diff options
-rw-r--r-- | src/firejail/main.c | 6 | ||||
-rw-r--r-- | src/fnet/veth.c | 6 | ||||
-rwxr-xr-x | test/network/firemon-arp.exp | 2 | ||||
-rwxr-xr-x | test/network/firemon-interfaces.exp | 67 | ||||
-rwxr-xr-x | test/network/netstats.exp | 39 | ||||
-rwxr-xr-x | test/network/network.sh | 6 | ||||
-rwxr-xr-x | test/utils/firemon-cpu.exp | 44 | ||||
-rwxr-xr-x | test/utils/top.exp | 40 | ||||
-rwxr-xr-x | test/utils/utils.sh | 9 |
9 files changed, 216 insertions, 3 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index f01094af9..4759e6a5f 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -517,9 +517,11 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
517 | struct stat s; | 517 | struct stat s; |
518 | int rv; | 518 | int rv; |
519 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) | 519 | if (stat("/proc/sys/kernel/grsecurity", &s) == 0) |
520 | rv = sbox_run(SBOX_ROOT | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FIREMON, "--netstats"); | 520 | rv = sbox_run(SBOX_ROOT | SBOX_CAPS_NONE | SBOX_SECCOMP | SBOX_ALLOW_STDIN, |
521 | 2, PATH_FIREMON, "--netstats"); | ||
521 | else | 522 | else |
522 | rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FIREMON, "--netstats"); | 523 | rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP | SBOX_ALLOW_STDIN, |
524 | 2, PATH_FIREMON, "--netstats"); | ||
523 | exit(rv); | 525 | exit(rv); |
524 | } | 526 | } |
525 | else { | 527 | else { |
diff --git a/src/fnet/veth.c b/src/fnet/veth.c index d06bc9256..546fafcec 100644 --- a/src/fnet/veth.c +++ b/src/fnet/veth.c | |||
@@ -111,6 +111,8 @@ int net_create_veth(const char *dev, const char *nsdev, unsigned pid) { | |||
111 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) | 111 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) |
112 | exit(2); | 112 | exit(2); |
113 | 113 | ||
114 | rtnl_close(&rth); | ||
115 | |||
114 | return 0; | 116 | return 0; |
115 | } | 117 | } |
116 | 118 | ||
@@ -173,6 +175,8 @@ int net_create_macvlan(const char *dev, const char *parent, unsigned pid) { | |||
173 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) | 175 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) |
174 | exit(2); | 176 | exit(2); |
175 | 177 | ||
178 | rtnl_close(&rth); | ||
179 | |||
176 | return 0; | 180 | return 0; |
177 | } | 181 | } |
178 | 182 | ||
@@ -209,6 +213,8 @@ int net_move_interface(const char *dev, unsigned pid) { | |||
209 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) | 213 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) |
210 | exit(2); | 214 | exit(2); |
211 | 215 | ||
216 | rtnl_close(&rth); | ||
217 | |||
212 | return 0; | 218 | return 0; |
213 | } | 219 | } |
214 | 220 | ||
diff --git a/test/network/firemon-arp.exp b/test/network/firemon-arp.exp index 0a543c3b4..e40ffb609 100755 --- a/test/network/firemon-arp.exp +++ b/test/network/firemon-arp.exp | |||
@@ -47,4 +47,4 @@ expect { | |||
47 | } | 47 | } |
48 | after 100 | 48 | after 100 |
49 | 49 | ||
50 | puts "\nall done\n"" | 50 | puts "\nall done\n" |
diff --git a/test/network/firemon-interfaces.exp b/test/network/firemon-interfaces.exp new file mode 100755 index 000000000..deb8594af --- /dev/null +++ b/test/network/firemon-interfaces.exp | |||
@@ -0,0 +1,67 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --net=eth0 --name=test1\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 9\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | spawn $env(SHELL) | ||
18 | send -- "firejail --net=eth0 --name=test2\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 9\n";exit} | ||
21 | "Child process initialized" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | spawn $env(SHELL) | ||
26 | send -- "firemon --interface\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 9\n";exit} | ||
29 | "Link status" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 9\n";exit} | ||
33 | "lo UP" | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 9\n";exit} | ||
37 | "eth0-" | ||
38 | } | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 9\n";exit} | ||
41 | "IPv4 status" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 9\n";exit} | ||
45 | "lo UP" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 9\n";exit} | ||
49 | "eth0-" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 9\n";exit} | ||
53 | "IPv6 status" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 9\n";exit} | ||
57 | "lo UP" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 9\n";exit} | ||
61 | "eth0-" | ||
62 | } | ||
63 | |||
64 | after 100 | ||
65 | |||
66 | puts "\n" | ||
67 | |||
diff --git a/test/network/netstats.exp b/test/network/netstats.exp new file mode 100755 index 000000000..41232061d --- /dev/null +++ b/test/network/netstats.exp | |||
@@ -0,0 +1,39 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --net=eth0 --name=test1\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 9\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | spawn $env(SHELL) | ||
18 | send -- "firejail --net=eth0 --name=test2\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 9\n";exit} | ||
21 | "Child process initialized" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | spawn $env(SHELL) | ||
26 | send -- "firejail --netstats\r" | ||
27 | sleep 4 | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 9\n";exit} | ||
30 | "name=test1" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 9\n";exit} | ||
34 | "name=test2" | ||
35 | } | ||
36 | after 100 | ||
37 | |||
38 | puts "\n" | ||
39 | |||
diff --git a/test/network/network.sh b/test/network/network.sh index 28f707952..e1646d64a 100755 --- a/test/network/network.sh +++ b/test/network/network.sh | |||
@@ -8,9 +8,15 @@ export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | |||
8 | 8 | ||
9 | sudo ./configure | 9 | sudo ./configure |
10 | 10 | ||
11 | echo "TESTING: firemon interface (firemon-interfaces.exp)" | ||
12 | sudo ./firemon-interfaces.exp | ||
13 | |||
11 | echo "TESTING: firemon arp (firemon-arp.exp)" | 14 | echo "TESTING: firemon arp (firemon-arp.exp)" |
12 | ./firemon-arp.exp | 15 | ./firemon-arp.exp |
13 | 16 | ||
17 | echo "TESTING: firemon netstats (netstats.exp)" | ||
18 | ./netstats.exp | ||
19 | |||
14 | echo "TESTING: firemon route (firemon-route.exp)" | 20 | echo "TESTING: firemon route (firemon-route.exp)" |
15 | ./firemon-route.exp | 21 | ./firemon-route.exp |
16 | 22 | ||
diff --git a/test/utils/firemon-cpu.exp b/test/utils/firemon-cpu.exp new file mode 100755 index 000000000..22e44512c --- /dev/null +++ b/test/utils/firemon-cpu.exp | |||
@@ -0,0 +1,44 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test1\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | spawn $env(SHELL) | ||
18 | send -- "firejail --name=test2\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1\n";exit} | ||
21 | "Child process initialized" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | spawn $env(SHELL) | ||
26 | send -- "firemon --cpu\r" | ||
27 | sleep 4 | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 2\n";exit} | ||
30 | "name=test1" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 3\n";exit} | ||
34 | "Cpus_allowed_list" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 4\n";exit} | ||
38 | "name=test2" | ||
39 | } | ||
40 | |||
41 | after 100 | ||
42 | |||
43 | puts "\nall done\n" | ||
44 | |||
diff --git a/test/utils/top.exp b/test/utils/top.exp new file mode 100755 index 000000000..d530e5a85 --- /dev/null +++ b/test/utils/top.exp | |||
@@ -0,0 +1,40 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test1\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | spawn $env(SHELL) | ||
18 | send -- "firejail --name=test2\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1\n";exit} | ||
21 | "Child process initialized" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | spawn $env(SHELL) | ||
26 | send -- "firejail --top\r" | ||
27 | sleep 4 | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 2\n";exit} | ||
30 | "name=test1" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 2\n";exit} | ||
34 | "name=test2" | ||
35 | } | ||
36 | |||
37 | after 100 | ||
38 | |||
39 | puts "\nall done\n" | ||
40 | |||
diff --git a/test/utils/utils.sh b/test/utils/utils.sh index ff4e5e086..557f2c961 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh | |||
@@ -88,6 +88,15 @@ echo "TESTING: firemon --seccomp (test/utils/seccomp.exp)" | |||
88 | echo "TESTING: firemon --caps (test/utils/caps.exp)" | 88 | echo "TESTING: firemon --caps (test/utils/caps.exp)" |
89 | ./caps.exp | 89 | ./caps.exp |
90 | 90 | ||
91 | echo "TESTING: top (test/utils/top.exp)" | ||
92 | ./top.exp | ||
93 | |||
91 | echo "TESTING: file transfer (test/utils/ls.exp)" | 94 | echo "TESTING: file transfer (test/utils/ls.exp)" |
92 | ./ls.exp | 95 | ./ls.exp |
93 | 96 | ||
97 | echo "TESTING: firemon cpu (test/utils/firemon-cpu.exp)" | ||
98 | ./firemon-cpu.exp | ||
99 | |||
100 | echo "TESTING: firemon cgroup (test/utils/firemon-cgroup.exp)" | ||
101 | ./firemon-cgroup.exp | ||
102 | |||