diff options
author | netblue30 <netblue30@yahoo.com> | 2015-10-20 11:01:40 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-10-20 11:01:40 -0400 |
commit | 45060ec40f0e9790d5e6a503486867951df71300 (patch) | |
tree | 1811814d5fbd5f4806c0a8d527806fffc137f5e5 | |
parent | fixed join/shutdown problem, moving browsers and mail clients to a --shell=no... (diff) | |
download | firejail-45060ec40f0e9790d5e6a503486867951df71300.tar.gz firejail-45060ec40f0e9790d5e6a503486867951df71300.tar.zst firejail-45060ec40f0e9790d5e6a503486867951df71300.zip |
testing and fixes
-rw-r--r-- | src/firejail/cgroup.c | 2 | ||||
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/fs_bin.c | 6 | ||||
-rw-r--r-- | src/firejail/fs_etc.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_home.c | 6 | ||||
-rw-r--r-- | src/firejail/join.c | 23 | ||||
-rw-r--r-- | src/firejail/main.c | 6 | ||||
-rw-r--r-- | src/firejail/netfilter.c | 2 | ||||
-rw-r--r-- | src/firejail/output.c | 1 | ||||
-rw-r--r-- | src/firejail/profile.c | 23 | ||||
-rw-r--r-- | src/firejail/util.c | 20 | ||||
-rwxr-xr-x | test/extract_command.exp | 16 | ||||
-rwxr-xr-x | test/invalid_filename.exp | 236 | ||||
-rwxr-xr-x | test/private.exp | 2 | ||||
-rwxr-xr-x | test/profile_apps.exp | 48 | ||||
-rwxr-xr-x | test/test.sh | 6 |
16 files changed, 317 insertions, 83 deletions
diff --git a/src/firejail/cgroup.c b/src/firejail/cgroup.c index 4d64d3fd8..9e6a2e549 100644 --- a/src/firejail/cgroup.c +++ b/src/firejail/cgroup.c | |||
@@ -78,6 +78,8 @@ errout: | |||
78 | 78 | ||
79 | 79 | ||
80 | void set_cgroup(const char *path) { | 80 | void set_cgroup(const char *path) { |
81 | invalid_filename(path); | ||
82 | |||
81 | // path starts with /sys/fs/cgroup | 83 | // path starts with /sys/fs/cgroup |
82 | if (strncmp(path, "/sys/fs/cgroup", 14) != 0) | 84 | if (strncmp(path, "/sys/fs/cgroup", 14) != 0) |
83 | goto errout; | 85 | goto errout; |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 2e82dabc9..d3cfb1e96 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -296,6 +296,7 @@ void notify_other(int fd); | |||
296 | char *expand_home(const char *path, const char* homedir); | 296 | char *expand_home(const char *path, const char* homedir); |
297 | const char *gnu_basename(const char *path); | 297 | const char *gnu_basename(const char *path); |
298 | uid_t pid_get_uid(pid_t pid); | 298 | uid_t pid_get_uid(pid_t pid); |
299 | void invalid_filename(const char *fname); | ||
299 | 300 | ||
300 | // fs_var.c | 301 | // fs_var.c |
301 | void fs_var_log(void); // mounting /var/log | 302 | void fs_var_log(void); // mounting /var/log |
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index dcfdadb6b..668223755 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c | |||
@@ -35,6 +35,8 @@ static char *paths[] = { | |||
35 | // return 1 if found, 0 if not found | 35 | // return 1 if found, 0 if not found |
36 | static char *check_dir_or_file(const char *name) { | 36 | static char *check_dir_or_file(const char *name) { |
37 | assert(name); | 37 | assert(name); |
38 | invalid_filename(name); | ||
39 | |||
38 | struct stat s; | 40 | struct stat s; |
39 | char *fname = NULL; | 41 | char *fname = NULL; |
40 | 42 | ||
@@ -52,8 +54,10 @@ static char *check_dir_or_file(const char *name) { | |||
52 | i++; | 54 | i++; |
53 | } | 55 | } |
54 | 56 | ||
55 | if (!fname) | 57 | if (!fname) { |
58 | fprintf(stderr, "Warning: file %s not found\n", name); | ||
56 | return NULL; | 59 | return NULL; |
60 | } | ||
57 | 61 | ||
58 | free(fname); | 62 | free(fname); |
59 | return paths[i]; | 63 | return paths[i]; |
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index ea6f4fe6d..8e5fe1b86 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c | |||
@@ -26,6 +26,8 @@ | |||
26 | 26 | ||
27 | static void check_dir_or_file(const char *name) { | 27 | static void check_dir_or_file(const char *name) { |
28 | assert(name); | 28 | assert(name); |
29 | invalid_filename(name); | ||
30 | |||
29 | struct stat s; | 31 | struct stat s; |
30 | char *fname; | 32 | char *fname; |
31 | if (asprintf(&fname, "/etc/%s", name) == -1) | 33 | if (asprintf(&fname, "/etc/%s", name) == -1) |
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 21a2e83e5..1144e90e8 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -254,6 +254,10 @@ void fs_private(void) { | |||
254 | static void check_dir_or_file(const char *name) { | 254 | static void check_dir_or_file(const char *name) { |
255 | assert(name); | 255 | assert(name); |
256 | struct stat s; | 256 | struct stat s; |
257 | |||
258 | invalid_filename(name); | ||
259 | |||
260 | |||
257 | char *fname = expand_home(name, cfg.homedir); | 261 | char *fname = expand_home(name, cfg.homedir); |
258 | if (!fname) { | 262 | if (!fname) { |
259 | fprintf(stderr, "Error: file %s not found.\n", name); | 263 | fprintf(stderr, "Error: file %s not found.\n", name); |
@@ -318,6 +322,8 @@ void fs_check_home_list(void) { | |||
318 | 322 | ||
319 | // check new private home directory (--private= option) - exit if it fails | 323 | // check new private home directory (--private= option) - exit if it fails |
320 | void fs_check_private_dir(void) { | 324 | void fs_check_private_dir(void) { |
325 | invalid_filename(cfg.home_private); | ||
326 | |||
321 | // Expand the home directory | 327 | // Expand the home directory |
322 | char *tmp = expand_home(cfg.home_private, cfg.homedir); | 328 | char *tmp = expand_home(cfg.home_private, cfg.homedir); |
323 | cfg.home_private = realpath(tmp, NULL); | 329 | cfg.home_private = realpath(tmp, NULL); |
diff --git a/src/firejail/join.c b/src/firejail/join.c index acd17366a..35e302bf0 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -306,10 +306,25 @@ void join(pid_t pid, const char *homedir, int argc, char **argv, int index) { | |||
306 | if (setenv("PROMPT_COMMAND", "export PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\$\\[\\e[0m\\] \"", 1) < 0) | 306 | if (setenv("PROMPT_COMMAND", "export PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\$\\[\\e[0m\\] \"", 1) < 0) |
307 | errExit("setenv"); | 307 | errExit("setenv"); |
308 | 308 | ||
309 | // run icmdline trough /bin/bash | 309 | // run cmdline trough /bin/bash |
310 | if (cfg.command_line == NULL) | 310 | if (cfg.command_line == NULL) { |
311 | // replace the process with a regular bash session | 311 | struct stat s; |
312 | execlp("/bin/bash", "/bin/bash", NULL); | 312 | |
313 | // replace the process with a shell | ||
314 | if (stat("/bin/bash", &s) == 0) | ||
315 | execlp("/bin/bash", "/bin/bash", NULL); | ||
316 | else if (stat("/usr/bin/zsh", &s) == 0) | ||
317 | execlp("/usr/bin/zsh", "/usr/bin/zsh", NULL); | ||
318 | else if (stat("/bin/csh", &s) == 0) | ||
319 | execlp("/bin/csh", "/bin/csh", NULL); | ||
320 | else if (stat("/bin/sh", &s) == 0) | ||
321 | execlp("/bin/sh", "/bin/sh", NULL); | ||
322 | |||
323 | // no shell found, print an error and exit | ||
324 | fprintf(stderr, "Error: no POSIX shell found\n"); | ||
325 | sleep(5); | ||
326 | exit(1); | ||
327 | } | ||
313 | else { | 328 | else { |
314 | // run the command supplied by the user | 329 | // run the command supplied by the user |
315 | int cwd = 0; | 330 | int cwd = 0; |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 8d2664c16..422a39128 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -586,6 +586,7 @@ int main(int argc, char **argv) { | |||
586 | fprintf(stderr, "Error: only a cgroup can be defined\n"); | 586 | fprintf(stderr, "Error: only a cgroup can be defined\n"); |
587 | exit(1); | 587 | exit(1); |
588 | } | 588 | } |
589 | |||
589 | arg_cgroup = 1; | 590 | arg_cgroup = 1; |
590 | cfg.cgroup = strdup(argv[i] + 9); | 591 | cfg.cgroup = strdup(argv[i] + 9); |
591 | if (!cfg.cgroup) | 592 | if (!cfg.cgroup) |
@@ -683,6 +684,8 @@ int main(int argc, char **argv) { | |||
683 | fprintf(stderr, "Error: --noprofile and --profile options are mutually exclusive\n"); | 684 | fprintf(stderr, "Error: --noprofile and --profile options are mutually exclusive\n"); |
684 | exit(1); | 685 | exit(1); |
685 | } | 686 | } |
687 | invalid_filename(argv[i] + 10); | ||
688 | |||
686 | // multiple profile files are allowed! | 689 | // multiple profile files are allowed! |
687 | char *ptr = argv[i] + 10; | 690 | char *ptr = argv[i] + 10; |
688 | if (is_dir(ptr) || is_link(ptr) || strstr(ptr, "..")) { | 691 | if (is_dir(ptr) || is_link(ptr) || strstr(ptr, "..")) { |
@@ -712,6 +715,7 @@ int main(int argc, char **argv) { | |||
712 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); | 715 | fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n"); |
713 | exit(1); | 716 | exit(1); |
714 | } | 717 | } |
718 | invalid_filename(argv[i] + 9); | ||
715 | 719 | ||
716 | // extract chroot dirname | 720 | // extract chroot dirname |
717 | cfg.chrootdir = argv[i] + 9; | 721 | cfg.chrootdir = argv[i] + 9; |
@@ -1042,6 +1046,8 @@ int main(int argc, char **argv) { | |||
1042 | fprintf(stderr, "Error: --shell=none was already specified.\n"); | 1046 | fprintf(stderr, "Error: --shell=none was already specified.\n"); |
1043 | return 1; | 1047 | return 1; |
1044 | } | 1048 | } |
1049 | invalid_filename(argv[i] + 8); | ||
1050 | |||
1045 | if (arg_csh || arg_zsh || cfg.shell) { | 1051 | if (arg_csh || arg_zsh || cfg.shell) { |
1046 | fprintf(stderr, "Error: only one user shell can be specified\n"); | 1052 | fprintf(stderr, "Error: only one user shell can be specified\n"); |
1047 | return 1; | 1053 | return 1; |
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c index 8601a5696..3f667c871 100644 --- a/src/firejail/netfilter.c +++ b/src/firejail/netfilter.c | |||
@@ -39,6 +39,8 @@ static char *client_filter = | |||
39 | "COMMIT\n"; | 39 | "COMMIT\n"; |
40 | 40 | ||
41 | void check_netfilter_file(const char *fname) { | 41 | void check_netfilter_file(const char *fname) { |
42 | invalid_filename(fname); | ||
43 | |||
42 | if (is_dir(fname) || is_link(fname) || strstr(fname, "..")) { | 44 | if (is_dir(fname) || is_link(fname) || strstr(fname, "..")) { |
43 | fprintf(stderr, "Error: invalid network filter file\n"); | 45 | fprintf(stderr, "Error: invalid network filter file\n"); |
44 | exit(1); | 46 | exit(1); |
diff --git a/src/firejail/output.c b/src/firejail/output.c index 94a05ac4a..c2ab9f157 100644 --- a/src/firejail/output.c +++ b/src/firejail/output.c | |||
@@ -31,6 +31,7 @@ void check_output(int argc, char **argv) { | |||
31 | for (i = 1; i < argc; i++) { | 31 | for (i = 1; i < argc; i++) { |
32 | if (strncmp(argv[i], "--output=", 9) == 0) { | 32 | if (strncmp(argv[i], "--output=", 9) == 0) { |
33 | found = 1; | 33 | found = 1; |
34 | invalid_filename(argv[i] + 9); | ||
34 | outfile = argv[i] + 9; | 35 | outfile = argv[i] + 9; |
35 | 36 | ||
36 | // do not accept directories, links, and files with ".." | 37 | // do not accept directories, links, and files with ".." |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 2e3790b3c..e6c31bc0a 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -61,23 +61,6 @@ int profile_find(const char *name, const char *dir) { | |||
61 | //*************************************************** | 61 | //*************************************************** |
62 | // run-time profiles | 62 | // run-time profiles |
63 | //*************************************************** | 63 | //*************************************************** |
64 | static void check_file_name(char *ptr, int lineno) { | ||
65 | if (strncmp(ptr, "${HOME}", 7) == 0) | ||
66 | ptr += 7; | ||
67 | else if (strncmp(ptr, "${PATH}", 7) == 0) | ||
68 | ptr += 7; | ||
69 | |||
70 | int len = strlen(ptr); | ||
71 | // file globbing ('*') is allowed | ||
72 | if (strcspn(ptr, "\\&!?\"'<>%^(){}[];,") != (size_t)len) { | ||
73 | if (lineno == 0) | ||
74 | fprintf(stderr, "Error: \"%s\" is an invalid filename\n", ptr); | ||
75 | else | ||
76 | fprintf(stderr, "Error: line %d in the custom profile is invalid\n", lineno); | ||
77 | exit(1); | ||
78 | } | ||
79 | } | ||
80 | |||
81 | 64 | ||
82 | // check profile line; if line == 0, this was generated from a command line option | 65 | // check profile line; if line == 0, this was generated from a command line option |
83 | // return 1 if the command is to be added to the linked list of profile commands | 66 | // return 1 if the command is to be added to the linked list of profile commands |
@@ -281,8 +264,8 @@ int profile_check_line(char *ptr, int lineno) { | |||
281 | } | 264 | } |
282 | 265 | ||
283 | // check directories | 266 | // check directories |
284 | check_file_name(dname1, lineno); | 267 | invalid_filename(dname1); |
285 | check_file_name(dname2, lineno); | 268 | invalid_filename(dname2); |
286 | if (strstr(dname1, "..") || strstr(dname2, "..")) { | 269 | if (strstr(dname1, "..") || strstr(dname2, "..")) { |
287 | fprintf(stderr, "Error: invalid file name.\n"); | 270 | fprintf(stderr, "Error: invalid file name.\n"); |
288 | exit(1); | 271 | exit(1); |
@@ -361,7 +344,7 @@ int profile_check_line(char *ptr, int lineno) { | |||
361 | } | 344 | } |
362 | 345 | ||
363 | // some characters just don't belong in filenames | 346 | // some characters just don't belong in filenames |
364 | check_file_name(ptr, lineno); | 347 | invalid_filename(ptr); |
365 | if (strstr(ptr, "..")) { | 348 | if (strstr(ptr, "..")) { |
366 | if (lineno == 0) | 349 | if (lineno == 0) |
367 | fprintf(stderr, "Error: \"%s\" is an invalid filename\n", ptr); | 350 | fprintf(stderr, "Error: \"%s\" is an invalid filename\n", ptr); |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 9ad937f55..d2e6c2799 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -535,3 +535,23 @@ uid_t pid_get_uid(pid_t pid) { | |||
535 | } | 535 | } |
536 | return rv; | 536 | return rv; |
537 | } | 537 | } |
538 | |||
539 | void invalid_filename(const char *fname) { | ||
540 | assert(fname); | ||
541 | const char *ptr = fname; | ||
542 | |||
543 | if (arg_debug) | ||
544 | printf("Checking filename %s\n", fname); | ||
545 | |||
546 | if (strncmp(ptr, "${HOME}", 7) == 0) | ||
547 | ptr = fname + 7; | ||
548 | else if (strncmp(ptr, "${PATH}", 7) == 0) | ||
549 | ptr = fname + 7; | ||
550 | |||
551 | int len = strlen(ptr); | ||
552 | // file globbing ('*') is allowed | ||
553 | if (strcspn(ptr, "\\&!?\"'<>%^(){}[];,") != (size_t)len) { | ||
554 | fprintf(stderr, "Error: \"%s\" is an invalid filename\n", ptr); | ||
555 | exit(1); | ||
556 | } | ||
557 | } | ||
diff --git a/test/extract_command.exp b/test/extract_command.exp index c49614b84..b4a1eeeb5 100755 --- a/test/extract_command.exp +++ b/test/extract_command.exp | |||
@@ -4,20 +4,24 @@ set timeout 10 | |||
4 | spawn $env(SHELL) | 4 | spawn $env(SHELL) |
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
7 | send -- "firejail --debug /usr/bin/firefox www.gentoo.org\r" | 7 | send -- "firejail --debug ls -al\r" |
8 | expect { | 8 | expect { |
9 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
10 | "Reading profile /etc/firejail/firefox.profile" | 10 | "Reading profile /etc/firejail/generic.profile" |
11 | } | 11 | } |
12 | expect { | 12 | expect { |
13 | timeout {puts "TESTING ERROR 1\n";exit} | 13 | timeout {puts "TESTING ERROR 1\n";exit} |
14 | "Starting /usr/bin/firefox" | 14 | "Starting ls -al" |
15 | } | 15 | } |
16 | expect { | 16 | expect { |
17 | timeout {puts "TESTING ERROR 1\n";exit} | 17 | timeout {puts "TESTING ERROR 2\n";exit} |
18 | "Child process initialized" | 18 | "Child process initialized" |
19 | } | 19 | } |
20 | sleep 5 | 20 | expect { |
21 | timeout {puts "TESTING ERROR 2\n";exit} | ||
22 | "parent is shutting down, bye" | ||
23 | } | ||
24 | sleep 1 | ||
21 | 25 | ||
22 | puts "\n" | 26 | puts "\nall done\n" |
23 | 27 | ||
diff --git a/test/invalid_filename.exp b/test/invalid_filename.exp new file mode 100755 index 000000000..ca35262f8 --- /dev/null +++ b/test/invalid_filename.exp | |||
@@ -0,0 +1,236 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | #invalid_filename checks: | ||
4 | # | ||
5 | #--bind (two files) - profile.c - Note: The test is not implemented here, need to be root to test it | ||
6 | #--blacklist - profile.c | ||
7 | #--cgroup - cgroup.c | ||
8 | #--chroot - main.c | ||
9 | #--netfilter - netfilter.c | ||
10 | #--output - output.c | ||
11 | #--private - fs_home.c | ||
12 | #--privte-bin (list) - fs_bin.c | ||
13 | #--private-keep/--private-home (list) - fs_home.c | ||
14 | #--private-etc (list) - fs_etc.c | ||
15 | #--profile - main.c | ||
16 | #--read_only - profile.c | ||
17 | #--shell - main.c | ||
18 | #--tmpfs - profile.c | ||
19 | #--white-list | ||
20 | |||
21 | |||
22 | set timeout 10 | ||
23 | spawn $env(SHELL) | ||
24 | match_max 100000 | ||
25 | |||
26 | send -- "firejail --debug --noprofile --blacklist=\"bla&&bla\"\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
29 | "Checking filename bla&&bla" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
33 | "Error:" | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 1.3\n";exit} | ||
37 | "is an invalid filename" | ||
38 | } | ||
39 | after 100 | ||
40 | |||
41 | send -- "firejail --debug --noprofile --cgroup=\"bla&&bla\"\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
44 | "Checking filename bla&&bla" | ||
45 | } | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
48 | "Error:" | ||
49 | } | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 2.3\n";exit} | ||
52 | "is an invalid filename" | ||
53 | } | ||
54 | after 100 | ||
55 | |||
56 | send -- "firejail --debug --noprofile --chroot=\"bla&&bla\"\r" | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
59 | "Checking filename bla&&bla" | ||
60 | } | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
63 | "Error:" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 3.3\n";exit} | ||
67 | "is an invalid filename" | ||
68 | } | ||
69 | after 100 | ||
70 | |||
71 | send -- "firejail --debug --noprofile --netfilter=\"bla&&bla\"\r" | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
74 | "Checking filename bla&&bla" | ||
75 | } | ||
76 | expect { | ||
77 | timeout {puts "TESTING ERROR 4.2\n";exit} | ||
78 | "Error:" | ||
79 | } | ||
80 | expect { | ||
81 | timeout {puts "TESTING ERROR 4.3\n";exit} | ||
82 | "is an invalid filename" | ||
83 | } | ||
84 | after 100 | ||
85 | |||
86 | send -- "firejail --debug --noprofile --output=\"bla&&bla\"\r" | ||
87 | expect { | ||
88 | timeout {puts "TESTING ERROR 5.2\n";exit} | ||
89 | "Error:" | ||
90 | } | ||
91 | expect { | ||
92 | timeout {puts "TESTING ERROR 5.3\n";exit} | ||
93 | "is an invalid filename" | ||
94 | } | ||
95 | after 100 | ||
96 | |||
97 | send -- "firejail --debug --noprofile --private=\"bla&&bla\"\r" | ||
98 | expect { | ||
99 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
100 | "Checking filename bla&&bla" | ||
101 | } | ||
102 | expect { | ||
103 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
104 | "Error:" | ||
105 | } | ||
106 | expect { | ||
107 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
108 | "is an invalid filename" | ||
109 | } | ||
110 | after 100 | ||
111 | |||
112 | send -- "firejail --debug --noprofile --private-bin=\"bla&&bla\"\r" | ||
113 | expect { | ||
114 | timeout {puts "TESTING ERROR 7.1\n";exit} | ||
115 | "Checking filename bla&&bla" | ||
116 | } | ||
117 | expect { | ||
118 | timeout {puts "TESTING ERROR 7.2\n";exit} | ||
119 | "Error:" | ||
120 | } | ||
121 | expect { | ||
122 | timeout {puts "TESTING ERROR 7.3\n";exit} | ||
123 | "is an invalid filename" | ||
124 | } | ||
125 | after 100 | ||
126 | |||
127 | send -- "firejail --debug --noprofile --private-home=\"bla&&bla\"\r" | ||
128 | expect { | ||
129 | timeout {puts "TESTING ERROR 8.1\n";exit} | ||
130 | "Checking filename bla&&bla" | ||
131 | } | ||
132 | expect { | ||
133 | timeout {puts "TESTING ERROR 8.2\n";exit} | ||
134 | "Error:" | ||
135 | } | ||
136 | expect { | ||
137 | timeout {puts "TESTING ERROR 8.3\n";exit} | ||
138 | "is an invalid filename" | ||
139 | } | ||
140 | after 100 | ||
141 | |||
142 | |||
143 | send -- "firejail --debug --noprofile --private-etc=\"bla&&bla\"\r" | ||
144 | expect { | ||
145 | timeout {puts "TESTING ERROR 9.1\n";exit} | ||
146 | "Checking filename bla&&bla" | ||
147 | } | ||
148 | expect { | ||
149 | timeout {puts "TESTING ERROR 9.2\n";exit} | ||
150 | "Error:" | ||
151 | } | ||
152 | expect { | ||
153 | timeout {puts "TESTING ERROR 9.3\n";exit} | ||
154 | "is an invalid filename" | ||
155 | } | ||
156 | after 100 | ||
157 | |||
158 | send -- "firejail --debug --profile=\"bla&&bla\"\r" | ||
159 | expect { | ||
160 | timeout {puts "TESTING ERROR 10.1\n";exit} | ||
161 | "Checking filename bla&&bla" | ||
162 | } | ||
163 | expect { | ||
164 | timeout {puts "TESTING ERROR 10.2\n";exit} | ||
165 | "Error:" | ||
166 | } | ||
167 | expect { | ||
168 | timeout {puts "TESTING ERROR 10.3\n";exit} | ||
169 | "is an invalid filename" | ||
170 | } | ||
171 | after 100 | ||
172 | |||
173 | send -- "firejail --debug --read-only=\"bla&&bla\"\r" | ||
174 | expect { | ||
175 | timeout {puts "TESTING ERROR 11.1\n";exit} | ||
176 | "Checking filename bla&&bla" | ||
177 | } | ||
178 | expect { | ||
179 | timeout {puts "TESTING ERROR 11.2\n";exit} | ||
180 | "Error:" | ||
181 | } | ||
182 | expect { | ||
183 | timeout {puts "TESTING ERROR 11.3\n";exit} | ||
184 | "is an invalid filename" | ||
185 | } | ||
186 | after 100 | ||
187 | |||
188 | send -- "firejail --debug --shell=\"bla&&bla\"\r" | ||
189 | expect { | ||
190 | timeout {puts "TESTING ERROR 12.1\n";exit} | ||
191 | "Checking filename bla&&bla" | ||
192 | } | ||
193 | expect { | ||
194 | timeout {puts "TESTING ERROR 12.2\n";exit} | ||
195 | "Error:" | ||
196 | } | ||
197 | expect { | ||
198 | timeout {puts "TESTING ERROR 12.3\n";exit} | ||
199 | "is an invalid filename" | ||
200 | } | ||
201 | after 100 | ||
202 | |||
203 | send -- "firejail --debug --tmpfs=\"bla&&bla\"\r" | ||
204 | expect { | ||
205 | timeout {puts "TESTING ERROR 13.1\n";exit} | ||
206 | "Checking filename bla&&bla" | ||
207 | } | ||
208 | expect { | ||
209 | timeout {puts "TESTING ERROR 13.2\n";exit} | ||
210 | "Error:" | ||
211 | } | ||
212 | expect { | ||
213 | timeout {puts "TESTING ERROR 13.3\n";exit} | ||
214 | "is an invalid filename" | ||
215 | } | ||
216 | after 100 | ||
217 | |||
218 | send -- "firejail --debug --whitelist=\"bla&&bla\"\r" | ||
219 | expect { | ||
220 | timeout {puts "TESTING ERROR 14.1\n";exit} | ||
221 | "Checking filename bla&&bla" | ||
222 | } | ||
223 | expect { | ||
224 | timeout {puts "TESTING ERROR 14.2\n";exit} | ||
225 | "Error:" | ||
226 | } | ||
227 | expect { | ||
228 | timeout {puts "TESTING ERROR 14.3\n";exit} | ||
229 | "is an invalid filename" | ||
230 | } | ||
231 | after 100 | ||
232 | |||
233 | |||
234 | |||
235 | puts "\nall done\n" | ||
236 | |||
diff --git a/test/private.exp b/test/private.exp index 6f9dadf8f..8a6796802 100755 --- a/test/private.exp +++ b/test/private.exp | |||
@@ -12,7 +12,7 @@ if { $argc != 1 } { | |||
12 | } | 12 | } |
13 | 13 | ||
14 | # testing profile and private | 14 | # testing profile and private |
15 | send -- "firejail --private --profile=/etc/firejail/firefox.profile\r" | 15 | send -- "firejail --private --profile=/etc/firejail/generic.profile\r" |
16 | expect { | 16 | expect { |
17 | timeout {puts "TESTING ERROR 0\n";exit} | 17 | timeout {puts "TESTING ERROR 0\n";exit} |
18 | "Child process initialized" | 18 | "Child process initialized" |
diff --git a/test/profile_apps.exp b/test/profile_apps.exp deleted file mode 100755 index c57b31489..000000000 --- a/test/profile_apps.exp +++ /dev/null | |||
@@ -1,48 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # firefox | ||
8 | send -- "firejail --profile=/etc/firejail/firefox.profile\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "Child process initialized" | ||
12 | } | ||
13 | sleep 1 | ||
14 | send -- "exit\r" | ||
15 | sleep 1 | ||
16 | |||
17 | # iceweasel | ||
18 | send -- "firejail --profile=/etc/firejail/iceweasel.profile\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1\n";exit} | ||
21 | "Child process initialized" | ||
22 | } | ||
23 | sleep 1 | ||
24 | send -- "exit\r" | ||
25 | sleep 1 | ||
26 | |||
27 | # evince | ||
28 | send -- "firejail --profile=/etc/firejail/evince.profile\r" | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 2\n";exit} | ||
31 | "Child process initialized" | ||
32 | } | ||
33 | sleep 1 | ||
34 | send -- "exit\r" | ||
35 | sleep 1 | ||
36 | |||
37 | # midori | ||
38 | send -- "firejail --profile=/etc/firejail/midori.profile\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 3\n";exit} | ||
41 | "Child process initialized" | ||
42 | } | ||
43 | sleep 1 | ||
44 | send -- "exit\r" | ||
45 | sleep 1 | ||
46 | |||
47 | |||
48 | puts "\n" | ||
diff --git a/test/test.sh b/test/test.sh index 7d43a5786..c986b5f29 100755 --- a/test/test.sh +++ b/test/test.sh | |||
@@ -12,6 +12,9 @@ done | |||
12 | 12 | ||
13 | ./fscheck.sh | 13 | ./fscheck.sh |
14 | 14 | ||
15 | echo "TESTING: invalid filename" | ||
16 | ./invalid_filename.exp | ||
17 | |||
15 | echo "TESTING: environment variables" | 18 | echo "TESTING: environment variables" |
16 | ./env.exp | 19 | ./env.exp |
17 | 20 | ||
@@ -276,9 +279,6 @@ echo "TESTING: profile read-only" | |||
276 | echo "TESTING: profile tmpfs" | 279 | echo "TESTING: profile tmpfs" |
277 | ./profile_tmpfs.exp | 280 | ./profile_tmpfs.exp |
278 | 281 | ||
279 | echo "TESTING: profile applications" | ||
280 | ./profile_apps.exp | ||
281 | |||
282 | echo "TESTING: private" | 282 | echo "TESTING: private" |
283 | ./private.exp `whoami` | 283 | ./private.exp `whoami` |
284 | 284 | ||