diff options
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | README.md | 4 | ||||
-rwxr-xr-x | test/filters/filters.sh | 16 | ||||
-rwxr-xr-x | test/filters/seccomp-debug-32.exp | 73 | ||||
-rwxr-xr-x | test/fs/fs.sh | 8 |
5 files changed, 43 insertions, 60 deletions
@@ -12,7 +12,7 @@ Linux namespace support. It supports sandboxing specific users upon login. | |||
12 | Download: https://sourceforge.net/projects/firejail/files/ | 12 | Download: https://sourceforge.net/projects/firejail/files/ |
13 | Build and install: ./configure && make && sudo make install | 13 | Build and install: ./configure && make && sudo make install |
14 | Documentation and support: https://firejail.wordpress.com/ | 14 | Documentation and support: https://firejail.wordpress.com/ |
15 | Video Channel: https://www.youtube.com/channel/UCi5u-syndQYyOeV4NZ04hNA | 15 | Video Channel: https://www.brighteon.com/channels/netblue30 |
16 | Backup Video Channel: https://www.bitchute.com/profile/JSBsA1aoQVfW/ | 16 | Backup Video Channel: https://www.bitchute.com/profile/JSBsA1aoQVfW/ |
17 | Development: https://github.com/netblue30/firejail | 17 | Development: https://github.com/netblue30/firejail |
18 | License: GPL v2 | 18 | License: GPL v2 |
@@ -132,9 +132,7 @@ See the following discussions for details: | |||
132 | 132 | ||
133 | ### Other | 133 | ### Other |
134 | 134 | ||
135 | Try installing Firejail from your distribution. | 135 | Firejail is included in a large numbre of Linux distributions. |
136 | |||
137 | Firejail is included in Alpine, ALT Linux, Arch, Artix, Chakra, Debian, Deepin, Devuan, Fedora, Gentoo, Manjaro, Mint, NixOS, Parabola, Parrot, PCLinuxOS, ROSA, Solus, Slackware/SlackBuilds, Trisquel, Ubuntu, Void and possibly others. | ||
138 | 136 | ||
139 | Note: The firejail 0.9.52-LTS version is deprecated. | 137 | Note: The firejail 0.9.52-LTS version is deprecated. |
140 | 138 | ||
diff --git a/test/filters/filters.sh b/test/filters/filters.sh index 885c5a000..04d7080d6 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh | |||
@@ -33,8 +33,12 @@ fi | |||
33 | echo "TESTING: debug options (test/filters/debug.exp)" | 33 | echo "TESTING: debug options (test/filters/debug.exp)" |
34 | ./debug.exp | 34 | ./debug.exp |
35 | 35 | ||
36 | echo "TESTING: seccomp run files (test/filters/seccomp-run-files.exp)" | 36 | if [ "$(uname -m)" = "x86_64" ]; then |
37 | ./seccomp-run-files.exp | 37 | echo "TESTING: seccomp run files (test/filters/seccomp-run-files.exp)" |
38 | ./seccomp-run-files.exp | ||
39 | else | ||
40 | echo "TESTING SKIP: seccomp-run-files test implemented only for x86_64." | ||
41 | fi | ||
38 | 42 | ||
39 | echo "TESTING: seccomp postexec (test/filters/seccomp-postexec.exp)" | 43 | echo "TESTING: seccomp postexec (test/filters/seccomp-postexec.exp)" |
40 | ./seccomp-postexec.exp | 44 | ./seccomp-postexec.exp |
@@ -111,8 +115,12 @@ echo "TESTING: seccomp chmod profile - seccomp lists (test/filters/seccomp-chmod | |||
111 | echo "TESTING: seccomp empty (test/filters/seccomp-empty.exp)" | 115 | echo "TESTING: seccomp empty (test/filters/seccomp-empty.exp)" |
112 | ./seccomp-empty.exp | 116 | ./seccomp-empty.exp |
113 | 117 | ||
114 | echo "TESTING: seccomp numeric (test/filters/seccomp-numeric.exp)" | 118 | if [ "$(uname -m)" = "x86_64" ]; then |
115 | ./seccomp-numeric.exp | 119 | echo "TESTING: seccomp numeric (test/filters/seccomp-numeric.exp)" |
120 | ./seccomp-numeric.exp | ||
121 | else | ||
122 | echo "TESTING SKIP: seccomp numeric test implemented only for x86_64" | ||
123 | fi | ||
116 | 124 | ||
117 | if [ "$(uname -m)" = "x86_64" ]; then | 125 | if [ "$(uname -m)" = "x86_64" ]; then |
118 | echo "TESTING: seccomp join (test/filters/seccomp-join.exp)" | 126 | echo "TESTING: seccomp join (test/filters/seccomp-join.exp)" |
diff --git a/test/filters/seccomp-debug-32.exp b/test/filters/seccomp-debug-32.exp index b232a7df3..a2f99c1ca 100755 --- a/test/filters/seccomp-debug-32.exp +++ b/test/filters/seccomp-debug-32.exp | |||
@@ -13,15 +13,11 @@ after 100 | |||
13 | send -- "firejail --debug sleep 1; echo done\r" | 13 | send -- "firejail --debug sleep 1; echo done\r" |
14 | expect { | 14 | expect { |
15 | timeout {puts "TESTING ERROR 0\n";exit} | 15 | timeout {puts "TESTING ERROR 0\n";exit} |
16 | "SECCOMP Filter" | 16 | "seccomp entries in /run/firejail/mnt/seccomp/seccomp" |
17 | } | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "BLACKLIST" | ||
21 | } | 17 | } |
22 | expect { | 18 | expect { |
23 | timeout {puts "TESTING ERROR 2\n";exit} | 19 | timeout {puts "TESTING ERROR 2\n";exit} |
24 | "open_by_handle_at" | 20 | "jeq open_by_handle_at" |
25 | } | 21 | } |
26 | expect { | 22 | expect { |
27 | timeout {puts "TESTING ERROR 3\n";exit} | 23 | timeout {puts "TESTING ERROR 3\n";exit} |
@@ -34,58 +30,30 @@ expect { | |||
34 | after 100 | 30 | after 100 |
35 | 31 | ||
36 | 32 | ||
37 | # i686 architecture | 33 | # 64 bit architecture - ignore seccomp |
38 | send -- "firejail --debug sleep 1; echo done\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 5\n";exit} | ||
41 | "Child process initialized" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 6\n";exit} | ||
45 | "Installing /run/firejail/mnt/seccomp seccomp filter" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 7\n";exit} | ||
49 | "Installing /run/firejail/mnt/seccomp.64 seccomp filter" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 9\n";exit} | ||
53 | "done" | ||
54 | } | ||
55 | after 100 | ||
56 | |||
57 | # i686 architecture - ignore seccomp | ||
58 | send -- "firejail --debug --ignore=seccomp sleep 1; echo done\r" | 34 | send -- "firejail --debug --ignore=seccomp sleep 1; echo done\r" |
59 | expect { | 35 | expect { |
60 | timeout {puts "TESTING ERROR 10\n";exit} | 36 | timeout {puts "TESTING ERROR 10\n";exit} |
61 | "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 11\n";exit} | 37 | "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" {puts "TESTING ERROR 11\n";exit} |
62 | "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 12\n";exit} | 38 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 12\n";exit} |
63 | "Child process initialized" | 39 | "Child process initialized" |
64 | } | 40 | } |
65 | expect { | 41 | expect { |
66 | timeout {puts "TESTING ERROR 13\n";exit} | 42 | timeout {puts "TESTING ERROR 16\n";exit} |
67 | "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 14\n";exit} | ||
68 | "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 15\n";exit} | ||
69 | "done" | 43 | "done" |
70 | } | 44 | } |
71 | after 100 | 45 | after 100 |
72 | 46 | ||
73 | # i686 architecture - ignore protocol | 47 | # 64 bit architecture - ignore protocol |
74 | send -- "firejail --debug --ignore=protocol sleep 1; echo done\r" | 48 | send -- "firejail --debug --ignore=protocol sleep 1; echo done\r" |
75 | expect { | 49 | expect { |
76 | timeout {puts "TESTING ERROR 17\n";exit} | 50 | timeout {puts "TESTING ERROR 17\n";exit} |
77 | "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 18\n";exit} | ||
78 | "Child process initialized" | 51 | "Child process initialized" |
79 | } | 52 | } |
80 | expect { | 53 | expect { |
81 | timeout {puts "TESTING ERROR 19\n";exit} | 54 | timeout {puts "TESTING ERROR 19\n";exit} |
82 | "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 20\n";exit} | 55 | "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" {puts "TESTING ERROR 20\n";exit} |
83 | "Installing /run/firejail/mnt/seccomp seccomp filter" | 56 | "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" |
84 | } | ||
85 | expect { | ||
86 | timeout {puts "TESTING ERROR 21\n";exit} | ||
87 | "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 22\n";exit} | ||
88 | "Installing /run/firejail/mnt/seccomp.64 seccomp filter" | ||
89 | } | 57 | } |
90 | expect { | 58 | expect { |
91 | timeout {puts "TESTING ERROR 23\n";exit} | 59 | timeout {puts "TESTING ERROR 23\n";exit} |
@@ -101,7 +69,7 @@ expect { | |||
101 | } | 69 | } |
102 | expect { | 70 | expect { |
103 | timeout {puts "TESTING ERROR 25\n";exit} | 71 | timeout {puts "TESTING ERROR 25\n";exit} |
104 | "Installing /run/firejail/mnt/seccomp.mdwx seccomp filter" | 72 | "Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter" |
105 | } | 73 | } |
106 | expect { | 74 | expect { |
107 | timeout {puts "TESTING ERROR 26\n";exit} | 75 | timeout {puts "TESTING ERROR 26\n";exit} |
@@ -109,17 +77,22 @@ expect { | |||
109 | } | 77 | } |
110 | 78 | ||
111 | 79 | ||
112 | # i686 architecture - seccomp.block-secondary | 80 | # 64 bit architecture - seccomp.block-secondary |
113 | send -- "firejail --debug --seccomp.block-secondary sleep 1; echo done\r" | 81 | send -- "firejail --debug --seccomp.block-secondary sleep 1; echo done\r" |
114 | expect { | 82 | expect { |
115 | timeout {puts "TESTING ERROR 27\n";exit} | 83 | timeout {puts "TESTING ERROR 27\n";exit} |
116 | "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 28\n";exit} | 84 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 28\n";exit} |
117 | "Child process initialized" | 85 | "Child process initialized" |
118 | } | 86 | } |
119 | expect { | 87 | expect { |
120 | timeout {puts "TESTING ERROR 29\n";exit} | 88 | timeout {puts "TESTING ERROR 29\n";exit} |
121 | "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 30\n";exit} | 89 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 30\n";exit} |
122 | "Installing /run/firejail/mnt/seccomp seccomp filter" | 90 | "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" |
91 | } | ||
92 | expect { | ||
93 | timeout {puts "TESTING ERROR 31\n";exit} | ||
94 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 32\n";exit} | ||
95 | "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" | ||
123 | } | 96 | } |
124 | expect { | 97 | expect { |
125 | timeout {puts "TESTING ERROR 33\n";exit} | 98 | timeout {puts "TESTING ERROR 33\n";exit} |
@@ -127,17 +100,17 @@ expect { | |||
127 | } | 100 | } |
128 | after 100 | 101 | after 100 |
129 | 102 | ||
130 | # i686 architecture - seccomp.block-secondary, profile | 103 | # 64 bit architecture - seccomp.block-secondary, profile |
131 | send -- "firejail --debug --profile=block-secondary.profile sleep 1; echo done\r" | 104 | send -- "firejail --debug --profile=block-secondary.profile sleep 1; echo done\r" |
132 | expect { | 105 | expect { |
133 | timeout {puts "TESTING ERROR 33\n";exit} | 106 | timeout {puts "TESTING ERROR 33\n";exit} |
134 | "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 34\n";exit} | 107 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 34\n";exit} |
135 | "Child process initialized" | 108 | "Child process initialized" |
136 | } | 109 | } |
137 | expect { | 110 | expect { |
138 | timeout {puts "TESTING ERROR 35\n";exit} | 111 | timeout {puts "TESTING ERROR 35\n";exit} |
139 | "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 35\n";exit} | 112 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit} |
140 | "Installing /run/firejail/mnt/seccomp seccomp filter" | 113 | "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" |
141 | } | 114 | } |
142 | expect { | 115 | expect { |
143 | timeout {puts "TESTING ERROR 37\n";exit} | 116 | timeout {puts "TESTING ERROR 37\n";exit} |
diff --git a/test/fs/fs.sh b/test/fs/fs.sh index e06aacee0..0ec714ffa 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh | |||
@@ -42,8 +42,12 @@ echo "TESTING: read/write /var/tmp (test/fs/fs_var_tmp.exp)" | |||
42 | ./fs_var_tmp.exp | 42 | ./fs_var_tmp.exp |
43 | rm -f /var/tmp/_firejail_test_file | 43 | rm -f /var/tmp/_firejail_test_file |
44 | 44 | ||
45 | echo "TESTING: private-lib (test/fs/private-lib.exp)" | 45 | if [ "$(uname -m)" = "x86_64" ]; then |
46 | ./private-lib.exp | 46 | echo "TESTING: private-lib (test/fs/private-lib.exp)" |
47 | ./private-lib.exp | ||
48 | else | ||
49 | echo "TESTING SKIP: private-lib test implemented only for x86_64." | ||
50 | fi | ||
47 | 51 | ||
48 | echo "TESTING: read/write /var/lock (test/fs/fs_var_lock.exp)" | 52 | echo "TESTING: read/write /var/lock (test/fs/fs_var_lock.exp)" |
49 | ./fs_var_lock.exp | 53 | ./fs_var_lock.exp |