cleanup and some new tests

14 files changed, 98 insertions, 7 deletions

diff --git a/README b/README
index 58503d0c7..4e610cb4a 100644
--- a/README
+++ b/README
@@ -25,6 +25,9 @@ Reiner Herrmann (https://github.com/reinerh)
         - clang-analyzer fixes
         - Debian reproducible build
         - unit testing framework
+        - moved build to .xz
+        - detached signatures for source archive
+        - recursive mkdir
 xee5ch (https://github.com/xee5ch)
         - skypeforlinux profile
 Peter Hogg (https://github.com/pigmonkey)
@@ -39,6 +42,7 @@ Thomas Jarosch (https://github.com/thomasjfox)
         - improved profile list
         - fixed small variable glitch in stat64() / lstat64() (libtracelog)
         - added lstat() / lstat64() support to libtrace
+        - include mkuid.sh in make dist
 Niklas Haas (https://github.com/haasn)
         - blacklisting for keybase.io's client
 Aleksey Manevich (https://github.com/manevich)
@@ -48,6 +52,7 @@ Aleksey Manevich (https://github.com/manevich)
         - fix double quotes/single quotes problem
         - big rework of argument processing subsystem
         - --join fixes
+        - spliting up cmdline.c
 Fred-Barclay (https://github.com/Fred-Barclay)
         - added Vivaldi, Atril profiles
         - added PaleMoon profile
diff --git a/RELNOTES b/RELNOTES
index 4d7f67bda..1746e03a1 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -9,6 +9,7 @@ firejail (0.9.42~rc2) baseline; urgency=low
   * Ubuntu snap support
   * include /dev/snd in --private-dev
   * added mkfile profile command
+  * recursive mkdir
   * seccomp filter updated
   * compile time and run time support to disable whitelists
   * compile time support to disable global configuration file
diff --git a/etc/file.profile b/etc/file.profile
index 357576040..1569b42c7 100644
--- a/etc/file.profile
+++ b/etc/file.profile
@@ -1,4 +1,5 @@
 # file profile
+ignore noroot
 include /etc/firejail/default.profile
 
 tracelog
diff --git a/etc/tar.profile b/etc/tar.profile
index 4ce3e59f0..769a3cd4e 100644
--- a/etc/tar.profile
+++ b/etc/tar.profile
@@ -1,4 +1,5 @@
 # tar profile
+ignore noroot
 include /etc/firejail/default.profile
 
 tracelog
diff --git a/etc/unrar.profile b/etc/unrar.profile
index ccd144699..74079e7b9 100644
--- a/etc/unrar.profile
+++ b/etc/unrar.profile
@@ -1,4 +1,5 @@
 # unrar profile
+ignore noroot
 include /etc/firejail/default.profile
 
 tracelog
diff --git a/etc/unzip.profile b/etc/unzip.profile
index d4862004c..502839b98 100644
--- a/etc/unzip.profile
+++ b/etc/unzip.profile
@@ -1,4 +1,5 @@
 # unzip profile
+ignore noroot
 include /etc/firejail/default.profile
 
 tracelog
diff --git a/src/firejail/cmdline.c b/src/firejail/cmdline.c
index 517124d9e..48cbaffb7 100644
--- a/src/firejail/cmdline.c
+++ b/src/firejail/cmdline.c
@@ -27,9 +27,9 @@
 #include <errno.h>
 
 int cmdline_length(int argc, char **argv, int index) {
-        int i,j;
+        unsigned i,j;
         int len = 0;
-        int argcnt = argc - index;
+        unsigned argcnt = argc - index;
         bool in_quotes = false;
 
         for (i = 0; i < argcnt; i++) {
@@ -63,8 +63,8 @@ int cmdline_length(int argc, char **argv, int index) {
 }
 
 void quote_cmdline(char *command_line, char *window_title, int len, int argc, char **argv, int index) {
-        int i,j;
-        int argcnt = argc - index;
+        unsigned i,j;
+        unsigned argcnt = argc - index;
         bool in_quotes = false;
         char *ptr1 = command_line;
         char *ptr2 = window_title;
@@ -127,7 +127,7 @@ void quote_cmdline(char *command_line, char *window_title, int len, int argc, ch
                 ptr2 += strlen(ptr2);
         }
 
-        assert(len == strlen(command_line));
+        assert((unsigned) len == strlen(command_line));
 }
 
 void build_cmdline(char **command_line, char **window_title, int argc, char **argv, int index) {
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 7a538327d..1546dc403 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -590,5 +590,8 @@ void appimage_set(const char *appimage_path);
 void appimage_clear(void);
 const char *appimage_getdir(void);
 
+// cmdline.c
+void build_cmdline(char **command_line, char **window_title, int argc, char **argv, int index);
+
 #endif
 
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
index ac731c246..dca66888c 100644
--- a/src/firejail/fs_bin.c
+++ b/src/firejail/fs_bin.c
@@ -136,7 +136,7 @@ void fs_check_bin_list(void) {
                 ptr = strrchr(newlist, ',');
                 assert(ptr);
                 *ptr = '\0';
-                if (notfound)
+                if (notfound && !arg_quiet)
                         fprintf(stderr, "Warning: not all executables from --private-bin list were found. The current list is %s\n", newlist);
                 
                 cfg.bin_private_keep = newlist;
diff --git a/src/firejail/main.c b/src/firejail/main.c
index e86d78ff1..d5ac7ad1d 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -704,6 +704,11 @@ static void detect_quiet(int argc, char **argv) {
                 "gzip",
                 "xz",
                 "xzdec",
+                "file",
+                "gtar",
+                "tar",
+                "unrar",
+                "unzip",
                 NULL
         };
         
diff --git a/test/sysutils/file.exp b/test/sysutils/file.exp
new file mode 100755
index 000000000..e40b83197
--- /dev/null
+++ b/test/sysutils/file.exp
@@ -0,0 +1,16 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail file ~/.bashrc\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "ASCII text"
+}
+
+puts "\nall done\n"
diff --git a/test/sysutils/sysutils.sh b/test/sysutils/sysutils.sh
index d75738f97..315b73c9d 100755
--- a/test/sysutils/sysutils.sh
+++ b/test/sysutils/sysutils.sh
@@ -60,3 +60,21 @@ else
         echo "TESTING SKIP: less not found"
 fi
 
+which file
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: file"
+        ./file.exp
+else
+        echo "TESTING SKIP: file not found"
+fi
+
+which tar
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: tar"
+        ./tar.exp
+else
+        echo "TESTING SKIP: tar not found"
+fi
+
diff --git a/test/sysutils/tar.exp b/test/sysutils/tar.exp
new file mode 100755
index 000000000..af569f5ac
--- /dev/null
+++ b/test/sysutils/tar.exp
@@ -0,0 +1,35 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail /bin/tar -cjvf firejail_t2 /usr/share/doc/firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "/usr/share/doc/firejail/README"
+}
+after 100
+
+send -- "firejail /bin/tar --compare --file=firejail_t2 -C / | wc\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "      0       0       0"
+}
+sleep 1
+send -- "/bin/tar --compare --file=firejail_t2 -C / | wc\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "      0       0       0"
+}
+sleep 1
+
+
+send -- "rm firejail_t*\r"
+sleep 1
+
+
+puts "\nall done\n"
diff --git a/todo b/todo
index 97632fa9c..009f9fe99 100644
--- a/todo
+++ b/todo
@@ -250,10 +250,14 @@ References
 
 23. AppArmor
 
+$ sudo apt-get install apparmor apparmor-profiles apparmor-utils apparmor-notify
+
 $ sudo perl -pi -e 's,GRUB_CMDLINE_LINUX="(.*)"$,GRUB_CMDLINE_LINUX="$1 apparmor=1 security=apparmor",' /etc/default/grub
 $ sudo update-grub
 $ sudo reboot
 
-$ ps auxZ | grep -v '^unconfined'
+If you are using auditd, start aa-notify to get notification whenever a program causes a DENIED message.
+$ sudo aa-notify -p -f /var/log/audit/audit.log
+