cleanup

5 files changed, 127 insertions, 59 deletions

diff --git a/gcov.sh b/gcov.sh
new file mode 100755
index 000000000..ffacce6b5
--- /dev/null
+++ b/gcov.sh
@@ -0,0 +1,71 @@
+#!/bin/bash
+
+generate() {
+        lcov --capture -d src/firejail -d src/firemon -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg --output-file gcov-file
+        rm -fr gcov-dir
+        genhtml gcov-file --output-directory gcov-dir
+}
+
+# init
+USER=`whoami`
+firejail --help
+firemon --help
+/usr/lib/firejail/fnet --help
+/usr/lib/firejail/fseccomp --help
+/usr/lib/firejail/ftee --help
+firecfg --help
+sudo chown $USER:$USER `find .`
+generate
+
+# running tests
+make test-root
+generate
+sleep 2
+
+make test-network
+generate
+sleep 2
+
+make test-appimage
+generate
+sleep 2
+
+make test-overlay
+generate
+sleep 2
+
+make test-profiles
+generate
+sleep 2
+
+make test-fs
+generate
+sleep 2
+
+make test-utils
+generate
+sleep 2
+
+make test-environment
+generate
+sleep 2
+
+make test-apps
+generate
+sleep 2
+
+make test-apps-x11
+generate
+sleep 2
+
+make test-apps-x11-xorg 
+generate
+sleep 2
+
+make test-filters 
+generate
+sleep 2
+
+make test-arguments
+generate
+sleep 2
diff --git a/src/firejail/caps.c b/src/firejail/caps.c
index 3fd8b576e..ba811cada 100644
--- a/src/firejail/caps.c
+++ b/src/firejail/caps.c
@@ -168,17 +168,6 @@ static CapsEntry capslist[] = {
 //
 }; // end of capslist
 
-const char *caps_find_nr(int nr) {
-        int i;
-        int elems = sizeof(capslist) / sizeof(capslist[0]);
-        for (i = 0; i < elems; i++) {
-                if (nr == capslist[i].nr)
-                        return capslist[i].name;
-        }
-        
-        return "unknown";
-}
-
 // return -1 if error, or syscall number
 static int caps_find_name(const char *name) {
         int i;
@@ -397,7 +386,7 @@ static uint64_t extract_caps(int pid) {
         }
         fclose(fp);
         free(file);
-        printf("Error: cannot read caps configuration\n");
+        fprintf(stderr, "Error: cannot read caps configuration\n");
         exit(1);
 }
 
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 9d8021219..564dc8290 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -530,11 +530,7 @@ void fs_whitelist(void) {
         // /home/user
         if (home_dir) {
                 // keep a copy of real home dir in RUN_WHITELIST_HOME_USER_DIR
-                int rv = mkdir(RUN_WHITELIST_HOME_USER_DIR, 0755);
-                if (rv == -1)
-                        errExit("mkdir");
-                if (set_perms(RUN_WHITELIST_HOME_USER_DIR, getuid(), getgid(), 0755))
-                        errExit("set_perms");
+                mkdir_attr(RUN_WHITELIST_HOME_USER_DIR, 0755, getuid(), getgid());
                 if (mount(cfg.homedir, RUN_WHITELIST_HOME_USER_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
                         errExit("mount bind");
         
@@ -545,12 +541,7 @@ void fs_whitelist(void) {
         // /tmp mountpoint
         if (tmp_dir) {
                 // keep a copy of real /tmp directory in  
-                int rv = mkdir(RUN_WHITELIST_TMP_DIR, 1777);
-                if (rv == -1)
-                        errExit("mkdir");
-                if (set_perms(RUN_WHITELIST_TMP_DIR, 0, 0, 1777))
-                        errExit("set_perms");
-        
+                mkdir_attr(RUN_WHITELIST_TMP_DIR, 1777, 0, 0);
                 if (mount("/tmp", RUN_WHITELIST_TMP_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
                         errExit("mount bind");
         
@@ -568,12 +559,7 @@ void fs_whitelist(void) {
                 struct stat s;
                 if (stat("/media", &s) == 0) {
                         // keep a copy of real /media directory in RUN_WHITELIST_MEDIA_DIR
-                        int rv = mkdir(RUN_WHITELIST_MEDIA_DIR, 0755);
-                        if (rv == -1)
-                                errExit("mkdir");
-                        if (set_perms(RUN_WHITELIST_MEDIA_DIR, 0, 0, 0755))
-                                errExit("set_perms");
-        
+                        mkdir_attr(RUN_WHITELIST_MEDIA_DIR, 0755, 0, 0);
                         if (mount("/media", RUN_WHITELIST_MEDIA_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
                                 errExit("mount bind");
         
@@ -594,12 +580,7 @@ void fs_whitelist(void) {
                 struct stat s;
                 if (stat("/mnt", &s) == 0) {
                         // keep a copy of real /mnt directory in RUN_WHITELIST_MNT_DIR
-                        int rv = mkdir(RUN_WHITELIST_MNT_DIR, 0755);
-                        if (rv == -1)
-                                errExit("mkdir");
-                        if (set_perms(RUN_WHITELIST_MNT_DIR, 0, 0, 0755))
-                                errExit("set_perms");
-
+                        mkdir_attr(RUN_WHITELIST_MNT_DIR, 0755, 0, 0);
                         if (mount("/mnt", RUN_WHITELIST_MNT_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
                                 errExit("mount bind");
 
@@ -618,12 +599,7 @@ void fs_whitelist(void) {
         // /var mountpoint
         if (var_dir) {
                 // keep a copy of real /var directory in RUN_WHITELIST_VAR_DIR
-                int rv = mkdir(RUN_WHITELIST_VAR_DIR, 0755);
-                if (rv == -1)
-                        errExit("mkdir");
-                if (set_perms(RUN_WHITELIST_VAR_DIR, 0, 0, 0755))
-                        errExit("set_perms");
-        
+                mkdir_attr(RUN_WHITELIST_VAR_DIR, 0755, 0, 0);
                 if (mount("/var", RUN_WHITELIST_VAR_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
                         errExit("mount bind");
         
@@ -638,12 +614,7 @@ void fs_whitelist(void) {
         // /dev mountpoint
         if (dev_dir) {
                 // keep a copy of real /dev directory in RUN_WHITELIST_DEV_DIR
-                int rv = mkdir(RUN_WHITELIST_DEV_DIR, 0755);
-                if (rv == -1)
-                        errExit("mkdir");
-                if (set_perms(RUN_WHITELIST_DEV_DIR, 0, 0, 0755))
-                        errExit("set_perms");
-        
+                mkdir_attr(RUN_WHITELIST_DEV_DIR, 0755, 0, 0);
                 if (mount("/dev", RUN_WHITELIST_DEV_DIR, NULL, MS_BIND|MS_REC,  "mode=755,gid=0") < 0)
                         errExit("mount bind");
         
@@ -658,12 +629,7 @@ void fs_whitelist(void) {
         // /opt mountpoint
         if (opt_dir) {
                 // keep a copy of real /opt directory in RUN_WHITELIST_OPT_DIR
-                int rv = mkdir(RUN_WHITELIST_OPT_DIR, 0755);
-                if (rv == -1)
-                        errExit("mkdir");
-                if (set_perms(RUN_WHITELIST_OPT_DIR, 0, 0, 0755))
-                        errExit("set_perms");
-        
+                mkdir_attr(RUN_WHITELIST_OPT_DIR, 0755, 0, 0);
                 if (mount("/opt", RUN_WHITELIST_OPT_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
                         errExit("mount bind");
         
@@ -681,12 +647,7 @@ void fs_whitelist(void) {
                 struct stat s;
                 if (stat("/srv", &s) == 0) {
                         // keep a copy of real /srv directory in RUN_WHITELIST_SRV_DIR
-                        int rv = mkdir(RUN_WHITELIST_SRV_DIR, 0755);
-                        if (rv == -1)
-                                errExit("mkdir");
-                        if (set_perms(RUN_WHITELIST_SRV_DIR, 0, 0, 0755))
-                                errExit("set_perms");
-
+                        mkdir_attr(RUN_WHITELIST_SRV_DIR, 0755, 0, 0);
                         if (mount("/srv", RUN_WHITELIST_SRV_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
                                 errExit("mount bind");
 
diff --git a/test/rlimit/rlimit.sh b/test/rlimit/rlimit.sh
new file mode 100755
index 000000000..d85497176
--- /dev/null
+++ b/test/rlimit/rlimit.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+
+export MALLOC_CHECK_=3
+export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
+
+echo "TESTING: rlimit (test/rlimit/rlimit.exp)"
+./rlimit.exp
+
+echo "TESTING: rlimit profile (test/rlimit/rlimit-profile.exp)"
+./rlimit-profile.exp
+
diff --git a/test/root/private.exp b/test/root/private.exp
new file mode 100755
index 000000000..4040081ee
--- /dev/null
+++ b/test/root/private.exp
@@ -0,0 +1,33 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --private\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+send --  "ls -l /home\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "total 0"
+}
+after 100
+
+send --  "ls -l /root\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "total 0"
+}
+after 100
+
+send -- "exit\r"
+after 100
+puts "\nall done\n"