testing

author: netblue30 <netblue30@protonmail.com> 2023-03-08 16:23:30 -0500
committer: netblue30 <netblue30@protonmail.com> 2023-03-08 16:23:30 -0500
commit: acf8efb878b84882a9df61eff51fdcaceb522a4c (patch)
tree: 88042e5d0723c36a10efc05774335bd0df52703a
parent: Merge pull request #5717 from glitsj16/aa-examples (diff)
download: firejail-acf8efb878b84882a9df61eff51fdcaceb522a4c.tar.gz
firejail-acf8efb878b84882a9df61eff51fdcaceb522a4c.tar.zst
firejail-acf8efb878b84882a9df61eff51fdcaceb522a4c.zip
14 files changed, 63 insertions, 17 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 9f2072c74..2e6a462f2 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -73,10 +73,10 @@ jobs:
      run: SHELL=/bin/bash make lab-setup
    - name: run firecfg tests
      run: SHELL=/bin/bash make test-firecfg
+    - name: run capabilities tests
+      run: SHELL=/bin/bash make test-capabilities
    - name: run apparmor tests
      run: SHELL=/bin/bash make test-apparmor
-    - name: run network tests
-      run: SHELL=/bin/bash make test-network
    - name: run appimage tests
      run: SHELL=/bin/bash make test-appimage
    - name: run chroot tests
@@ -97,3 +97,5 @@ jobs:
      run: SHELL=/bin/bash make test-utils
    - name: run environment tests
      run: SHELL=/bin/bash make test-environment
+    - name: run network tests
+      run: SHELL=/bin/bash make test-network
diff --git a/Makefile b/Makefile
index 3bb128ccc..9a0482848 100644
--- a/Makefile
+++ b/Makefile
@@ -314,7 +314,7 @@ mkman.sh \
 platform \
 src
-DISTFILES_TEST = test/Makefile test/apps test/apps-x11 test/apps-x11-xorg test/private-lib test/fnetfilter test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/fs test/sysutils
+DISTFILES_TEST = test/Makefile test/apps test/apps-x11 test/apps-x11-xorg test/capabilities test/private-lib test/fnetfilter test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/fs test/sysutils
 .PHONY: dist
 dist: config.mk
@@ -368,7 +368,7 @@ codespell: clean
 # make test
 #
-TESTS=profiles apps apps-x11 apps-x11-xorg sysutils utils environment filters fs fcopy fnetfilter private-etc
+TESTS=profiles capabilities apps apps-x11 apps-x11-xorg sysutils utils environment filters fs fcopy fnetfilter private-etc
 TEST_TARGETS=$(patsubst %,test-%,$(TESTS))
 $(TEST_TARGETS):
diff --git a/README b/README
index a6474fdb2..3dca59a28 100644
--- a/README
+++ b/README
@@ -720,6 +720,7 @@ Manuel Dipolt (https://github.com/xeniter)
        - stack alignment for the ARM Architecture
 Marek Küthe (https://github.com/marek22k)
        - allow loading plugins in gajim
+        - allow bsfilter in email-common.profile
 Martin Carpenter (https://github.com/mcarpenter)
        - security audit and bug fixes
        - Centos 6.x support
diff --git a/gcov.sh b/gcov.sh
index 0f2808ace..a4f56136c 100755
--- a/gcov.sh
+++ b/gcov.sh
@@ -13,7 +13,7 @@ gcov_generate() {
        USER="$(whoami)"
        find . -exec sudo chown "$USER:$USER" '{}' +
        lcov -q --capture -d src/firejail -d src/lib -d src/firecfg -d src/firemon \
-                -d src/fnet -d src/fnetfilter -d src/fcopy --output-file gcov-file
+                -d src/fnet -d src/fnetfilter -d src/fcopy -d src/fseccomp --output-file gcov-file
        genhtml -q gcov-file --output-directory gcov-dir
 }
@@ -23,6 +23,8 @@ gcov_generate
 make test-firecfg | grep TESTING
 gcov_generate
+make test-capabilities | grep TESTING
+gcov_generate
 make test-apparmor | grep TESTING
 gcov_generate
 make test-network | grep TESTING
diff --git a/test/capabilities/capabilities.sh b/test/capabilities/capabilities.sh
new file mode 100755
index 000000000..50279cd4f
--- /dev/null
+++ b/test/capabilities/capabilities.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+export MALLOC_CHECK_=3
+export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
+export LC_ALL=C
+#if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then
+        echo "TESTING: capabilities (test/filters/caps.exp)"
+        ./caps.exp
+#else
+#       echo "TESTING SKIP: other capabilities than expected (test/filters/caps.exp)"
+#fi
+echo "TESTING: capabilities print (test/filters/caps-print.exp)"
+./caps-print.exp
+echo "TESTING: capabilities join (test/filters/caps-join.exp)"
+./caps-join.exp
diff --git a/test/filters/caps-join.exp b/test/capabilities/caps-join.exp
index 1830143fb..1830143fb 100755
--- a/test/filters/caps-join.exp
+++ b/test/capabilities/caps-join.exp
diff --git a/test/filters/caps-print.exp b/test/capabilities/caps-print.exp
index b403f9ffe..b403f9ffe 100755
--- a/test/filters/caps-print.exp
+++ b/test/capabilities/caps-print.exp
diff --git a/test/filters/caps.exp b/test/capabilities/caps.exp
index dbd63efda..dbd63efda 100755
--- a/test/filters/caps.exp
+++ b/test/capabilities/caps.exp
diff --git a/test/filters/caps1.profile b/test/capabilities/caps1.profile
index 8b0c3b340..8b0c3b340 100644
--- a/test/filters/caps1.profile
+++ b/test/capabilities/caps1.profile
diff --git a/test/filters/caps2.profile b/test/capabilities/caps2.profile
index ad49719f1..ad49719f1 100644
--- a/test/filters/caps2.profile
+++ b/test/capabilities/caps2.profile
diff --git a/test/filters/caps3.profile b/test/capabilities/caps3.profile
index ad49719f1..ad49719f1 100644
--- a/test/filters/caps3.profile
+++ b/test/capabilities/caps3.profile
diff --git a/test/filters/filters.sh b/test/filters/filters.sh
index 2d115db1b..e19047e6f 100755
--- a/test/filters/filters.sh
+++ b/test/filters/filters.sh
@@ -57,18 +57,18 @@ echo "TESTING: noroot (test/filters/noroot.exp)"
 ./noroot.exp
-if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then
+#if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then
-        echo "TESTING: capabilities (test/filters/caps.exp)"
+#       echo "TESTING: capabilities (test/filters/caps.exp)"
-        ./caps.exp
+#       ./caps.exp
-else
+#else
-        echo "TESTING SKIP: other capabilities than expected (test/filters/caps.exp)"
+#       echo "TESTING SKIP: other capabilities than expected (test/filters/caps.exp)"
-fi
+#fi
+#
-echo "TESTING: capabilities print (test/filters/caps-print.exp)"
+#echo "TESTING: capabilities print (test/filters/caps-print.exp)"
-./caps-print.exp
+#./caps-print.exp
+#
-echo "TESTING: capabilities join (test/filters/caps-join.exp)"
+#echo "TESTING: capabilities join (test/filters/caps-join.exp)"
-./caps-join.exp
+#./caps-join.exp
 rm -f seccomp-test-file
 if [[ $(uname -m) == "x86_64" ]]; then
diff --git a/test/firecfg/firecfg.exp b/test/firecfg/firecfg.exp
index 0249fb7fa..755eea3a1 100755
--- a/test/firecfg/firecfg.exp
+++ b/test/firecfg/firecfg.exp
@@ -12,7 +12,20 @@ expect {
        timeout {puts "TESTING ERROR 0\n";exit}
        "ping: symbolic link to /usr/bin/firejail"
 }
+after 100
+send --  "file /tmp/ttt/ping\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "ping: symbolic link to /usr/bin/firejail"
+}
+after 100
+send -- "firecfg --list\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "/usr/local/bin/ping"
+}
 after 100
 puts "\nall done\n"
diff --git a/test/firecfg/firecfg.sh b/test/firecfg/firecfg.sh
index 6b03cc841..6f2bb5244 100755
--- a/test/firecfg/firecfg.sh
+++ b/test/firecfg/firecfg.sh
@@ -7,6 +7,11 @@ export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
 export LC_ALL=C
+sudo mkdir /tmp/ttt
 sudo firecfg
+sudo firecfg --bindir=/tmp/ttt
 echo "TESTING: firecfg (test/firecfg/firecfg.exp)"
 ./firecfg.exp
+sudo rm -fr /tmp/ttt
author	netblue30 <netblue30@protonmail.com>	2023-03-08 16:23:30 -0500
committer	netblue30 <netblue30@protonmail.com>	2023-03-08 16:23:30 -0500
commit	acf8efb878b84882a9df61eff51fdcaceb522a4c (patch)
tree	88042e5d0723c36a10efc05774335bd0df52703a
parent	Merge pull request #5717 from glitsj16/aa-examples (diff)
download	firejail-acf8efb878b84882a9df61eff51fdcaceb522a4c.tar.gz firejail-acf8efb878b84882a9df61eff51fdcaceb522a4c.tar.zst firejail-acf8efb878b84882a9df61eff51fdcaceb522a4c.zip

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9f2072c74..2e6a462f2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml
@@ -73,10 +73,10 @@ jobs:
73	run: SHELL=/bin/bash make lab-setup	73	run: SHELL=/bin/bash make lab-setup
74	- name: run firecfg tests	74	- name: run firecfg tests
75	run: SHELL=/bin/bash make test-firecfg	75	run: SHELL=/bin/bash make test-firecfg
		76	- name: run capabilities tests
		77	run: SHELL=/bin/bash make test-capabilities
76	- name: run apparmor tests	78	- name: run apparmor tests
77	run: SHELL=/bin/bash make test-apparmor	79	run: SHELL=/bin/bash make test-apparmor
78	- name: run network tests
79	run: SHELL=/bin/bash make test-network
80	- name: run appimage tests	80	- name: run appimage tests
81	run: SHELL=/bin/bash make test-appimage	81	run: SHELL=/bin/bash make test-appimage
82	- name: run chroot tests	82	- name: run chroot tests
@@ -97,3 +97,5 @@ jobs:
97	run: SHELL=/bin/bash make test-utils	97	run: SHELL=/bin/bash make test-utils
98	- name: run environment tests	98	- name: run environment tests
99	run: SHELL=/bin/bash make test-environment	99	run: SHELL=/bin/bash make test-environment
		100	- name: run network tests
		101	run: SHELL=/bin/bash make test-network


diff --git a/Makefile b/Makefile index 3bb128ccc..9a0482848 100644 --- a/Makefile +++ b/Makefile
@@ -314,7 +314,7 @@ mkman.sh \
314	platform \	314	platform \
315	src	315	src
316		316
317	DISTFILES_TEST = test/Makefile test/apps test/apps-x11 test/apps-x11-xorg test/private-lib test/fnetfilter test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/fs test/sysutils	317	DISTFILES_TEST = test/Makefile test/apps test/apps-x11 test/apps-x11-xorg test/capabilities test/private-lib test/fnetfilter test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/fs test/sysutils
318		318
319	.PHONY: dist	319	.PHONY: dist
320	dist: config.mk	320	dist: config.mk
@@ -368,7 +368,7 @@ codespell: clean
368	# make test	368	# make test
369	#	369	#
370		370
371	TESTS=profiles apps apps-x11 apps-x11-xorg sysutils utils environment filters fs fcopy fnetfilter private-etc	371	TESTS=profiles capabilities apps apps-x11 apps-x11-xorg sysutils utils environment filters fs fcopy fnetfilter private-etc
372	TEST_TARGETS=$(patsubst %,test-%,$(TESTS))	372	TEST_TARGETS=$(patsubst %,test-%,$(TESTS))
373		373
374	$(TEST_TARGETS):	374	$(TEST_TARGETS):


diff --git a/README b/README index a6474fdb2..3dca59a28 100644 --- a/README +++ b/README
@@ -720,6 +720,7 @@ Manuel Dipolt (https://github.com/xeniter)
720	- stack alignment for the ARM Architecture	720	- stack alignment for the ARM Architecture
721	Marek Küthe (https://github.com/marek22k)	721	Marek Küthe (https://github.com/marek22k)
722	- allow loading plugins in gajim	722	- allow loading plugins in gajim
		723	- allow bsfilter in email-common.profile
723	Martin Carpenter (https://github.com/mcarpenter)	724	Martin Carpenter (https://github.com/mcarpenter)
724	- security audit and bug fixes	725	- security audit and bug fixes
725	- Centos 6.x support	726	- Centos 6.x support


diff --git a/gcov.sh b/gcov.sh index 0f2808ace..a4f56136c 100755 --- a/gcov.sh +++ b/gcov.sh
@@ -13,7 +13,7 @@ gcov_generate() {
13	USER="$(whoami)"	13	USER="$(whoami)"
14	find . -exec sudo chown "$USER:$USER" '{}' +	14	find . -exec sudo chown "$USER:$USER" '{}' +
15	lcov -q --capture -d src/firejail -d src/lib -d src/firecfg -d src/firemon \	15	lcov -q --capture -d src/firejail -d src/lib -d src/firecfg -d src/firemon \
16	-d src/fnet -d src/fnetfilter -d src/fcopy --output-file gcov-file	16	-d src/fnet -d src/fnetfilter -d src/fcopy -d src/fseccomp --output-file gcov-file
17	genhtml -q gcov-file --output-directory gcov-dir	17	genhtml -q gcov-file --output-directory gcov-dir
18	}	18	}
19		19
@@ -23,6 +23,8 @@ gcov_generate
23		23
24	make test-firecfg \| grep TESTING	24	make test-firecfg \| grep TESTING
25	gcov_generate	25	gcov_generate
		26	make test-capabilities \| grep TESTING
		27	gcov_generate
26	make test-apparmor \| grep TESTING	28	make test-apparmor \| grep TESTING
27	gcov_generate	29	gcov_generate
28	make test-network \| grep TESTING	30	make test-network \| grep TESTING


diff --git a/test/capabilities/capabilities.sh b/test/capabilities/capabilities.sh new file mode 100755 index 000000000..50279cd4f --- /dev/null +++ b/test/capabilities/capabilities.sh
@@ -0,0 +1,23 @@
		1	#!/bin/bash
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2023 Firejail Authors
		4	# License GPL v2
		5
		6	export MALLOC_CHECK_=3
		7	export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
		8	export LC_ALL=C
		9
		10
		11	#if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then
		12	echo "TESTING: capabilities (test/filters/caps.exp)"
		13	./caps.exp
		14	#else
		15	# echo "TESTING SKIP: other capabilities than expected (test/filters/caps.exp)"
		16	#fi
		17
		18	echo "TESTING: capabilities print (test/filters/caps-print.exp)"
		19	./caps-print.exp
		20
		21	echo "TESTING: capabilities join (test/filters/caps-join.exp)"
		22	./caps-join.exp
		23


diff --git a/test/filters/caps-join.exp b/test/capabilities/caps-join.exp index 1830143fb..1830143fb 100755 --- a/test/filters/caps-join.exp +++ b/test/capabilities/caps-join.exp


diff --git a/test/filters/caps-print.exp b/test/capabilities/caps-print.exp index b403f9ffe..b403f9ffe 100755 --- a/test/filters/caps-print.exp +++ b/test/capabilities/caps-print.exp


diff --git a/test/filters/caps.exp b/test/capabilities/caps.exp index dbd63efda..dbd63efda 100755 --- a/test/filters/caps.exp +++ b/test/capabilities/caps.exp


diff --git a/test/filters/caps1.profile b/test/capabilities/caps1.profile index 8b0c3b340..8b0c3b340 100644 --- a/test/filters/caps1.profile +++ b/test/capabilities/caps1.profile


diff --git a/test/filters/caps2.profile b/test/capabilities/caps2.profile index ad49719f1..ad49719f1 100644 --- a/test/filters/caps2.profile +++ b/test/capabilities/caps2.profile


diff --git a/test/filters/caps3.profile b/test/capabilities/caps3.profile index ad49719f1..ad49719f1 100644 --- a/test/filters/caps3.profile +++ b/test/capabilities/caps3.profile


diff --git a/test/filters/filters.sh b/test/filters/filters.sh index 2d115db1b..e19047e6f 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh
@@ -57,18 +57,18 @@ echo "TESTING: noroot (test/filters/noroot.exp)"
57	./noroot.exp	57	./noroot.exp
58		58
59		59
60	if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then	60	#if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then
61	echo "TESTING: capabilities (test/filters/caps.exp)"	61	# echo "TESTING: capabilities (test/filters/caps.exp)"
62	./caps.exp	62	# ./caps.exp
63	else	63	#else
64	echo "TESTING SKIP: other capabilities than expected (test/filters/caps.exp)"	64	# echo "TESTING SKIP: other capabilities than expected (test/filters/caps.exp)"
65	fi	65	#fi
66		66	#
67	echo "TESTING: capabilities print (test/filters/caps-print.exp)"	67	#echo "TESTING: capabilities print (test/filters/caps-print.exp)"
68	./caps-print.exp	68	#./caps-print.exp
69		69	#
70	echo "TESTING: capabilities join (test/filters/caps-join.exp)"	70	#echo "TESTING: capabilities join (test/filters/caps-join.exp)"
71	./caps-join.exp	71	#./caps-join.exp
72		72
73	rm -f seccomp-test-file	73	rm -f seccomp-test-file
74	if [[ $(uname -m) == "x86_64" ]]; then	74	if [[ $(uname -m) == "x86_64" ]]; then


diff --git a/test/firecfg/firecfg.exp b/test/firecfg/firecfg.exp index 0249fb7fa..755eea3a1 100755 --- a/test/firecfg/firecfg.exp +++ b/test/firecfg/firecfg.exp
@@ -12,7 +12,20 @@ expect {
12	timeout {puts "TESTING ERROR 0\n";exit}	12	timeout {puts "TESTING ERROR 0\n";exit}
13	"ping: symbolic link to /usr/bin/firejail"	13	"ping: symbolic link to /usr/bin/firejail"
14	}	14	}
		15	after 100
15		16
		17	send -- "file /tmp/ttt/ping\r"
		18	expect {
		19	timeout {puts "TESTING ERROR 0\n";exit}
		20	"ping: symbolic link to /usr/bin/firejail"
		21	}
		22	after 100
		23
		24	send -- "firecfg --list\r"
		25	expect {
		26	timeout {puts "TESTING ERROR 1\n";exit}
		27	"/usr/local/bin/ping"
		28	}
16	after 100	29	after 100
17		30
18	puts "\nall done\n"	31	puts "\nall done\n"


diff --git a/test/firecfg/firecfg.sh b/test/firecfg/firecfg.sh index 6b03cc841..6f2bb5244 100755 --- a/test/firecfg/firecfg.sh +++ b/test/firecfg/firecfg.sh
@@ -7,6 +7,11 @@ export MALLOC_CHECK_=3
7	export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))	7	export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
8	export LC_ALL=C	8	export LC_ALL=C
9		9
		10	sudo mkdir /tmp/ttt
10	sudo firecfg	11	sudo firecfg
		12	sudo firecfg --bindir=/tmp/ttt
		13
11	echo "TESTING: firecfg (test/firecfg/firecfg.exp)"	14	echo "TESTING: firecfg (test/firecfg/firecfg.exp)"
12	./firecfg.exp	15	./firecfg.exp
		16
		17	sudo rm -fr /tmp/ttt