testing

author: netblue30 <netblue30@yahoo.com> 2015-08-20 09:06:07 -0400
committer: netblue30 <netblue30@yahoo.com> 2015-08-20 09:06:07 -0400
commit: cb585cc82af4318a888470a7da82cc89dd01774d (patch)
tree: ac68cbaa7f0464f097135984e55f2b2596497e8a
parent: Merge pull request #34 from pmillerchip/make-install (diff)
download: firejail-cb585cc82af4318a888470a7da82cc89dd01774d.tar.gz
firejail-cb585cc82af4318a888470a7da82cc89dd01774d.tar.zst
firejail-cb585cc82af4318a888470a7da82cc89dd01774d.zip
6 files changed, 138 insertions, 4 deletions
diff --git a/README b/README
index fabc20313..7513b492f 100644
--- a/README
+++ b/README
@@ -15,6 +15,12 @@ License: GPL v2
 Firejail Authors:
 netblue30 (netblue30@yahoo.com)
+Peter Millerchip (https://github.com/pmillerchip)
+        - memory allocation fix
+        - --private.keep to --private-home transition
+        - support for files and directories starting with ~ in blacklist option
+        - support for files and directories with spaces in blacklist option
+        - lots of other fixes
 Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/)
        - user namespace implementation
 Reiner Herrmann - a number of build patches, man page fixes, Debian integration
@@ -27,10 +33,6 @@ G4JC (http://sourceforge.net/u/gaming4jc/profile/)
 dewbasaur (https://github.com/dewbasaur)
        - block access to history files
        - Firefox PDF.js exploit (CVE-2015-4495) fixes
-Peter Millerchip (https://github.com/pmillerchip)
-        - memory allocation fix
-        - --private.keep to --private-home transition
-        - lots of other fixes
 Michael Haas (https://github.com/mhaas)
        - bugfixes
 mjudtmann (https://github.com/mjudtmann)
diff --git a/test/blacklist.exp b/test/blacklist.exp
new file mode 100755
index 000000000..70012d167
--- /dev/null
+++ b/test/blacklist.exp
@@ -0,0 +1,76 @@
+#!/usr/bin/expect -f
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+# directory with ~
+send -- "firejail --blacklist=~/.config\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "ls -al ~/.config\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "cannot open directory"
+}
+send -- "exit\r"
+sleep 1
+# directory with ~ in profile file
+send -- "firejail --profile=blacklist1.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "ls -al ~/.config\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "cannot open directory"
+}
+send -- "exit\r"
+sleep 1
+# directory with space
+send -- "firejail \"--blacklist=dir with space\"\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "ls -al \"dir with space\"\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "cannot open directory"
+}
+send -- "exit\r"
+sleep 1
+# directory with space in profile
+send -- "firejail --profile=blacklist2.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "ls -al \"dir with space\"\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "cannot open directory"
+}
+puts "\n"
diff --git a/test/blacklist1.profile b/test/blacklist1.profile
new file mode 100644
index 000000000..f12facd05
--- /dev/null
+++ b/test/blacklist1.profile
@@ -0,0 +1 @@
+blacklist ~/.config
diff --git a/test/blacklist2.profile b/test/blacklist2.profile
new file mode 100644
index 000000000..4bb603db2
--- /dev/null
+++ b/test/blacklist2.profile
@@ -0,0 +1 @@
+blacklist dir with space
diff --git a/test/private-etc.exp b/test/private-etc.exp
new file mode 100755
index 000000000..9df798e22
--- /dev/null
+++ b/test/private-etc.exp
@@ -0,0 +1,46 @@
+#!/usr/bin/expect -f
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+# directory with ~
+send -- "firejail --private-etc=passwd,group,resolv.conf,bash_completion.d,timezone\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "ls -al /etc\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "bash_completion.d"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "group"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "passwd"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "resolv.conf"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "timezone"
+}
+send -- "ls -al /etc\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "shadow" {puts "TESTING ERROR 8\n";exit}
+        "timezone"
+}
+sleep 1
+puts "\n"
diff --git a/test/test.sh b/test/test.sh
index 5fe01eb2a..83d249b4f 100755
--- a/test/test.sh
+++ b/test/test.sh
@@ -4,6 +4,14 @@
 ./fscheck.sh
+echo "TESTING: private-etc"
+./private-etc.exp
+mkdir dir\ with\ space
+echo "TESTING: blacklist"
+./blacklist.exp
+rm -fr dir\ with\ space
 echo "TESTING: version"
 ./option_version.exp
author	netblue30 <netblue30@yahoo.com>	2015-08-20 09:06:07 -0400
committer	netblue30 <netblue30@yahoo.com>	2015-08-20 09:06:07 -0400
commit	cb585cc82af4318a888470a7da82cc89dd01774d (patch)
tree	ac68cbaa7f0464f097135984e55f2b2596497e8a
parent	Merge pull request #34 from pmillerchip/make-install (diff)
download	firejail-cb585cc82af4318a888470a7da82cc89dd01774d.tar.gz firejail-cb585cc82af4318a888470a7da82cc89dd01774d.tar.zst firejail-cb585cc82af4318a888470a7da82cc89dd01774d.zip

diff --git a/README b/README index fabc20313..7513b492f 100644 --- a/README +++ b/README
@@ -15,6 +15,12 @@ License: GPL v2
15	Firejail Authors:	15	Firejail Authors:
16		16
17	netblue30 (netblue30@yahoo.com)	17	netblue30 (netblue30@yahoo.com)
		18	Peter Millerchip (https://github.com/pmillerchip)
		19	- memory allocation fix
		20	- --private.keep to --private-home transition
		21	- support for files and directories starting with ~ in blacklist option
		22	- support for files and directories with spaces in blacklist option
		23	- lots of other fixes
18	Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/)	24	Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/)
19	- user namespace implementation	25	- user namespace implementation
20	Reiner Herrmann - a number of build patches, man page fixes, Debian integration	26	Reiner Herrmann - a number of build patches, man page fixes, Debian integration
@@ -27,10 +33,6 @@ G4JC (http://sourceforge.net/u/gaming4jc/profile/)
27	dewbasaur (https://github.com/dewbasaur)	33	dewbasaur (https://github.com/dewbasaur)
28	- block access to history files	34	- block access to history files
29	- Firefox PDF.js exploit (CVE-2015-4495) fixes	35	- Firefox PDF.js exploit (CVE-2015-4495) fixes
30	Peter Millerchip (https://github.com/pmillerchip)
31	- memory allocation fix
32	- --private.keep to --private-home transition
33	- lots of other fixes
34	Michael Haas (https://github.com/mhaas)	36	Michael Haas (https://github.com/mhaas)
35	- bugfixes	37	- bugfixes
36	mjudtmann (https://github.com/mjudtmann)	38	mjudtmann (https://github.com/mjudtmann)


diff --git a/test/blacklist.exp b/test/blacklist.exp new file mode 100755 index 000000000..70012d167 --- /dev/null +++ b/test/blacklist.exp
@@ -0,0 +1,76 @@
		1	#!/usr/bin/expect -f
		2
		3	set timeout 10
		4	spawn $env(SHELL)
		5	match_max 100000
		6
		7	# directory with ~
		8	send -- "firejail --blacklist=~/.config\r"
		9	expect {
		10	timeout {puts "TESTING ERROR 1\n";exit}
		11	"Child process initialized"
		12	}
		13	sleep 1
		14
		15	send -- "ls -al ~/.config\r"
		16	expect {
		17	timeout {puts "TESTING ERROR 2\n";exit}
		18	"cannot open directory"
		19	}
		20
		21	send -- "exit\r"
		22	sleep 1
		23
		24	# directory with ~ in profile file
		25	send -- "firejail --profile=blacklist1.profile\r"
		26	expect {
		27	timeout {puts "TESTING ERROR 3\n";exit}
		28	"Child process initialized"
		29	}
		30	sleep 1
		31
		32	send -- "ls -al ~/.config\r"
		33	expect {
		34	timeout {puts "TESTING ERROR 4\n";exit}
		35	"cannot open directory"
		36	}
		37
		38	send -- "exit\r"
		39	sleep 1
		40
		41
		42	# directory with space
		43	send -- "firejail \"--blacklist=dir with space\"\r"
		44	expect {
		45	timeout {puts "TESTING ERROR 5\n";exit}
		46	"Child process initialized"
		47	}
		48	sleep 1
		49
		50	send -- "ls -al \"dir with space\"\r"
		51	expect {
		52	timeout {puts "TESTING ERROR 6\n";exit}
		53	"cannot open directory"
		54	}
		55
		56	send -- "exit\r"
		57	sleep 1
		58
		59	# directory with space in profile
		60	send -- "firejail --profile=blacklist2.profile\r"
		61	expect {
		62	timeout {puts "TESTING ERROR 7\n";exit}
		63	"Child process initialized"
		64	}
		65	sleep 1
		66
		67	send -- "ls -al \"dir with space\"\r"
		68	expect {
		69	timeout {puts "TESTING ERROR 8\n";exit}
		70	"cannot open directory"
		71	}
		72
		73
		74
		75	puts "\n"
		76


diff --git a/test/blacklist1.profile b/test/blacklist1.profile new file mode 100644 index 000000000..f12facd05 --- /dev/null +++ b/test/blacklist1.profile
@@ -0,0 +1 @@
			blacklist ~/.config


diff --git a/test/blacklist2.profile b/test/blacklist2.profile new file mode 100644 index 000000000..4bb603db2 --- /dev/null +++ b/test/blacklist2.profile
@@ -0,0 +1 @@
			blacklist dir with space


diff --git a/test/private-etc.exp b/test/private-etc.exp new file mode 100755 index 000000000..9df798e22 --- /dev/null +++ b/test/private-etc.exp
@@ -0,0 +1,46 @@
		1	#!/usr/bin/expect -f
		2
		3	set timeout 10
		4	spawn $env(SHELL)
		5	match_max 100000
		6
		7	# directory with ~
		8	send -- "firejail --private-etc=passwd,group,resolv.conf,bash_completion.d,timezone\r"
		9	expect {
		10	timeout {puts "TESTING ERROR 1\n";exit}
		11	"Child process initialized"
		12	}
		13	sleep 1
		14
		15	send -- "ls -al /etc\r"
		16	expect {
		17	timeout {puts "TESTING ERROR 2\n";exit}
		18	"bash_completion.d"
		19	}
		20	expect {
		21	timeout {puts "TESTING ERROR 3\n";exit}
		22	"group"
		23	}
		24	expect {
		25	timeout {puts "TESTING ERROR 4\n";exit}
		26	"passwd"
		27	}
		28	expect {
		29	timeout {puts "TESTING ERROR 5\n";exit}
		30	"resolv.conf"
		31	}
		32	expect {
		33	timeout {puts "TESTING ERROR 6\n";exit}
		34	"timezone"
		35	}
		36
		37	send -- "ls -al /etc\r"
		38	expect {
		39	timeout {puts "TESTING ERROR 7\n";exit}
		40	"shadow" {puts "TESTING ERROR 8\n";exit}
		41	"timezone"
		42	}
		43
		44	sleep 1
		45	puts "\n"
		46


diff --git a/test/test.sh b/test/test.sh index 5fe01eb2a..83d249b4f 100755 --- a/test/test.sh +++ b/test/test.sh
@@ -4,6 +4,14 @@
4		4
5	./fscheck.sh	5	./fscheck.sh
6		6
		7	echo "TESTING: private-etc"
		8	./private-etc.exp
		9
		10	mkdir dir\ with\ space
		11	echo "TESTING: blacklist"
		12	./blacklist.exp
		13	rm -fr dir\ with\ space
		14
7	echo "TESTING: version"	15	echo "TESTING: version"
8	./option_version.exp	16	./option_version.exp
9		17