diff options
author | netblue30 <netblue30@protonmail.com> | 2021-02-23 08:40:02 -0500 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2021-02-23 08:40:02 -0500 |
commit | 80868ffa70784fae2642c3d9219e08a17822bc86 (patch) | |
tree | 430b0a9c90e9adad7b18f601e3fc5ba1d92bebe2 /src/jailtest/main.c | |
parent | hardening ssh, tor (diff) | |
download | firejail-80868ffa70784fae2642c3d9219e08a17822bc86.tar.gz firejail-80868ffa70784fae2642c3d9219e08a17822bc86.tar.zst firejail-80868ffa70784fae2642c3d9219e08a17822bc86.zip |
jailtest
Diffstat (limited to 'src/jailtest/main.c')
-rw-r--r-- | src/jailtest/main.c | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/src/jailtest/main.c b/src/jailtest/main.c index 78f162706..850277bc5 100644 --- a/src/jailtest/main.c +++ b/src/jailtest/main.c | |||
@@ -1,3 +1,22 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2021 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
1 | #include "jailtest.h" | 20 | #include "jailtest.h" |
2 | #include "../include/firejail_user.h" | 21 | #include "../include/firejail_user.h" |
3 | #include "../include/pid.h" | 22 | #include "../include/pid.h" |
@@ -7,6 +26,7 @@ uid_t user_uid = 0; | |||
7 | gid_t user_gid = 0; | 26 | gid_t user_gid = 0; |
8 | char *user_name = NULL; | 27 | char *user_name = NULL; |
9 | char *user_home_dir = NULL; | 28 | char *user_home_dir = NULL; |
29 | char *user_run_dir = NULL; | ||
10 | int arg_debug = 0; | 30 | int arg_debug = 0; |
11 | 31 | ||
12 | static char *usage_str = | 32 | static char *usage_str = |
@@ -73,9 +93,13 @@ int main(int argc, char **argv) { | |||
73 | fprintf(stderr, "Error: root user not supported\n"); | 93 | fprintf(stderr, "Error: root user not supported\n"); |
74 | exit(1); | 94 | exit(1); |
75 | } | 95 | } |
96 | if (asprintf(&user_run_dir, "/run/user/%d", user_uid) == -1) | ||
97 | errExit("asprintf"); | ||
76 | 98 | ||
77 | // test setup | 99 | // test setup |
78 | atexit(cleanup); | 100 | atexit(cleanup); |
101 | access_setup("~/.ssh"); | ||
102 | access_setup("~/.gnupg"); | ||
79 | if (findex > 0) { | 103 | if (findex > 0) { |
80 | for (i = findex; i < argc; i++) | 104 | for (i = findex; i < argc; i++) |
81 | access_setup(argv[i]); | 105 | access_setup(argv[i]); |
@@ -88,6 +112,10 @@ int main(int argc, char **argv) { | |||
88 | virtual_setup("/dev"); | 112 | virtual_setup("/dev"); |
89 | virtual_setup("/etc"); | 113 | virtual_setup("/etc"); |
90 | virtual_setup("/bin"); | 114 | virtual_setup("/bin"); |
115 | virtual_setup("/usr/share"); | ||
116 | virtual_setup(user_run_dir); | ||
117 | |||
118 | |||
91 | 119 | ||
92 | // print processes | 120 | // print processes |
93 | pid_read(0); | 121 | pid_read(0); |
@@ -98,8 +126,12 @@ int main(int argc, char **argv) { | |||
98 | continue; | 126 | continue; |
99 | 127 | ||
100 | // in case the pid is that of a firejail process, use the pid of the first child process | 128 | // in case the pid is that of a firejail process, use the pid of the first child process |
101 | uid_t pid = switch_to_child(i); | 129 | uid_t pid = find_child(i); |
130 | printf("\n"); | ||
102 | pid_print_list(i, 0); // no wrapping | 131 | pid_print_list(i, 0); // no wrapping |
132 | apparmor_test(pid); | ||
133 | seccomp_test(pid); | ||
134 | fflush(0); | ||
103 | 135 | ||
104 | pid_t child = fork(); | 136 | pid_t child = fork(); |
105 | if (child == -1) | 137 | if (child == -1) |
@@ -111,6 +143,7 @@ int main(int argc, char **argv) { | |||
111 | noexec_test(user_home_dir); | 143 | noexec_test(user_home_dir); |
112 | noexec_test("/tmp"); | 144 | noexec_test("/tmp"); |
113 | noexec_test("/var/tmp"); | 145 | noexec_test("/var/tmp"); |
146 | noexec_test(user_run_dir); | ||
114 | access_test(); | 147 | access_test(); |
115 | } | 148 | } |
116 | else { | 149 | else { |