diff options
author | netblue30 <netblue30@yahoo.com> | 2017-10-29 16:05:23 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-10-29 16:08:00 -0400 |
commit | 6ae4d342bdc0b11ae6966bd83a596d6ae77a7a5f (patch) | |
tree | 84572a5655239f39dbf180bbdde181cc15ea8c35 | |
parent | fix and harden various profiles (diff) | |
download | firejail-6ae4d342bdc0b11ae6966bd83a596d6ae77a7a5f.tar.gz firejail-6ae4d342bdc0b11ae6966bd83a596d6ae77a7a5f.tar.zst firejail-6ae4d342bdc0b11ae6966bd83a596d6ae77a7a5f.zip |
--timeout testing and fixes (#1614)
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | src/firejail/fs_hostname.c | 2 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 14 | ||||
-rwxr-xr-x | test/environment/environment.sh | 3 | ||||
-rwxr-xr-x | test/environment/timeout.exp | 31 |
5 files changed, 45 insertions, 7 deletions
@@ -4,7 +4,7 @@ firejail (0.9.51) baseline; urgency=low | |||
4 | read-only, read-write, tmpfs and noexec are allowed in | 4 | read-only, read-write, tmpfs and noexec are allowed in |
5 | private home directories | 5 | private home directories |
6 | * modif: remount-proc-sys deprecated from firejail.config | 6 | * modif: remount-proc-sys deprecated from firejail.config |
7 | * modif: --profile-path deprecated | 7 | * modif: --profile-path was deprecated |
8 | * enhancement: support Firejail user config directory in firecfg | 8 | * enhancement: support Firejail user config directory in firecfg |
9 | * enhancement: disable DBus activation in firecfg | 9 | * enhancement: disable DBus activation in firecfg |
10 | * enhancement; enumerate root directories in apparmor profile | 10 | * enhancement; enumerate root directories in apparmor profile |
diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c index 0cf715fe2..15c8f5e36 100644 --- a/src/firejail/fs_hostname.c +++ b/src/firejail/fs_hostname.c | |||
@@ -94,7 +94,7 @@ void fs_resolvconf(void) { | |||
94 | 94 | ||
95 | struct stat s; | 95 | struct stat s; |
96 | 96 | ||
97 | // create a new /etc/hostname | 97 | // create a new /etc/resolv.conf |
98 | if (stat("/etc/resolv.conf", &s) == 0) { | 98 | if (stat("/etc/resolv.conf", &s) == 0) { |
99 | if (arg_debug) | 99 | if (arg_debug) |
100 | printf("Creating a new /etc/resolv.conf file\n"); | 100 | printf("Creating a new /etc/resolv.conf file\n"); |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index d797cee61..b413407bd 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -227,11 +227,15 @@ static int monitor_application(pid_t app_pid) { | |||
227 | break; | 227 | break; |
228 | 228 | ||
229 | // handle --timeout | 229 | // handle --timeout |
230 | if (options && --timeout == 0) { | 230 | if (options) { |
231 | kill(-1, SIGTERM); | 231 | if (--timeout == 0) { |
232 | flush_stdin(); | 232 | kill(-1, SIGTERM); |
233 | sleep(1); | 233 | flush_stdin(); |
234 | _exit(1); | 234 | sleep(1); |
235 | _exit(1); | ||
236 | } | ||
237 | else | ||
238 | sleep(1); | ||
235 | } | 239 | } |
236 | } | 240 | } |
237 | while(rv != monitored_pid); | 241 | while(rv != monitored_pid); |
diff --git a/test/environment/environment.sh b/test/environment/environment.sh index 308d99871..844e90cb8 100755 --- a/test/environment/environment.sh +++ b/test/environment/environment.sh | |||
@@ -7,6 +7,9 @@ export MALLOC_CHECK_=3 | |||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | 7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) |
8 | 8 | ||
9 | 9 | ||
10 | echo "TESTING: timeout (test/environment/timeout.exp)" | ||
11 | ./timeout.exp | ||
12 | |||
10 | echo "TESTING: DNS (test/environment/dns.exp)" | 13 | echo "TESTING: DNS (test/environment/dns.exp)" |
11 | ./dns.exp | 14 | ./dns.exp |
12 | 15 | ||
diff --git a/test/environment/timeout.exp b/test/environment/timeout.exp new file mode 100755 index 000000000..ac29c57ba --- /dev/null +++ b/test/environment/timeout.exp | |||
@@ -0,0 +1,31 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2017 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "time firejail --timeout=00:00:05\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | sleep 3 | ||
18 | send -- "env\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1\n";exit} | ||
21 | "container=firejail" | ||
22 | } | ||
23 | |||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 2\n";exit} | ||
26 | "m5." {puts "5 seconds"} | ||
27 | "m6." {puts "6 seconds"} | ||
28 | "m7." {puts "7 seconds"} | ||
29 | } | ||
30 | |||
31 | puts "\nall done\n" | ||