testing

author: netblue30 <netblue30@yahoo.com> 2016-11-10 07:18:24 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-11-10 07:18:24 -0500
commit: 334c79edd83377a09c138800c0a2fefaf9c7981f (patch)
tree: 4511f4a41338d8a59c302b10588c974aeffd5a46
parent: fixed --top (diff)
download: firejail-334c79edd83377a09c138800c0a2fefaf9c7981f.tar.gz
firejail-334c79edd83377a09c138800c0a2fefaf9c7981f.tar.zst
firejail-334c79edd83377a09c138800c0a2fefaf9c7981f.zip
9 files changed, 216 insertions, 3 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index f01094af9..4759e6a5f 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -517,9 +517,11 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                        struct stat s;
                        int rv;
                        if (stat("/proc/sys/kernel/grsecurity", &s) == 0)
-                                rv = sbox_run(SBOX_ROOT | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FIREMON, "--netstats");
+                                rv = sbox_run(SBOX_ROOT | SBOX_CAPS_NONE | SBOX_SECCOMP | SBOX_ALLOW_STDIN,
+                                        2, PATH_FIREMON, "--netstats");
                        else
-                                rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FIREMON, "--netstats");
+                                rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP | SBOX_ALLOW_STDIN,
+                                        2, PATH_FIREMON, "--netstats");
                        exit(rv);
                }
                else {
diff --git a/src/fnet/veth.c b/src/fnet/veth.c
index d06bc9256..546fafcec 100644
--- a/src/fnet/veth.c
+++ b/src/fnet/veth.c
@@ -111,6 +111,8 @@ int net_create_veth(const char *dev, const char *nsdev, unsigned pid) {
        if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0)
                exit(2);
+        rtnl_close(&rth);
+        
        return 0;
 }
@@ -173,6 +175,8 @@ int net_create_macvlan(const char *dev, const char *parent, unsigned pid) {
        if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0)
                exit(2);
+        rtnl_close(&rth);
+        
        return 0;
 }
@@ -209,6 +213,8 @@ int net_move_interface(const char *dev, unsigned pid) {
        if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0)
                exit(2);
+        rtnl_close(&rth);
+        
        return 0;
 }
diff --git a/test/network/firemon-arp.exp b/test/network/firemon-arp.exp
index 0a543c3b4..e40ffb609 100755
--- a/test/network/firemon-arp.exp
+++ b/test/network/firemon-arp.exp
@@ -47,4 +47,4 @@ expect {
 }
 after 100
-puts "\nall done\n""
+puts "\nall done\n"
diff --git a/test/network/firemon-interfaces.exp b/test/network/firemon-interfaces.exp
new file mode 100755
index 000000000..deb8594af
--- /dev/null
+++ b/test/network/firemon-interfaces.exp
@@ -0,0 +1,67 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --net=eth0 --name=test1\r"
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "Child process initialized"
+}
+sleep 1
+spawn $env(SHELL)
+send -- "firejail --net=eth0 --name=test2\r"
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "Child process initialized"
+}
+sleep 1
+spawn $env(SHELL)
+send -- "firemon --interface\r"
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "Link status"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "lo UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "eth0-"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "IPv4 status"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "lo UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "eth0-"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "IPv6 status"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "lo UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "eth0-"
+}
+after 100
+puts "\n"
diff --git a/test/network/netstats.exp b/test/network/netstats.exp
new file mode 100755
index 000000000..41232061d
--- /dev/null
+++ b/test/network/netstats.exp
@@ -0,0 +1,39 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --net=eth0 --name=test1\r"
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "Child process initialized"
+}
+sleep 1
+spawn $env(SHELL)
+send -- "firejail --net=eth0 --name=test2\r"
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "Child process initialized"
+}
+sleep 1
+spawn $env(SHELL)
+send -- "firejail --netstats\r"
+sleep 4
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "name=test1"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "name=test2"
+}
+after 100
+puts "\n"
diff --git a/test/network/network.sh b/test/network/network.sh
index 28f707952..e1646d64a 100755
--- a/test/network/network.sh
+++ b/test/network/network.sh
@@ -8,9 +8,15 @@ export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
 sudo ./configure
+echo "TESTING: firemon interface (firemon-interfaces.exp)"
+sudo ./firemon-interfaces.exp
 echo "TESTING: firemon arp (firemon-arp.exp)"
 ./firemon-arp.exp
+echo "TESTING: firemon netstats (netstats.exp)"
+./netstats.exp
 echo "TESTING: firemon route (firemon-route.exp)"
 ./firemon-route.exp
diff --git a/test/utils/firemon-cpu.exp b/test/utils/firemon-cpu.exp
new file mode 100755
index 000000000..22e44512c
--- /dev/null
+++ b/test/utils/firemon-cpu.exp
@@ -0,0 +1,44 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send --  "firejail --name=test1\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+spawn $env(SHELL)
+send --  "firejail --name=test2\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+spawn $env(SHELL)
+send --  "firemon --cpu\r"
+sleep 4
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "name=test1"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Cpus_allowed_list"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "name=test2"
+}
+after 100
+puts "\nall done\n"
diff --git a/test/utils/top.exp b/test/utils/top.exp
new file mode 100755
index 000000000..d530e5a85
--- /dev/null
+++ b/test/utils/top.exp
@@ -0,0 +1,40 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send --  "firejail --name=test1\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+spawn $env(SHELL)
+send --  "firejail --name=test2\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+spawn $env(SHELL)
+send --  "firejail --top\r"
+sleep 4
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "name=test1"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "name=test2"
+}
+after 100
+puts "\nall done\n"
diff --git a/test/utils/utils.sh b/test/utils/utils.sh
index ff4e5e086..557f2c961 100755
--- a/test/utils/utils.sh
+++ b/test/utils/utils.sh
@@ -88,6 +88,15 @@ echo "TESTING: firemon --seccomp (test/utils/seccomp.exp)"
 echo "TESTING: firemon --caps (test/utils/caps.exp)"
 ./caps.exp
+echo "TESTING: top (test/utils/top.exp)"
+./top.exp
 echo "TESTING: file transfer (test/utils/ls.exp)"
 ./ls.exp
+echo "TESTING: firemon cpu (test/utils/firemon-cpu.exp)"
+./firemon-cpu.exp
+echo "TESTING: firemon cgroup (test/utils/firemon-cgroup.exp)"
+./firemon-cgroup.exp
author	netblue30 <netblue30@yahoo.com>	2016-11-10 07:18:24 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-11-10 07:18:24 -0500
commit	334c79edd83377a09c138800c0a2fefaf9c7981f (patch)
tree	4511f4a41338d8a59c302b10588c974aeffd5a46
parent	fixed --top (diff)
download	firejail-334c79edd83377a09c138800c0a2fefaf9c7981f.tar.gz firejail-334c79edd83377a09c138800c0a2fefaf9c7981f.tar.zst firejail-334c79edd83377a09c138800c0a2fefaf9c7981f.zip

diff --git a/src/firejail/main.c b/src/firejail/main.c index f01094af9..4759e6a5f 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -517,9 +517,11 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
517	struct stat s;	517	struct stat s;
518	int rv;	518	int rv;
519	if (stat("/proc/sys/kernel/grsecurity", &s) == 0)	519	if (stat("/proc/sys/kernel/grsecurity", &s) == 0)
520	rv = sbox_run(SBOX_ROOT \| SBOX_CAPS_NONE \| SBOX_SECCOMP, 2, PATH_FIREMON, "--netstats");	520	rv = sbox_run(SBOX_ROOT \| SBOX_CAPS_NONE \| SBOX_SECCOMP \| SBOX_ALLOW_STDIN,
		521	2, PATH_FIREMON, "--netstats");
521	else	522	else
522	rv = sbox_run(SBOX_USER \| SBOX_CAPS_NONE \| SBOX_SECCOMP, 2, PATH_FIREMON, "--netstats");	523	rv = sbox_run(SBOX_USER \| SBOX_CAPS_NONE \| SBOX_SECCOMP \| SBOX_ALLOW_STDIN,
		524	2, PATH_FIREMON, "--netstats");
523	exit(rv);	525	exit(rv);
524	}	526	}
525	else {	527	else {


diff --git a/src/fnet/veth.c b/src/fnet/veth.c index d06bc9256..546fafcec 100644 --- a/src/fnet/veth.c +++ b/src/fnet/veth.c
@@ -111,6 +111,8 @@ int net_create_veth(const char dev, const char nsdev, unsigned pid) {
111	if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0)	111	if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0)
112	exit(2);	112	exit(2);
113		113
		114	rtnl_close(&rth);
		115
114	return 0;	116	return 0;
115	}	117	}
116		118
@@ -173,6 +175,8 @@ int net_create_macvlan(const char dev, const char parent, unsigned pid) {
173	if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0)	175	if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0)
174	exit(2);	176	exit(2);
175		177
		178	rtnl_close(&rth);
		179
176	return 0;	180	return 0;
177	}	181	}
178		182
@@ -209,6 +213,8 @@ int net_move_interface(const char *dev, unsigned pid) {
209	if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0)	213	if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0)
210	exit(2);	214	exit(2);
211		215
		216	rtnl_close(&rth);
		217
212	return 0;	218	return 0;
213	}	219	}
214		220


diff --git a/test/network/firemon-arp.exp b/test/network/firemon-arp.exp index 0a543c3b4..e40ffb609 100755 --- a/test/network/firemon-arp.exp +++ b/test/network/firemon-arp.exp
@@ -47,4 +47,4 @@ expect {
47	}	47	}
48	after 100	48	after 100
49		49
50	puts "\nall done\n""	50	puts "\nall done\n"


diff --git a/test/network/firemon-interfaces.exp b/test/network/firemon-interfaces.exp new file mode 100755 index 000000000..deb8594af --- /dev/null +++ b/test/network/firemon-interfaces.exp
@@ -0,0 +1,67 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2016 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --net=eth0 --name=test1\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 9\n";exit}
		13	"Child process initialized"
		14	}
		15	sleep 1
		16
		17	spawn $env(SHELL)
		18	send -- "firejail --net=eth0 --name=test2\r"
		19	expect {
		20	timeout {puts "TESTING ERROR 9\n";exit}
		21	"Child process initialized"
		22	}
		23	sleep 1
		24
		25	spawn $env(SHELL)
		26	send -- "firemon --interface\r"
		27	expect {
		28	timeout {puts "TESTING ERROR 9\n";exit}
		29	"Link status"
		30	}
		31	expect {
		32	timeout {puts "TESTING ERROR 9\n";exit}
		33	"lo UP"
		34	}
		35	expect {
		36	timeout {puts "TESTING ERROR 9\n";exit}
		37	"eth0-"
		38	}
		39	expect {
		40	timeout {puts "TESTING ERROR 9\n";exit}
		41	"IPv4 status"
		42	}
		43	expect {
		44	timeout {puts "TESTING ERROR 9\n";exit}
		45	"lo UP"
		46	}
		47	expect {
		48	timeout {puts "TESTING ERROR 9\n";exit}
		49	"eth0-"
		50	}
		51	expect {
		52	timeout {puts "TESTING ERROR 9\n";exit}
		53	"IPv6 status"
		54	}
		55	expect {
		56	timeout {puts "TESTING ERROR 9\n";exit}
		57	"lo UP"
		58	}
		59	expect {
		60	timeout {puts "TESTING ERROR 9\n";exit}
		61	"eth0-"
		62	}
		63
		64	after 100
		65
		66	puts "\n"
		67


diff --git a/test/network/netstats.exp b/test/network/netstats.exp new file mode 100755 index 000000000..41232061d --- /dev/null +++ b/test/network/netstats.exp
@@ -0,0 +1,39 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2016 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --net=eth0 --name=test1\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 9\n";exit}
		13	"Child process initialized"
		14	}
		15	sleep 1
		16
		17	spawn $env(SHELL)
		18	send -- "firejail --net=eth0 --name=test2\r"
		19	expect {
		20	timeout {puts "TESTING ERROR 9\n";exit}
		21	"Child process initialized"
		22	}
		23	sleep 1
		24
		25	spawn $env(SHELL)
		26	send -- "firejail --netstats\r"
		27	sleep 4
		28	expect {
		29	timeout {puts "TESTING ERROR 9\n";exit}
		30	"name=test1"
		31	}
		32	expect {
		33	timeout {puts "TESTING ERROR 9\n";exit}
		34	"name=test2"
		35	}
		36	after 100
		37
		38	puts "\n"
		39


diff --git a/test/network/network.sh b/test/network/network.sh index 28f707952..e1646d64a 100755 --- a/test/network/network.sh +++ b/test/network/network.sh
@@ -8,9 +8,15 @@ export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
8		8
9	sudo ./configure	9	sudo ./configure
10		10
		11	echo "TESTING: firemon interface (firemon-interfaces.exp)"
		12	sudo ./firemon-interfaces.exp
		13
11	echo "TESTING: firemon arp (firemon-arp.exp)"	14	echo "TESTING: firemon arp (firemon-arp.exp)"
12	./firemon-arp.exp	15	./firemon-arp.exp
13		16
		17	echo "TESTING: firemon netstats (netstats.exp)"
		18	./netstats.exp
		19
14	echo "TESTING: firemon route (firemon-route.exp)"	20	echo "TESTING: firemon route (firemon-route.exp)"
15	./firemon-route.exp	21	./firemon-route.exp
16		22


diff --git a/test/utils/firemon-cpu.exp b/test/utils/firemon-cpu.exp new file mode 100755 index 000000000..22e44512c --- /dev/null +++ b/test/utils/firemon-cpu.exp
@@ -0,0 +1,44 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2016 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --name=test1\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	"Child process initialized"
		14	}
		15	sleep 1
		16
		17	spawn $env(SHELL)
		18	send -- "firejail --name=test2\r"
		19	expect {
		20	timeout {puts "TESTING ERROR 1\n";exit}
		21	"Child process initialized"
		22	}
		23	sleep 1
		24
		25	spawn $env(SHELL)
		26	send -- "firemon --cpu\r"
		27	sleep 4
		28	expect {
		29	timeout {puts "TESTING ERROR 2\n";exit}
		30	"name=test1"
		31	}
		32	expect {
		33	timeout {puts "TESTING ERROR 3\n";exit}
		34	"Cpus_allowed_list"
		35	}
		36	expect {
		37	timeout {puts "TESTING ERROR 4\n";exit}
		38	"name=test2"
		39	}
		40
		41	after 100
		42
		43	puts "\nall done\n"
		44


diff --git a/test/utils/top.exp b/test/utils/top.exp new file mode 100755 index 000000000..d530e5a85 --- /dev/null +++ b/test/utils/top.exp
@@ -0,0 +1,40 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2016 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --name=test1\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	"Child process initialized"
		14	}
		15	sleep 1
		16
		17	spawn $env(SHELL)
		18	send -- "firejail --name=test2\r"
		19	expect {
		20	timeout {puts "TESTING ERROR 1\n";exit}
		21	"Child process initialized"
		22	}
		23	sleep 1
		24
		25	spawn $env(SHELL)
		26	send -- "firejail --top\r"
		27	sleep 4
		28	expect {
		29	timeout {puts "TESTING ERROR 2\n";exit}
		30	"name=test1"
		31	}
		32	expect {
		33	timeout {puts "TESTING ERROR 2\n";exit}
		34	"name=test2"
		35	}
		36
		37	after 100
		38
		39	puts "\nall done\n"
		40


diff --git a/test/utils/utils.sh b/test/utils/utils.sh index ff4e5e086..557f2c961 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh
@@ -88,6 +88,15 @@ echo "TESTING: firemon --seccomp (test/utils/seccomp.exp)"
88	echo "TESTING: firemon --caps (test/utils/caps.exp)"	88	echo "TESTING: firemon --caps (test/utils/caps.exp)"
89	./caps.exp	89	./caps.exp
90		90
		91	echo "TESTING: top (test/utils/top.exp)"
		92	./top.exp
		93
91	echo "TESTING: file transfer (test/utils/ls.exp)"	94	echo "TESTING: file transfer (test/utils/ls.exp)"
92	./ls.exp	95	./ls.exp
93		96
		97	echo "TESTING: firemon cpu (test/utils/firemon-cpu.exp)"
		98	./firemon-cpu.exp
		99
		100	echo "TESTING: firemon cgroup (test/utils/firemon-cgroup.exp)"
		101	./firemon-cgroup.exp
		102