profile cleanup, addinghexchat profile

author: netblue30 <netblue30@yahoo.com> 2015-11-28 07:37:32 -0500
committer: netblue30 <netblue30@yahoo.com> 2015-11-28 07:37:32 -0500
commit: 2b8b8e54968d068599d5800f88869efcadd316ac (patch)
tree: 692c29ee317a72c9c9a4bb11101084ca910bb651
parent: weechat profile integration (diff)
download: firejail-2b8b8e54968d068599d5800f88869efcadd316ac.tar.gz
firejail-2b8b8e54968d068599d5800f88869efcadd316ac.tar.zst
firejail-2b8b8e54968d068599d5800f88869efcadd316ac.zip
17 files changed, 313 insertions, 4 deletions
diff --git a/Makefile.in b/Makefile.in
index 89383bb27..c074c97e5 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -119,6 +119,8 @@ realinstall:
        install -c -m 0644 .etc/webserver.net $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/bitlbee.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/weechat.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/weechat-curses.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/hexchat.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        bash -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
        rm -fr .etc
        # man pages
diff --git a/RELNOTES b/RELNOTES
index ddd90218b..172e44bc9 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,5 +1,5 @@
 firejail (0.9.35) baseline; urgency=low
-  * added  unbound, dnscrypt-proxy, BitlBee, and WeeChat profiles
+  * added  unbound, dnscrypt-proxy, BitlBee, HexChat and WeeChat profiles
  * added --noblacklist option
  * whitelist command enhancements
  * prevent leaking user information by modifying /home directory,
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index a363d1369..177588f5b 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -38,6 +38,7 @@ blacklist ${HOME}/.remmina
 # Other
 blacklist ${HOME}/.tconn
 blacklist ${HOME}/.FBReader
+blacklist ${HOME}/.wine
 # X11 session autostart
 blacklist ${HOME}/.xinitrc
diff --git a/etc/hexchat.profile b/etc/hexchat.profile
new file mode 100644
index 000000000..61c9ac5bb
--- /dev/null
+++ b/etc/hexchat.profile
@@ -0,0 +1,10 @@
+# HexChat profile
+noblacklist ${HOME}/.config/hexchat
+include /etc/firejail/disable-mgmt.inc
+include /etc/firejail/disable-secret.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+caps.drop all
+seccomp
+protocol unix,inet,inet6
+noroot
diff --git a/etc/weechat-curses.profile b/etc/weechat-curses.profile
new file mode 100644
index 000000000..f7c1b6590
--- /dev/null
+++ b/etc/weechat-curses.profile
@@ -0,0 +1,2 @@
+# Weechat profile (Debian)
+include /etc/firejail/weechat.profile
diff --git a/etc/wine.profile b/etc/wine.profile
index e3dd081eb..8a7f66773 100644
--- a/etc/wine.profile
+++ b/etc/wine.profile
@@ -1,6 +1,7 @@
 # wine profile
 noblacklist ${HOME}/.steam
 noblacklist ${HOME}/.local/share/steam
+noblacklist ${HOME}/.wine
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
diff --git a/etc/xchat.profile b/etc/xchat.profile
index a9f56cda4..37e1371e6 100644
--- a/etc/xchat.profile
+++ b/etc/xchat.profile
@@ -1,4 +1,5 @@
 # XChat profile
+noblacklist ${HOME}/.config/xchat
 include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index fd82a4e8c..c0d07a446 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -46,3 +46,5 @@
 /etc/firejail/webserver.net
 /etc/firejail/bitlbee.profile
 /etc/firejail/weechat.profile
+/etc/firejail/weechat-curses.profile
+/etc/firejail/hexchat.profile
diff --git a/test/evince.exp b/test/evince.exp
index 7b115144c..ba6ca1b6d 100755
--- a/test/evince.exp
+++ b/test/evince.exp
@@ -13,7 +13,7 @@ expect {
        timeout {puts "TESTING ERROR 1\n";exit}
        "Child process initialized"
 }
-sleep 10
+sleep 3
 spawn $env(SHELL)
 send -- "firejail --list\r"
diff --git a/test/fbreader.exp b/test/fbreader.exp
index 546710b97..a4df50932 100755
--- a/test/fbreader.exp
+++ b/test/fbreader.exp
@@ -13,7 +13,7 @@ expect {
        timeout {puts "TESTING ERROR 1\n";exit}
        "Child process initialized"
 }
-sleep 10
+sleep 3
 spawn $env(SHELL)
 send -- "firejail --list\r"
diff --git a/test/hexchat.exp b/test/hexchat.exp
new file mode 100755
index 000000000..0653bcb13
--- /dev/null
+++ b/test/hexchat.exp
@@ -0,0 +1,71 @@
+#!/usr/bin/expect -f
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail hexchat\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Reading profile /etc/firejail/hexchat.profile"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 3
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "hexchat"
+}
+sleep 1
+send -- "firejail --name=blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+spawn $env(SHELL)
+send -- "firemon --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "hexchat"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
+        "Seccomp:       2"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "name=blablabla"
+}
+sleep 1
+send -- "firemon --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "hexchat"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "0000000000000000"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.3\n";exit}
+        "name=blablabla"
+}
+sleep 1
+puts "\n"
diff --git a/test/test.sh b/test/test.sh
index fdb1f8ed7..aaae2a981 100755
--- a/test/test.sh
+++ b/test/test.sh
@@ -260,6 +260,41 @@ else
        echo "TESTING: gnome-mplayer not found"
 fi
+which xchat
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: xchat"
+        ./xchat.exp
+else
+        echo "TESTING: xchat not found"
+fi
+which hexchat
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: hexchat"
+        ./hexchat.exp
+else
+        echo "TESTING: hexchat not found"
+fi
+which weechat-curses
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: weechat"
+        ./weechat.exp
+else
+        echo "TESTING: weechat not found"
+fi
+#which wine
+#if [ "$?" -eq 0 ];
+#then
+#       echo "TESTING: wine"
+#       ./wine.exp
+#else
+#       echo "TESTING: wine not found"
+#fi
diff --git a/test/vlc.exp b/test/vlc.exp
index 8ab5aa2ce..53d25c9dd 100755
--- a/test/vlc.exp
+++ b/test/vlc.exp
@@ -13,7 +13,7 @@ expect {
        timeout {puts "TESTING ERROR 1\n";exit}
        "Child process initialized"
 }
-sleep 10
+sleep 3
 spawn $env(SHELL)
 send -- "firejail --list\r"
diff --git a/test/weechat.exp b/test/weechat.exp
new file mode 100755
index 000000000..ac2430280
--- /dev/null
+++ b/test/weechat.exp
@@ -0,0 +1,71 @@
+#!/usr/bin/expect -f
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail weechat-curses\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Reading profile /etc/firejail/weechat.profile"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 3
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "weechat-curses"
+}
+sleep 1
+send -- "firejail --name=blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+spawn $env(SHELL)
+send -- "firemon --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "weechat-curses"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
+        "Seccomp:       2"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "name=blablabla"
+}
+sleep 1
+send -- "firemon --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "weechat-curses"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "0000000000000000"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.3\n";exit}
+        "name=blablabla"
+}
+sleep 1
+puts "\n"
diff --git a/test/wine.exp b/test/wine.exp
new file mode 100755
index 000000000..d87c1f205
--- /dev/null
+++ b/test/wine.exp
@@ -0,0 +1,30 @@
+#!/usr/bin/expect -f
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail wine --help\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Reading profile /etc/firejail/wine.profile"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Usage: wine PROGRAM"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "wine --version"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "parent is shutting down, bye..."
+}
+puts "\nall done\n"
diff --git a/test/xchat.exp b/test/xchat.exp
new file mode 100755
index 000000000..babbcf87d
--- /dev/null
+++ b/test/xchat.exp
@@ -0,0 +1,71 @@
+#!/usr/bin/expect -f
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail xchat\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Reading profile /etc/firejail/xchat.profile"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 3
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "xchat"
+}
+sleep 1
+send -- "firejail --name=blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+spawn $env(SHELL)
+send -- "firemon --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        " xchat"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
+        "Seccomp:       2"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "name=blablabla"
+}
+sleep 1
+send -- "firemon --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        " xchat"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "0000000000000000"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.3\n";exit}
+        "name=blablabla"
+}
+sleep 1
+puts "\n"
diff --git a/todo b/todo
index a55e12818..db895deef 100644
--- a/todo
+++ b/todo
@@ -150,3 +150,15 @@ mount tmpfs on /sys/power
 20. Try --overlay on a Ubuntu 14.04 32bit.Without adding --dns, there will be no network connectivity - see issue 151
+21. Check this out:
+I was messing around with my fstab, and found out that firejail can't have /usr/bin mounted in read-only.
+ Here's what my fstab looks like now:
+ 
+/dev/mapper/asdf-home /home ext4 nosuid,noatime,nodev 0 2
+/dev/mapper/asdf-opt /opt ext4 discard,noatime,nosuid 0 2
+/dev/mapper/asdf-usr--bin /usr/bin ext4 defaults,nosuid,noatime,rw 0 2
+/dev/mapper/asdf-usr--local /usr/local ext4 defaults,nosuid,noatime,ro 0 2
+/dev/mapper/asdf-usr--sbin /usr/sbin ext4 defaults,nosuid,,noatime,ro 0 2
+/dev/mapper/asdf-var /var ext4 discard,noatime,nodev,nosuid 0 2
+tmpfs /tmp tmpfs noatime,nosuid,nodev,size=2G 0 1
+\ No newline at end of file
author	netblue30 <netblue30@yahoo.com>	2015-11-28 07:37:32 -0500
committer	netblue30 <netblue30@yahoo.com>	2015-11-28 07:37:32 -0500
commit	2b8b8e54968d068599d5800f88869efcadd316ac (patch)
tree	692c29ee317a72c9c9a4bb11101084ca910bb651
parent	weechat profile integration (diff)
download	firejail-2b8b8e54968d068599d5800f88869efcadd316ac.tar.gz firejail-2b8b8e54968d068599d5800f88869efcadd316ac.tar.zst firejail-2b8b8e54968d068599d5800f88869efcadd316ac.zip

diff --git a/Makefile.in b/Makefile.in index 89383bb27..c074c97e5 100644 --- a/Makefile.in +++ b/Makefile.in
@@ -119,6 +119,8 @@ realinstall:
119	install -c -m 0644 .etc/webserver.net $(DESTDIR)/$(sysconfdir)/firejail/.	119	install -c -m 0644 .etc/webserver.net $(DESTDIR)/$(sysconfdir)/firejail/.
120	install -c -m 0644 .etc/bitlbee.profile $(DESTDIR)/$(sysconfdir)/firejail/.	120	install -c -m 0644 .etc/bitlbee.profile $(DESTDIR)/$(sysconfdir)/firejail/.
121	install -c -m 0644 .etc/weechat.profile $(DESTDIR)/$(sysconfdir)/firejail/.	121	install -c -m 0644 .etc/weechat.profile $(DESTDIR)/$(sysconfdir)/firejail/.
		122	install -c -m 0644 .etc/weechat-curses.profile $(DESTDIR)/$(sysconfdir)/firejail/.
		123	install -c -m 0644 .etc/hexchat.profile $(DESTDIR)/$(sysconfdir)/firejail/.
122	bash -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"	124	bash -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
123	rm -fr .etc	125	rm -fr .etc
124	# man pages	126	# man pages


diff --git a/RELNOTES b/RELNOTES index ddd90218b..172e44bc9 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -1,5 +1,5 @@
1	firejail (0.9.35) baseline; urgency=low	1	firejail (0.9.35) baseline; urgency=low
2	* added unbound, dnscrypt-proxy, BitlBee, and WeeChat profiles	2	* added unbound, dnscrypt-proxy, BitlBee, HexChat and WeeChat profiles
3	* added --noblacklist option	3	* added --noblacklist option
4	* whitelist command enhancements	4	* whitelist command enhancements
5	* prevent leaking user information by modifying /home directory,	5	* prevent leaking user information by modifying /home directory,


diff --git a/etc/disable-common.inc b/etc/disable-common.inc index a363d1369..177588f5b 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc
@@ -38,6 +38,7 @@ blacklist ${HOME}/.remmina
38	# Other	38	# Other
39	blacklist ${HOME}/.tconn	39	blacklist ${HOME}/.tconn
40	blacklist ${HOME}/.FBReader	40	blacklist ${HOME}/.FBReader
		41	blacklist ${HOME}/.wine
41		42
42	# X11 session autostart	43	# X11 session autostart
43	blacklist ${HOME}/.xinitrc	44	blacklist ${HOME}/.xinitrc


diff --git a/etc/hexchat.profile b/etc/hexchat.profile new file mode 100644 index 000000000..61c9ac5bb --- /dev/null +++ b/etc/hexchat.profile
@@ -0,0 +1,10 @@
		1	# HexChat profile
		2	noblacklist ${HOME}/.config/hexchat
		3	include /etc/firejail/disable-mgmt.inc
		4	include /etc/firejail/disable-secret.inc
		5	include /etc/firejail/disable-common.inc
		6	include /etc/firejail/disable-devel.inc
		7	caps.drop all
		8	seccomp
		9	protocol unix,inet,inet6
		10	noroot


diff --git a/etc/weechat-curses.profile b/etc/weechat-curses.profile new file mode 100644 index 000000000..f7c1b6590 --- /dev/null +++ b/etc/weechat-curses.profile
@@ -0,0 +1,2 @@
		1	# Weechat profile (Debian)
		2	include /etc/firejail/weechat.profile


diff --git a/etc/wine.profile b/etc/wine.profile index e3dd081eb..8a7f66773 100644 --- a/etc/wine.profile +++ b/etc/wine.profile
@@ -1,6 +1,7 @@
1	# wine profile	1	# wine profile
2	noblacklist ${HOME}/.steam	2	noblacklist ${HOME}/.steam
3	noblacklist ${HOME}/.local/share/steam	3	noblacklist ${HOME}/.local/share/steam
		4	noblacklist ${HOME}/.wine
4	include /etc/firejail/disable-mgmt.inc	5	include /etc/firejail/disable-mgmt.inc
5	include /etc/firejail/disable-secret.inc	6	include /etc/firejail/disable-secret.inc
6	include /etc/firejail/disable-common.inc	7	include /etc/firejail/disable-common.inc


diff --git a/etc/xchat.profile b/etc/xchat.profile index a9f56cda4..37e1371e6 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile
@@ -1,4 +1,5 @@
1	# XChat profile	1	# XChat profile
		2	noblacklist ${HOME}/.config/xchat
2	include /etc/firejail/disable-mgmt.inc	3	include /etc/firejail/disable-mgmt.inc
3	include /etc/firejail/disable-secret.inc	4	include /etc/firejail/disable-secret.inc
4	include /etc/firejail/disable-common.inc	5	include /etc/firejail/disable-common.inc


diff --git a/platform/debian/conffiles b/platform/debian/conffiles index fd82a4e8c..c0d07a446 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles
@@ -46,3 +46,5 @@
46	/etc/firejail/webserver.net	46	/etc/firejail/webserver.net
47	/etc/firejail/bitlbee.profile	47	/etc/firejail/bitlbee.profile
48	/etc/firejail/weechat.profile	48	/etc/firejail/weechat.profile
		49	/etc/firejail/weechat-curses.profile
		50	/etc/firejail/hexchat.profile


diff --git a/test/evince.exp b/test/evince.exp index 7b115144c..ba6ca1b6d 100755 --- a/test/evince.exp +++ b/test/evince.exp
@@ -13,7 +13,7 @@ expect {
13	timeout {puts "TESTING ERROR 1\n";exit}	13	timeout {puts "TESTING ERROR 1\n";exit}
14	"Child process initialized"	14	"Child process initialized"
15	}	15	}
16	sleep 10	16	sleep 3
17		17
18	spawn $env(SHELL)	18	spawn $env(SHELL)
19	send -- "firejail --list\r"	19	send -- "firejail --list\r"


diff --git a/test/fbreader.exp b/test/fbreader.exp index 546710b97..a4df50932 100755 --- a/test/fbreader.exp +++ b/test/fbreader.exp
@@ -13,7 +13,7 @@ expect {
13	timeout {puts "TESTING ERROR 1\n";exit}	13	timeout {puts "TESTING ERROR 1\n";exit}
14	"Child process initialized"	14	"Child process initialized"
15	}	15	}
16	sleep 10	16	sleep 3
17		17
18	spawn $env(SHELL)	18	spawn $env(SHELL)
19	send -- "firejail --list\r"	19	send -- "firejail --list\r"


diff --git a/test/hexchat.exp b/test/hexchat.exp new file mode 100755 index 000000000..0653bcb13 --- /dev/null +++ b/test/hexchat.exp
@@ -0,0 +1,71 @@
		1	#!/usr/bin/expect -f
		2
		3	set timeout 10
		4	spawn $env(SHELL)
		5	match_max 100000
		6
		7	send -- "firejail hexchat\r"
		8	expect {
		9	timeout {puts "TESTING ERROR 0\n";exit}
		10	"Reading profile /etc/firejail/hexchat.profile"
		11	}
		12	expect {
		13	timeout {puts "TESTING ERROR 1\n";exit}
		14	"Child process initialized"
		15	}
		16	sleep 3
		17
		18	spawn $env(SHELL)
		19	send -- "firejail --list\r"
		20	expect {
		21	timeout {puts "TESTING ERROR 3\n";exit}
		22	":firejail"
		23	}
		24	expect {
		25	timeout {puts "TESTING ERROR 3.1\n";exit}
		26	"hexchat"
		27	}
		28	sleep 1
		29	send -- "firejail --name=blablabla\r"
		30	expect {
		31	timeout {puts "TESTING ERROR 4\n";exit}
		32	"Child process initialized"
		33	}
		34	sleep 2
		35
		36	spawn $env(SHELL)
		37	send -- "firemon --seccomp\r"
		38	expect {
		39	timeout {puts "TESTING ERROR 5\n";exit}
		40	"hexchat"
		41	}
		42	expect {
		43	timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
		44	"Seccomp: 2"
		45	}
		46	expect {
		47	timeout {puts "TESTING ERROR 5.1\n";exit}
		48	"name=blablabla"
		49	}
		50	sleep 1
		51	send -- "firemon --caps\r"
		52	expect {
		53	timeout {puts "TESTING ERROR 6\n";exit}
		54	"hexchat"
		55	}
		56	expect {
		57	timeout {puts "TESTING ERROR 6.1\n";exit}
		58	"CapBnd:"
		59	}
		60	expect {
		61	timeout {puts "TESTING ERROR 6.2\n";exit}
		62	"0000000000000000"
		63	}
		64	expect {
		65	timeout {puts "TESTING ERROR 6.3\n";exit}
		66	"name=blablabla"
		67	}
		68	sleep 1
		69
		70	puts "\n"
		71


diff --git a/test/test.sh b/test/test.sh index fdb1f8ed7..aaae2a981 100755 --- a/test/test.sh +++ b/test/test.sh
@@ -260,6 +260,41 @@ else
260	echo "TESTING: gnome-mplayer not found"	260	echo "TESTING: gnome-mplayer not found"
261	fi	261	fi
262		262
		263	which xchat
		264	if [ "$?" -eq 0 ];
		265	then
		266	echo "TESTING: xchat"
		267	./xchat.exp
		268	else
		269	echo "TESTING: xchat not found"
		270	fi
		271
		272	which hexchat
		273	if [ "$?" -eq 0 ];
		274	then
		275	echo "TESTING: hexchat"
		276	./hexchat.exp
		277	else
		278	echo "TESTING: hexchat not found"
		279	fi
		280
		281	which weechat-curses
		282	if [ "$?" -eq 0 ];
		283	then
		284	echo "TESTING: weechat"
		285	./weechat.exp
		286	else
		287	echo "TESTING: weechat not found"
		288	fi
		289
		290	#which wine
		291	#if [ "$?" -eq 0 ];
		292	#then
		293	# echo "TESTING: wine"
		294	# ./wine.exp
		295	#else
		296	# echo "TESTING: wine not found"
		297	#fi
263		298
264		299
265		300


diff --git a/test/vlc.exp b/test/vlc.exp index 8ab5aa2ce..53d25c9dd 100755 --- a/test/vlc.exp +++ b/test/vlc.exp
@@ -13,7 +13,7 @@ expect {
13	timeout {puts "TESTING ERROR 1\n";exit}	13	timeout {puts "TESTING ERROR 1\n";exit}
14	"Child process initialized"	14	"Child process initialized"
15	}	15	}
16	sleep 10	16	sleep 3
17		17
18	spawn $env(SHELL)	18	spawn $env(SHELL)
19	send -- "firejail --list\r"	19	send -- "firejail --list\r"


diff --git a/test/weechat.exp b/test/weechat.exp new file mode 100755 index 000000000..ac2430280 --- /dev/null +++ b/test/weechat.exp
@@ -0,0 +1,71 @@
		1	#!/usr/bin/expect -f
		2
		3	set timeout 10
		4	spawn $env(SHELL)
		5	match_max 100000
		6
		7	send -- "firejail weechat-curses\r"
		8	expect {
		9	timeout {puts "TESTING ERROR 0\n";exit}
		10	"Reading profile /etc/firejail/weechat.profile"
		11	}
		12	expect {
		13	timeout {puts "TESTING ERROR 1\n";exit}
		14	"Child process initialized"
		15	}
		16	sleep 3
		17
		18	spawn $env(SHELL)
		19	send -- "firejail --list\r"
		20	expect {
		21	timeout {puts "TESTING ERROR 3\n";exit}
		22	":firejail"
		23	}
		24	expect {
		25	timeout {puts "TESTING ERROR 3.1\n";exit}
		26	"weechat-curses"
		27	}
		28	sleep 1
		29	send -- "firejail --name=blablabla\r"
		30	expect {
		31	timeout {puts "TESTING ERROR 4\n";exit}
		32	"Child process initialized"
		33	}
		34	sleep 2
		35
		36	spawn $env(SHELL)
		37	send -- "firemon --seccomp\r"
		38	expect {
		39	timeout {puts "TESTING ERROR 5\n";exit}
		40	"weechat-curses"
		41	}
		42	expect {
		43	timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
		44	"Seccomp: 2"
		45	}
		46	expect {
		47	timeout {puts "TESTING ERROR 5.1\n";exit}
		48	"name=blablabla"
		49	}
		50	sleep 1
		51	send -- "firemon --caps\r"
		52	expect {
		53	timeout {puts "TESTING ERROR 6\n";exit}
		54	"weechat-curses"
		55	}
		56	expect {
		57	timeout {puts "TESTING ERROR 6.1\n";exit}
		58	"CapBnd:"
		59	}
		60	expect {
		61	timeout {puts "TESTING ERROR 6.2\n";exit}
		62	"0000000000000000"
		63	}
		64	expect {
		65	timeout {puts "TESTING ERROR 6.3\n";exit}
		66	"name=blablabla"
		67	}
		68	sleep 1
		69
		70	puts "\n"
		71


diff --git a/test/wine.exp b/test/wine.exp new file mode 100755 index 000000000..d87c1f205 --- /dev/null +++ b/test/wine.exp
@@ -0,0 +1,30 @@
		1	#!/usr/bin/expect -f
		2
		3	set timeout 10
		4	spawn $env(SHELL)
		5	match_max 100000
		6
		7	send -- "firejail wine --help\r"
		8	expect {
		9	timeout {puts "TESTING ERROR 0\n";exit}
		10	"Reading profile /etc/firejail/wine.profile"
		11	}
		12	expect {
		13	timeout {puts "TESTING ERROR 1\n";exit}
		14	"Child process initialized"
		15	}
		16	expect {
		17	timeout {puts "TESTING ERROR 2\n";exit}
		18	"Usage: wine PROGRAM"
		19	}
		20	expect {
		21	timeout {puts "TESTING ERROR 3\n";exit}
		22	"wine --version"
		23	}
		24	expect {
		25	timeout {puts "TESTING ERROR 4\n";exit}
		26	"parent is shutting down, bye..."
		27	}
		28
		29	puts "\nall done\n"
		30


diff --git a/test/xchat.exp b/test/xchat.exp new file mode 100755 index 000000000..babbcf87d --- /dev/null +++ b/test/xchat.exp
@@ -0,0 +1,71 @@
		1	#!/usr/bin/expect -f
		2
		3	set timeout 10
		4	spawn $env(SHELL)
		5	match_max 100000
		6
		7	send -- "firejail xchat\r"
		8	expect {
		9	timeout {puts "TESTING ERROR 0\n";exit}
		10	"Reading profile /etc/firejail/xchat.profile"
		11	}
		12	expect {
		13	timeout {puts "TESTING ERROR 1\n";exit}
		14	"Child process initialized"
		15	}
		16	sleep 3
		17
		18	spawn $env(SHELL)
		19	send -- "firejail --list\r"
		20	expect {
		21	timeout {puts "TESTING ERROR 3\n";exit}
		22	":firejail"
		23	}
		24	expect {
		25	timeout {puts "TESTING ERROR 3.1\n";exit}
		26	"xchat"
		27	}
		28	sleep 1
		29	send -- "firejail --name=blablabla\r"
		30	expect {
		31	timeout {puts "TESTING ERROR 4\n";exit}
		32	"Child process initialized"
		33	}
		34	sleep 2
		35
		36	spawn $env(SHELL)
		37	send -- "firemon --seccomp\r"
		38	expect {
		39	timeout {puts "TESTING ERROR 5\n";exit}
		40	" xchat"
		41	}
		42	expect {
		43	timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
		44	"Seccomp: 2"
		45	}
		46	expect {
		47	timeout {puts "TESTING ERROR 5.1\n";exit}
		48	"name=blablabla"
		49	}
		50	sleep 1
		51	send -- "firemon --caps\r"
		52	expect {
		53	timeout {puts "TESTING ERROR 6\n";exit}
		54	" xchat"
		55	}
		56	expect {
		57	timeout {puts "TESTING ERROR 6.1\n";exit}
		58	"CapBnd:"
		59	}
		60	expect {
		61	timeout {puts "TESTING ERROR 6.2\n";exit}
		62	"0000000000000000"
		63	}
		64	expect {
		65	timeout {puts "TESTING ERROR 6.3\n";exit}
		66	"name=blablabla"
		67	}
		68	sleep 1
		69
		70	puts "\n"
		71


diff --git a/todo b/todo index a55e12818..db895deef 100644 --- a/todo +++ b/todo
@@ -150,3 +150,15 @@ mount tmpfs on /sys/power
150		150
151	20. Try --overlay on a Ubuntu 14.04 32bit.Without adding --dns, there will be no network connectivity - see issue 151	151	20. Try --overlay on a Ubuntu 14.04 32bit.Without adding --dns, there will be no network connectivity - see issue 151
152		152
		153	21. Check this out:
		154
		155	I was messing around with my fstab, and found out that firejail can't have /usr/bin mounted in read-only.
		156	Here's what my fstab looks like now:
		157
		158	/dev/mapper/asdf-home /home ext4 nosuid,noatime,nodev 0 2
		159	/dev/mapper/asdf-opt /opt ext4 discard,noatime,nosuid 0 2
		160	/dev/mapper/asdf-usr--bin /usr/bin ext4 defaults,nosuid,noatime,rw 0 2
		161	/dev/mapper/asdf-usr--local /usr/local ext4 defaults,nosuid,noatime,ro 0 2
		162	/dev/mapper/asdf-usr--sbin /usr/sbin ext4 defaults,nosuid,,noatime,ro 0 2
		163	/dev/mapper/asdf-var /var ext4 discard,noatime,nodev,nosuid 0 2
		164	tmpfs /tmp tmpfs noatime,nosuid,nodev,size=2G 0 1 \ No newline at end of file