 19 | include /etc/firejail/whitelist-common.inc |
20 | |||
21 | shell none | ||
22 | private-bin uget-gtk | ||
23 | whitelist /tmp/.X11-unix | ||
diff --git a/etc/weechat.profile b/etc/weechat.profile index 6cfe58420..410061278 100644 --- a/etc/weechat.profile +++ b/etc/weechat.profile | |||
@@ -9,3 +9,7 @@ nonewprivs | |||
9 | noroot | 9 | noroot |
10 | protocol unix,inet,inet6 | 10 | protocol unix,inet,inet6 |
11 | seccomp | 11 | seccomp |
12 | |||
13 | # no private-bin support for various reasons: | ||
14 | # Plugins loaded: alias, aspell, charset, exec, fifo, guile, irc, | ||
15 | # logger, lua, perl, python, relay, ruby, script, tcl, trigger, xferloading plugins \ No newline at end of file | ||
diff --git a/etc/xchat.profile b/etc/xchat.profile index 061c4f3da..1f2865cab 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile | |||
@@ -10,3 +10,5 @@ nonewprivs | |||
10 | noroot | 10 | noroot |
11 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
12 | seccomp | 12 | seccomp |
13 | |||
14 | # private-bin requires perl, python, etc. | ||
diff --git a/test/apps/apps.sh b/test/apps/apps.sh index bbfe2a606..c329c57e5 100755 --- a/test/apps/apps.sh +++ b/test/apps/apps.sh | |||
@@ -69,6 +69,15 @@ else | |||
69 | echo "TESTING SKIP: qbittorrent not found" | 69 | echo "TESTING SKIP: qbittorrent not found" |
70 | fi | 70 | fi |
71 | 71 | ||
72 | which uget-gtk | ||
73 | if [ "$?" -eq 0 ]; | ||
74 | then | ||
75 | echo "TESTING: uget" | ||
76 | ./uget-gtk.exp | ||
77 | else | ||
78 | echo "TESTING SKIP: uget-gtk not found" | ||
79 | fi | ||
80 | |||
72 | which filezilla | 81 | which filezilla |
73 | if [ "$?" -eq 0 ]; | 82 | if [ "$?" -eq 0 ]; |
74 | then | 83 | then |
diff --git a/test/apps/uget-gtk.exp b/test/apps/uget-gtk.exp new file mode 100755 index 000000000..47fa5849b --- /dev/null +++ b/test/apps/uget-gtk.exp | |||
@@ -0,0 +1,83 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail uget-gtk\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Reading profile /etc/firejail/uget-gtk.profile" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 3 | ||
20 | |||
21 | spawn $env(SHELL) | ||
22 | send -- "firejail --list\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | ":firejail" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
29 | "uget-gtk" | ||
30 | } | ||
31 | sleep 1 | ||
32 | |||
33 | # grsecurity exit | ||
34 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
37 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
38 | "cannot open" {puts "grsecurity not present\n"} | ||
39 | } | ||
40 | |||
41 | send -- "firejail --name=blablabla\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "Child process initialized" | ||
45 | } | ||
46 | sleep 2 | ||
47 | |||
48 | spawn $env(SHELL) | ||
49 | send -- "firemon --seccomp\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5\n";exit} | ||
52 | ":firejail uget-gtk" | ||
53 | } | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
56 | "Seccomp: 2" | ||
57 | } | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
60 | "name=blablabla" | ||
61 | } | ||
62 | sleep 1 | ||
63 | send -- "firemon --caps\r" | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 6\n";exit} | ||
66 | ":firejail uget-gtk" | ||
67 | } | ||
68 | expect { | ||
69 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
70 | "CapBnd:" | ||
71 | } | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
74 | "0000000000000000" | ||
75 | } | ||
76 | expect { | ||
77 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
78 | "name=blablabla" | ||
79 | } | ||
80 | sleep 1 | ||
81 | |||
82 | puts "\nall done\n" | ||
83 | |||