diff options
author | netblue30 <netblue30@yahoo.com> | 2015-10-16 07:17:55 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-10-16 07:17:55 -0400 |
commit | 83b898c9d7c14e70bb7531fffc56de40d2db4fb8 (patch) | |
tree | d3b627fefbc898424cf17b81f9f1fa1b4b85954e | |
parent | testing (diff) | |
download | firejail-83b898c9d7c14e70bb7531fffc56de40d2db4fb8.tar.gz firejail-83b898c9d7c14e70bb7531fffc56de40d2db4fb8.tar.zst firejail-83b898c9d7c14e70bb7531fffc56de40d2db4fb8.zip |
seccomp testing
-rw-r--r-- | src/firejail/usage.c | 6 | ||||
-rw-r--r-- | src/man/firejail.txt | 6 | ||||
-rwxr-xr-x | test/chk_config.exp | 3 | ||||
-rwxr-xr-x | test/servers3.exp | 17 |
4 files changed, 28 insertions, 4 deletions
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 096d44765..a9900cf33 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -213,7 +213,11 @@ void usage(void) { | |||
213 | printf("\t\tfinit_module, delete_module, iopl, ioperm, swapon, swapoff,\n"); | 213 | printf("\t\tfinit_module, delete_module, iopl, ioperm, swapon, swapoff,\n"); |
214 | printf("\t\tsyslog, process_vm_readv and process_vm_writev\n"); | 214 | printf("\t\tsyslog, process_vm_readv and process_vm_writev\n"); |
215 | printf("\t\tsysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie,\n"); | 215 | printf("\t\tsysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie,\n"); |
216 | printf("\t\tperf_event_open, fanotify_init and kcmp.\n\n"); | 216 | printf("\t\tperf_event_open, fanotify_init, kcmp, add_key, request_key,\n"); |
217 | printf("\t\tkeyctl, uselib, acct, modify_ldt, pivot_root, io_setup,\n"); | ||
218 | printf("\t\tio_destroy, io_getevents, io_submit, io_cancel,\n"); | ||
219 | printf("\t\tremap_file_pages, mbind, get_mempolicy, set_mempolicy,\n"); | ||
220 | printf("\t\tmigrate_pages, move_pages, vmsplice, and perf_event_open.\n\n"); | ||
217 | 221 | ||
218 | printf("\t--seccomp=syscall,syscall,syscall - enable seccomp filter, blacklist the\n"); | 222 | printf("\t--seccomp=syscall,syscall,syscall - enable seccomp filter, blacklist the\n"); |
219 | printf("\t\tdefault syscall list and the syscalls specified by the command.\n\n"); | 223 | printf("\t\tdefault syscall list and the syscalls specified by the command.\n\n"); |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 9d3595d16..ae9d07bb8 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -861,7 +861,11 @@ $ firejail \-\-net=eth0 \-\-scan | |||
861 | Enable seccomp filter and blacklist the syscalls in the default list. The default list is as follows: | 861 | Enable seccomp filter and blacklist the syscalls in the default list. The default list is as follows: |
862 | mount, umount2, ptrace, kexec_load, open_by_handle_at, init_module, finit_module, delete_module, | 862 | mount, umount2, ptrace, kexec_load, open_by_handle_at, init_module, finit_module, delete_module, |
863 | iopl, ioperm, swapon, swapoff, syslog, process_vm_readv and process_vm_writev, | 863 | iopl, ioperm, swapon, swapoff, syslog, process_vm_readv and process_vm_writev, |
864 | sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init and kcmp. | 864 | sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init, kcmp, |
865 | add_key, request_key, keyctl, uselib, acct, modify_ldt, pivot_root, io_setup, | ||
866 | io_destroy, io_getevents, io_submit, io_cancel, | ||
867 | remap_file_pages, mbind, get_mempolicy, set_mempolicy, | ||
868 | migrate_pages, move_pages, vmsplice, and perf_event_open. | ||
865 | .br | 869 | .br |
866 | 870 | ||
867 | .br | 871 | .br |
diff --git a/test/chk_config.exp b/test/chk_config.exp index ada59d655..253ebf98e 100755 --- a/test/chk_config.exp +++ b/test/chk_config.exp | |||
@@ -80,7 +80,8 @@ expect { | |||
80 | } | 80 | } |
81 | expect { | 81 | expect { |
82 | timeout {puts "TESTING ERROR 5\n";exit} | 82 | timeout {puts "TESTING ERROR 5\n";exit} |
83 | "home" | 83 | "home" {puts "regular user\n"} |
84 | "root" {puts "root user\n"} | ||
84 | } | 85 | } |
85 | 86 | ||
86 | 87 | ||
diff --git a/test/servers3.exp b/test/servers3.exp index f23ffba46..da44a28ee 100755 --- a/test/servers3.exp +++ b/test/servers3.exp | |||
@@ -26,6 +26,21 @@ expect { | |||
26 | "apache" | 26 | "apache" |
27 | } | 27 | } |
28 | 28 | ||
29 | send -- "rm index.html\r" | ||
30 | sleep 1 | ||
31 | send -- "wget 0\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 2\n";exit} | ||
34 | "saved" | ||
35 | } | ||
36 | send -- "cat index.html\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 3\n";exit} | ||
39 | "This is the default web page for this server" | ||
40 | } | ||
41 | |||
42 | |||
43 | |||
29 | send -- "exit\r" | 44 | send -- "exit\r" |
30 | sleep 1 | 45 | sleep 1 |
31 | puts "\n" | 46 | puts "\nall done\n" |