ignore option testing

author: netblue30 <netblue30@yahoo.com> 2015-10-25 08:22:21 -0400
committer: netblue30 <netblue30@yahoo.com> 2015-10-25 08:22:21 -0400
commit: 113597818860241185d0c3efecf99b0ee7d900fa (patch)
tree: 3e9e40cad8a5cf976c331e850e6c423f24e0d1ae
parent: implemented --ignore option (diff)
download: firejail-113597818860241185d0c3efecf99b0ee7d900fa.tar.gz
firejail-113597818860241185d0c3efecf99b0ee7d900fa.tar.zst
firejail-113597818860241185d0c3efecf99b0ee7d900fa.zip
4 files changed, 49 insertions, 1 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 0def00fa8..8d11caef3 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -712,7 +712,11 @@ int main(int argc, char **argv) {
                        arg_noprofile = 1;
                }
                else if (strncmp(argv[i], "--ignore=", 9) == 0) {
-                        char *ptr = argv[i] + 9;
+                        if (custom_profile) {
+                                fprintf(stderr, "Error: please use --profile after --include\n");
+                                exit(1);
+                        }
                        if (*(argv[i] + 9) == '\0') {
                                fprintf(stderr, "Error: invalid ignore option\n");
                                exit(1);
diff --git a/test/ignore.exp b/test/ignore.exp
new file mode 100755
index 000000000..bdbd9d28c
--- /dev/null
+++ b/test/ignore.exp
@@ -0,0 +1,38 @@
+#!/usr/bin/expect -f
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --profile=ignore.profile --ignore=seccomp \r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Error: please use --profile after --include"
+}
+send -- "firejail --debug --ignore=seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        BLACKLIST {puts "TESTING ERROR 2\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "exit\r"
+sleep 1
+send -- "firejail --ignore=seccomp --ignore=shell --profile=ignore.profile \r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "ps aux | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "4"
+}
+sleep 1
+puts "\nall done\n"
diff --git a/test/ignore.profile b/test/ignore.profile
new file mode 100644
index 000000000..aec231ad2
--- /dev/null
+++ b/test/ignore.profile
@@ -0,0 +1,3 @@
+private
+seccomp
+shell none
diff --git a/test/test.sh b/test/test.sh
index c986b5f29..406ef92a3 100755
--- a/test/test.sh
+++ b/test/test.sh
@@ -18,6 +18,9 @@ echo "TESTING: invalid filename"
 echo "TESTING: environment variables"
 ./env.exp
+echo "TESTING: ignore command"
+./ignore.exp
 echo "TESTING: private-etc"
 ./private-etc.exp
author	netblue30 <netblue30@yahoo.com>	2015-10-25 08:22:21 -0400
committer	netblue30 <netblue30@yahoo.com>	2015-10-25 08:22:21 -0400
commit	113597818860241185d0c3efecf99b0ee7d900fa (patch)
tree	3e9e40cad8a5cf976c331e850e6c423f24e0d1ae
parent	implemented --ignore option (diff)
download	firejail-113597818860241185d0c3efecf99b0ee7d900fa.tar.gz firejail-113597818860241185d0c3efecf99b0ee7d900fa.tar.zst firejail-113597818860241185d0c3efecf99b0ee7d900fa.zip

diff --git a/src/firejail/main.c b/src/firejail/main.c index 0def00fa8..8d11caef3 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -712,7 +712,11 @@ int main(int argc, char **argv) {
712	arg_noprofile = 1;	712	arg_noprofile = 1;
713	}	713	}
714	else if (strncmp(argv[i], "--ignore=", 9) == 0) {	714	else if (strncmp(argv[i], "--ignore=", 9) == 0) {
715	char *ptr = argv[i] + 9;	715	if (custom_profile) {
		716	fprintf(stderr, "Error: please use --profile after --include\n");
		717	exit(1);
		718	}
		719
716	if (*(argv[i] + 9) == '\0') {	720	if (*(argv[i] + 9) == '\0') {
717	fprintf(stderr, "Error: invalid ignore option\n");	721	fprintf(stderr, "Error: invalid ignore option\n");
718	exit(1);	722	exit(1);


diff --git a/test/ignore.exp b/test/ignore.exp new file mode 100755 index 000000000..bdbd9d28c --- /dev/null +++ b/test/ignore.exp
@@ -0,0 +1,38 @@
		1	#!/usr/bin/expect -f
		2
		3	set timeout 10
		4	spawn $env(SHELL)
		5	match_max 100000
		6
		7	send -- "firejail --profile=ignore.profile --ignore=seccomp \r"
		8	expect {
		9	timeout {puts "TESTING ERROR 0\n";exit}
		10	"Error: please use --profile after --include"
		11	}
		12
		13	send -- "firejail --debug --ignore=seccomp\r"
		14	expect {
		15	timeout {puts "TESTING ERROR 1\n";exit}
		16	BLACKLIST {puts "TESTING ERROR 2\n";exit}
		17	"Child process initialized"
		18	}
		19	sleep 1
		20	send -- "exit\r"
		21	sleep 1
		22
		23	send -- "firejail --ignore=seccomp --ignore=shell --profile=ignore.profile \r"
		24	expect {
		25	timeout {puts "TESTING ERROR 3\n";exit}
		26	"Child process initialized"
		27	}
		28	sleep 1
		29
		30	send -- "ps aux \| wc -l\r"
		31	expect {
		32	timeout {puts "TESTING ERROR 4\n";exit}
		33	"4"
		34	}
		35	sleep 1
		36
		37
		38	puts "\nall done\n"


diff --git a/test/ignore.profile b/test/ignore.profile new file mode 100644 index 000000000..aec231ad2 --- /dev/null +++ b/test/ignore.profile
@@ -0,0 +1,3 @@
		1	private
		2	seccomp
		3	shell none


diff --git a/test/test.sh b/test/test.sh index c986b5f29..406ef92a3 100755 --- a/test/test.sh +++ b/test/test.sh
@@ -18,6 +18,9 @@ echo "TESTING: invalid filename"
18	echo "TESTING: environment variables"	18	echo "TESTING: environment variables"
19	./env.exp	19	./env.exp
20		20
		21	echo "TESTING: ignore command"
		22	./ignore.exp
		23
21	echo "TESTING: private-etc"	24	echo "TESTING: private-etc"
22	./private-etc.exp	25	./private-etc.exp
23		26