diff options
author | netblue30 <netblue30@protonmail.com> | 2021-05-18 13:49:02 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2021-05-18 13:49:02 -0400 |
commit | b79e4416fe642976111a2d610a19c3e4696bb2e2 (patch) | |
tree | c038806bb80d57314a248dbc6df92b91d32a3a59 | |
parent | readme, etc (diff) | |
download | firejail-b79e4416fe642976111a2d610a19c3e4696bb2e2.tar.gz firejail-b79e4416fe642976111a2d610a19c3e4696bb2e2.tar.zst firejail-b79e4416fe642976111a2d610a19c3e4696bb2e2.zip |
jailtest -> jailcheck (#4268)
-rw-r--r-- | .gitignore | 4 | ||||
-rw-r--r-- | Makefile.in | 10 | ||||
-rw-r--r-- | README.md | 28 | ||||
-rwxr-xr-x | configure | 4 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | platform/rpm/firejail.spec | 4 | ||||
-rw-r--r-- | src/jailcheck/Makefile.in (renamed from src/jailtest/Makefile.in) | 6 | ||||
-rw-r--r-- | src/jailcheck/access.c (renamed from src/jailtest/access.c) | 4 | ||||
-rw-r--r-- | src/jailcheck/apparmor.c (renamed from src/jailtest/apparmor.c) | 2 | ||||
-rw-r--r-- | src/jailcheck/jailcheck.h (renamed from src/jailtest/jailtest.h) | 4 | ||||
-rw-r--r-- | src/jailcheck/main.c (renamed from src/jailtest/main.c) | 4 | ||||
-rw-r--r-- | src/jailcheck/noexec.c (renamed from src/jailtest/noexec.c) | 4 | ||||
-rw-r--r-- | src/jailcheck/seccomp.c (renamed from src/jailtest/seccomp.c) | 2 | ||||
-rw-r--r-- | src/jailcheck/sysfiles.c (renamed from src/jailtest/sysfiles.c) | 2 | ||||
-rw-r--r-- | src/jailcheck/utils.c (renamed from src/jailtest/utils.c) | 2 | ||||
-rw-r--r-- | src/jailcheck/virtual.c (renamed from src/jailtest/virtual.c) | 4 | ||||
-rw-r--r-- | src/man/Makefile.in | 2 | ||||
-rw-r--r-- | src/man/firecfg.txt | 2 | ||||
-rw-r--r-- | src/man/firejail-login.txt | 2 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 2 | ||||
-rw-r--r-- | src/man/firejail-users.txt | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 2 | ||||
-rw-r--r-- | src/man/firemon.txt | 2 | ||||
-rw-r--r-- | src/man/jailcheck.txt (renamed from src/man/jailtest.txt) | 17 |
24 files changed, 58 insertions, 59 deletions
diff --git a/.gitignore b/.gitignore index cbb1b2e83..ea053b503 100644 --- a/.gitignore +++ b/.gitignore | |||
@@ -22,7 +22,7 @@ firejail-users.5 | |||
22 | firejail.1 | 22 | firejail.1 |
23 | firemon.1 | 23 | firemon.1 |
24 | firecfg.1 | 24 | firecfg.1 |
25 | jailtest.5 | 25 | jailcheck.5 |
26 | mkdeb.sh | 26 | mkdeb.sh |
27 | src/firejail/firejail | 27 | src/firejail/firejail |
28 | src/firemon/firemon | 28 | src/firemon/firemon |
@@ -41,7 +41,7 @@ src/fbuilder/fbuilder | |||
41 | src/profstats/profstats | 41 | src/profstats/profstats |
42 | src/bash_completion/firejail.bash_completion | 42 | src/bash_completion/firejail.bash_completion |
43 | src/zsh_completion/_firejail | 43 | src/zsh_completion/_firejail |
44 | src/jailtest/jailtest | 44 | src/jailcheck/jailcheck |
45 | uids.h | 45 | uids.h |
46 | seccomp | 46 | seccomp |
47 | seccomp.debug | 47 | seccomp.debug |
diff --git a/Makefile.in b/Makefile.in index f9422fc8b..6be62cb6e 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -25,13 +25,13 @@ COMPLETIONDIRS = src/zsh_completion src/bash_completion | |||
25 | 25 | ||
26 | .PHONY: all | 26 | .PHONY: all |
27 | all: all_items mydirs $(MAN_TARGET) filters | 27 | all: all_items mydirs $(MAN_TARGET) filters |
28 | APPS = src/firecfg/firecfg src/firejail/firejail src/firemon/firemon src/profstats/profstats src/jailtest/jailtest | 28 | APPS = src/firecfg/firecfg src/firejail/firejail src/firemon/firemon src/profstats/profstats src/jailcheck/jailcheck |
29 | SBOX_APPS = src/fbuilder/fbuilder src/ftee/ftee | 29 | SBOX_APPS = src/fbuilder/fbuilder src/ftee/ftee |
30 | SBOX_APPS_NON_DUMPABLE = src/fcopy/fcopy src/fldd/fldd src/fnet/fnet src/fnetfilter/fnetfilter | 30 | SBOX_APPS_NON_DUMPABLE = src/fcopy/fcopy src/fldd/fldd src/fnet/fnet src/fnetfilter/fnetfilter |
31 | MYDIRS = src/lib $(MAN_SRC) $(COMPLETIONDIRS) | 31 | MYDIRS = src/lib $(MAN_SRC) $(COMPLETIONDIRS) |
32 | MYLIBS = src/libpostexecseccomp/libpostexecseccomp.so src/libtrace/libtrace.so src/libtracelog/libtracelog.so | 32 | MYLIBS = src/libpostexecseccomp/libpostexecseccomp.so src/libtrace/libtrace.so src/libtracelog/libtracelog.so |
33 | COMPLETIONS = src/zsh_completion/_firejail src/bash_completion/firejail.bash_completion | 33 | COMPLETIONS = src/zsh_completion/_firejail src/bash_completion/firejail.bash_completion |
34 | MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5 jailtest.5 | 34 | MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5 jailcheck.5 |
35 | SBOX_APPS_NON_DUMPABLE += src/fsec-optimize/fsec-optimize src/fsec-print/fsec-print src/fseccomp/fseccomp | 35 | SBOX_APPS_NON_DUMPABLE += src/fsec-optimize/fsec-optimize src/fsec-print/fsec-print src/fseccomp/fseccomp |
36 | SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32 | 36 | SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32 |
37 | ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS) | 37 | ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS) |
@@ -112,8 +112,8 @@ endif | |||
112 | install -m 0755 src/firemon/firemon $(DESTDIR)$(bindir) | 112 | install -m 0755 src/firemon/firemon $(DESTDIR)$(bindir) |
113 | # firecfg executable | 113 | # firecfg executable |
114 | install -m 0755 src/firecfg/firecfg $(DESTDIR)$(bindir) | 114 | install -m 0755 src/firecfg/firecfg $(DESTDIR)$(bindir) |
115 | # jailtest executable | 115 | # jailcheck executable |
116 | install -m 0755 src/jailtest/jailtest $(DESTDIR)$(bindir) | 116 | install -m 0755 src/jailcheck/jailcheck $(DESTDIR)$(bindir) |
117 | # libraries and plugins | 117 | # libraries and plugins |
118 | install -m 0755 -d $(DESTDIR)$(libdir)/firejail | 118 | install -m 0755 -d $(DESTDIR)$(libdir)/firejail |
119 | install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS) src/firecfg/firecfg.config | 119 | install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS) src/firecfg/firecfg.config |
@@ -182,7 +182,7 @@ uninstall: | |||
182 | rm -f $(DESTDIR)$(bindir)/firemon | 182 | rm -f $(DESTDIR)$(bindir)/firemon |
183 | rm -f $(DESTDIR)$(bindir)/firecfg | 183 | rm -f $(DESTDIR)$(bindir)/firecfg |
184 | rm -fr $(DESTDIR)$(libdir)/firejail | 184 | rm -fr $(DESTDIR)$(libdir)/firejail |
185 | rm -fr $(DESTDIR)$(libdir)/jailtest | 185 | rm -fr $(DESTDIR)$(libdir)/jailcheck |
186 | rm -fr $(DESTDIR)$(datarootdir)/doc/firejail | 186 | rm -fr $(DESTDIR)$(datarootdir)/doc/firejail |
187 | for man in $(MANPAGES); do \ | 187 | for man in $(MANPAGES); do \ |
188 | rm -f $(DESTDIR)$(mandir)/man5/$$man*; \ | 188 | rm -f $(DESTDIR)$(mandir)/man5/$$man*; \ |
@@ -198,32 +198,32 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
198 | Milestone page: https://github.com/netblue30/firejail/milestone/1 | 198 | Milestone page: https://github.com/netblue30/firejail/milestone/1 |
199 | Release discussion: https://github.com/netblue30/firejail/issues/3696 | 199 | Release discussion: https://github.com/netblue30/firejail/issues/3696 |
200 | 200 | ||
201 | ### jailtest | 201 | ### jailcheck |
202 | ````` | 202 | ````` |
203 | JAILTEST(1) JAILTEST man page JAILTEST(1) | 203 | JAILCHECK(1) JAILCHECK man page JAILCHECK(1) |
204 | 204 | ||
205 | NAME | 205 | NAME |
206 | jailtest - Simple utility program to test running sandboxes | 206 | jailcheck - Simple utility program to test running sandboxes |
207 | 207 | ||
208 | SYNOPSIS | 208 | SYNOPSIS |
209 | sudo jailtest [OPTIONS] [directory] | 209 | sudo jailcheck [OPTIONS] [directory] |
210 | 210 | ||
211 | DESCRIPTION | 211 | DESCRIPTION |
212 | WORK IN PROGRESS! jailtest attaches itself to all sandboxes started by | 212 | jailcheck attaches itself to all sandboxes started by the user and per‐ |
213 | the user and performs some basic tests on the sandbox filesystem: | 213 | forms some basic tests on the sandbox filesystem: |
214 | 214 | ||
215 | 1. Virtual directories | 215 | 1. Virtual directories |
216 | jailtest extracts a list with the main virtual directories in‐ | 216 | jailcheck extracts a list with the main virtual directories in‐ |
217 | stalled by the sandbox. These directories are build by firejail | 217 | stalled by the sandbox. These directories are build by firejail |
218 | at startup using --private* and --whitelist commands. | 218 | at startup using --private* and --whitelist commands. |
219 | 219 | ||
220 | 2. Noexec test | 220 | 2. Noexec test |
221 | jailtest inserts executable programs in /home/username, /tmp, | 221 | jailcheck inserts executable programs in /home/username, /tmp, |
222 | and /var/tmp directories and tries to run them form inside the | 222 | and /var/tmp directories and tries to run them from inside the |
223 | sandbox, thus testing if the directory is executable or not. | 223 | sandbox, thus testing if the directory is executable or not. |
224 | 224 | ||
225 | 3. Read access test | 225 | 3. Read access test |
226 | jailtest creates test files in the directories specified by the | 226 | jailcheck creates test files in the directories specified by the |
227 | user and tries to read them from inside the sandbox. | 227 | user and tries to read them from inside the sandbox. |
228 | 228 | ||
229 | 4. AppArmor test | 229 | 4. AppArmor test |
@@ -234,10 +234,10 @@ DESCRIPTION | |||
234 | 234 | ||
235 | OPTIONS | 235 | OPTIONS |
236 | --debug | 236 | --debug |
237 | Print debug messages | 237 | Print debug messages. |
238 | 238 | ||
239 | -?, --help | 239 | -?, --help |
240 | Print options end exit. | 240 | Print options and exit. |
241 | 241 | ||
242 | --version | 242 | --version |
243 | Print program version and exit. | 243 | Print program version and exit. |
@@ -255,7 +255,7 @@ OUTPUT | |||
255 | rectories and various warnings. | 255 | rectories and various warnings. |
256 | 256 | ||
257 | EXAMPLE | 257 | EXAMPLE |
258 | $ sudo jailtest | 258 | $ sudo jailcheck |
259 | 2014:netblue::firejail /usr/bin/gimp | 259 | 2014:netblue::firejail /usr/bin/gimp |
260 | Virtual dirs: /tmp, /var/tmp, /dev, /usr/share, | 260 | Virtual dirs: /tmp, /var/tmp, /dev, /usr/share, |
261 | Warning: I can run programs in /home/netblue | 261 | Warning: I can run programs in /home/netblue |
@@ -290,7 +290,7 @@ SEE ALSO | |||
290 | firejail(1), firemon(1), firecfg(1), firejail-profile(5), firejail-lo‐ | 290 | firejail(1), firemon(1), firecfg(1), firejail-profile(5), firejail-lo‐ |
291 | gin(5), firejail-users(5), | 291 | gin(5), firejail-users(5), |
292 | 292 | ||
293 | 0.9.65 Feb 2021 JAILTEST(1) | 293 | 0.9.65 May 2021 JAILCHECK(1) |
294 | ````` | 294 | ````` |
295 | 295 | ||
296 | ### Profile Statistics | 296 | ### Profile Statistics |
@@ -4366,7 +4366,7 @@ fi | |||
4366 | 4366 | ||
4367 | ac_config_files="$ac_config_files mkdeb.sh" | 4367 | ac_config_files="$ac_config_files mkdeb.sh" |
4368 | 4368 | ||
4369 | ac_config_files="$ac_config_files Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile src/ftee/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile src/profstats/Makefile src/man/Makefile src/zsh_completion/Makefile src/bash_completion/Makefile test/Makefile src/jailtest/Makefile" | 4369 | ac_config_files="$ac_config_files Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile src/ftee/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile src/profstats/Makefile src/man/Makefile src/zsh_completion/Makefile src/bash_completion/Makefile test/Makefile src/jailcheck/Makefile" |
4370 | 4370 | ||
4371 | cat >confcache <<\_ACEOF | 4371 | cat >confcache <<\_ACEOF |
4372 | # This file is a shell script that caches the results of configure | 4372 | # This file is a shell script that caches the results of configure |
@@ -5099,7 +5099,7 @@ do | |||
5099 | "src/zsh_completion/Makefile") CONFIG_FILES="$CONFIG_FILES src/zsh_completion/Makefile" ;; | 5099 | "src/zsh_completion/Makefile") CONFIG_FILES="$CONFIG_FILES src/zsh_completion/Makefile" ;; |
5100 | "src/bash_completion/Makefile") CONFIG_FILES="$CONFIG_FILES src/bash_completion/Makefile" ;; | 5100 | "src/bash_completion/Makefile") CONFIG_FILES="$CONFIG_FILES src/bash_completion/Makefile" ;; |
5101 | "test/Makefile") CONFIG_FILES="$CONFIG_FILES test/Makefile" ;; | 5101 | "test/Makefile") CONFIG_FILES="$CONFIG_FILES test/Makefile" ;; |
5102 | "src/jailtest/Makefile") CONFIG_FILES="$CONFIG_FILES src/jailtest/Makefile" ;; | 5102 | "src/jailcheck/Makefile") CONFIG_FILES="$CONFIG_FILES src/jailcheck/Makefile" ;; |
5103 | 5103 | ||
5104 | *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; | 5104 | *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; |
5105 | esac | 5105 | esac |
diff --git a/configure.ac b/configure.ac index e8bd6fb80..036b62484 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -307,7 +307,7 @@ AC_OUTPUT(Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Ma | |||
307 | src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile \ | 307 | src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile \ |
308 | src/ftee/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile \ | 308 | src/ftee/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile \ |
309 | src/profstats/Makefile src/man/Makefile src/zsh_completion/Makefile src/bash_completion/Makefile test/Makefile \ | 309 | src/profstats/Makefile src/man/Makefile src/zsh_completion/Makefile src/bash_completion/Makefile test/Makefile \ |
310 | src/jailtest/Makefile) | 310 | src/jailcheck/Makefile) |
311 | 311 | ||
312 | echo | 312 | echo |
313 | echo "Configuration options:" | 313 | echo "Configuration options:" |
diff --git a/platform/rpm/firejail.spec b/platform/rpm/firejail.spec index 85df1b4eb..acdc8d561 100644 --- a/platform/rpm/firejail.spec +++ b/platform/rpm/firejail.spec | |||
@@ -35,7 +35,7 @@ rm -rf %{buildroot} | |||
35 | %attr(4755, -, -) %{_bindir}/__NAME__ | 35 | %attr(4755, -, -) %{_bindir}/__NAME__ |
36 | %{_bindir}/firecfg | 36 | %{_bindir}/firecfg |
37 | %{_bindir}/firemon | 37 | %{_bindir}/firemon |
38 | %{_bindir}/jailtest | 38 | %{_bindir}/jailcheck |
39 | %{_libdir}/__NAME__ | 39 | %{_libdir}/__NAME__ |
40 | %{_datarootdir}/bash-completion/completions/__NAME__ | 40 | %{_datarootdir}/bash-completion/completions/__NAME__ |
41 | %{_datarootdir}/bash-completion/completions/firecfg | 41 | %{_datarootdir}/bash-completion/completions/firecfg |
@@ -48,5 +48,5 @@ rm -rf %{buildroot} | |||
48 | %{_mandir}/man5/__NAME__-login.5.gz | 48 | %{_mandir}/man5/__NAME__-login.5.gz |
49 | %{_mandir}/man5/__NAME__-profile.5.gz | 49 | %{_mandir}/man5/__NAME__-profile.5.gz |
50 | %{_mandir}/man5/__NAME__-users.5.gz | 50 | %{_mandir}/man5/__NAME__-users.5.gz |
51 | %{_mandir}/man5/jailtest.5.gz | 51 | %{_mandir}/man5/jailcheck.5.gz |
52 | %config(noreplace) %{_sysconfdir}/__NAME__ | 52 | %config(noreplace) %{_sysconfdir}/__NAME__ |
diff --git a/src/jailtest/Makefile.in b/src/jailcheck/Makefile.in index 6306d24ec..d218c1f90 100644 --- a/src/jailtest/Makefile.in +++ b/src/jailcheck/Makefile.in | |||
@@ -1,16 +1,16 @@ | |||
1 | .PHONY: all | 1 | .PHONY: all |
2 | all: jailtest | 2 | all: jailcheck |
3 | 3 | ||
4 | include ../common.mk | 4 | include ../common.mk |
5 | 5 | ||
6 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/pid.h | 6 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/pid.h |
7 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 7 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
8 | 8 | ||
9 | jailtest: $(OBJS) | 9 | jailcheck: $(OBJS) |
10 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/pid.o $(LIBS) $(EXTRA_LDFLAGS) | 10 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/pid.o $(LIBS) $(EXTRA_LDFLAGS) |
11 | 11 | ||
12 | .PHONY: clean | 12 | .PHONY: clean |
13 | clean:; rm -fr *.o jailtest *.gcov *.gcda *.gcno *.plist | 13 | clean:; rm -fr *.o jailcheck *.gcov *.gcda *.gcno *.plist |
14 | 14 | ||
15 | .PHONY: distclean | 15 | .PHONY: distclean |
16 | distclean: clean | 16 | distclean: clean |
diff --git a/src/jailtest/access.c b/src/jailcheck/access.c index 4e737dc7a..c18d64a82 100644 --- a/src/jailtest/access.c +++ b/src/jailcheck/access.c | |||
@@ -17,7 +17,7 @@ | |||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | 17 | * with this program; if not, write to the Free Software Foundation, Inc., |
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "jailtest.h" | 20 | #include "jailcheck.h" |
21 | #include <dirent.h> | 21 | #include <dirent.h> |
22 | #include <sys/wait.h> | 22 | #include <sys/wait.h> |
23 | 23 | ||
@@ -74,7 +74,7 @@ void access_setup(const char *directory) { | |||
74 | 74 | ||
75 | // create a test file | 75 | // create a test file |
76 | char *test_file; | 76 | char *test_file; |
77 | if (asprintf(&test_file, "%s/jailtest-access-%d", path, getpid()) == -1) | 77 | if (asprintf(&test_file, "%s/jailcheck-access-%d", path, getpid()) == -1) |
78 | errExit("asprintf"); | 78 | errExit("asprintf"); |
79 | 79 | ||
80 | FILE *fp = fopen(test_file, "w"); | 80 | FILE *fp = fopen(test_file, "w"); |
diff --git a/src/jailtest/apparmor.c b/src/jailcheck/apparmor.c index 9ddfea3de..64f278046 100644 --- a/src/jailtest/apparmor.c +++ b/src/jailcheck/apparmor.c | |||
@@ -17,7 +17,7 @@ | |||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | 17 | * with this program; if not, write to the Free Software Foundation, Inc., |
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "jailtest.h" | 20 | #include "jailcheck.h" |
21 | 21 | ||
22 | #ifdef HAVE_APPARMOR | 22 | #ifdef HAVE_APPARMOR |
23 | #include <sys/apparmor.h> | 23 | #include <sys/apparmor.h> |
diff --git a/src/jailtest/jailtest.h b/src/jailcheck/jailcheck.h index 0c4883061..32be1c978 100644 --- a/src/jailtest/jailtest.h +++ b/src/jailcheck/jailcheck.h | |||
@@ -17,8 +17,8 @@ | |||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | 17 | * with this program; if not, write to the Free Software Foundation, Inc., |
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #ifndef JAILTEST_H | 20 | #ifndef JAILCHECK_H |
21 | #define JAILTEST_H | 21 | #define JAILCHECK_H |
22 | 22 | ||
23 | #include "../include/common.h" | 23 | #include "../include/common.h" |
24 | 24 | ||
diff --git a/src/jailtest/main.c b/src/jailcheck/main.c index 3369dca39..4d642bf96 100644 --- a/src/jailtest/main.c +++ b/src/jailcheck/main.c | |||
@@ -17,7 +17,7 @@ | |||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | 17 | * with this program; if not, write to the Free Software Foundation, Inc., |
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "jailtest.h" | 20 | #include "jailcheck.h" |
21 | #include "../include/firejail_user.h" | 21 | #include "../include/firejail_user.h" |
22 | #include "../include/pid.h" | 22 | #include "../include/pid.h" |
23 | #include <sys/wait.h> | 23 | #include <sys/wait.h> |
@@ -30,7 +30,7 @@ char *user_run_dir = NULL; | |||
30 | int arg_debug = 0; | 30 | int arg_debug = 0; |
31 | 31 | ||
32 | static char *usage_str = | 32 | static char *usage_str = |
33 | "Usage: jailtest [options] directory [directory]\n\n" | 33 | "Usage: jailcheck [options] directory [directory]\n\n" |
34 | "Options:\n" | 34 | "Options:\n" |
35 | " --debug - print debug messages.\n" | 35 | " --debug - print debug messages.\n" |
36 | " --help, -? - this help screen.\n" | 36 | " --help, -? - this help screen.\n" |
diff --git a/src/jailtest/noexec.c b/src/jailcheck/noexec.c index 4347b7eef..7f994d6a1 100644 --- a/src/jailtest/noexec.c +++ b/src/jailcheck/noexec.c | |||
@@ -17,7 +17,7 @@ | |||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | 17 | * with this program; if not, write to the Free Software Foundation, Inc., |
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "jailtest.h" | 20 | #include "jailcheck.h" |
21 | #include <sys/wait.h> | 21 | #include <sys/wait.h> |
22 | #include <sys/stat.h> | 22 | #include <sys/stat.h> |
23 | #include <fcntl.h> | 23 | #include <fcntl.h> |
@@ -67,7 +67,7 @@ void noexec_test(const char *path) { | |||
67 | return; | 67 | return; |
68 | 68 | ||
69 | char *fname; | 69 | char *fname; |
70 | if (asprintf(&fname, "%s/jailtest-noexec-%d", path, getpid()) == -1) | 70 | if (asprintf(&fname, "%s/jailcheck-noexec-%d", path, getpid()) == -1) |
71 | errExit("asprintf"); | 71 | errExit("asprintf"); |
72 | 72 | ||
73 | pid_t child = fork(); | 73 | pid_t child = fork(); |
diff --git a/src/jailtest/seccomp.c b/src/jailcheck/seccomp.c index 2cecb4b4d..9345eb970 100644 --- a/src/jailtest/seccomp.c +++ b/src/jailcheck/seccomp.c | |||
@@ -17,7 +17,7 @@ | |||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | 17 | * with this program; if not, write to the Free Software Foundation, Inc., |
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "jailtest.h" | 20 | #include "jailcheck.h" |
21 | #define MAXBUF 4096 | 21 | #define MAXBUF 4096 |
22 | 22 | ||
23 | void seccomp_test(pid_t pid) { | 23 | void seccomp_test(pid_t pid) { |
diff --git a/src/jailtest/sysfiles.c b/src/jailcheck/sysfiles.c index 7e4709453..caeb580af 100644 --- a/src/jailtest/sysfiles.c +++ b/src/jailcheck/sysfiles.c | |||
@@ -17,7 +17,7 @@ | |||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | 17 | * with this program; if not, write to the Free Software Foundation, Inc., |
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "jailtest.h" | 20 | #include "jailcheck.h" |
21 | #include <dirent.h> | 21 | #include <dirent.h> |
22 | #include <sys/wait.h> | 22 | #include <sys/wait.h> |
23 | 23 | ||
diff --git a/src/jailtest/utils.c b/src/jailcheck/utils.c index 41c21b753..c3aaae298 100644 --- a/src/jailtest/utils.c +++ b/src/jailcheck/utils.c | |||
@@ -17,7 +17,7 @@ | |||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | 17 | * with this program; if not, write to the Free Software Foundation, Inc., |
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "jailtest.h" | 20 | #include "jailcheck.h" |
21 | #include "../include/pid.h" | 21 | #include "../include/pid.h" |
22 | #include <errno.h> | 22 | #include <errno.h> |
23 | #include <pwd.h> | 23 | #include <pwd.h> |
diff --git a/src/jailtest/virtual.c b/src/jailcheck/virtual.c index fcdcf9720..09092f9ce 100644 --- a/src/jailtest/virtual.c +++ b/src/jailcheck/virtual.c | |||
@@ -17,7 +17,7 @@ | |||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | 17 | * with this program; if not, write to the Free Software Foundation, Inc., |
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "jailtest.h" | 20 | #include "jailcheck.h" |
21 | #include <dirent.h> | 21 | #include <dirent.h> |
22 | #include <sys/wait.h> | 22 | #include <sys/wait.h> |
23 | 23 | ||
@@ -43,7 +43,7 @@ void virtual_setup(const char *directory) { | |||
43 | 43 | ||
44 | // create a test file | 44 | // create a test file |
45 | char *test_file; | 45 | char *test_file; |
46 | if (asprintf(&test_file, "%s/jailtest-private-%d", directory, getpid()) == -1) | 46 | if (asprintf(&test_file, "%s/jailcheck-private-%d", directory, getpid()) == -1) |
47 | errExit("asprintf"); | 47 | errExit("asprintf"); |
48 | 48 | ||
49 | FILE *fp = fopen(test_file, "w"); | 49 | FILE *fp = fopen(test_file, "w"); |
diff --git a/src/man/Makefile.in b/src/man/Makefile.in index 3711d5cec..fbd2d795e 100644 --- a/src/man/Makefile.in +++ b/src/man/Makefile.in | |||
@@ -1,5 +1,5 @@ | |||
1 | .PHONY: all | 1 | .PHONY: all |
2 | all: firecfg.man firejail.man firejail-login.man firejail-users.man firejail-profile.man firemon.man jailtest.man | 2 | all: firecfg.man firejail.man firejail-login.man firejail-users.man firejail-profile.man firemon.man jailcheck.man |
3 | 3 | ||
4 | include ../common.mk | 4 | include ../common.mk |
5 | 5 | ||
diff --git a/src/man/firecfg.txt b/src/man/firecfg.txt index dbb9397c6..7e0a57f92 100644 --- a/src/man/firecfg.txt +++ b/src/man/firecfg.txt | |||
@@ -135,4 +135,4 @@ Homepage: https://firejail.wordpress.com | |||
135 | .BR firejail-profile (5), | 135 | .BR firejail-profile (5), |
136 | .BR firejail-login (5), | 136 | .BR firejail-login (5), |
137 | .BR firejail-users (5), | 137 | .BR firejail-users (5), |
138 | .BR jailtest (1) | 138 | .BR jailcheck (1) |
diff --git a/src/man/firejail-login.txt b/src/man/firejail-login.txt index 1b8a4931c..05afd55b5 100644 --- a/src/man/firejail-login.txt +++ b/src/man/firejail-login.txt | |||
@@ -39,4 +39,4 @@ Homepage: https://firejail.wordpress.com | |||
39 | .BR firecfg (1), | 39 | .BR firecfg (1), |
40 | .BR firejail-profile (5), | 40 | .BR firejail-profile (5), |
41 | .BR firejail-users (5), | 41 | .BR firejail-users (5), |
42 | .BR jailtest (1) | 42 | .BR jailcheck (1) |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 49be8d0b0..3d59705b9 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -986,7 +986,7 @@ Homepage: https://firejail.wordpress.com | |||
986 | .BR firecfg (1), | 986 | .BR firecfg (1), |
987 | .BR firejail-login (5), | 987 | .BR firejail-login (5), |
988 | .BR firejail-users (5), | 988 | .BR firejail-users (5), |
989 | .BR jailtest (1) | 989 | .BR jailcheck (1) |
990 | 990 | ||
991 | .UR https://github.com/netblue30/firejail/wiki/Creating-Profiles | 991 | .UR https://github.com/netblue30/firejail/wiki/Creating-Profiles |
992 | .UE | 992 | .UE |
diff --git a/src/man/firejail-users.txt b/src/man/firejail-users.txt index c5a9c1848..e3cce7ed5 100644 --- a/src/man/firejail-users.txt +++ b/src/man/firejail-users.txt | |||
@@ -59,4 +59,4 @@ Homepage: https://firejail.wordpress.com | |||
59 | .BR firecfg (1), | 59 | .BR firecfg (1), |
60 | .BR firejail-profile (5), | 60 | .BR firejail-profile (5), |
61 | .BR firejail-login (5), | 61 | .BR firejail-login (5), |
62 | .BR jailtest (1) | 62 | .BR jailcheck (1) |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 68aea5857..690da4b4e 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -3367,7 +3367,7 @@ Homepage: https://firejail.wordpress.com | |||
3367 | .BR firejail-profile (5), | 3367 | .BR firejail-profile (5), |
3368 | .BR firejail-login (5), | 3368 | .BR firejail-login (5), |
3369 | .BR firejail-users (5), | 3369 | .BR firejail-users (5), |
3370 | .BR jailtest (1) | 3370 | .BR jailcheck (1) |
3371 | 3371 | ||
3372 | .UR https://github.com/netblue30/firejail/wiki | 3372 | .UR https://github.com/netblue30/firejail/wiki |
3373 | .UE , | 3373 | .UE , |
diff --git a/src/man/firemon.txt b/src/man/firemon.txt index 64f15a1f0..76b2f7be2 100644 --- a/src/man/firemon.txt +++ b/src/man/firemon.txt | |||
@@ -120,4 +120,4 @@ Homepage: https://firejail.wordpress.com | |||
120 | .BR firejail-profile (5), | 120 | .BR firejail-profile (5), |
121 | .BR firejail-login (5), | 121 | .BR firejail-login (5), |
122 | .BR firejail-users (5), | 122 | .BR firejail-users (5), |
123 | .BR jailtest (1) | 123 | .BR jailcheck (1) |
diff --git a/src/man/jailtest.txt b/src/man/jailcheck.txt index b52fc5eed..c80e305cc 100644 --- a/src/man/jailtest.txt +++ b/src/man/jailcheck.txt | |||
@@ -1,23 +1,22 @@ | |||
1 | .TH JAILTEST 1 "MONTH YEAR" "VERSION" "JAILTEST man page" | 1 | .TH JAILCHECK 1 "MONTH YEAR" "VERSION" "JAILCHECK man page" |
2 | .SH NAME | 2 | .SH NAME |
3 | jailtest \- Simple utility program to test running sandboxes | 3 | jailcheck \- Simple utility program to test running sandboxes |
4 | .SH SYNOPSIS | 4 | .SH SYNOPSIS |
5 | sudo jailtest [OPTIONS] [directory] | 5 | sudo jailcheck [OPTIONS] [directory] |
6 | .SH DESCRIPTION | 6 | .SH DESCRIPTION |
7 | WORK IN PROGRESS! | 7 | jailcheck attaches itself to all sandboxes started by the user and performs some basic tests |
8 | jailtest attaches itself to all sandboxes started by the user and performs some basic tests | ||
9 | on the sandbox filesystem: | 8 | on the sandbox filesystem: |
10 | .TP | 9 | .TP |
11 | \fB1. Virtual directories | 10 | \fB1. Virtual directories |
12 | jailtest extracts a list with the main virtual directories installed by the sandbox. | 11 | jailcheck extracts a list with the main virtual directories installed by the sandbox. |
13 | These directories are build by firejail at startup using --private* and --whitelist commands. | 12 | These directories are build by firejail at startup using --private* and --whitelist commands. |
14 | .TP | 13 | .TP |
15 | \fB2. Noexec test | 14 | \fB2. Noexec test |
16 | jailtest inserts executable programs in /home/username, /tmp, and /var/tmp directories | 15 | jailcheck inserts executable programs in /home/username, /tmp, and /var/tmp directories |
17 | and tries to run them from inside the sandbox, thus testing if the directory is executable or not. | 16 | and tries to run them from inside the sandbox, thus testing if the directory is executable or not. |
18 | .TP | 17 | .TP |
19 | \fB3. Read access test | 18 | \fB3. Read access test |
20 | jailtest creates test files in the directories specified by the user and tries to read | 19 | jailcheck creates test files in the directories specified by the user and tries to read |
21 | them from inside the sandbox. | 20 | them from inside the sandbox. |
22 | .TP | 21 | .TP |
23 | \fB4. AppArmor test | 22 | \fB4. AppArmor test |
@@ -49,7 +48,7 @@ It is followed by relevant sandbox information, such as the virtual directories | |||
49 | 48 | ||
50 | .SH EXAMPLE | 49 | .SH EXAMPLE |
51 | 50 | ||
52 | $ sudo jailtest | 51 | $ sudo jailcheck |
53 | .br | 52 | .br |
54 | 2014:netblue::firejail /usr/bin/gimp | 53 | 2014:netblue::firejail /usr/bin/gimp |
55 | .br | 54 | .br |