--timeout testing and fixes (#1614)

author: netblue30 <netblue30@yahoo.com> 2017-10-29 16:05:23 -0400
committer: netblue30 <netblue30@yahoo.com> 2017-10-29 16:08:00 -0400
commit: 6ae4d342bdc0b11ae6966bd83a596d6ae77a7a5f (patch)
tree: 84572a5655239f39dbf180bbdde181cc15ea8c35
parent: fix and harden various profiles (diff)
download: firejail-6ae4d342bdc0b11ae6966bd83a596d6ae77a7a5f.tar.gz
firejail-6ae4d342bdc0b11ae6966bd83a596d6ae77a7a5f.tar.zst
firejail-6ae4d342bdc0b11ae6966bd83a596d6ae77a7a5f.zip
5 files changed, 45 insertions, 7 deletions
diff --git a/RELNOTES b/RELNOTES
index b69e1dd33..eb27a5d1d 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -4,7 +4,7 @@ firejail (0.9.51) baseline; urgency=low
    read-only, read-write, tmpfs and noexec are allowed in
    private home directories
  * modif: remount-proc-sys deprecated from firejail.config
-  * modif: --profile-path deprecated
+  * modif: --profile-path was deprecated
  * enhancement: support Firejail user config directory in firecfg
  * enhancement: disable DBus activation in firecfg
  * enhancement; enumerate root directories in apparmor profile
diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c
index 0cf715fe2..15c8f5e36 100644
--- a/src/firejail/fs_hostname.c
+++ b/src/firejail/fs_hostname.c
@@ -94,7 +94,7 @@ void fs_resolvconf(void) {
        struct stat s;
-        // create a new /etc/hostname
+        // create a new /etc/resolv.conf
        if (stat("/etc/resolv.conf", &s) == 0) {
                if (arg_debug)
                        printf("Creating a new /etc/resolv.conf file\n");
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index d797cee61..b413407bd 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -227,11 +227,15 @@ static int monitor_application(pid_t app_pid) {
                                break;
                        // handle --timeout
-                        if (options && --timeout == 0)  {
+                        if (options) {
-                                kill(-1, SIGTERM);
+                                if (--timeout == 0)  {
-                                flush_stdin();
+                                        kill(-1, SIGTERM);
-                                sleep(1);
+                                        flush_stdin();
-                                _exit(1);
+                                        sleep(1);
+                                        _exit(1);
+                                }
+                                else
+                                        sleep(1);
                        }
                }
                while(rv != monitored_pid);
diff --git a/test/environment/environment.sh b/test/environment/environment.sh
index 308d99871..844e90cb8 100755
--- a/test/environment/environment.sh
+++ b/test/environment/environment.sh
@@ -7,6 +7,9 @@ export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
+echo "TESTING: timeout (test/environment/timeout.exp)"
+./timeout.exp
 echo "TESTING: DNS (test/environment/dns.exp)"
 ./dns.exp
diff --git a/test/environment/timeout.exp b/test/environment/timeout.exp
new file mode 100755
index 000000000..ac29c57ba
--- /dev/null
+++ b/test/environment/timeout.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2017 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "time firejail --timeout=00:00:05\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+sleep 3
+send -- "env\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "container=firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "m5."  {puts "5 seconds"}
+        "m6."  {puts "6 seconds"}
+        "m7." {puts "7 seconds"}
+}
+puts "\nall done\n"
author	netblue30 <netblue30@yahoo.com>	2017-10-29 16:05:23 -0400
committer	netblue30 <netblue30@yahoo.com>	2017-10-29 16:08:00 -0400
commit	6ae4d342bdc0b11ae6966bd83a596d6ae77a7a5f (patch)
tree	84572a5655239f39dbf180bbdde181cc15ea8c35
parent	fix and harden various profiles (diff)
download	firejail-6ae4d342bdc0b11ae6966bd83a596d6ae77a7a5f.tar.gz firejail-6ae4d342bdc0b11ae6966bd83a596d6ae77a7a5f.tar.zst firejail-6ae4d342bdc0b11ae6966bd83a596d6ae77a7a5f.zip

diff --git a/RELNOTES b/RELNOTES index b69e1dd33..eb27a5d1d 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -4,7 +4,7 @@ firejail (0.9.51) baseline; urgency=low
4	read-only, read-write, tmpfs and noexec are allowed in	4	read-only, read-write, tmpfs and noexec are allowed in
5	private home directories	5	private home directories
6	* modif: remount-proc-sys deprecated from firejail.config	6	* modif: remount-proc-sys deprecated from firejail.config
7	* modif: --profile-path deprecated	7	* modif: --profile-path was deprecated
8	* enhancement: support Firejail user config directory in firecfg	8	* enhancement: support Firejail user config directory in firecfg
9	* enhancement: disable DBus activation in firecfg	9	* enhancement: disable DBus activation in firecfg
10	* enhancement; enumerate root directories in apparmor profile	10	* enhancement; enumerate root directories in apparmor profile


diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c index 0cf715fe2..15c8f5e36 100644 --- a/src/firejail/fs_hostname.c +++ b/src/firejail/fs_hostname.c
@@ -94,7 +94,7 @@ void fs_resolvconf(void) {
94		94
95	struct stat s;	95	struct stat s;
96		96
97	// create a new /etc/hostname	97	// create a new /etc/resolv.conf
98	if (stat("/etc/resolv.conf", &s) == 0) {	98	if (stat("/etc/resolv.conf", &s) == 0) {
99	if (arg_debug)	99	if (arg_debug)
100	printf("Creating a new /etc/resolv.conf file\n");	100	printf("Creating a new /etc/resolv.conf file\n");


diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index d797cee61..b413407bd 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -227,11 +227,15 @@ static int monitor_application(pid_t app_pid) {
227	break;	227	break;
228		228
229	// handle --timeout	229	// handle --timeout
230	if (options && --timeout == 0) {	230	if (options) {
231	kill(-1, SIGTERM);	231	if (--timeout == 0) {
232	flush_stdin();	232	kill(-1, SIGTERM);
233	sleep(1);	233	flush_stdin();
234	_exit(1);	234	sleep(1);
		235	_exit(1);
		236	}
		237	else
		238	sleep(1);
235	}	239	}
236	}	240	}
237	while(rv != monitored_pid);	241	while(rv != monitored_pid);


diff --git a/test/environment/environment.sh b/test/environment/environment.sh index 308d99871..844e90cb8 100755 --- a/test/environment/environment.sh +++ b/test/environment/environment.sh
@@ -7,6 +7,9 @@ export MALLOC_CHECK_=3
7	export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))	7	export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
8		8
9		9
		10	echo "TESTING: timeout (test/environment/timeout.exp)"
		11	./timeout.exp
		12
10	echo "TESTING: DNS (test/environment/dns.exp)"	13	echo "TESTING: DNS (test/environment/dns.exp)"
11	./dns.exp	14	./dns.exp
12		15


diff --git a/test/environment/timeout.exp b/test/environment/timeout.exp new file mode 100755 index 000000000..ac29c57ba --- /dev/null +++ b/test/environment/timeout.exp
@@ -0,0 +1,31 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2017 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "time firejail --timeout=00:00:05\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	"Child process initialized"
		14	}
		15	sleep 1
		16
		17	sleep 3
		18	send -- "env\r"
		19	expect {
		20	timeout {puts "TESTING ERROR 1\n";exit}
		21	"container=firejail"
		22	}
		23
		24	expect {
		25	timeout {puts "TESTING ERROR 2\n";exit}
		26	"m5." {puts "5 seconds"}
		27	"m6." {puts "6 seconds"}
		28	"m7." {puts "7 seconds"}
		29	}
		30
		31	puts "\nall done\n"