testing

author: netblue30 <netblue30@yahoo.com> 2017-09-05 10:56:40 -0400
committer: netblue30 <netblue30@yahoo.com> 2017-09-05 10:56:40 -0400
commit: 362d290bacf90a9bb29d6c25ca395117e4da838e (patch)
tree: 8522b67cdfa1692cef8f676f72fb0d609fe6514f
parent: fix caps.keep/dac-overwrite (diff)
download: firejail-362d290bacf90a9bb29d6c25ca395117e4da838e.tar.gz
firejail-362d290bacf90a9bb29d6c25ca395117e4da838e.tar.zst
firejail-362d290bacf90a9bb29d6c25ca395117e4da838e.zip
5 files changed, 57 insertions, 4 deletions
diff --git a/gcov.sh b/gcov.sh
index 092b755af..df1fcb51b 100755
--- a/gcov.sh
+++ b/gcov.sh
@@ -8,12 +8,13 @@ gcov_init() {
        /usr/lib/firejail/fseccomp --help > /dev/null
        /usr/lib/firejail/ftee --help > /dev/null
        /usr/lib/firejail/fcopy --help > /dev/null
+        /usr/lib/firejail/fldd --help > /dev/null
        firecfg --help > /dev/null
        sudo chown $USER:$USER `find .`
 }
 generate() {
-        lcov -q --capture -d src/firejail -d src/firemon -d  src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg --output-file gcov-file-new
+        lcov -q --capture -d src/firejail -d src/firemon -d  src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-new
        lcov --add-tracefile gcov-file-old --add-tracefile gcov-file-new  --output-file gcov-file
        rm -fr gcov-dir
        genhtml -q gcov-file --output-directory gcov-dir
@@ -24,7 +25,7 @@ generate() {
 gcov_init
-lcov -q --capture -d src/firejail -d src/firemon -d  src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg --output-file gcov-file-old
+lcov -q --capture -d src/firejail -d src/firemon -d  src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd  --output-file gcov-file-old
 #make test-environment
 #generate
diff --git a/src/fldd/main.c b/src/fldd/main.c
index 947c6b4ae..5fda45266 100644
--- a/src/fldd/main.c
+++ b/src/fldd/main.c
@@ -265,6 +265,11 @@ printf("\n");
        }
+        if (strcmp(argv[1], "--help") == 0) {
+                usage();
+                return 0;
+        }
        // check program access
        if (access(argv[1], R_OK)) {
                fprintf(stderr, "Error fldd: cannot access %s\n", argv[1]);
diff --git a/test/fs/fs.sh b/test/fs/fs.sh
index 9e7ead3c9..e67ccc476 100755
--- a/test/fs/fs.sh
+++ b/test/fs/fs.sh
@@ -28,6 +28,9 @@ echo "TESTING: kmsg access (test/fs/kmsg.exp)"
 echo "TESTING: read/write /var/tmp (test/fs/fs_var_tmp.exp)"
 ./fs_var_tmp.exp
+echo "TESTING: private-lib (test/fs/private-lib.exp)"
+./private-lib.exp
 echo "TESTING: read/write /var/lock (test/fs/fs_var_lock.exp)"
 ./fs_var_lock.exp
diff --git a/test/fs/private-lib.exp b/test/fs/private-lib.exp
new file mode 100755
index 000000000..dd418da0f
--- /dev/null
+++ b/test/fs/private-lib.exp
@@ -0,0 +1,44 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2017 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --private-lib --private-bin=sh,bash,dash,ps,grep,ls,find,echo \r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+after 100
+send -- "find /bin; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "rm" {puts "TESTING ERROR 3\n";exit}
+        "cp" {puts "TESTING ERROR 4\n";exit}
+        "done"
+}
+after 100
+send -- "find /lib; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "modules" {puts "TESTING ERROR 6\n";exit}
+        "firmware" {puts "TESTING ERROR 7\n";exit}
+        "libc.so"
+}
+after 100
+send -- "find /usr/lib; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "grub" {puts "TESTING ERROR 9\n";exit}
+        "mozilla" {puts "TESTING ERROR 10\n";exit}
+        "libdl.so"
+}
+after 100
+puts "\nall done\n"
diff --git a/test/utils/seccomp-print.exp b/test/utils/seccomp-print.exp
index 5a76d7fcc..b3ab5e13c 100755
--- a/test/utils/seccomp-print.exp
+++ b/test/utils/seccomp-print.exp
@@ -22,11 +22,11 @@ expect {
 }
 expect {
        timeout {puts "TESTING ERROR 2\n";exit}
-        "init_module"
+        "delete_module"
 }
 expect {
        timeout {puts "TESTING ERROR 3\n";exit}
-        "delete_module"
+        "init_module"
 }
 expect {
        timeout {puts "TESTING ERROR 4\n";exit}
author	netblue30 <netblue30@yahoo.com>	2017-09-05 10:56:40 -0400
committer	netblue30 <netblue30@yahoo.com>	2017-09-05 10:56:40 -0400
commit	362d290bacf90a9bb29d6c25ca395117e4da838e (patch)
tree	8522b67cdfa1692cef8f676f72fb0d609fe6514f
parent	fix caps.keep/dac-overwrite (diff)
download	firejail-362d290bacf90a9bb29d6c25ca395117e4da838e.tar.gz firejail-362d290bacf90a9bb29d6c25ca395117e4da838e.tar.zst firejail-362d290bacf90a9bb29d6c25ca395117e4da838e.zip

diff --git a/gcov.sh b/gcov.sh index 092b755af..df1fcb51b 100755 --- a/gcov.sh +++ b/gcov.sh
@@ -8,12 +8,13 @@ gcov_init() {
8	/usr/lib/firejail/fseccomp --help > /dev/null	8	/usr/lib/firejail/fseccomp --help > /dev/null
9	/usr/lib/firejail/ftee --help > /dev/null	9	/usr/lib/firejail/ftee --help > /dev/null
10	/usr/lib/firejail/fcopy --help > /dev/null	10	/usr/lib/firejail/fcopy --help > /dev/null
		11	/usr/lib/firejail/fldd --help > /dev/null
11	firecfg --help > /dev/null	12	firecfg --help > /dev/null
12	sudo chown $USER:$USER `find .`	13	sudo chown $USER:$USER `find .`
13	}	14	}
14		15
15	generate() {	16	generate() {
16	lcov -q --capture -d src/firejail -d src/firemon -d src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg --output-file gcov-file-new	17	lcov -q --capture -d src/firejail -d src/firemon -d src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-new
17	lcov --add-tracefile gcov-file-old --add-tracefile gcov-file-new --output-file gcov-file	18	lcov --add-tracefile gcov-file-old --add-tracefile gcov-file-new --output-file gcov-file
18	rm -fr gcov-dir	19	rm -fr gcov-dir
19	genhtml -q gcov-file --output-directory gcov-dir	20	genhtml -q gcov-file --output-directory gcov-dir
@@ -24,7 +25,7 @@ generate() {
24		25
25		26
26	gcov_init	27	gcov_init
27	lcov -q --capture -d src/firejail -d src/firemon -d src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg --output-file gcov-file-old	28	lcov -q --capture -d src/firejail -d src/firemon -d src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-old
28		29
29	#make test-environment	30	#make test-environment
30	#generate	31	#generate


diff --git a/src/fldd/main.c b/src/fldd/main.c index 947c6b4ae..5fda45266 100644 --- a/src/fldd/main.c +++ b/src/fldd/main.c
@@ -265,6 +265,11 @@ printf("\n");
265	}	265	}
266		266
267		267
		268	if (strcmp(argv[1], "--help") == 0) {
		269	usage();
		270	return 0;
		271	}
		272
268	// check program access	273	// check program access
269	if (access(argv[1], R_OK)) {	274	if (access(argv[1], R_OK)) {
270	fprintf(stderr, "Error fldd: cannot access %s\n", argv[1]);	275	fprintf(stderr, "Error fldd: cannot access %s\n", argv[1]);


diff --git a/test/fs/fs.sh b/test/fs/fs.sh index 9e7ead3c9..e67ccc476 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh
@@ -28,6 +28,9 @@ echo "TESTING: kmsg access (test/fs/kmsg.exp)"
28	echo "TESTING: read/write /var/tmp (test/fs/fs_var_tmp.exp)"	28	echo "TESTING: read/write /var/tmp (test/fs/fs_var_tmp.exp)"
29	./fs_var_tmp.exp	29	./fs_var_tmp.exp
30		30
		31	echo "TESTING: private-lib (test/fs/private-lib.exp)"
		32	./private-lib.exp
		33
31	echo "TESTING: read/write /var/lock (test/fs/fs_var_lock.exp)"	34	echo "TESTING: read/write /var/lock (test/fs/fs_var_lock.exp)"
32	./fs_var_lock.exp	35	./fs_var_lock.exp
33		36


diff --git a/test/fs/private-lib.exp b/test/fs/private-lib.exp new file mode 100755 index 000000000..dd418da0f --- /dev/null +++ b/test/fs/private-lib.exp
@@ -0,0 +1,44 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2017 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --private-lib --private-bin=sh,bash,dash,ps,grep,ls,find,echo \r"
		11	expect {
		12	timeout {puts "TESTING ERROR 1\n";exit}
		13	"Child process initialized"
		14	}
		15	after 100
		16
		17	send -- "find /bin; echo done\r"
		18	expect {
		19	timeout {puts "TESTING ERROR 2\n";exit}
		20	"rm" {puts "TESTING ERROR 3\n";exit}
		21	"cp" {puts "TESTING ERROR 4\n";exit}
		22	"done"
		23	}
		24	after 100
		25
		26	send -- "find /lib; echo done\r"
		27	expect {
		28	timeout {puts "TESTING ERROR 5\n";exit}
		29	"modules" {puts "TESTING ERROR 6\n";exit}
		30	"firmware" {puts "TESTING ERROR 7\n";exit}
		31	"libc.so"
		32	}
		33	after 100
		34
		35	send -- "find /usr/lib; echo done\r"
		36	expect {
		37	timeout {puts "TESTING ERROR 8\n";exit}
		38	"grub" {puts "TESTING ERROR 9\n";exit}
		39	"mozilla" {puts "TESTING ERROR 10\n";exit}
		40	"libdl.so"
		41	}
		42	after 100
		43
		44	puts "\nall done\n"


diff --git a/test/utils/seccomp-print.exp b/test/utils/seccomp-print.exp index 5a76d7fcc..b3ab5e13c 100755 --- a/test/utils/seccomp-print.exp +++ b/test/utils/seccomp-print.exp
@@ -22,11 +22,11 @@ expect {
22	}	22	}
23	expect {	23	expect {
24	timeout {puts "TESTING ERROR 2\n";exit}	24	timeout {puts "TESTING ERROR 2\n";exit}
25	"init_module"	25	"delete_module"
26	}	26	}
27	expect {	27	expect {
28	timeout {puts "TESTING ERROR 3\n";exit}	28	timeout {puts "TESTING ERROR 3\n";exit}
29	"delete_module"	29	"init_module"
30	}	30	}
31	expect {	31	expect {
32	timeout {puts "TESTING ERROR 4\n";exit}	32	timeout {puts "TESTING ERROR 4\n";exit}