diff options
-rw-r--r-- | src/firemon/firemon.c | 26 | ||||
-rwxr-xr-x | test/fs/whitelist-dev.exp | 62 |
2 files changed, 83 insertions, 5 deletions
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c index f89196f21..1f3fdd578 100644 --- a/src/firemon/firemon.c +++ b/src/firemon/firemon.c | |||
@@ -52,15 +52,35 @@ static void my_handler(int s){ | |||
52 | exit(0); | 52 | exit(0); |
53 | } | 53 | } |
54 | 54 | ||
55 | // find the first child process for the specified pid | 55 | // find the second child process for the specified pid |
56 | // return -1 if not found | 56 | // return -1 if not found |
57 | // | ||
58 | // Example: | ||
59 | //14776:netblue:/usr/bin/firejail /usr/bin/transmission-qt | ||
60 | // 14777:netblue:/usr/bin/firejail /usr/bin/transmission-qt | ||
61 | // 14792:netblue:/usr/bin/transmission-qt | ||
62 | // We need 14792, the first real sandboxed process | ||
57 | int find_child(int id) { | 63 | int find_child(int id) { |
58 | int i; | 64 | int i; |
65 | int first_child = -1; | ||
66 | |||
67 | // find the first child | ||
59 | for (i = 0; i < max_pids; i++) { | 68 | for (i = 0; i < max_pids; i++) { |
60 | if (pids[i].level == 2 && pids[i].parent == id) | 69 | if (pids[i].level == 2 && pids[i].parent == id) { |
61 | return i; | 70 | first_child = i; |
71 | break; | ||
72 | } | ||
62 | } | 73 | } |
63 | 74 | ||
75 | if (first_child == -1) | ||
76 | return -1; | ||
77 | |||
78 | // find the second child | ||
79 | for (i = 0; i < max_pids; i++) { | ||
80 | if (pids[i].level == 3 && pids[i].parent == first_child) | ||
81 | return i; | ||
82 | } | ||
83 | |||
64 | return -1; | 84 | return -1; |
65 | } | 85 | } |
66 | 86 | ||
diff --git a/test/fs/whitelist-dev.exp b/test/fs/whitelist-dev.exp index 7575faee0..bc0970091 100755 --- a/test/fs/whitelist-dev.exp +++ b/test/fs/whitelist-dev.exp | |||
@@ -33,15 +33,73 @@ sleep 1 | |||
33 | send -- "ls -l /dev | wc -l\r" | 33 | send -- "ls -l /dev | wc -l\r" |
34 | expect { | 34 | expect { |
35 | timeout {puts "TESTING ERROR 3\n";exit} | 35 | timeout {puts "TESTING ERROR 3\n";exit} |
36 | "13" {puts "OK\n"} | 36 | "18" {puts "OK\n"} |
37 | "12" {puts "OK\n"} | 37 | "17" {puts "OK\n"} |
38 | } | 38 | } |
39 | after 100 | 39 | after 100 |
40 | |||
41 | send -- "ls -l /dev\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "dvd" {puts "OK\n"} | ||
45 | } | ||
46 | after 100 | ||
47 | |||
48 | send -- "ls -l /dev\r" | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 5\n";exit} | ||
51 | "dri" {puts "OK\n"} | ||
52 | } | ||
53 | after 100 | ||
54 | |||
55 | send -- "ls -l /dev\r" | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 6\n";exit} | ||
58 | "snd" {puts "OK\n"} | ||
59 | } | ||
60 | after 100 | ||
61 | |||
40 | send -- "exit\r" | 62 | send -- "exit\r" |
41 | sleep 1 | 63 | sleep 1 |
42 | 64 | ||
65 | send -- "firejail --private-dev --nosound ls /dev\r" | ||
66 | expect { | ||
67 | timeout {puts "TESTING ERROR 7\n";exit} | ||
68 | "Child process initialized" | ||
69 | } | ||
70 | expect { | ||
71 | timeout {puts "TESTING ERROR 8\n";exit} | ||
72 | "snd" {puts "TESTING ERROR 9\n";exit} | ||
73 | "Parent is shutting down" | ||
74 | } | ||
75 | sleep 1 | ||
43 | 76 | ||
77 | send -- "firejail --private-dev --nodvd ls /dev\r" | ||
78 | expect { | ||
79 | timeout {puts "TESTING ERROR 10\n";exit} | ||
80 | "Child process initialized" | ||
81 | } | ||
82 | expect { | ||
83 | timeout {puts "TESTING ERROR 11\n";exit} | ||
84 | "dvd" {puts "TESTING ERROR 12\n";exit} | ||
85 | "cdrom" {puts "TESTING ERROR 13\n";exit} | ||
86 | "dvdrom" {puts "TESTING ERROR 14\n";exit} | ||
87 | "cdrw" {puts "TESTING ERROR 15\n";exit} | ||
88 | "dvdrw" {puts "TESTING ERROR 16\n";exit} | ||
89 | "Parent is shutting down" | ||
90 | } | ||
91 | sleep 1 | ||
44 | 92 | ||
93 | send -- "firejail --private-dev --no3d ls /dev\r" | ||
94 | expect { | ||
95 | timeout {puts "TESTING ERROR 17\n";exit} | ||
96 | "Child process initialized" | ||
97 | } | ||
98 | expect { | ||
99 | timeout {puts "TESTING ERROR 18\n";exit} | ||
100 | "dri" {puts "TESTING ERROR 19\n";exit} | ||
101 | "Parent is shutting down" | ||
102 | } | ||
45 | 103 | ||
46 | after 100 | 104 | after 100 |
47 | puts "\nall done\n" | 105 | puts "\nall done\n" |