testing

author: netblue30 <netblue30@protonmail.com> 2023-03-07 08:30:53 -0500
committer: netblue30 <netblue30@protonmail.com> 2023-03-07 08:30:53 -0500
commit: a12601f02aecefd6fde2f227bd3536840f7f7b14 (patch)
tree: e35164d4ad8b63157170f355be3e0160eb6f172c
parent: Run make codespell (diff)
download: firejail-a12601f02aecefd6fde2f227bd3536840f7f7b14.tar.gz
firejail-a12601f02aecefd6fde2f227bd3536840f7f7b14.tar.zst
firejail-a12601f02aecefd6fde2f227bd3536840f7f7b14.zip
9 files changed, 167 insertions, 47 deletions
diff --git a/gcov.sh b/gcov.sh
index 9b02d801c..0f2808ace 100755
--- a/gcov.sh
+++ b/gcov.sh
@@ -13,7 +13,7 @@ gcov_generate() {
        USER="$(whoami)"
        find . -exec sudo chown "$USER:$USER" '{}' +
        lcov -q --capture -d src/firejail -d src/lib -d src/firecfg -d src/firemon \
-                -d src/fnet -d src/fnetfilter --output-file gcov-file
+                -d src/fnet -d src/fnetfilter -d src/fcopy --output-file gcov-file
        genhtml -q gcov-file --output-directory gcov-dir
 }
@@ -21,29 +21,29 @@ rm -fr gcov-dir gcov-file
 firejail --version
 gcov_generate
-#make test-firecfg | grep TESTING
+make test-firecfg | grep TESTING
-#gcov_generate
+gcov_generate
-#make test-apparmor | grep TESTING
+make test-apparmor | grep TESTING
-#gcov_generate
+gcov_generate
 make test-network | grep TESTING
 gcov_generate
-#make test-appimage | grep TESTING
+make test-appimage | grep TESTING
-#gcov_generate
+gcov_generate
-#make test-chroot | grep TESTING
+make test-chroot | grep TESTING
-#gcov_generate
+gcov_generate
-#make test-sysutils | grep TESTING
+make test-sysutils | grep TESTING
-#gcov_generate
+gcov_generate
-#make test-private-etc | grep TESTING
+make test-private-etc | grep TESTING
-#gcov_generate
+gcov_generate
-#make test-profiles | grep TESTING
+make test-profiles | grep TESTING
-#gcov_generate
+gcov_generate
-#make test-fcopy | grep TESTING
+make test-fcopy | grep TESTING
-#gcov_generate
+gcov_generate
 make test-fnetfilter | grep TESTING
 gcov_generate
-#make test-fs | grep TESTING
+make test-fs | grep TESTING
-#gcov_generate
+gcov_generate
-#make test-utils | grep TESTING
+make test-utils | grep TESTING
-#gcov_generate
+gcov_generate
-#make test-environment | grep TESTING
+make test-environment | grep TESTING
-#gcov_generate
+gcov_generate
diff --git a/src/firejail/network.c b/src/firejail/network.c
index 0d2d53fca..3da51e195 100644
--- a/src/firejail/network.c
+++ b/src/firejail/network.c
@@ -89,30 +89,6 @@ int net_get_mtu(const char *ifname) {
        return mtu;
 }
-//void net_set_mtu(const char *ifname, int mtu) {
-//      if (strlen(ifname) > IFNAMSIZ) {
-//              fprintf(stderr, "Error: invalid network device name %s\n", ifname);
-//              exit(1);
-//      }
-//
-//      if (arg_debug)
-//              printf("set interface %s MTU %d.\n", ifname, mtu);
-//
-//      int s;
-//      struct ifreq ifr;
-//
-//      if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
-//              errExit("socket");
-//
-//      memset(&ifr, 0, sizeof(ifr));
-//      ifr.ifr_addr.sa_family = AF_INET;
-//      strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
-//      ifr.ifr_mtu = mtu;
-//      if (ioctl(s, SIOCSIFMTU, (caddr_t)&ifr) != 0)
-//              fwarning("cannot set mtu for interface %s\n", ifname);
-//      close(s);
-//}
 // return -1 if the interface was not found; if the interface was found return 0 and fill in IP address and mask
 int net_get_if_addr(const char *bridge, uint32_t *ip, uint32_t *mask, uint8_t mac[6], int *mtu) {
        assert(bridge);
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c
index 11ea5b036..ce43b4832 100644
--- a/src/firejail/sbox.c
+++ b/src/firejail/sbox.c
@@ -26,6 +26,7 @@
 #include <sys/resource.h>
 #include <sys/wait.h>
 #include "../include/seccomp.h"
+#include "../include/gcov_wrapper.h"
 #include <fcntl.h>
 #ifndef O_PATH
@@ -238,6 +239,7 @@ static int __attribute__((noreturn)) sbox_do_exec_v(unsigned filtermask, char *
                        fprintf(stderr, "Error: %s is world writable, refusing to execute\n", arg[0]);
                        exit(1);
                }
+                __gcov_dump();
                fexecve(fd, arg, new_environment);
        } else {
                assert(0);
diff --git a/test/network/ip6_netfilter.exp b/test/network/ip6_netfilter.exp
new file mode 100755
index 000000000..6c478d9e7
--- /dev/null
+++ b/test/network/ip6_netfilter.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+# check default netfilter on br0
+send -- "firejail --name=test --net=br0 --netfilter6=ip6_netfilter.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+sleep 2
+spawn $env(SHELL)
+# check default netfilter no new network
+send -- "firejail --netfilter6.print=test\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "DROP"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "2001:db8:1f0a:3ec::2"
+}
+after 500
+puts "all done\n"
diff --git a/test/network/ip6_netfilter.profile b/test/network/ip6_netfilter.profile
new file mode 100644
index 000000000..cc8f22943
--- /dev/null
+++ b/test/network/ip6_netfilter.profile
@@ -0,0 +1,8 @@
+# Generated by ip6tables-save v1.4.14 on Wed Jan 13 10:53:40 2016
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -s 2001:db8:1f0a:3ec::2/128 -j DROP
+COMMIT
+# Completed on Wed Jan 13 10:53:40 2016
diff --git a/test/network/net_bandwidth.exp b/test/network/net_bandwidth.exp
new file mode 100755
index 000000000..0ec3b59ef
--- /dev/null
+++ b/test/network/net_bandwidth.exp
@@ -0,0 +1,51 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --name=test --net=br0\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+sleep 2
+spawn $env(SHELL)
+send -- "firejail --bandwidth=test set br0 10 20\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Download speed  80kbps"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Upload speed  160kbps"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "configuring tc ingress"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "configuring tc egress"
+}
+after 500
+send -- "firejail --bandwidth=test status\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "rate 160Kbit burst 10Kb"
+}
+after 500
+send -- "firejail --bandwidth=test clear br0\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "Removing bandwidth limits"
+}
+sleep 1
+puts "\nall done\n"
diff --git a/test/network/net_ip.exp b/test/network/net_ip.exp
index 251b55362..0cccf93a0 100755
--- a/test/network/net_ip.exp
+++ b/test/network/net_ip.exp
@@ -130,4 +130,44 @@ expect {
 }
 after 500
+send -- "firejail --profile=net_ip.profile ip addr show\r"
+expect {
+        timeout {puts "TESTING ERROR 26\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 27\n";exit}
+        "00:11:22:33:44:55"
+}
+expect {
+        timeout {puts "TESTING ERROR 28\n";exit}
+        "10.10.20.55"
+}
+expect {
+        timeout {puts "TESTING ERROR 29\n";exit}
+        "Default gateway 10.10.20.9"
+}
+expect {
+        timeout {puts "TESTING ERROR 30\n";exit}
+        "00:11:22:33:44:55"
+}
+expect {
+        timeout {puts "TESTING ERROR 31\n";exit}
+        "10.10.20.55"
+}
+after 500
+send -- "firejail --profile=net_ip.profile ip route  show\r"
+expect {
+        timeout {puts "TESTING ERROR 32\n";exit}
+        "default via 10.10.20.9"
+}
+expect {
+        timeout {puts "TESTING ERROR 33\n";exit}
+        "10.10.20.0/24 dev eth0 proto kernel scope link src 10.10.20.55"
+}
+after 500
 puts "\nall done\n"
diff --git a/test/network/net_ip.profile b/test/network/net_ip.profile
new file mode 100644
index 000000000..72910d77e
--- /dev/null
+++ b/test/network/net_ip.profile
@@ -0,0 +1,6 @@
+net br0
+ip 10.10.20.55
+defaultgw 10.10.20.9
+mac 00:11:22:33:44:55
+mtu 1000
diff --git a/test/network/network.sh b/test/network/network.sh
index 877f16156..e062358d4 100755
--- a/test/network/network.sh
+++ b/test/network/network.sh
@@ -33,8 +33,14 @@ echo "TESTING: print network (net-print.exp)"
 echo "TESTING: print dns (dns-print.exp)"
 ./dns-print.exp
+echo "TESTING: bandwidth (net_bandwidth.exp)"
+./net_bandwidth.exp
 echo "TESTING: ipv6 (ip6.exp)"
 ./ip6.exp
+#echo "TESTING: ipv6 netfilter(ip6_netfilter.exp)"
+#./ip6_netfilter.exp
 sudo ip link set br0 down
 sudo brctl delbr br0
author	netblue30 <netblue30@protonmail.com>	2023-03-07 08:30:53 -0500
committer	netblue30 <netblue30@protonmail.com>	2023-03-07 08:30:53 -0500
commit	a12601f02aecefd6fde2f227bd3536840f7f7b14 (patch)
tree	e35164d4ad8b63157170f355be3e0160eb6f172c
parent	Run make codespell (diff)
download	firejail-a12601f02aecefd6fde2f227bd3536840f7f7b14.tar.gz firejail-a12601f02aecefd6fde2f227bd3536840f7f7b14.tar.zst firejail-a12601f02aecefd6fde2f227bd3536840f7f7b14.zip

diff --git a/gcov.sh b/gcov.sh index 9b02d801c..0f2808ace 100755 --- a/gcov.sh +++ b/gcov.sh
@@ -13,7 +13,7 @@ gcov_generate() {
13	USER="$(whoami)"	13	USER="$(whoami)"
14	find . -exec sudo chown "$USER:$USER" '{}' +	14	find . -exec sudo chown "$USER:$USER" '{}' +
15	lcov -q --capture -d src/firejail -d src/lib -d src/firecfg -d src/firemon \	15	lcov -q --capture -d src/firejail -d src/lib -d src/firecfg -d src/firemon \
16	-d src/fnet -d src/fnetfilter --output-file gcov-file	16	-d src/fnet -d src/fnetfilter -d src/fcopy --output-file gcov-file
17	genhtml -q gcov-file --output-directory gcov-dir	17	genhtml -q gcov-file --output-directory gcov-dir
18	}	18	}
19		19
@@ -21,29 +21,29 @@ rm -fr gcov-dir gcov-file
21	firejail --version	21	firejail --version
22	gcov_generate	22	gcov_generate
23		23
24	#make test-firecfg \| grep TESTING	24	make test-firecfg \| grep TESTING
25	#gcov_generate	25	gcov_generate
26	#make test-apparmor \| grep TESTING	26	make test-apparmor \| grep TESTING
27	#gcov_generate	27	gcov_generate
28	make test-network \| grep TESTING	28	make test-network \| grep TESTING
29	gcov_generate	29	gcov_generate
30	#make test-appimage \| grep TESTING	30	make test-appimage \| grep TESTING
31	#gcov_generate	31	gcov_generate
32	#make test-chroot \| grep TESTING	32	make test-chroot \| grep TESTING
33	#gcov_generate	33	gcov_generate
34	#make test-sysutils \| grep TESTING	34	make test-sysutils \| grep TESTING
35	#gcov_generate	35	gcov_generate
36	#make test-private-etc \| grep TESTING	36	make test-private-etc \| grep TESTING
37	#gcov_generate	37	gcov_generate
38	#make test-profiles \| grep TESTING	38	make test-profiles \| grep TESTING
39	#gcov_generate	39	gcov_generate
40	#make test-fcopy \| grep TESTING	40	make test-fcopy \| grep TESTING
41	#gcov_generate	41	gcov_generate
42	make test-fnetfilter \| grep TESTING	42	make test-fnetfilter \| grep TESTING
43	gcov_generate	43	gcov_generate
44	#make test-fs \| grep TESTING	44	make test-fs \| grep TESTING
45	#gcov_generate	45	gcov_generate
46	#make test-utils \| grep TESTING	46	make test-utils \| grep TESTING
47	#gcov_generate	47	gcov_generate
48	#make test-environment \| grep TESTING	48	make test-environment \| grep TESTING
49	#gcov_generate	49	gcov_generate


diff --git a/src/firejail/network.c b/src/firejail/network.c index 0d2d53fca..3da51e195 100644 --- a/src/firejail/network.c +++ b/src/firejail/network.c
@@ -89,30 +89,6 @@ int net_get_mtu(const char *ifname) {
89	return mtu;	89	return mtu;
90	}	90	}
91		91
92	//void net_set_mtu(const char *ifname, int mtu) {
93	// if (strlen(ifname) > IFNAMSIZ) {
94	// fprintf(stderr, "Error: invalid network device name %s\n", ifname);
95	// exit(1);
96	// }
97	//
98	// if (arg_debug)
99	// printf("set interface %s MTU %d.\n", ifname, mtu);
100	//
101	// int s;
102	// struct ifreq ifr;
103	//
104	// if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
105	// errExit("socket");
106	//
107	// memset(&ifr, 0, sizeof(ifr));
108	// ifr.ifr_addr.sa_family = AF_INET;
109	// strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
110	// ifr.ifr_mtu = mtu;
111	// if (ioctl(s, SIOCSIFMTU, (caddr_t)&ifr) != 0)
112	// fwarning("cannot set mtu for interface %s\n", ifname);
113	// close(s);
114	//}
115
116	// return -1 if the interface was not found; if the interface was found return 0 and fill in IP address and mask	92	// return -1 if the interface was not found; if the interface was found return 0 and fill in IP address and mask
117	int net_get_if_addr(const char bridge, uint32_t ip, uint32_t mask, uint8_t mac[6], int mtu) {	93	int net_get_if_addr(const char bridge, uint32_t ip, uint32_t mask, uint8_t mac[6], int mtu) {
118	assert(bridge);	94	assert(bridge);


diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index 11ea5b036..ce43b4832 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c
@@ -26,6 +26,7 @@
26	#include <sys/resource.h>	26	#include <sys/resource.h>
27	#include <sys/wait.h>	27	#include <sys/wait.h>
28	#include "../include/seccomp.h"	28	#include "../include/seccomp.h"
		29	#include "../include/gcov_wrapper.h"
29		30
30	#include <fcntl.h>	31	#include <fcntl.h>
31	#ifndef O_PATH	32	#ifndef O_PATH
@@ -238,6 +239,7 @@ static int __attribute__((noreturn)) sbox_do_exec_v(unsigned filtermask, char *
238	fprintf(stderr, "Error: %s is world writable, refusing to execute\n", arg[0]);	239	fprintf(stderr, "Error: %s is world writable, refusing to execute\n", arg[0]);
239	exit(1);	240	exit(1);
240	}	241	}
		242	__gcov_dump();
241	fexecve(fd, arg, new_environment);	243	fexecve(fd, arg, new_environment);
242	} else {	244	} else {
243	assert(0);	245	assert(0);


diff --git a/test/network/ip6_netfilter.exp b/test/network/ip6_netfilter.exp new file mode 100755 index 000000000..6c478d9e7 --- /dev/null +++ b/test/network/ip6_netfilter.exp
@@ -0,0 +1,31 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2023 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	# check default netfilter on br0
		11	send -- "firejail --name=test --net=br0 --netfilter6=ip6_netfilter.profile\r"
		12	expect {
		13	timeout {puts "TESTING ERROR 0\n";exit}
		14	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
		15	}
		16	sleep 2
		17	spawn $env(SHELL)
		18
		19	# check default netfilter no new network
		20	send -- "firejail --netfilter6.print=test\r"
		21	expect {
		22	timeout {puts "TESTING ERROR 1\n";exit}
		23	"DROP"
		24	}
		25	expect {
		26	timeout {puts "TESTING ERROR 2\n";exit}
		27	"2001:db8:1f0a:3ec::2"
		28	}
		29
		30	after 500
		31	puts "all done\n"


diff --git a/test/network/ip6_netfilter.profile b/test/network/ip6_netfilter.profile new file mode 100644 index 000000000..cc8f22943 --- /dev/null +++ b/test/network/ip6_netfilter.profile
@@ -0,0 +1,8 @@
		1	# Generated by ip6tables-save v1.4.14 on Wed Jan 13 10:53:40 2016
		2	*filter
		3	:INPUT ACCEPT [0:0]
		4	:FORWARD ACCEPT [0:0]
		5	:OUTPUT ACCEPT [0:0]
		6	-A INPUT -s 2001:db8:1f0a:3ec::2/128 -j DROP
		7	COMMIT
		8	# Completed on Wed Jan 13 10:53:40 2016


diff --git a/test/network/net_bandwidth.exp b/test/network/net_bandwidth.exp new file mode 100755 index 000000000..0ec3b59ef --- /dev/null +++ b/test/network/net_bandwidth.exp
@@ -0,0 +1,51 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2023 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --name=test --net=br0\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 1\n";exit}
		13	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
		14	}
		15	sleep 2
		16
		17	spawn $env(SHELL)
		18	send -- "firejail --bandwidth=test set br0 10 20\r"
		19	expect {
		20	timeout {puts "TESTING ERROR 2\n";exit}
		21	"Download speed 80kbps"
		22	}
		23	expect {
		24	timeout {puts "TESTING ERROR 3\n";exit}
		25	"Upload speed 160kbps"
		26	}
		27	expect {
		28	timeout {puts "TESTING ERROR 4\n";exit}
		29	"configuring tc ingress"
		30	}
		31	expect {
		32	timeout {puts "TESTING ERROR 5\n";exit}
		33	"configuring tc egress"
		34	}
		35	after 500
		36
		37	send -- "firejail --bandwidth=test status\r"
		38	expect {
		39	timeout {puts "TESTING ERROR 6\n";exit}
		40	"rate 160Kbit burst 10Kb"
		41	}
		42	after 500
		43
		44	send -- "firejail --bandwidth=test clear br0\r"
		45	expect {
		46	timeout {puts "TESTING ERROR 7\n";exit}
		47	"Removing bandwidth limits"
		48	}
		49	sleep 1
		50
		51	puts "\nall done\n"


diff --git a/test/network/net_ip.exp b/test/network/net_ip.exp index 251b55362..0cccf93a0 100755 --- a/test/network/net_ip.exp +++ b/test/network/net_ip.exp
@@ -130,4 +130,44 @@ expect {
130	}	130	}
131		131
132	after 500	132	after 500
		133
		134	send -- "firejail --profile=net_ip.profile ip addr show\r"
		135	expect {
		136	timeout {puts "TESTING ERROR 26\n";exit}
		137	"eth0"
		138	}
		139	expect {
		140	timeout {puts "TESTING ERROR 27\n";exit}
		141	"00:11:22:33:44:55"
		142	}
		143	expect {
		144	timeout {puts "TESTING ERROR 28\n";exit}
		145	"10.10.20.55"
		146	}
		147	expect {
		148	timeout {puts "TESTING ERROR 29\n";exit}
		149	"Default gateway 10.10.20.9"
		150	}
		151	expect {
		152	timeout {puts "TESTING ERROR 30\n";exit}
		153	"00:11:22:33:44:55"
		154	}
		155	expect {
		156	timeout {puts "TESTING ERROR 31\n";exit}
		157	"10.10.20.55"
		158	}
		159	after 500
		160
		161	send -- "firejail --profile=net_ip.profile ip route show\r"
		162	expect {
		163	timeout {puts "TESTING ERROR 32\n";exit}
		164	"default via 10.10.20.9"
		165	}
		166	expect {
		167	timeout {puts "TESTING ERROR 33\n";exit}
		168	"10.10.20.0/24 dev eth0 proto kernel scope link src 10.10.20.55"
		169	}
		170	after 500
		171
		172
133	puts "\nall done\n"	173	puts "\nall done\n"


diff --git a/test/network/net_ip.profile b/test/network/net_ip.profile new file mode 100644 index 000000000..72910d77e --- /dev/null +++ b/test/network/net_ip.profile
@@ -0,0 +1,6 @@
		1	net br0
		2	ip 10.10.20.55
		3	defaultgw 10.10.20.9
		4	mac 00:11:22:33:44:55
		5	mtu 1000
		6


diff --git a/test/network/network.sh b/test/network/network.sh index 877f16156..e062358d4 100755 --- a/test/network/network.sh +++ b/test/network/network.sh
@@ -33,8 +33,14 @@ echo "TESTING: print network (net-print.exp)"
33	echo "TESTING: print dns (dns-print.exp)"	33	echo "TESTING: print dns (dns-print.exp)"
34	./dns-print.exp	34	./dns-print.exp
35		35
		36	echo "TESTING: bandwidth (net_bandwidth.exp)"
		37	./net_bandwidth.exp
		38
36	echo "TESTING: ipv6 (ip6.exp)"	39	echo "TESTING: ipv6 (ip6.exp)"
37	./ip6.exp	40	./ip6.exp
38		41
		42	#echo "TESTING: ipv6 netfilter(ip6_netfilter.exp)"
		43	#./ip6_netfilter.exp
		44
39	sudo ip link set br0 down	45	sudo ip link set br0 down
40	sudo brctl delbr br0	46	sudo brctl delbr br0