diff options
-rwxr-xr-x | gcov.sh | 44 | ||||
-rw-r--r-- | src/firejail/netfilter.c | 2 | ||||
-rwxr-xr-x | test/network/net_netfilter.exp | 22 | ||||
-rwxr-xr-x | test/network/network.sh | 4 |
4 files changed, 46 insertions, 26 deletions
@@ -21,29 +21,29 @@ rm -fr gcov-dir gcov-file | |||
21 | firejail --version | 21 | firejail --version |
22 | gcov_generate | 22 | gcov_generate |
23 | 23 | ||
24 | make test-firecfg | grep TESTING | 24 | #make test-firecfg | grep TESTING |
25 | gcov_generate | 25 | #gcov_generate |
26 | make test-apparmor | grep TESTING | 26 | #make test-apparmor | grep TESTING |
27 | gcov_generate | 27 | #gcov_generate |
28 | make test-network | grep TESTING | 28 | make test-network | grep TESTING |
29 | gcov_generate | 29 | gcov_generate |
30 | make test-appimage | grep TESTING | 30 | #make test-appimage | grep TESTING |
31 | gcov_generate | 31 | #gcov_generate |
32 | make test-chroot | grep TESTING | 32 | #make test-chroot | grep TESTING |
33 | gcov_generate | 33 | #gcov_generate |
34 | make test-sysutils | grep TESTING | 34 | #make test-sysutils | grep TESTING |
35 | gcov_generate | 35 | #gcov_generate |
36 | make test-private-etc | grep TESTING | 36 | #make test-private-etc | grep TESTING |
37 | gcov_generate | 37 | #gcov_generate |
38 | make test-profiles | grep TESTING | 38 | #make test-profiles | grep TESTING |
39 | gcov_generate | 39 | #gcov_generate |
40 | make test-fcopy | grep TESTING | 40 | #make test-fcopy | grep TESTING |
41 | gcov_generate | 41 | #gcov_generate |
42 | make test-fnetfilter | grep TESTING | 42 | make test-fnetfilter | grep TESTING |
43 | gcov_generate | 43 | gcov_generate |
44 | make test-fs | grep TESTING | 44 | #make test-fs | grep TESTING |
45 | gcov_generate | 45 | #gcov_generate |
46 | make test-utils | grep TESTING | 46 | #make test-utils | grep TESTING |
47 | gcov_generate | 47 | #gcov_generate |
48 | make test-environment | grep TESTING | 48 | #make test-environment | grep TESTING |
49 | gcov_generate | 49 | #gcov_generate |
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c index b4deda562..32fdd6218 100644 --- a/src/firejail/netfilter.c +++ b/src/firejail/netfilter.c | |||
@@ -248,5 +248,5 @@ void netfilter_print(pid_t pid, int ipv6) { | |||
248 | exit(1); | 248 | exit(1); |
249 | } | 249 | } |
250 | 250 | ||
251 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 2, iptables, "-vL"); | 251 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 2, iptables, "-nvL"); |
252 | } | 252 | } |
diff --git a/test/network/net_netfilter.exp b/test/network/net_netfilter.exp index 56480251e..ac144e19d 100755 --- a/test/network/net_netfilter.exp +++ b/test/network/net_netfilter.exp | |||
@@ -20,7 +20,27 @@ spawn $env(SHELL) | |||
20 | send -- "firejail --netfilter.print=test\r" | 20 | send -- "firejail --netfilter.print=test\r" |
21 | expect { | 21 | expect { |
22 | timeout {puts "TESTING ERROR 1\n";exit} | 22 | timeout {puts "TESTING ERROR 1\n";exit} |
23 | "ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED" | 23 | "ACCEPT" |
24 | } | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 1\n";exit} | ||
27 | "lo" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 1\n";exit} | ||
31 | "ACCEPT" | ||
32 | } | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 1\n";exit} | ||
35 | "state RELATED,ESTABLISHED" | ||
36 | } | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 1\n";exit} | ||
39 | "ACCEPT" | ||
40 | } | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 1\n";exit} | ||
43 | "icmptype 8" | ||
24 | } | 44 | } |
25 | 45 | ||
26 | after 500 | 46 | after 500 |
diff --git a/test/network/network.sh b/test/network/network.sh index e062358d4..2a7de2680 100755 --- a/test/network/network.sh +++ b/test/network/network.sh | |||
@@ -39,8 +39,8 @@ echo "TESTING: bandwidth (net_bandwidth.exp)" | |||
39 | echo "TESTING: ipv6 (ip6.exp)" | 39 | echo "TESTING: ipv6 (ip6.exp)" |
40 | ./ip6.exp | 40 | ./ip6.exp |
41 | 41 | ||
42 | #echo "TESTING: ipv6 netfilter(ip6_netfilter.exp)" | 42 | echo "TESTING: ipv6 netfilter(ip6_netfilter.exp)" |
43 | #./ip6_netfilter.exp | 43 | ./ip6_netfilter.exp |
44 | 44 | ||
45 | sudo ip link set br0 down | 45 | sudo ip link set br0 down |
46 | sudo brctl delbr br0 | 46 | sudo brctl delbr br0 |