relnotes and testing

3 files changed, 91 insertions, 1 deletions

diff --git a/RELNOTES b/RELNOTES
index 0e685ec9b..aba2e7dee 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -2,7 +2,14 @@ firejail (0.9.51) baseline; urgency=low
   * work in progress!
   * enhancement: support Firejail user config directory in firecfg
   * enhancement: disable DBus activation in firecfg
+  * enhancement; enumerate root directories in apparmor profile
+  * feature: systemd-resolvd integration
+  * feature: whitelisting /var directory in most profiles
   * feature: GTK2, GTK3 and Qt4 private-lib support
+  * feature: test deployment of private-lib for the following
+    applications: evince, galculator, gnome-calculator, hexchat,
+    leafpad, mousepad, transmission-gtk, xcalc, xmr-stak-cpu,
+    atril, mate-color-select
   * feature: --writable-run-user
   * feature: profile build tool (--build)
  -- netblue30 <netblue30@yahoo.com>  Thu, 14 Sep 2017 20:00:00 -0500
diff --git a/test/private-lib/atril.exp b/test/private-lib/atril.exp
new file mode 100755
index 000000000..0ddf41c50
--- /dev/null
+++ b/test/private-lib/atril.exp
@@ -0,0 +1,83 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2017 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail atril\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Reading profile /etc/firejail/atril.profile"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 3
+
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "atril"
+}
+after 100
+
+# grsecurity exit
+send -- "file /proc/sys/kernel/grsecurity\r"
+expect {
+        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
+        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
+        "cannot open" {puts "grsecurity not present\n"}
+}
+
+send -- "firejail --name=blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+spawn $env(SHELL)
+send -- "firemon --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
+        ":firejail atril"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
+        "Seccomp:       2"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "name=blablabla"
+}
+after 100
+send -- "firemon --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        ":firejail atril"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "0000000000000000"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.3\n";exit}
+        "name=blablabla"
+}
+after 100
+
+puts "\nall done\n"
diff --git a/test/private-lib/private-lib.sh b/test/private-lib/private-lib.sh
index 813c76b42..7e17f4eda 100755
--- a/test/private-lib/private-lib.sh
+++ b/test/private-lib/private-lib.sh
@@ -5,7 +5,7 @@
 
 export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
-LIST="evince galculator gnome-calculator hexchat leafpad mousepad transmission-gtk xcalc"
+LIST="evince galculator gnome-calculator hexchat leafpad mousepad transmission-gtk xcalc atril"
 
 
 for app in $LIST; do