merge #1100 from zackw: xvfb support in /etc/firejail/firejail.config

3 files changed, 44 insertions, 25 deletions

diff --git a/test/root/checkcfg.exp b/test/root/checkcfg.exp
index 5ec1c4e77..205ef1e0c 100755
--- a/test/root/checkcfg.exp
+++ b/test/root/checkcfg.exp
@@ -8,13 +8,6 @@ cd /home
 spawn $env(SHELL)
 match_max 100000
 
-send --  "firejail --noprofile --overlay\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Child process initialized"
-}
-sleep 2
-
 send -- "rm /etc/firejail/firejail.config\r"
 after 100
 
@@ -27,18 +20,16 @@ expect {
 # seccomp
 send --  "echo \"seccomp no\" > /etc/firejail/firejail.config\r"
 after 100
-send --  "firejail --noprofile --seccomp --force\r"
+send --  "firejail --noprofile --seccomp\r"
 expect {
         timeout {puts "TESTING ERROR 2\n";exit}
         "seccomp feature is disabled in Firejail configuration file\r"
 }
-send --  "exit\r"
-after 100
 
 # whitelist
 send --  "echo \"whitelist no\" > /etc/firejail/firejail.config\r"
 after 100
-send --  "firejail --noprofile --whitelist=~/.config --force\r"
+send --  "firejail --noprofile --whitelist=~/.config\r"
 expect {
         timeout {puts "TESTING ERROR 3\n";exit}
         "whitelist feature is disabled in Firejail configuration file\r"
@@ -47,7 +38,7 @@ expect {
 # network
 send --  "echo \"network no\" > /etc/firejail/firejail.config\r"
 after 100
-send --  "firejail --noprofile --net=eth0 --force\r"
+send --  "firejail --noprofile --net=eth0\r"
 expect {
         timeout {puts "TESTING ERROR 4\n";exit}
         "networking feature is disabled in Firejail configuration file\r"
@@ -56,7 +47,7 @@ expect {
 # bind
 send --  "echo \"bind no\" > /etc/firejail/firejail.config\r"
 after 100
-send --  "firejail --noprofile --bind=/tmp,/var/tmp --force\r"
+send --  "firejail --noprofile --bind=/tmp,/var/tmp\r"
 expect {
         timeout {puts "TESTING ERROR 5\n";exit}
         "bind feature is disabled in Firejail configuration file\r"
@@ -65,7 +56,7 @@ expect {
 # overlay
 send --  "echo \"overlayfs no\" > /etc/firejail/firejail.config\r"
 after 100
-send --  "firejail --noprofile --overlay --force\r"
+send --  "firejail --noprofile --overlay\r"
 expect {
         timeout {puts "TESTING ERROR 6\n";exit}
         "overlayfs feature is disabled in Firejail configuration file\r"
@@ -74,7 +65,7 @@ expect {
 # private-home
 send --  "echo \"private-home no\" > /etc/firejail/firejail.config\r"
 after 100
-send --  "firejail --noprofile --private-home=/tmp --force\r"
+send --  "firejail --noprofile --private-home=/tmp\r"
 expect {
         timeout {puts "TESTING ERROR 7\n";exit}
         "private-home feature is disabled in Firejail configuration file\r"
@@ -83,7 +74,7 @@ expect {
 # chroot
 send --  "echo \"chroot no\" > /etc/firejail/firejail.config\r"
 after 100
-send --  "firejail --noprofile --chroot=/tmp --force\r"
+send --  "firejail --noprofile --chroot=/tmp\r"
 expect {
         timeout {puts "TESTING ERROR 8\n";exit}
         "chroot feature is disabled in Firejail configuration file\r"
@@ -92,12 +83,37 @@ expect {
 # userns
 send --  "echo \"userns no\" > /etc/firejail/firejail.config\r"
 after 100
-send --  "firejail --noprofile --noroot --force\r"
+send --  "firejail --noprofile --noroot\r"
 expect {
         timeout {puts "TESTING ERROR 9\n";exit}
         "noroot feature is disabled in Firejail configuration file\r"
 }
 
+# netfilter-default
+send --  "echo \"netfilter-default blablabla\" > /etc/firejail/firejail.config\r"
+after 100
+send --  "firejail --noprofile\r"
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "netfilter-default file blablabla not available\r"
+}
+
+# strings
+send --  "echo \"xephyr-screen 800x600\" > /etc/firejail/firejail.config\r"
+after 100
+send --  "echo \"xvfb-screen 800x600x24\" >> /etc/firejail/firejail.config\r"
+after 100
+send --  "echo \"xvfb-extra-params blablabla\" >> /etc/firejail/firejail.config\r"
+after 100
+send --  "firejail --noprofile\r"
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "Child process initialized\r"
+}
+after 100
+send -- "exit\r"
+after 100
+
 # error exit
 send --  "echo \"join no\" > /etc/firejail/firejail.config\r"
 after 100
@@ -129,17 +145,18 @@ send --  "echo \"private-bin-no-local yes\" >> /etc/firejail/firejail.config\r"
 after 100
 send --  "echo \"disable-mnt yes\" >> /etc/firejail/firejail.config\r"
 after 100
+send --  "echo \"xephyr-window-title no\" >> /etc/firejail/firejail.config\r"
+after 100
+send --  "echo \"remount-proc-sys no\" >> /etc/firejail/firejail.config\r"
+after 100
+send --  "echo \"disable-mnt no\" >> /etc/firejail/firejail.config\r"
+after 100
 send --  "echo \"blablabla\" >> /etc/firejail/firejail.config\r"
 after 100
-send --  "firejail --noprofile --force\r"
+send --  "firejail --noprofile\r"
 expect {
-        timeout {puts "TESTING ERROR 10\n";exit}
-        "invalid line\r"
+        timeout {puts "TESTING ERROR 12\n";exit}
+        ""
 }
-
-send --  "exit\r"
-after 100
-
-
 after 100
 puts "\nall done\n"
diff --git a/test/root/firejail.config b/test/root/firejail.config
index 9b57f5126..4ad5edd4d 100644
--- a/test/root/firejail.config
+++ b/test/root/firejail.config
@@ -1,3 +1,4 @@
+
 bind yes
 chroot yes
 chroot-desktop yes
diff --git a/test/root/root.sh b/test/root/root.sh
index e23499d2a..82fdc90b5 100755
--- a/test/root/root.sh
+++ b/test/root/root.sh
@@ -82,6 +82,7 @@ echo "TESTING: seccomp chown (test/root/seccomp-chown.exp)"
 #********************************
 echo "TESTING: firejail configuration (test/root/checkcfg.exp)"
 ./checkcfg.exp
+cp ../../etc/firejail.config /etc/firejail/.
 
 echo "TESTING: tmpfs (test/root/option_tmpfs.exp)"
 ./option_tmpfs.exp