diff options
-rw-r--r-- | src/firemon/arp.c | 7 | ||||
-rw-r--r-- | src/firemon/caps.c | 5 | ||||
-rw-r--r-- | src/firemon/cgroup.c | 6 | ||||
-rw-r--r-- | src/firemon/cpu.c | 6 | ||||
-rw-r--r-- | src/firemon/firemon.c | 71 | ||||
-rw-r--r-- | src/firemon/firemon.h | 18 | ||||
-rw-r--r-- | src/firemon/interface.c | 12 | ||||
-rw-r--r-- | src/firemon/route.c | 7 | ||||
-rw-r--r-- | src/firemon/seccomp.c | 5 | ||||
-rw-r--r-- | src/firemon/tree.c | 4 | ||||
-rw-r--r-- | src/firemon/x11.c | 8 | ||||
-rw-r--r-- | src/fseccomp/syscall.c | 3 | ||||
-rwxr-xr-x | test/overlay/fs-named.exp | 66 | ||||
-rwxr-xr-x | test/overlay/fs-tmpfs.exp | 62 | ||||
-rwxr-xr-x | test/overlay/overlay.sh | 12 | ||||
-rwxr-xr-x | test/root/firecfg.exp | 46 |
16 files changed, 274 insertions, 64 deletions
diff --git a/src/firemon/arp.c b/src/firemon/arp.c index d204a0c3a..014f6a904 100644 --- a/src/firemon/arp.c +++ b/src/firemon/arp.c | |||
@@ -72,14 +72,15 @@ static void print_arp(const char *fname) { | |||
72 | 72 | ||
73 | } | 73 | } |
74 | 74 | ||
75 | void arp(pid_t pid) { | 75 | void arp(pid_t pid, int print_procs) { |
76 | pid_read(pid); | 76 | pid_read(pid); |
77 | 77 | ||
78 | // print processes | 78 | // print processes |
79 | int i; | 79 | int i; |
80 | for (i = 0; i < max_pids; i++) { | 80 | for (i = 0; i < max_pids; i++) { |
81 | if (pids[i].level == 1) { | 81 | if (pids[i].level == 1) { |
82 | pid_print_list(i, 0); | 82 | if (print_procs || pid == 0) |
83 | pid_print_list(i, 0); | ||
83 | int child = find_child(i); | 84 | int child = find_child(i); |
84 | if (child != -1) { | 85 | if (child != -1) { |
85 | char *fname; | 86 | char *fname; |
@@ -87,10 +88,10 @@ void arp(pid_t pid) { | |||
87 | errExit("asprintf"); | 88 | errExit("asprintf"); |
88 | print_arp(fname); | 89 | print_arp(fname); |
89 | free(fname); | 90 | free(fname); |
90 | printf("\n"); | ||
91 | } | 91 | } |
92 | } | 92 | } |
93 | } | 93 | } |
94 | printf("\n"); | ||
94 | } | 95 | } |
95 | 96 | ||
96 | 97 | ||
diff --git a/src/firemon/caps.c b/src/firemon/caps.c index 49c7b204b..81877ab87 100644 --- a/src/firemon/caps.c +++ b/src/firemon/caps.c | |||
@@ -48,14 +48,15 @@ static void print_caps(int pid) { | |||
48 | free(file); | 48 | free(file); |
49 | } | 49 | } |
50 | 50 | ||
51 | void caps(pid_t pid) { | 51 | void caps(pid_t pid, int print_procs) { |
52 | pid_read(pid); // include all processes | 52 | pid_read(pid); // include all processes |
53 | 53 | ||
54 | // print processes | 54 | // print processes |
55 | int i; | 55 | int i; |
56 | for (i = 0; i < max_pids; i++) { | 56 | for (i = 0; i < max_pids; i++) { |
57 | if (pids[i].level == 1) { | 57 | if (pids[i].level == 1) { |
58 | pid_print_list(i, 0); | 58 | if (print_procs || pid == 0) |
59 | pid_print_list(i, 0); | ||
59 | int child = find_child(i); | 60 | int child = find_child(i); |
60 | if (child != -1) | 61 | if (child != -1) |
61 | print_caps(child); | 62 | print_caps(child); |
diff --git a/src/firemon/cgroup.c b/src/firemon/cgroup.c index ec2d350af..e20e1d449 100644 --- a/src/firemon/cgroup.c +++ b/src/firemon/cgroup.c | |||
@@ -44,18 +44,20 @@ static void print_cgroup(int pid) { | |||
44 | free(file); | 44 | free(file); |
45 | } | 45 | } |
46 | 46 | ||
47 | void cgroup(pid_t pid) { | 47 | void cgroup(pid_t pid, int print_procs) { |
48 | pid_read(pid); | 48 | pid_read(pid); |
49 | 49 | ||
50 | // print processes | 50 | // print processes |
51 | int i; | 51 | int i; |
52 | for (i = 0; i < max_pids; i++) { | 52 | for (i = 0; i < max_pids; i++) { |
53 | if (pids[i].level == 1) { | 53 | if (pids[i].level == 1) { |
54 | pid_print_list(i, 0); | 54 | if (print_procs || pid == 0) |
55 | pid_print_list(i, 0); | ||
55 | int child = find_child(i); | 56 | int child = find_child(i); |
56 | if (child != -1) | 57 | if (child != -1) |
57 | print_cgroup(child); | 58 | print_cgroup(child); |
58 | } | 59 | } |
59 | } | 60 | } |
61 | printf("\n"); | ||
60 | } | 62 | } |
61 | 63 | ||
diff --git a/src/firemon/cpu.c b/src/firemon/cpu.c index 20fba33d6..47c935686 100644 --- a/src/firemon/cpu.c +++ b/src/firemon/cpu.c | |||
@@ -48,18 +48,20 @@ static void print_cpu(int pid) { | |||
48 | free(file); | 48 | free(file); |
49 | } | 49 | } |
50 | 50 | ||
51 | void cpu(pid_t pid) { | 51 | void cpu(pid_t pid, int print_procs) { |
52 | pid_read(pid); | 52 | pid_read(pid); |
53 | 53 | ||
54 | // print processes | 54 | // print processes |
55 | int i; | 55 | int i; |
56 | for (i = 0; i < max_pids; i++) { | 56 | for (i = 0; i < max_pids; i++) { |
57 | if (pids[i].level == 1) { | 57 | if (pids[i].level == 1) { |
58 | pid_print_list(i, 0); | 58 | if (print_procs || pid == 0) |
59 | pid_print_list(i, 0); | ||
59 | int child = find_child(i); | 60 | int child = find_child(i); |
60 | if (child != -1) | 61 | if (child != -1) |
61 | print_cpu(child); | 62 | print_cpu(child); |
62 | } | 63 | } |
63 | } | 64 | } |
65 | printf("\n"); | ||
64 | } | 66 | } |
65 | 67 | ||
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c index 1ec64bea8..b63e37444 100644 --- a/src/firemon/firemon.c +++ b/src/firemon/firemon.c | |||
@@ -25,7 +25,6 @@ | |||
25 | #include <grp.h> | 25 | #include <grp.h> |
26 | #include <sys/stat.h> | 26 | #include <sys/stat.h> |
27 | 27 | ||
28 | |||
29 | static int arg_route = 0; | 28 | static int arg_route = 0; |
30 | static int arg_arp = 0; | 29 | static int arg_arp = 0; |
31 | static int arg_tree = 0; | 30 | static int arg_tree = 0; |
@@ -148,8 +147,13 @@ int main(int argc, char **argv) { | |||
148 | arg_seccomp = 1; | 147 | arg_seccomp = 1; |
149 | else if (strcmp(argv[i], "--caps") == 0) | 148 | else if (strcmp(argv[i], "--caps") == 0) |
150 | arg_caps = 1; | 149 | arg_caps = 1; |
151 | else if (strcmp(argv[i], "--interface") == 0) | 150 | else if (strcmp(argv[i], "--interface") == 0) { |
151 | if (getuid() != 0) { | ||
152 | fprintf(stderr, "Error: you need to be root to run this command\n"); | ||
153 | exit(1); | ||
154 | } | ||
152 | arg_interface = 1; | 155 | arg_interface = 1; |
156 | } | ||
153 | else if (strcmp(argv[i], "--route") == 0) | 157 | else if (strcmp(argv[i], "--route") == 0) |
154 | arg_route = 1; | 158 | arg_route = 1; |
155 | else if (strcmp(argv[i], "--arp") == 0) | 159 | else if (strcmp(argv[i], "--arp") == 0) |
@@ -196,10 +200,8 @@ int main(int argc, char **argv) { | |||
196 | exit(1); | 200 | exit(1); |
197 | } | 201 | } |
198 | 202 | ||
199 | if (arg_top) | 203 | if (arg_top) { |
200 | top(); // never to return | 204 | top(); |
201 | if (arg_tree) { | ||
202 | tree(); | ||
203 | return 0; | 205 | return 0; |
204 | } | 206 | } |
205 | if (arg_list) { | 207 | if (arg_list) { |
@@ -212,25 +214,46 @@ int main(int argc, char **argv) { | |||
212 | } | 214 | } |
213 | 215 | ||
214 | // cumulative options | 216 | // cumulative options |
215 | if (arg_interface) | 217 | int print_procs = 1; |
216 | interface((pid_t) pid); | 218 | if (arg_tree) { |
217 | if (arg_route) | 219 | tree((pid_t) pid); |
218 | route((pid_t) pid); | 220 | print_procs = 0; |
219 | if (arg_arp) | 221 | } |
220 | arp((pid_t) pid); | 222 | if (arg_cpu) { |
221 | if (arg_seccomp) | 223 | cpu((pid_t) pid, print_procs); |
222 | seccomp((pid_t) pid); | 224 | print_procs = 0; |
223 | if (arg_caps) | 225 | } |
224 | caps((pid_t) pid); | 226 | if (arg_seccomp) { |
225 | if (arg_cpu) | 227 | seccomp((pid_t) pid, print_procs); |
226 | cpu((pid_t) pid); | 228 | print_procs = 0; |
227 | if (arg_cgroup) | 229 | } |
228 | cgroup((pid_t) pid); | 230 | if (arg_caps) { |
229 | if (arg_x11) | 231 | caps((pid_t) pid, print_procs); |
230 | x11((pid_t) pid); | 232 | print_procs = 0; |
233 | } | ||
234 | if (arg_cgroup) { | ||
235 | cgroup((pid_t) pid, print_procs); | ||
236 | print_procs = 0; | ||
237 | } | ||
238 | if (arg_x11) { | ||
239 | x11((pid_t) pid, print_procs); | ||
240 | print_procs = 0; | ||
241 | } | ||
242 | if (arg_interface) { | ||
243 | interface((pid_t) pid, print_procs); | ||
244 | print_procs = 0; | ||
245 | } | ||
246 | if (arg_route) { | ||
247 | route((pid_t) pid, print_procs); | ||
248 | print_procs = 0; | ||
249 | } | ||
250 | if (arg_arp) { | ||
251 | arp((pid_t) pid, print_procs); | ||
252 | print_procs = 0; | ||
253 | } | ||
231 | 254 | ||
232 | if (!arg_interface && !arg_route && !arg_arp && !arg_seccomp && !arg_caps && !arg_cgroup && !arg_x11) | 255 | if (print_procs) |
233 | procevent((pid_t) pid); // never to return | 256 | procevent((pid_t) pid); |
234 | 257 | ||
235 | return 0; | 258 | return 0; |
236 | } | 259 | } |
diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h index c5607a792..c78023888 100644 --- a/src/firemon/firemon.h +++ b/src/firemon/firemon.h | |||
@@ -54,33 +54,33 @@ void top(void); | |||
54 | void list(void); | 54 | void list(void); |
55 | 55 | ||
56 | // interface.c | 56 | // interface.c |
57 | void interface(pid_t pid); | 57 | void interface(pid_t pid, int print_procs); |
58 | 58 | ||
59 | // arp.c | 59 | // arp.c |
60 | void arp(pid_t pid); | 60 | void arp(pid_t pid, int print_procs); |
61 | 61 | ||
62 | // route.c | 62 | // route.c |
63 | void route(pid_t pid); | 63 | void route(pid_t pid, int print_procs); |
64 | 64 | ||
65 | // caps.c | 65 | // caps.c |
66 | void caps(pid_t pid); | 66 | void caps(pid_t pid, int print_procs); |
67 | 67 | ||
68 | // seccomp.c | 68 | // seccomp.c |
69 | void seccomp(pid_t pid); | 69 | void seccomp(pid_t pid, int print_procs); |
70 | 70 | ||
71 | // cpu.c | 71 | // cpu.c |
72 | void cpu(pid_t pid); | 72 | void cpu(pid_t pid, int print_procs); |
73 | 73 | ||
74 | // cgroup.c | 74 | // cgroup.c |
75 | void cgroup(pid_t pid); | 75 | void cgroup(pid_t pid, int print_procs); |
76 | 76 | ||
77 | // tree.c | 77 | // tree.c |
78 | void tree(void); | 78 | void tree(pid_t pid); |
79 | 79 | ||
80 | // netstats.c | 80 | // netstats.c |
81 | void netstats(void); | 81 | void netstats(void); |
82 | 82 | ||
83 | // x11.c | 83 | // x11.c |
84 | void x11(pid_t pid); | 84 | void x11(pid_t pid, int print_procs); |
85 | 85 | ||
86 | #endif | 86 | #endif |
diff --git a/src/firemon/interface.c b/src/firemon/interface.c index 58990e6e5..def9cd5ac 100644 --- a/src/firemon/interface.c +++ b/src/firemon/interface.c | |||
@@ -145,7 +145,6 @@ static void print_sandbox(pid_t pid) { | |||
145 | if (rv) | 145 | if (rv) |
146 | return; | 146 | return; |
147 | net_ifprint(); | 147 | net_ifprint(); |
148 | printf("\n"); | ||
149 | #ifdef HAVE_GCOV | 148 | #ifdef HAVE_GCOV |
150 | __gcov_flush(); | 149 | __gcov_flush(); |
151 | #endif | 150 | #endif |
@@ -156,24 +155,21 @@ static void print_sandbox(pid_t pid) { | |||
156 | waitpid(child, NULL, 0); | 155 | waitpid(child, NULL, 0); |
157 | } | 156 | } |
158 | 157 | ||
159 | void interface(pid_t pid) { | 158 | void interface(pid_t pid, int print_procs) { |
160 | if (getuid() != 0) { | ||
161 | fprintf(stderr, "Error: you need to be root to run this command\n"); | ||
162 | exit(1); | ||
163 | } | ||
164 | |||
165 | pid_read(pid); // a pid of 0 will include all processes | 159 | pid_read(pid); // a pid of 0 will include all processes |
166 | 160 | ||
167 | // print processes | 161 | // print processes |
168 | int i; | 162 | int i; |
169 | for (i = 0; i < max_pids; i++) { | 163 | for (i = 0; i < max_pids; i++) { |
170 | if (pids[i].level == 1) { | 164 | if (pids[i].level == 1) { |
171 | pid_print_list(i, 0); | 165 | if (print_procs || pid == 0) |
166 | pid_print_list(i, 0); | ||
172 | int child = find_child(i); | 167 | int child = find_child(i); |
173 | if (child != -1) { | 168 | if (child != -1) { |
174 | print_sandbox(child); | 169 | print_sandbox(child); |
175 | } | 170 | } |
176 | } | 171 | } |
177 | } | 172 | } |
173 | printf("\n"); | ||
178 | } | 174 | } |
179 | 175 | ||
diff --git a/src/firemon/route.c b/src/firemon/route.c index ac8000b6a..fb58b169d 100644 --- a/src/firemon/route.c +++ b/src/firemon/route.c | |||
@@ -181,14 +181,15 @@ static void print_route(const char *fname) { | |||
181 | 181 | ||
182 | } | 182 | } |
183 | 183 | ||
184 | void route(pid_t pid) { | 184 | void route(pid_t pid, int print_procs) { |
185 | pid_read(pid); | 185 | pid_read(pid); |
186 | 186 | ||
187 | // print processes | 187 | // print processes |
188 | int i; | 188 | int i; |
189 | for (i = 0; i < max_pids; i++) { | 189 | for (i = 0; i < max_pids; i++) { |
190 | if (pids[i].level == 1) { | 190 | if (pids[i].level == 1) { |
191 | pid_print_list(i, 0); | 191 | if (print_procs || pid == 0) |
192 | pid_print_list(i, 0); | ||
192 | int child = find_child(i); | 193 | int child = find_child(i); |
193 | if (child != -1) { | 194 | if (child != -1) { |
194 | char *fname; | 195 | char *fname; |
@@ -201,10 +202,10 @@ void route(pid_t pid) { | |||
201 | errExit("asprintf"); | 202 | errExit("asprintf"); |
202 | print_route(fname); | 203 | print_route(fname); |
203 | free(fname); | 204 | free(fname); |
204 | printf("\n"); | ||
205 | } | 205 | } |
206 | } | 206 | } |
207 | } | 207 | } |
208 | printf("\n"); | ||
208 | } | 209 | } |
209 | 210 | ||
210 | 211 | ||
diff --git a/src/firemon/seccomp.c b/src/firemon/seccomp.c index d4c248f8b..abc698bb8 100644 --- a/src/firemon/seccomp.c +++ b/src/firemon/seccomp.c | |||
@@ -48,14 +48,15 @@ static void print_seccomp(int pid) { | |||
48 | free(file); | 48 | free(file); |
49 | } | 49 | } |
50 | 50 | ||
51 | void seccomp(pid_t pid) { | 51 | void seccomp(pid_t pid, int print_procs) { |
52 | pid_read(pid); // include all processes | 52 | pid_read(pid); // include all processes |
53 | 53 | ||
54 | // print processes | 54 | // print processes |
55 | int i; | 55 | int i; |
56 | for (i = 0; i < max_pids; i++) { | 56 | for (i = 0; i < max_pids; i++) { |
57 | if (pids[i].level == 1) { | 57 | if (pids[i].level == 1) { |
58 | pid_print_list(i, 0); | 58 | if (print_procs || pid == 0) |
59 | pid_print_list(i, 0); | ||
59 | int child = find_child(i); | 60 | int child = find_child(i); |
60 | if (child != -1) | 61 | if (child != -1) |
61 | print_seccomp(child); | 62 | print_seccomp(child); |
diff --git a/src/firemon/tree.c b/src/firemon/tree.c index f6d22b517..6d8b37ecb 100644 --- a/src/firemon/tree.c +++ b/src/firemon/tree.c | |||
@@ -19,8 +19,8 @@ | |||
19 | */ | 19 | */ |
20 | #include "firemon.h" | 20 | #include "firemon.h" |
21 | 21 | ||
22 | void tree(void) { | 22 | void tree(pid_t pid) { |
23 | pid_read(0); // include all processes | 23 | pid_read(pid); |
24 | 24 | ||
25 | // print processes | 25 | // print processes |
26 | int i; | 26 | int i; |
diff --git a/src/firemon/x11.c b/src/firemon/x11.c index c7fe4c616..b0efb090a 100644 --- a/src/firemon/x11.c +++ b/src/firemon/x11.c | |||
@@ -22,14 +22,15 @@ | |||
22 | #include <sys/stat.h> | 22 | #include <sys/stat.h> |
23 | #include <unistd.h> | 23 | #include <unistd.h> |
24 | 24 | ||
25 | void x11(pid_t pid) { | 25 | void x11(pid_t pid, int print_procs) { |
26 | pid_read(pid); | 26 | pid_read(pid); |
27 | 27 | ||
28 | // print processes | 28 | // print processes |
29 | int i; | 29 | int i; |
30 | for (i = 0; i < max_pids; i++) { | 30 | for (i = 0; i < max_pids; i++) { |
31 | if (pids[i].level == 1) { | 31 | if (pids[i].level == 1) { |
32 | pid_print_list(i, 0); | 32 | if (print_procs || pid == 0) |
33 | pid_print_list(i, 0); | ||
33 | 34 | ||
34 | char *x11file; | 35 | char *x11file; |
35 | // todo: use macro from src/firejail/firejail.h for /run/firejail/x11 directory | 36 | // todo: use macro from src/firejail/firejail.h for /run/firejail/x11 directory |
@@ -46,12 +47,13 @@ void x11(pid_t pid) { | |||
46 | int display; | 47 | int display; |
47 | int rv = fscanf(fp, "%d", &display); | 48 | int rv = fscanf(fp, "%d", &display); |
48 | if (rv == 1) | 49 | if (rv == 1) |
49 | printf(" DISPLAY :%d\n", display); | 50 | printf(" DISPLAY :%d\n", display); |
50 | fclose(fp); | 51 | fclose(fp); |
51 | } | 52 | } |
52 | 53 | ||
53 | free(x11file); | 54 | free(x11file); |
54 | } | 55 | } |
55 | } | 56 | } |
57 | printf("\n"); | ||
56 | } | 58 | } |
57 | 59 | ||
diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c index 6696f2b11..7c2c4cbb2 100644 --- a/src/fseccomp/syscall.c +++ b/src/fseccomp/syscall.c | |||
@@ -127,12 +127,9 @@ int syscall_check_list(const char *slist, void (*callback)(int fd, int syscall, | |||
127 | } | 127 | } |
128 | 128 | ||
129 | while (ptr) { | 129 | while (ptr) { |
130 | printf("ptr %s\n", ptr); | ||
131 | |||
132 | int syscall_nr; | 130 | int syscall_nr; |
133 | int error_nr; | 131 | int error_nr; |
134 | syscall_process_name(ptr, &syscall_nr, &error_nr); | 132 | syscall_process_name(ptr, &syscall_nr, &error_nr); |
135 | printf("%d, %d\n", syscall_nr, error_nr); | ||
136 | if (syscall_nr == -1) | 133 | if (syscall_nr == -1) |
137 | fprintf(stderr, "Warning fseccomp: syscall %s not found\n", ptr); | 134 | fprintf(stderr, "Warning fseccomp: syscall %s not found\n", ptr); |
138 | else if (callback != NULL) { | 135 | else if (callback != NULL) { |
diff --git a/test/overlay/fs-named.exp b/test/overlay/fs-named.exp new file mode 100755 index 000000000..2ccb22bb1 --- /dev/null +++ b/test/overlay/fs-named.exp | |||
@@ -0,0 +1,66 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --overlay-named=firejail-test\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 2\n";exit} | ||
10 | "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit} | ||
11 | "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit} | ||
12 | "Child process initialized" {puts "found\n"} | ||
13 | } | ||
14 | sleep 1 | ||
15 | |||
16 | send -- "echo xyzxyzxyz > ~/_firejail_test_file; echo done\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 3\n";exit} | ||
19 | "done" | ||
20 | } | ||
21 | after 100 | ||
22 | |||
23 | send -- "cat ~/_firejail_test_file; echo done\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 4\n";exit} | ||
26 | "xyzxyzxyz" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
30 | "done" | ||
31 | } | ||
32 | after 100 | ||
33 | |||
34 | send -- "exit\r" | ||
35 | sleep 2 | ||
36 | |||
37 | send -- "cat ~/_firejail_test_file; echo done\r" | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 5\n";exit} | ||
40 | "xyzxyzxyz" {puts "TESTING ERROR 5.1\n";exit} | ||
41 | "done" | ||
42 | } | ||
43 | after 100 | ||
44 | |||
45 | send -- "firejail --overlay-named=firejail-test\r" | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 2\n";exit} | ||
48 | "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit} | ||
49 | "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit} | ||
50 | "Child process initialized" {puts "found\n"} | ||
51 | } | ||
52 | sleep 1 | ||
53 | |||
54 | send -- "cat ~/_firejail_test_file; echo done\r" | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 4\n";exit} | ||
57 | "xyzxyzxyz" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
61 | "done" | ||
62 | } | ||
63 | after 100 | ||
64 | |||
65 | puts "\nall done\n" | ||
66 | |||
diff --git a/test/overlay/fs-tmpfs.exp b/test/overlay/fs-tmpfs.exp new file mode 100755 index 000000000..658d16779 --- /dev/null +++ b/test/overlay/fs-tmpfs.exp | |||
@@ -0,0 +1,62 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --overlay-clean\r" | ||
8 | after 100 | ||
9 | send -- "file ~/.firejail\r" | ||
10 | expect { | ||
11 | timeout {puts "TESTING ERROR 0\n";exit} | ||
12 | "cannot open" | ||
13 | } | ||
14 | after 100 | ||
15 | |||
16 | send -- "firejail --overlay-tmpfs\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 1\n";exit} | ||
19 | "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit} | ||
20 | "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit} | ||
21 | "Child process initialized" {puts "found\n"} | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | send -- "echo xyzxyzxyz > ~/_firejail_test_file; echo done\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 2\n";exit} | ||
28 | "done" | ||
29 | } | ||
30 | after 100 | ||
31 | |||
32 | send -- "cat ~/_firejail_test_file; echo done\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 3\n";exit} | ||
35 | "xyzxyzxyz" | ||
36 | } | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 4\n";exit} | ||
39 | "done" | ||
40 | } | ||
41 | after 100 | ||
42 | |||
43 | send -- "exit\r" | ||
44 | sleep 1 | ||
45 | |||
46 | send -- "cat ~/_firejail_test_file; echo done\r" | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5\n";exit} | ||
49 | "xyzxyzxyz" {puts "TESTING ERROR 6\n";exit} | ||
50 | "done" | ||
51 | } | ||
52 | after 100 | ||
53 | |||
54 | send -- "file ~/.firejail\r" | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 7\n";exit} | ||
57 | "cannot open" | ||
58 | } | ||
59 | after 100 | ||
60 | |||
61 | puts "\nall done\n" | ||
62 | |||
diff --git a/test/overlay/overlay.sh b/test/overlay/overlay.sh index 971adddfe..4c9ebe5b0 100755 --- a/test/overlay/overlay.sh +++ b/test/overlay/overlay.sh | |||
@@ -11,6 +11,16 @@ rm -fr ~/_firejail_test_* | |||
11 | ./fs.exp | 11 | ./fs.exp |
12 | rm -fr ~/_firejail_test_* | 12 | rm -fr ~/_firejail_test_* |
13 | 13 | ||
14 | echo "TESTING: overlay named fs (test/overlay/fs-named.exp)" | ||
15 | rm -fr ~/_firejail_test_* | ||
16 | ./fs-named.exp | ||
17 | rm -fr ~/_firejail_test_* | ||
18 | |||
19 | echo "TESTING: overlay tmpfs fs (test/overlay/fs-tmpfs.exp)" | ||
20 | rm -fr ~/_firejail_test_* | ||
21 | ./fs-tmpfs.exp | ||
22 | rm -fr ~/_firejail_test_* | ||
23 | |||
14 | which firefox | 24 | which firefox |
15 | if [ "$?" -eq 0 ]; | 25 | if [ "$?" -eq 0 ]; |
16 | then | 26 | then |
@@ -51,7 +61,7 @@ which firefox | |||
51 | if [ "$?" -eq 0 ]; | 61 | if [ "$?" -eq 0 ]; |
52 | then | 62 | then |
53 | echo "TESTING: overlay firefox x11" | 63 | echo "TESTING: overlay firefox x11" |
54 | ./firefox.exp | 64 | ./firefox-x11.exp |
55 | else | 65 | else |
56 | echo "TESTING SKIP: firefox not found" | 66 | echo "TESTING SKIP: firefox not found" |
57 | fi | 67 | fi |
diff --git a/test/root/firecfg.exp b/test/root/firecfg.exp new file mode 100755 index 000000000..b4864988d --- /dev/null +++ b/test/root/firecfg.exp | |||
@@ -0,0 +1,46 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firecfg\r" | ||
11 | sleep 1 | ||
12 | |||
13 | send -- "firecfg --clean\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 0\n";exit} | ||
16 | "/usr/local/bin/firefox removed" | ||
17 | } | ||
18 | after 100 | ||
19 | send -- "file /usr/local/bin/firefox; echo done\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "symbolic link to /usr/bin/firejail" {puts "TESTING ERROR 2\n";exit} | ||
23 | "done" | ||
24 | } | ||
25 | after 100 | ||
26 | |||
27 | send -- "firecfg\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 3\n";exit} | ||
30 | "/usr/local/bin/firefox created" | ||
31 | } | ||
32 | after 100 | ||
33 | send -- "file /usr/local/bin/firefox\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4\n";exit} | ||
36 | "symbolic link to /usr/bin/firejail" | ||
37 | } | ||
38 | after 100 | ||
39 | |||
40 | send -- "firecfg --list\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 5\n";exit} | ||
43 | "/usr/local/bin/firefox" | ||
44 | } | ||
45 | after 100 | ||
46 | puts "\nall done\n" | ||