diff options
-rw-r--r-- | .travis.yml | 2 | ||||
-rw-r--r-- | Makefile.in | 8 | ||||
-rwxr-xr-x | configure | 18 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | src/firejail/fs_bin.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_whitelist.c | 19 | ||||
-rw-r--r-- | src/firemon/netstats.c | 4 | ||||
-rw-r--r-- | src/fseccomp/seccomp.c | 30 | ||||
-rw-r--r-- | src/fseccomp/seccomp_print.c | 2 | ||||
-rwxr-xr-x | test/fs/whitelist-dev.exp | 8 |
10 files changed, 57 insertions, 38 deletions
diff --git a/.travis.yml b/.travis.yml index 9a2c68361..5dd77e1f5 100644 --- a/.travis.yml +++ b/.travis.yml | |||
@@ -3,7 +3,7 @@ dist: trusty | |||
3 | sudo: true | 3 | sudo: true |
4 | 4 | ||
5 | script: | 5 | script: |
6 | - sudo apt-get -y install expect csh zsh | 6 | - sudo apt-get -y install expect csh xzdec |
7 | - ( cd firejail ; ./configure --prefix=/usr --enable-git-install && make && sudo make install && make test-travis ) | 7 | - ( cd firejail ; ./configure --prefix=/usr --enable-git-install && make && sudo make install && make test-travis ) |
8 | - ( cd firejail ; sudo make install-strip DESTDIR=$(readlink -f appdir) ) | 8 | - ( cd firejail ; sudo make install-strip DESTDIR=$(readlink -f appdir) ) |
9 | - ( cd appdir/ ; tar cfvj ../firejail-build$TRAVIS_BUILD_NUMBER.tar.bz2 . ) | 9 | - ( cd appdir/ ; tar cfvj ../firejail-build$TRAVIS_BUILD_NUMBER.tar.bz2 . ) |
diff --git a/Makefile.in b/Makefile.in index 442766e27..9111a3c95 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -2,7 +2,7 @@ all: apps man filters | |||
2 | MYLIBS = src/lib | 2 | MYLIBS = src/lib |
3 | APPS = src/firejail src/firemon src/firecfg src/libtrace src/libtracelog src/ftee src/faudit src/fnet src/fseccomp src/fcopy src/fldd src/libpostexecseccomp | 3 | APPS = src/firejail src/firemon src/firecfg src/libtrace src/libtracelog src/ftee src/faudit src/fnet src/fseccomp src/fcopy src/fldd src/libpostexecseccomp |
4 | MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 | 4 | MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 |
5 | SECCOMP_FILTERS = seccomp seccomp.debug seccomp.i386 seccomp.amd64 seccomp.block_secondary seccomp.mwdx | 5 | SECCOMP_FILTERS = seccomp seccomp.debug seccomp.i386 seccomp.amd64 seccomp.block_secondary seccomp.mdwx |
6 | 6 | ||
7 | prefix=@prefix@ | 7 | prefix=@prefix@ |
8 | exec_prefix=@exec_prefix@ | 8 | exec_prefix=@exec_prefix@ |
@@ -186,7 +186,7 @@ uninstall: | |||
186 | rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firecfg | 186 | rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firecfg |
187 | 187 | ||
188 | DISTFILES = "src etc platform contrib configure configure.ac Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh mkuid.sh COPYING README RELNOTES" | 188 | DISTFILES = "src etc platform contrib configure configure.ac Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh mkuid.sh COPYING README RELNOTES" |
189 | DISTFILES_TEST = "test/apps test/apps-x11 test/apps-x11-xorg test/root test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/arguments test/fs test/sysutils" | 189 | DISTFILES_TEST = "test/apps test/apps-x11 test/apps-x11-xorg test/root test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/arguments test/fs test/sysutils test/chroot" |
190 | 190 | ||
191 | dist: | 191 | dist: |
192 | mv config.status config.status.old | 192 | mv config.status config.status.old |
@@ -269,10 +269,10 @@ test-fs: | |||
269 | test-fcopy: | 269 | test-fcopy: |
270 | cd test/fcopy; ./fcopy.sh | grep TESTING | 270 | cd test/fcopy; ./fcopy.sh | grep TESTING |
271 | 271 | ||
272 | test: test-profiles test-fcopy test-fs test-utils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters test-arguments | 272 | test: test-profiles test-fcopy test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters test-arguments |
273 | echo "TEST COMPLETE" | 273 | echo "TEST COMPLETE" |
274 | 274 | ||
275 | test-travis: test-profiles test-fcopy test-fs test-utils test-environment test-filters test-arguments | 275 | test-travis: test-profiles test-fcopy test-fs test-utils test-sysutils test-environment test-filters test-arguments |
276 | echo "TEST COMPLETE" | 276 | echo "TEST COMPLETE" |
277 | 277 | ||
278 | ########################################## | 278 | ########################################## |
@@ -1,6 +1,6 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # Guess values for system-dependent variables and create Makefiles. | 2 | # Guess values for system-dependent variables and create Makefiles. |
3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.50~rc1. | 3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.50~rc2. |
4 | # | 4 | # |
5 | # Report bugs to <netblue30@yahoo.com>. | 5 | # Report bugs to <netblue30@yahoo.com>. |
6 | # | 6 | # |
@@ -580,8 +580,8 @@ MAKEFLAGS= | |||
580 | # Identity of this package. | 580 | # Identity of this package. |
581 | PACKAGE_NAME='firejail' | 581 | PACKAGE_NAME='firejail' |
582 | PACKAGE_TARNAME='firejail' | 582 | PACKAGE_TARNAME='firejail' |
583 | PACKAGE_VERSION='0.9.50~rc1' | 583 | PACKAGE_VERSION='0.9.50~rc2' |
584 | PACKAGE_STRING='firejail 0.9.50~rc1' | 584 | PACKAGE_STRING='firejail 0.9.50~rc2' |
585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' | 585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' |
586 | PACKAGE_URL='http://firejail.wordpress.com' | 586 | PACKAGE_URL='http://firejail.wordpress.com' |
587 | 587 | ||
@@ -1276,7 +1276,7 @@ if test "$ac_init_help" = "long"; then | |||
1276 | # Omit some internal or obsolete options to make the list less imposing. | 1276 | # Omit some internal or obsolete options to make the list less imposing. |
1277 | # This message is too long to be a string in the A/UX 3.1 sh. | 1277 | # This message is too long to be a string in the A/UX 3.1 sh. |
1278 | cat <<_ACEOF | 1278 | cat <<_ACEOF |
1279 | \`configure' configures firejail 0.9.50~rc1 to adapt to many kinds of systems. | 1279 | \`configure' configures firejail 0.9.50~rc2 to adapt to many kinds of systems. |
1280 | 1280 | ||
1281 | Usage: $0 [OPTION]... [VAR=VALUE]... | 1281 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1282 | 1282 | ||
@@ -1338,7 +1338,7 @@ fi | |||
1338 | 1338 | ||
1339 | if test -n "$ac_init_help"; then | 1339 | if test -n "$ac_init_help"; then |
1340 | case $ac_init_help in | 1340 | case $ac_init_help in |
1341 | short | recursive ) echo "Configuration of firejail 0.9.50~rc1:";; | 1341 | short | recursive ) echo "Configuration of firejail 0.9.50~rc2:";; |
1342 | esac | 1342 | esac |
1343 | cat <<\_ACEOF | 1343 | cat <<\_ACEOF |
1344 | 1344 | ||
@@ -1446,7 +1446,7 @@ fi | |||
1446 | test -n "$ac_init_help" && exit $ac_status | 1446 | test -n "$ac_init_help" && exit $ac_status |
1447 | if $ac_init_version; then | 1447 | if $ac_init_version; then |
1448 | cat <<\_ACEOF | 1448 | cat <<\_ACEOF |
1449 | firejail configure 0.9.50~rc1 | 1449 | firejail configure 0.9.50~rc2 |
1450 | generated by GNU Autoconf 2.69 | 1450 | generated by GNU Autoconf 2.69 |
1451 | 1451 | ||
1452 | Copyright (C) 2012 Free Software Foundation, Inc. | 1452 | Copyright (C) 2012 Free Software Foundation, Inc. |
@@ -1748,7 +1748,7 @@ cat >config.log <<_ACEOF | |||
1748 | This file contains any messages produced by compilers while | 1748 | This file contains any messages produced by compilers while |
1749 | running configure, to aid debugging if configure makes a mistake. | 1749 | running configure, to aid debugging if configure makes a mistake. |
1750 | 1750 | ||
1751 | It was created by firejail $as_me 0.9.50~rc1, which was | 1751 | It was created by firejail $as_me 0.9.50~rc2, which was |
1752 | generated by GNU Autoconf 2.69. Invocation command line was | 1752 | generated by GNU Autoconf 2.69. Invocation command line was |
1753 | 1753 | ||
1754 | $ $0 $@ | 1754 | $ $0 $@ |
@@ -4367,7 +4367,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | |||
4367 | # report actual input values of CONFIG_FILES etc. instead of their | 4367 | # report actual input values of CONFIG_FILES etc. instead of their |
4368 | # values after options handling. | 4368 | # values after options handling. |
4369 | ac_log=" | 4369 | ac_log=" |
4370 | This file was extended by firejail $as_me 0.9.50~rc1, which was | 4370 | This file was extended by firejail $as_me 0.9.50~rc2, which was |
4371 | generated by GNU Autoconf 2.69. Invocation command line was | 4371 | generated by GNU Autoconf 2.69. Invocation command line was |
4372 | 4372 | ||
4373 | CONFIG_FILES = $CONFIG_FILES | 4373 | CONFIG_FILES = $CONFIG_FILES |
@@ -4421,7 +4421,7 @@ _ACEOF | |||
4421 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | 4421 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
4422 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | 4422 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
4423 | ac_cs_version="\\ | 4423 | ac_cs_version="\\ |
4424 | firejail config.status 0.9.50~rc1 | 4424 | firejail config.status 0.9.50~rc2 |
4425 | configured by $0, generated by GNU Autoconf 2.69, | 4425 | configured by $0, generated by GNU Autoconf 2.69, |
4426 | with options \\"\$ac_cs_config\\" | 4426 | with options \\"\$ac_cs_config\\" |
4427 | 4427 | ||
diff --git a/configure.ac b/configure.ac index 0ebeebd08..b9f3cbde9 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,5 +1,5 @@ | |||
1 | AC_PREREQ([2.68]) | 1 | AC_PREREQ([2.68]) |
2 | AC_INIT(firejail, 0.9.50~rc1, netblue30@yahoo.com, , http://firejail.wordpress.com) | 2 | AC_INIT(firejail, 0.9.50~rc2, netblue30@yahoo.com, , http://firejail.wordpress.com) |
3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
4 | #AC_CONFIG_HEADERS([config.h]) | 4 | #AC_CONFIG_HEADERS([config.h]) |
5 | 5 | ||
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index 110f027f7..d2c8fbbc8 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c | |||
@@ -105,7 +105,7 @@ static int valid_full_path_file(const char *name) { | |||
105 | char *fname = strrchr(full_name, '/'); | 105 | char *fname = strrchr(full_name, '/'); |
106 | if (!fname) | 106 | if (!fname) |
107 | goto errexit; | 107 | goto errexit; |
108 | if (++fname == '\0') | 108 | if (*(++fname) == '\0') |
109 | goto errexit; | 109 | goto errexit; |
110 | 110 | ||
111 | int i = 0; | 111 | int i = 0; |
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 480df1766..dad8545a0 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -368,12 +368,12 @@ void fs_whitelist(void) { | |||
368 | // replace ~/ or ${HOME} into /home/username | 368 | // replace ~/ or ${HOME} into /home/username |
369 | new_name = expand_home(dataptr, cfg.homedir); | 369 | new_name = expand_home(dataptr, cfg.homedir); |
370 | assert(new_name); | 370 | assert(new_name); |
371 | if (arg_debug) | 371 | if (arg_debug || arg_debug_whitelists) |
372 | fprintf(stderr, "Debug %d: new_name #%s#, %s\n", __LINE__, new_name, (nowhitelist_flag)? "nowhitelist": "whitelist"); | 372 | fprintf(stderr, "Debug %d: new_name #%s#, %s\n", __LINE__, new_name, (nowhitelist_flag)? "nowhitelist": "whitelist"); |
373 | 373 | ||
374 | // valid path referenced to filesystem root | 374 | // valid path referenced to filesystem root |
375 | if (*new_name != '/') { | 375 | if (*new_name != '/') { |
376 | if (arg_debug) | 376 | if (arg_debug || arg_debug_whitelists) |
377 | fprintf(stderr, "Debug %d: \n", __LINE__); | 377 | fprintf(stderr, "Debug %d: \n", __LINE__); |
378 | goto errexit; | 378 | goto errexit; |
379 | } | 379 | } |
@@ -417,6 +417,8 @@ void fs_whitelist(void) { | |||
417 | entry->data = EMPTY_STRING; | 417 | entry->data = EMPTY_STRING; |
418 | continue; | 418 | continue; |
419 | } | 419 | } |
420 | else if (arg_debug_whitelists) | ||
421 | printf("real path %s\n", fname); | ||
420 | 422 | ||
421 | if (nowhitelist_flag) { | 423 | if (nowhitelist_flag) { |
422 | // store the path in nowhitelist array | 424 | // store the path in nowhitelist array |
@@ -501,9 +503,15 @@ void fs_whitelist(void) { | |||
501 | else if (strncmp(new_name, "/dev/", 5) == 0) { | 503 | else if (strncmp(new_name, "/dev/", 5) == 0) { |
502 | entry->dev_dir = 1; | 504 | entry->dev_dir = 1; |
503 | dev_dir = 1; | 505 | dev_dir = 1; |
504 | // both path and absolute path are under /dev | 506 | |
505 | if (strncmp(fname, "/dev/", 5) != 0) { | 507 | // special handling for /dev/shm |
506 | goto errexit; | 508 | // on some platforms (Debian wheezy, Ubuntu 14.04), it is a symlink to /run/shm |
509 | if (strcmp(new_name, "/dev/shm") == 0 && strcmp(fname, "/run/shm") == 0); | ||
510 | else { | ||
511 | // both path and absolute path are under /dev | ||
512 | if (strncmp(fname, "/dev/", 5) != 0) { | ||
513 | goto errexit; | ||
514 | } | ||
507 | } | 515 | } |
508 | } | 516 | } |
509 | else if (strncmp(new_name, "/opt/", 5) == 0) { | 517 | else if (strncmp(new_name, "/opt/", 5) == 0) { |
@@ -708,7 +716,6 @@ void fs_whitelist(void) { | |||
708 | } | 716 | } |
709 | 717 | ||
710 | 718 | ||
711 | |||
712 | // go through profile rules again, and interpret whitelist commands | 719 | // go through profile rules again, and interpret whitelist commands |
713 | entry = cfg.profile; | 720 | entry = cfg.profile; |
714 | while (entry) { | 721 | while (entry) { |
diff --git a/src/firemon/netstats.c b/src/firemon/netstats.c index ad123be50..c68e2e51b 100644 --- a/src/firemon/netstats.c +++ b/src/firemon/netstats.c | |||
@@ -161,8 +161,8 @@ static void print_proc(int index, int itv, int col) { | |||
161 | } | 161 | } |
162 | 162 | ||
163 | // pid | 163 | // pid |
164 | char pidstr[10]; | 164 | char pidstr[11]; |
165 | snprintf(pidstr, 10, "%u", index); | 165 | snprintf(pidstr, 11, "%d", index); |
166 | 166 | ||
167 | // user | 167 | // user |
168 | char *user = get_user_name(pids[index].uid); | 168 | char *user = get_user_name(pids[index].uid); |
diff --git a/src/fseccomp/seccomp.c b/src/fseccomp/seccomp.c index 8abc249ec..e14a473fe 100644 --- a/src/fseccomp/seccomp.c +++ b/src/fseccomp/seccomp.c | |||
@@ -191,6 +191,21 @@ void seccomp_keep(const char *fname1, const char *fname2, char *list) { | |||
191 | close(fd); | 191 | close(fd); |
192 | } | 192 | } |
193 | 193 | ||
194 | #if defined(__x86_64__) || defined(__aarch64__) || defined(__powerpc64__) | ||
195 | # define filter_syscall SYS_mmap | ||
196 | # undef block_syscall | ||
197 | #elif defined(__i386__) | ||
198 | # define filter_syscall SYS_mmap2 | ||
199 | # define block_syscall SYS_mmap | ||
200 | #elif defined(__arm__) | ||
201 | # define filter_syscall SYS_mmap2 | ||
202 | # undef block_syscall | ||
203 | #else | ||
204 | # warning "Platform does not support seccomp memory-deny-write-execute filter yet" | ||
205 | # undef filter_syscall | ||
206 | # undef block_syscall | ||
207 | #endif | ||
208 | |||
194 | void memory_deny_write_execute(const char *fname) { | 209 | void memory_deny_write_execute(const char *fname) { |
195 | // open file | 210 | // open file |
196 | int fd = open(fname, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); | 211 | int fd = open(fname, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
@@ -203,22 +218,19 @@ void memory_deny_write_execute(const char *fname) { | |||
203 | 218 | ||
204 | // build filter | 219 | // build filter |
205 | static const struct sock_filter filter[] = { | 220 | static const struct sock_filter filter[] = { |
206 | #ifndef __x86_64__ | 221 | #ifdef block_syscall |
207 | // block old multiplexing mmap syscall for i386 | 222 | // block old multiplexing mmap syscall for i386 |
208 | BLACKLIST(SYS_mmap), | 223 | BLACKLIST(block_syscall), |
209 | #endif | 224 | #endif |
225 | #ifdef filter_syscall | ||
210 | // block mmap(,,x|PROT_WRITE|PROT_EXEC) so W&X memory can't be created | 226 | // block mmap(,,x|PROT_WRITE|PROT_EXEC) so W&X memory can't be created |
211 | #ifndef __x86_64__ | 227 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, filter_syscall, 0, 5), |
212 | // mmap2 is used for mmap on i386 these days | ||
213 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_mmap2, 0, 5), | ||
214 | #else | ||
215 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_mmap, 0, 5), | ||
216 | #endif | ||
217 | EXAMINE_ARGUMENT(2), | 228 | EXAMINE_ARGUMENT(2), |
218 | BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_WRITE|PROT_EXEC), | 229 | BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_WRITE|PROT_EXEC), |
219 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_WRITE|PROT_EXEC, 0, 1), | 230 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_WRITE|PROT_EXEC, 0, 1), |
220 | KILL_PROCESS, | 231 | KILL_PROCESS, |
221 | RETURN_ALLOW, | 232 | RETURN_ALLOW, |
233 | #endif | ||
222 | 234 | ||
223 | // block mprotect(,,PROT_EXEC) so writable memory can't be turned into executable | 235 | // block mprotect(,,PROT_EXEC) so writable memory can't be turned into executable |
224 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_mprotect, 0, 5), | 236 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_mprotect, 0, 5), |
@@ -228,7 +240,7 @@ void memory_deny_write_execute(const char *fname) { | |||
228 | KILL_PROCESS, | 240 | KILL_PROCESS, |
229 | RETURN_ALLOW, | 241 | RETURN_ALLOW, |
230 | 242 | ||
231 | // shmat is not implemented as a syscall on some platforms (i386, possibly arm) | 243 | // shmat is not implemented as a syscall on some platforms (i386, powerpc64, powerpc64le) |
232 | #ifdef SYS_shmat | 244 | #ifdef SYS_shmat |
233 | // block shmat(,,x|SHM_EXEC) so W&X shared memory can't be created | 245 | // block shmat(,,x|SHM_EXEC) so W&X shared memory can't be created |
234 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_shmat, 0, 5), | 246 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_shmat, 0, 5), |
diff --git a/src/fseccomp/seccomp_print.c b/src/fseccomp/seccomp_print.c index 7af95d51c..3793e125d 100644 --- a/src/fseccomp/seccomp_print.c +++ b/src/fseccomp/seccomp_print.c | |||
@@ -92,7 +92,7 @@ static int detect_filter_type(void) { | |||
92 | 92 | ||
93 | // testing for secondare amd64 filter | 93 | // testing for secondare amd64 filter |
94 | const struct sock_filter start_secondary_64[] = { | 94 | const struct sock_filter start_secondary_64[] = { |
95 | VALIDATE_ARCHITECTURE, | 95 | VALIDATE_ARCHITECTURE_64, |
96 | EXAMINE_SYSCALL, | 96 | EXAMINE_SYSCALL, |
97 | }; | 97 | }; |
98 | 98 | ||
diff --git a/test/fs/whitelist-dev.exp b/test/fs/whitelist-dev.exp index b064671b6..b6ae6319f 100755 --- a/test/fs/whitelist-dev.exp +++ b/test/fs/whitelist-dev.exp | |||
@@ -25,14 +25,14 @@ sleep 1 | |||
25 | 25 | ||
26 | send -- "firejail --whitelist=/dev/null --whitelist=/dev/shm --whitelist=/dev/random\r" | 26 | send -- "firejail --whitelist=/dev/null --whitelist=/dev/shm --whitelist=/dev/random\r" |
27 | expect { | 27 | expect { |
28 | timeout {puts "TESTING ERROR 0\n";exit} | 28 | timeout {puts "TESTING ERROR 2\n";exit} |
29 | "Child process initialized" | 29 | "Child process initialized" |
30 | } | 30 | } |
31 | sleep 1 | 31 | sleep 1 |
32 | 32 | ||
33 | send -- "find /dev | wc -l\r" | 33 | send -- "find /dev | wc -l\r" |
34 | expect { | 34 | expect { |
35 | timeout {puts "TESTING ERROR 0.1\n";exit} | 35 | timeout {puts "TESTING ERROR 3\n";exit} |
36 | "4" | 36 | "4" |
37 | } | 37 | } |
38 | after 100 | 38 | after 100 |
@@ -41,14 +41,14 @@ sleep 1 | |||
41 | 41 | ||
42 | send -- "firejail --private-dev --debug\r" | 42 | send -- "firejail --private-dev --debug\r" |
43 | expect { | 43 | expect { |
44 | timeout {puts "TESTING ERROR 2\n";exit} | 44 | timeout {puts "TESTING ERROR 4\n";exit} |
45 | "Child process initialized" | 45 | "Child process initialized" |
46 | } | 46 | } |
47 | sleep 1 | 47 | sleep 1 |
48 | 48 | ||
49 | send -- "ls -l /dev | wc -l\r" | 49 | send -- "ls -l /dev | wc -l\r" |
50 | expect { | 50 | expect { |
51 | timeout {puts "TESTING ERROR 3\n";exit} | 51 | timeout {puts "TESTING ERROR 5\n";exit} |
52 | "12" {puts "OK\n"} | 52 | "12" {puts "OK\n"} |
53 | "13" {puts "OK\n"} | 53 | "13" {puts "OK\n"} |
54 | "14" {puts "OK\n"} | 54 | "14" {puts "OK\n"} |