testing

author: netblue30 <netblue30@yahoo.com> 2017-08-19 12:45:38 -0400
committer: netblue30 <netblue30@yahoo.com> 2017-08-19 12:45:38 -0400
commit: 828e35086834abd2886151d2a05952976a9a0a9b (patch)
tree: 3b3df67f774fd43f079355860f4e8b8c4ebbc3ff
parent: Merges (diff)
download: firejail-828e35086834abd2886151d2a05952976a9a0a9b.tar.gz
firejail-828e35086834abd2886151d2a05952976a9a0a9b.tar.zst
firejail-828e35086834abd2886151d2a05952976a9a0a9b.zip
2 files changed, 83 insertions, 5 deletions
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c
index f89196f21..1f3fdd578 100644
--- a/src/firemon/firemon.c
+++ b/src/firemon/firemon.c
@@ -52,15 +52,35 @@ static void my_handler(int s){
        exit(0);
 }
-// find the first child process for the specified pid
+// find the second child process for the specified pid
 // return -1 if not found
+//
+// Example:
+//14776:netblue:/usr/bin/firejail /usr/bin/transmission-qt 
+//  14777:netblue:/usr/bin/firejail /usr/bin/transmission-qt 
+//    14792:netblue:/usr/bin/transmission-qt 
+// We need 14792, the first real sandboxed process
 int find_child(int id) {
        int i;
+        int first_child = -1;
+        // find the first child 
        for (i = 0; i < max_pids; i++) {
-                if (pids[i].level == 2 && pids[i].parent == id)
+                if (pids[i].level == 2 && pids[i].parent == id) {
-                        return i;
+                        first_child = i;
+                        break;
+                }
        }
+        if (first_child == -1)
+                return -1;
+        
+        // find the second child
+        for (i = 0; i < max_pids; i++) {
+                if (pids[i].level == 3 && pids[i].parent == first_child)
+                        return i;
+        }
+        
        return -1;
 }
diff --git a/test/fs/whitelist-dev.exp b/test/fs/whitelist-dev.exp
index 7575faee0..bc0970091 100755
--- a/test/fs/whitelist-dev.exp
+++ b/test/fs/whitelist-dev.exp
@@ -33,15 +33,73 @@ sleep 1
 send -- "ls -l /dev | wc -l\r"
 expect {
        timeout {puts "TESTING ERROR 3\n";exit}
-        "13" {puts "OK\n"}
+        "18" {puts "OK\n"}
-        "12" {puts "OK\n"}
+        "17" {puts "OK\n"}
 }
 after 100
+send -- "ls -l /dev\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "dvd" {puts "OK\n"}
+}
+after 100
+send -- "ls -l /dev\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "dri" {puts "OK\n"}
+}
+after 100
+send -- "ls -l /dev\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "snd" {puts "OK\n"}
+}
+after 100
 send -- "exit\r"
 sleep 1
+send -- "firejail --private-dev --nosound ls /dev\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "Child process initialized"
+}
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "snd" {puts "TESTING ERROR 9\n";exit}
+        "Parent is shutting down"
+}
+sleep 1
+send -- "firejail --private-dev --nodvd ls /dev\r"
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "Child process initialized"
+}
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "dvd" {puts "TESTING ERROR 12\n";exit}
+        "cdrom" {puts "TESTING ERROR 13\n";exit}
+        "dvdrom" {puts "TESTING ERROR 14\n";exit}
+        "cdrw" {puts "TESTING ERROR 15\n";exit}
+        "dvdrw" {puts "TESTING ERROR 16\n";exit}
+        "Parent is shutting down"
+}
+sleep 1
+send -- "firejail --private-dev --no3d ls /dev\r"
+expect {
+        timeout {puts "TESTING ERROR 17\n";exit}
+        "Child process initialized"
+}
+expect {
+        timeout {puts "TESTING ERROR 18\n";exit}
+        "dri" {puts "TESTING ERROR 19\n";exit}
+        "Parent is shutting down"
+}
 after 100
 puts "\nall done\n"
author	netblue30 <netblue30@yahoo.com>	2017-08-19 12:45:38 -0400
committer	netblue30 <netblue30@yahoo.com>	2017-08-19 12:45:38 -0400
commit	828e35086834abd2886151d2a05952976a9a0a9b (patch)
tree	3b3df67f774fd43f079355860f4e8b8c4ebbc3ff
parent	Merges (diff)
download	firejail-828e35086834abd2886151d2a05952976a9a0a9b.tar.gz firejail-828e35086834abd2886151d2a05952976a9a0a9b.tar.zst firejail-828e35086834abd2886151d2a05952976a9a0a9b.zip

diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c index f89196f21..1f3fdd578 100644 --- a/src/firemon/firemon.c +++ b/src/firemon/firemon.c
@@ -52,15 +52,35 @@ static void my_handler(int s){
52	exit(0);	52	exit(0);
53	}	53	}
54		54
55	// find the first child process for the specified pid	55	// find the second child process for the specified pid
56	// return -1 if not found	56	// return -1 if not found
		57	//
		58	// Example:
		59	//14776:netblue:/usr/bin/firejail /usr/bin/transmission-qt
		60	// 14777:netblue:/usr/bin/firejail /usr/bin/transmission-qt
		61	// 14792:netblue:/usr/bin/transmission-qt
		62	// We need 14792, the first real sandboxed process
57	int find_child(int id) {	63	int find_child(int id) {
58	int i;	64	int i;
		65	int first_child = -1;
		66
		67	// find the first child
59	for (i = 0; i < max_pids; i++) {	68	for (i = 0; i < max_pids; i++) {
60	if (pids[i].level == 2 && pids[i].parent == id)	69	if (pids[i].level == 2 && pids[i].parent == id) {
61	return i;	70	first_child = i;
		71	break;
		72	}
62	}	73	}
63		74
		75	if (first_child == -1)
		76	return -1;
		77
		78	// find the second child
		79	for (i = 0; i < max_pids; i++) {
		80	if (pids[i].level == 3 && pids[i].parent == first_child)
		81	return i;
		82	}
		83
64	return -1;	84	return -1;
65	}	85	}
66		86


diff --git a/test/fs/whitelist-dev.exp b/test/fs/whitelist-dev.exp index 7575faee0..bc0970091 100755 --- a/test/fs/whitelist-dev.exp +++ b/test/fs/whitelist-dev.exp
@@ -33,15 +33,73 @@ sleep 1
33	send -- "ls -l /dev \| wc -l\r"	33	send -- "ls -l /dev \| wc -l\r"
34	expect {	34	expect {
35	timeout {puts "TESTING ERROR 3\n";exit}	35	timeout {puts "TESTING ERROR 3\n";exit}
36	"13" {puts "OK\n"}	36	"18" {puts "OK\n"}
37	"12" {puts "OK\n"}	37	"17" {puts "OK\n"}
38	}	38	}
39	after 100	39	after 100
		40
		41	send -- "ls -l /dev\r"
		42	expect {
		43	timeout {puts "TESTING ERROR 4\n";exit}
		44	"dvd" {puts "OK\n"}
		45	}
		46	after 100
		47
		48	send -- "ls -l /dev\r"
		49	expect {
		50	timeout {puts "TESTING ERROR 5\n";exit}
		51	"dri" {puts "OK\n"}
		52	}
		53	after 100
		54
		55	send -- "ls -l /dev\r"
		56	expect {
		57	timeout {puts "TESTING ERROR 6\n";exit}
		58	"snd" {puts "OK\n"}
		59	}
		60	after 100
		61
40	send -- "exit\r"	62	send -- "exit\r"
41	sleep 1	63	sleep 1
42		64
		65	send -- "firejail --private-dev --nosound ls /dev\r"
		66	expect {
		67	timeout {puts "TESTING ERROR 7\n";exit}
		68	"Child process initialized"
		69	}
		70	expect {
		71	timeout {puts "TESTING ERROR 8\n";exit}
		72	"snd" {puts "TESTING ERROR 9\n";exit}
		73	"Parent is shutting down"
		74	}
		75	sleep 1
43		76
		77	send -- "firejail --private-dev --nodvd ls /dev\r"
		78	expect {
		79	timeout {puts "TESTING ERROR 10\n";exit}
		80	"Child process initialized"
		81	}
		82	expect {
		83	timeout {puts "TESTING ERROR 11\n";exit}
		84	"dvd" {puts "TESTING ERROR 12\n";exit}
		85	"cdrom" {puts "TESTING ERROR 13\n";exit}
		86	"dvdrom" {puts "TESTING ERROR 14\n";exit}
		87	"cdrw" {puts "TESTING ERROR 15\n";exit}
		88	"dvdrw" {puts "TESTING ERROR 16\n";exit}
		89	"Parent is shutting down"
		90	}
		91	sleep 1
44		92
		93	send -- "firejail --private-dev --no3d ls /dev\r"
		94	expect {
		95	timeout {puts "TESTING ERROR 17\n";exit}
		96	"Child process initialized"
		97	}
		98	expect {
		99	timeout {puts "TESTING ERROR 18\n";exit}
		100	"dri" {puts "TESTING ERROR 19\n";exit}
		101	"Parent is shutting down"
		102	}
45		103
46	after 100	104	after 100
47	puts "\nall done\n"	105	puts "\nall done\n"