13 files changed, 284 insertions, 53 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index f075ec493..f61e19fdc 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -60,7 +60,7 @@ jobs:
    - name: update package information
      run: sudo apt-get update
    - name: install dependencies
-      run: sudo apt-get install gcc-12 libapparmor-dev libselinux1-dev expect xzdec
+      run: sudo apt-get install gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois
    - name: configure
      run: CC=gcc-12 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux --prefix=/usr
    - name: make
@@ -73,6 +73,8 @@ jobs:
      run: SHELL=/bin/bash make lab-setup
    - name: run sysutils tests
      run: SHELL=/bin/bash make test-sysutils
+    - name: run private-etc tests
+      run: SHELL=/bin/bash make test-private-etc
    - name: run profile tests
      run: SHELL=/bin/bash make test-profiles
    - name: run fcopy tests
diff --git a/Makefile b/Makefile
index 3aefd0b37..010f7f0aa 100644
--- a/Makefile
+++ b/Makefile
@@ -368,7 +368,7 @@ scan-build: clean
 # make test
 #
-TESTS=profiles apps apps-x11 apps-x11-xorg sysutils utils environment filters fs fcopy fnetfilter
+TESTS=profiles apps apps-x11 apps-x11-xorg sysutils utils environment filters fs fcopy fnetfilter private-etc
 TEST_TARGETS=$(patsubst %,test-%,$(TESTS))
 $(TEST_TARGETS):
@@ -378,7 +378,7 @@ $(TEST_TARGETS):
 # extract some data about the testing setup: kernel, network connectivity, user
 lab-setup:; uname -r; pwd; whoami; cat /etc/resolv.conf; cat /etc/hosts; ls /etc
-test: lab-setup test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters
+test: lab-setup test-profiles test-fcopy test-fnetfilter test-fs test-private-etc test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters
        echo "TEST COMPLETE"
 test-noprofiles: lab-setup test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters
diff --git a/test/fs/fs.sh b/test/fs/fs.sh
index 4b85d3006..affc4bc7e 100755
--- a/test/fs/fs.sh
+++ b/test/fs/fs.sh
@@ -80,12 +80,6 @@ rm -fr ~/_firejail_test_dir1
 rm -f ~/_firejail_test_link1
 rm -f ~/_firejail_test_link2
-echo "TESTING: private-etc (test/fs/private-etc.exp)"
-./private-etc.exp
-#echo "TESTING: empty private-etc (test/fs/private-etc-empty.exp)"
-#./private-etc-empty.exp
 echo "TESTING: private-bin (test/fs/private-bin.exp)"
 ./private-bin.exp
diff --git a/test/fs/private-etc-empty.exp b/test/fs/private-etc-empty.exp
deleted file mode 100755
index 6878a642c..000000000
--- a/test/fs/private-etc-empty.exp
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
-# License GPL v2
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send -- "firejail --private-etc=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 1
-send -- "ls -l /etc | wc -l\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "0" {puts "Debian\n"}
-        "1" {puts "Arch\n"}
-}
-send -- "exit\r"
-sleep 1
-send -- "firejail --profile=private-etc-empty.profile\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 1
-send -- "ls -l /etc | wc -l\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "0" {puts "Debian\n"}
-        "1" {puts "Arch\n"}
-}
-after 100
-puts "\nall done\n"
diff --git a/test/fs/private-etc-empty.profile b/test/fs/private-etc-empty.profile
deleted file mode 100644
index 38aa8cd68..000000000
--- a/test/fs/private-etc-empty.profile
+++ /dev/null
@@ -1 +0,0 @@
-private-etc blablabla
diff --git a/test/private-etc/etc-cleanup.exp b/test/private-etc/etc-cleanup.exp
new file mode 100755
index 000000000..eb7eedcf4
--- /dev/null
+++ b/test/private-etc/etc-cleanup.exp
@@ -0,0 +1,33 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2022 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "/usr/lib/firejail/etc-cleanup p1.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "old: private-etc passwd,group,resolv.conf,X11"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "new: private-etc @x11"
+}
+after 500
+send -- "/usr/lib/firejail/etc-cleanup p3.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "old: private-etc @tls-ca,os-release,@x11,mime.types,mailcap"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "new: private-etc @tls-ca,@x11,mailcap,mime.types,os-release"
+}
+after 500
+puts "\nall done\n"
diff --git a/test/private-etc/groups.exp b/test/private-etc/groups.exp
new file mode 100755
index 000000000..fed6d40b0
--- /dev/null
+++ b/test/private-etc/groups.exp
@@ -0,0 +1,132 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2022 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --private-etc ls -l /etc\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Private /etc installed in"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "cron" {puts "TESTING ERROR 2\n"; exit}
+        "shadow" {puts "TESTING ERROR 3\n"; exit}
+        "ssl" {puts "TESTING ERROR 4\n"; exit}
+        "ld.so.cache"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "cron" {puts "TESTING ERROR 2\n"; exit}
+        "shadow" {puts "TESTING ERROR 3\n"; exit}
+        "ssl" {puts "TESTING ERROR 4\n"; exit}
+        "nsswitch.conf"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "cron" {puts "TESTING ERROR 2\n"; exit}
+        "shadow" {puts "TESTING ERROR 3\n"; exit}
+        "ssl" {puts "TESTING ERROR 4\n"; exit}
+        "resolv.conf"
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "cron" {puts "TESTING ERROR 2\n"; exit}
+        "shadow" {puts "TESTING ERROR 3\n"; exit}
+        "xdg" {puts "TESTING ERROR 4\n"; exit}
+        "Parent is shutting down"
+}
+after 500
+send -- "firejail --private-etc=@tls-ca ls -l /etc\r"
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "Private /etc installed in"
+}
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "cron" {puts "TESTING ERROR 12\n"; exit}
+        "shadow" {puts "TESTING ERROR 13\n"; exit}
+        "ca-certificates"
+}
+expect {
+        timeout {puts "TESTING ERROR 14\n";exit}
+        "cron" {puts "TESTING ERROR 12\n"; exit}
+        "shadow" {puts "TESTING ERROR 13\n"; exit}
+        "nsswitch.conf"
+}
+expect {
+        timeout {puts "TESTING ERROR 15\n";exit}
+        "cron" {puts "TESTING ERROR 12\n"; exit}
+        "shadow" {puts "TESTING ERROR 13\n"; exit}
+        "resolv.conf"
+}
+expect {
+        timeout {puts "TESTING ERROR 16\n";exit}
+        "cron" {puts "TESTING ERROR 12\n"; exit}
+        "shadow" {puts "TESTING ERROR 13\n"; exit}
+        "ssl"
+}
+after 500
+send -- "firejail --private-etc --nosound ls -l /etc\r"
+expect {
+        timeout {puts "TESTING ERROR 20\n";exit}
+        "Private /etc installed in"
+}
+expect {
+        timeout {puts "TESTING ERROR 21\n";exit}
+        "cron" {puts "TESTING ERROR 22\n"; exit}
+        "shadow" {puts "TESTING ERROR 23\n"; exit}
+        "machine-id" {puts "TESTING ERROR 24\n"; exit}
+        "nsswitch.conf"
+}
+expect {
+        timeout {puts "TESTING ERROR 25\n";exit}
+        "Parent is shutting down"
+}
+after 500
+send -- "firejail --private-etc --net=none ls -l /etc\r"
+expect {
+        timeout {puts "TESTING ERROR 30\n";exit}
+        "Private /etc installed in"
+}
+expect {
+        timeout {puts "TESTING ERROR 31\n";exit}
+        "cron" {puts "TESTING ERROR 32\n"; exit}
+        "shadow" {puts "TESTING ERROR 33\n"; exit}
+        "nsswitch.conf"
+}
+expect {
+        timeout {puts "TESTING ERROR 34\n";exit}
+        "resolv.conf" {puts "TESTING ERROR 35\n"; exit}
+        "Parent is shutting down"
+}
+after 500
+send -- "firejail --private-etc=@x11 ls -l /etc\r"
+expect {
+        timeout {puts "TESTING ERROR 40\n";exit}
+        "Private /etc installed in"
+}
+expect {
+        timeout {puts "TESTING ERROR 41\n";exit}
+        "cron" {puts "TESTING ERROR 42\n"; exit}
+        "shadow" {puts "TESTING ERROR 43\n"; exit}
+        "nsswitch.conf"
+}
+expect {
+        timeout {puts "TESTING ERROR 44\n";exit}
+        "xdg"
+}
+after 100
+puts "\nall done\n"
diff --git a/test/private-etc/p1.profile b/test/private-etc/p1.profile
new file mode 100644
index 000000000..8929dace1
--- /dev/null
+++ b/test/private-etc/p1.profile
@@ -0,0 +1 @@
+private-etc passwd,group,resolv.conf,X11
diff --git a/test/private-etc/p2.profile b/test/private-etc/p2.profile
new file mode 100644
index 000000000..7193428b9
--- /dev/null
+++ b/test/private-etc/p2.profile
@@ -0,0 +1 @@
+private-etc @x11
diff --git a/test/private-etc/p3.profile b/test/private-etc/p3.profile
new file mode 100644
index 000000000..64e4025d0
--- /dev/null
+++ b/test/private-etc/p3.profile
@@ -0,0 +1 @@
+private-etc @tls-ca,os-release,@x11,mime.types,mailcap
diff --git a/test/fs/private-etc.exp b/test/private-etc/private-etc.exp
index f51fc5221..3aac7cdf2 100755
--- a/test/fs/private-etc.exp
+++ b/test/private-etc/private-etc.exp
@@ -7,7 +7,6 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
-# directory with ~
 send -- "firejail --private-etc=passwd,group,resolv.conf,X11\r"
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
diff --git a/test/private-etc/private-etc.sh b/test/private-etc/private-etc.sh
new file mode 100755
index 000000000..67076af95
--- /dev/null
+++ b/test/private-etc/private-etc.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+# This file is part of Firejail project
+# Copyright (C) 2014-2022 Firejail Authors
+# License GPL v2
+export MALLOC_CHECK_=3
+export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
+export LC_ALL=C
+echo "TESTING: private-etc (test/private-etc/private-etc.exp)"
+./private-etc.exp
+echo "TESTING: profile (test/private-etc/profile.exp)"
+./private-etc.exp
+echo "TESTING: groups (test/private-etc/groups.exp)"
+./groups.exp
+echo "TESTING: etc-cleanup (test/private-etc/etc-cleanup.exp)"
+./etc-cleanup.exp
diff --git a/test/private-etc/profile.exp b/test/private-etc/profile.exp
new file mode 100755
index 000000000..d5713fe95
--- /dev/null
+++ b/test/private-etc/profile.exp
@@ -0,0 +1,90 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2022 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --profile=p1.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+sleep 1
+send -- "LC_ALL=C ls -al /etc\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "X11"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "group"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "passwd"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "resolv.conf"
+}
+send -- "file /etc/shadow\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "No such file or directory"
+}
+after 100
+send -- "exit\r"
+sleep 1
+send -- "firejail --profile=p2.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+sleep 1
+send -- "LC_ALL=C ls -al /etc\r"
+expect {
+        timeout {puts "TESTING ERROR 13\n";exit}
+        "X11"
+}
+expect {
+        timeout {puts "TESTING ERROR 14\n";exit}
+        "group"
+}
+expect {
+        timeout {puts "TESTING ERROR 15\n";exit}
+        "passwd"
+}
+expect {
+        timeout {puts "TESTING ERROR 16\n";exit}
+        "resolv.conf"
+}
+send -- "file /etc/shadow\r"
+expect {
+        timeout {puts "TESTING ERROR 17\n";exit}
+        "No such file or directory"
+}
+after 100
+send -- "exit\r"
+sleep 1
+after 100
+puts "\nall done\n"

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f075ec493..f61e19fdc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml
@@ -60,7 +60,7 @@ jobs:
60	- name: update package information	60	- name: update package information
61	run: sudo apt-get update	61	run: sudo apt-get update
62	- name: install dependencies	62	- name: install dependencies
63	run: sudo apt-get install gcc-12 libapparmor-dev libselinux1-dev expect xzdec	63	run: sudo apt-get install gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois
64	- name: configure	64	- name: configure
65	run: CC=gcc-12 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux --prefix=/usr	65	run: CC=gcc-12 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux --prefix=/usr
66	- name: make	66	- name: make
@@ -73,6 +73,8 @@ jobs:
73	run: SHELL=/bin/bash make lab-setup	73	run: SHELL=/bin/bash make lab-setup
74	- name: run sysutils tests	74	- name: run sysutils tests
75	run: SHELL=/bin/bash make test-sysutils	75	run: SHELL=/bin/bash make test-sysutils
		76	- name: run private-etc tests
		77	run: SHELL=/bin/bash make test-private-etc
76	- name: run profile tests	78	- name: run profile tests
77	run: SHELL=/bin/bash make test-profiles	79	run: SHELL=/bin/bash make test-profiles
78	- name: run fcopy tests	80	- name: run fcopy tests


diff --git a/Makefile b/Makefile index 3aefd0b37..010f7f0aa 100644 --- a/Makefile +++ b/Makefile
@@ -368,7 +368,7 @@ scan-build: clean
368	# make test	368	# make test
369	#	369	#
370		370
371	TESTS=profiles apps apps-x11 apps-x11-xorg sysutils utils environment filters fs fcopy fnetfilter	371	TESTS=profiles apps apps-x11 apps-x11-xorg sysutils utils environment filters fs fcopy fnetfilter private-etc
372	TEST_TARGETS=$(patsubst %,test-%,$(TESTS))	372	TEST_TARGETS=$(patsubst %,test-%,$(TESTS))
373		373
374	$(TEST_TARGETS):	374	$(TEST_TARGETS):
@@ -378,7 +378,7 @@ $(TEST_TARGETS):
378	# extract some data about the testing setup: kernel, network connectivity, user	378	# extract some data about the testing setup: kernel, network connectivity, user
379	lab-setup:; uname -r; pwd; whoami; cat /etc/resolv.conf; cat /etc/hosts; ls /etc	379	lab-setup:; uname -r; pwd; whoami; cat /etc/resolv.conf; cat /etc/hosts; ls /etc
380		380
381	test: lab-setup test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters	381	test: lab-setup test-profiles test-fcopy test-fnetfilter test-fs test-private-etc test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters
382	echo "TEST COMPLETE"	382	echo "TEST COMPLETE"
383		383
384	test-noprofiles: lab-setup test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters	384	test-noprofiles: lab-setup test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters


diff --git a/test/fs/fs.sh b/test/fs/fs.sh index 4b85d3006..affc4bc7e 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh
@@ -80,12 +80,6 @@ rm -fr ~/_firejail_test_dir1
80	rm -f ~/_firejail_test_link1	80	rm -f ~/_firejail_test_link1
81	rm -f ~/_firejail_test_link2	81	rm -f ~/_firejail_test_link2
82		82
83	echo "TESTING: private-etc (test/fs/private-etc.exp)"
84	./private-etc.exp
85
86	#echo "TESTING: empty private-etc (test/fs/private-etc-empty.exp)"
87	#./private-etc-empty.exp
88
89	echo "TESTING: private-bin (test/fs/private-bin.exp)"	83	echo "TESTING: private-bin (test/fs/private-bin.exp)"
90	./private-bin.exp	84	./private-bin.exp
91		85


diff --git a/test/fs/private-etc-empty.exp b/test/fs/private-etc-empty.exp deleted file mode 100755 index 6878a642c..000000000 --- a/test/fs/private-etc-empty.exp +++ /dev/null
@@ -1,42 +0,0 @@
1	#!/usr/bin/expect -f
2	# This file is part of Firejail project
3	# Copyright (C) 2014-2022 Firejail Authors
4	# License GPL v2
5
6	set timeout 10
7	spawn $env(SHELL)
8	match_max 100000
9
10	send -- "firejail --private-etc=blablabla\r"
11	expect {
12	timeout {puts "TESTING ERROR 0\n";exit}
13	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
14	}
15	sleep 1
16
17	send -- "ls -l /etc \| wc -l\r"
18	expect {
19	timeout {puts "TESTING ERROR 1\n";exit}
20	"0" {puts "Debian\n"}
21	"1" {puts "Arch\n"}
22	}
23	send -- "exit\r"
24	sleep 1
25
26	send -- "firejail --profile=private-etc-empty.profile\r"
27	expect {
28	timeout {puts "TESTING ERROR 0\n";exit}
29	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
30	}
31	sleep 1
32
33	send -- "ls -l /etc \| wc -l\r"
34	expect {
35	timeout {puts "TESTING ERROR 1\n";exit}
36	"0" {puts "Debian\n"}
37	"1" {puts "Arch\n"}
38
39	}
40
41	after 100
42	puts "\nall done\n"


diff --git a/test/fs/private-etc-empty.profile b/test/fs/private-etc-empty.profile deleted file mode 100644 index 38aa8cd68..000000000 --- a/test/fs/private-etc-empty.profile +++ /dev/null
@@ -1 +0,0 @@
1	private-etc blablabla


diff --git a/test/private-etc/etc-cleanup.exp b/test/private-etc/etc-cleanup.exp new file mode 100755 index 000000000..eb7eedcf4 --- /dev/null +++ b/test/private-etc/etc-cleanup.exp
@@ -0,0 +1,33 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2022 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "/usr/lib/firejail/etc-cleanup p1.profile\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 1\n";exit}
		13	"old: private-etc passwd,group,resolv.conf,X11"
		14	}
		15	expect {
		16	timeout {puts "TESTING ERROR 2\n";exit}
		17	"new: private-etc @x11"
		18	}
		19	after 500
		20
		21	send -- "/usr/lib/firejail/etc-cleanup p3.profile\r"
		22	expect {
		23	timeout {puts "TESTING ERROR 3\n";exit}
		24	"old: private-etc @tls-ca,os-release,@x11,mime.types,mailcap"
		25	}
		26	expect {
		27	timeout {puts "TESTING ERROR 4\n";exit}
		28	"new: private-etc @tls-ca,@x11,mailcap,mime.types,os-release"
		29	}
		30	after 500
		31
		32
		33	puts "\nall done\n"


diff --git a/test/private-etc/groups.exp b/test/private-etc/groups.exp new file mode 100755 index 000000000..fed6d40b0 --- /dev/null +++ b/test/private-etc/groups.exp
@@ -0,0 +1,132 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2022 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --private-etc ls -l /etc\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	"Private /etc installed in"
		14	}
		15	expect {
		16	timeout {puts "TESTING ERROR 1\n";exit}
		17	"cron" {puts "TESTING ERROR 2\n"; exit}
		18	"shadow" {puts "TESTING ERROR 3\n"; exit}
		19	"ssl" {puts "TESTING ERROR 4\n"; exit}
		20	"ld.so.cache"
		21	}
		22	expect {
		23	timeout {puts "TESTING ERROR 5\n";exit}
		24	"cron" {puts "TESTING ERROR 2\n"; exit}
		25	"shadow" {puts "TESTING ERROR 3\n"; exit}
		26	"ssl" {puts "TESTING ERROR 4\n"; exit}
		27	"nsswitch.conf"
		28	}
		29	expect {
		30	timeout {puts "TESTING ERROR 6\n";exit}
		31	"cron" {puts "TESTING ERROR 2\n"; exit}
		32	"shadow" {puts "TESTING ERROR 3\n"; exit}
		33	"ssl" {puts "TESTING ERROR 4\n"; exit}
		34	"resolv.conf"
		35	}
		36	expect {
		37	timeout {puts "TESTING ERROR 7\n";exit}
		38	"cron" {puts "TESTING ERROR 2\n"; exit}
		39	"shadow" {puts "TESTING ERROR 3\n"; exit}
		40	"xdg" {puts "TESTING ERROR 4\n"; exit}
		41	"Parent is shutting down"
		42	}
		43	after 500
		44
		45
		46	send -- "firejail --private-etc=@tls-ca ls -l /etc\r"
		47	expect {
		48	timeout {puts "TESTING ERROR 10\n";exit}
		49	"Private /etc installed in"
		50	}
		51	expect {
		52	timeout {puts "TESTING ERROR 11\n";exit}
		53	"cron" {puts "TESTING ERROR 12\n"; exit}
		54	"shadow" {puts "TESTING ERROR 13\n"; exit}
		55	"ca-certificates"
		56	}
		57	expect {
		58	timeout {puts "TESTING ERROR 14\n";exit}
		59	"cron" {puts "TESTING ERROR 12\n"; exit}
		60	"shadow" {puts "TESTING ERROR 13\n"; exit}
		61	"nsswitch.conf"
		62	}
		63	expect {
		64	timeout {puts "TESTING ERROR 15\n";exit}
		65	"cron" {puts "TESTING ERROR 12\n"; exit}
		66	"shadow" {puts "TESTING ERROR 13\n"; exit}
		67	"resolv.conf"
		68	}
		69	expect {
		70	timeout {puts "TESTING ERROR 16\n";exit}
		71	"cron" {puts "TESTING ERROR 12\n"; exit}
		72	"shadow" {puts "TESTING ERROR 13\n"; exit}
		73	"ssl"
		74	}
		75	after 500
		76
		77
		78	send -- "firejail --private-etc --nosound ls -l /etc\r"
		79	expect {
		80	timeout {puts "TESTING ERROR 20\n";exit}
		81	"Private /etc installed in"
		82	}
		83	expect {
		84	timeout {puts "TESTING ERROR 21\n";exit}
		85	"cron" {puts "TESTING ERROR 22\n"; exit}
		86	"shadow" {puts "TESTING ERROR 23\n"; exit}
		87	"machine-id" {puts "TESTING ERROR 24\n"; exit}
		88	"nsswitch.conf"
		89	}
		90	expect {
		91	timeout {puts "TESTING ERROR 25\n";exit}
		92	"Parent is shutting down"
		93	}
		94	after 500
		95
		96	send -- "firejail --private-etc --net=none ls -l /etc\r"
		97	expect {
		98	timeout {puts "TESTING ERROR 30\n";exit}
		99	"Private /etc installed in"
		100	}
		101	expect {
		102	timeout {puts "TESTING ERROR 31\n";exit}
		103	"cron" {puts "TESTING ERROR 32\n"; exit}
		104	"shadow" {puts "TESTING ERROR 33\n"; exit}
		105	"nsswitch.conf"
		106	}
		107	expect {
		108	timeout {puts "TESTING ERROR 34\n";exit}
		109	"resolv.conf" {puts "TESTING ERROR 35\n"; exit}
		110	"Parent is shutting down"
		111	}
		112	after 500
		113
		114	send -- "firejail --private-etc=@x11 ls -l /etc\r"
		115	expect {
		116	timeout {puts "TESTING ERROR 40\n";exit}
		117	"Private /etc installed in"
		118	}
		119	expect {
		120	timeout {puts "TESTING ERROR 41\n";exit}
		121	"cron" {puts "TESTING ERROR 42\n"; exit}
		122	"shadow" {puts "TESTING ERROR 43\n"; exit}
		123	"nsswitch.conf"
		124	}
		125	expect {
		126	timeout {puts "TESTING ERROR 44\n";exit}
		127	"xdg"
		128	}
		129	after 100
		130
		131
		132	puts "\nall done\n"


diff --git a/test/private-etc/p1.profile b/test/private-etc/p1.profile new file mode 100644 index 000000000..8929dace1 --- /dev/null +++ b/test/private-etc/p1.profile
@@ -0,0 +1 @@
			private-etc passwd,group,resolv.conf,X11


diff --git a/test/private-etc/p2.profile b/test/private-etc/p2.profile new file mode 100644 index 000000000..7193428b9 --- /dev/null +++ b/test/private-etc/p2.profile
@@ -0,0 +1 @@
			private-etc @x11


diff --git a/test/private-etc/p3.profile b/test/private-etc/p3.profile new file mode 100644 index 000000000..64e4025d0 --- /dev/null +++ b/test/private-etc/p3.profile
@@ -0,0 +1 @@
			private-etc @tls-ca,os-release,@x11,mime.types,mailcap


diff --git a/test/fs/private-etc.exp b/test/private-etc/private-etc.exp index f51fc5221..3aac7cdf2 100755 --- a/test/fs/private-etc.exp +++ b/test/private-etc/private-etc.exp
@@ -7,7 +7,6 @@ set timeout 10
7	spawn $env(SHELL)	7	spawn $env(SHELL)
8	match_max 100000	8	match_max 100000
9		9
10	# directory with ~
11	send -- "firejail --private-etc=passwd,group,resolv.conf,X11\r"	10	send -- "firejail --private-etc=passwd,group,resolv.conf,X11\r"
12	expect {	11	expect {
13	timeout {puts "TESTING ERROR 1\n";exit}	12	timeout {puts "TESTING ERROR 1\n";exit}


diff --git a/test/private-etc/private-etc.sh b/test/private-etc/private-etc.sh new file mode 100755 index 000000000..67076af95 --- /dev/null +++ b/test/private-etc/private-etc.sh
@@ -0,0 +1,21 @@
		1	#!/bin/bash
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2022 Firejail Authors
		4	# License GPL v2
		5
		6	export MALLOC_CHECK_=3
		7	export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
		8	export LC_ALL=C
		9
		10	echo "TESTING: private-etc (test/private-etc/private-etc.exp)"
		11	./private-etc.exp
		12
		13	echo "TESTING: profile (test/private-etc/profile.exp)"
		14	./private-etc.exp
		15
		16	echo "TESTING: groups (test/private-etc/groups.exp)"
		17	./groups.exp
		18
		19	echo "TESTING: etc-cleanup (test/private-etc/etc-cleanup.exp)"
		20	./etc-cleanup.exp
		21


diff --git a/test/private-etc/profile.exp b/test/private-etc/profile.exp new file mode 100755 index 000000000..d5713fe95 --- /dev/null +++ b/test/private-etc/profile.exp
@@ -0,0 +1,90 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2022 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --profile=p1.profile\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 1\n";exit}
		13	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
		14	}
		15	sleep 1
		16
		17	send -- "LC_ALL=C ls -al /etc\r"
		18	expect {
		19	timeout {puts "TESTING ERROR 3\n";exit}
		20	"X11"
		21	}
		22	expect {
		23	timeout {puts "TESTING ERROR 4\n";exit}
		24	"group"
		25	}
		26	expect {
		27	timeout {puts "TESTING ERROR 5\n";exit}
		28	"passwd"
		29	}
		30	expect {
		31	timeout {puts "TESTING ERROR 6\n";exit}
		32	"resolv.conf"
		33	}
		34
		35
		36	send -- "file /etc/shadow\r"
		37	expect {
		38	timeout {puts "TESTING ERROR 7\n";exit}
		39	"No such file or directory"
		40	}
		41	after 100
		42	send -- "exit\r"
		43	sleep 1
		44
		45	send -- "firejail --profile=p2.profile\r"
		46	expect {
		47	timeout {puts "TESTING ERROR 11\n";exit}
		48	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
		49	}
		50	sleep 1
		51
		52	send -- "LC_ALL=C ls -al /etc\r"
		53	expect {
		54	timeout {puts "TESTING ERROR 13\n";exit}
		55	"X11"
		56	}
		57	expect {
		58	timeout {puts "TESTING ERROR 14\n";exit}
		59	"group"
		60	}
		61	expect {
		62	timeout {puts "TESTING ERROR 15\n";exit}
		63	"passwd"
		64	}
		65	expect {
		66	timeout {puts "TESTING ERROR 16\n";exit}
		67	"resolv.conf"
		68	}
		69
		70
		71	send -- "file /etc/shadow\r"
		72	expect {
		73	timeout {puts "TESTING ERROR 17\n";exit}
		74	"No such file or directory"
		75	}
		76	after 100
		77	send -- "exit\r"
		78	sleep 1
		79
		80
		81
		82
		83
		84
		85
		86
		87
		88
		89	after 100
		90	puts "\nall done\n"