diff options
-rw-r--r-- | Makefile.in | 10 | ||||
-rw-r--r-- | etc/profile-a-l/chromium-browser-privacy.profile | 2 | ||||
-rw-r--r-- | src/bash_completion/firejail.bash_completion.in | 4 | ||||
-rw-r--r-- | src/firejail/usage.c | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 2 | ||||
-rw-r--r-- | src/zsh_completion/_firejail.in | 4 | ||||
-rwxr-xr-x | test/arguments/arguments.sh | 30 | ||||
-rwxr-xr-x | test/arguments/bashrun.exp | 89 | ||||
-rwxr-xr-x | test/arguments/bashrun.sh | 25 | ||||
-rwxr-xr-x | test/arguments/joinrun.exp | 92 | ||||
-rwxr-xr-x | test/arguments/joinrun.sh | 25 | ||||
-rwxr-xr-x | test/arguments/outrun.exp | 93 | ||||
-rwxr-xr-x | test/arguments/outrun.sh | 25 | ||||
-rwxr-xr-x | test/arguments/symrun.exp | 74 | ||||
-rwxr-xr-x | test/arguments/symrun.sh | 34 | ||||
-rwxr-xr-x | test/utils/audit.exp | 167 | ||||
-rwxr-xr-x | test/utils/utils.sh | 9 |
17 files changed, 11 insertions, 676 deletions
diff --git a/Makefile.in b/Makefile.in index bc03ab9ce..f9422fc8b 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -194,7 +194,7 @@ uninstall: | |||
194 | @echo "If you want to install a different version of firejail, you might also need to run 'rm -fr $(DESTDIR)$(sysconfdir)/firejail', see #2038." | 194 | @echo "If you want to install a different version of firejail, you might also need to run 'rm -fr $(DESTDIR)$(sysconfdir)/firejail', see #2038." |
195 | 195 | ||
196 | DISTFILES = "src etc m4 platform contrib configure configure.ac Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh.in COPYING README RELNOTES" | 196 | DISTFILES = "src etc m4 platform contrib configure configure.ac Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh.in COPYING README RELNOTES" |
197 | DISTFILES_TEST = "test/Makefile.in test/apps test/apps-x11 test/apps-x11-xorg test/root test/private-lib test/fnetfilter test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/arguments test/fs test/sysutils test/chroot" | 197 | DISTFILES_TEST = "test/Makefile.in test/apps test/apps-x11 test/apps-x11-xorg test/root test/private-lib test/fnetfilter test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/fs test/sysutils test/chroot" |
198 | 198 | ||
199 | dist: | 199 | dist: |
200 | mv config.status config.status.old | 200 | mv config.status config.status.old |
@@ -239,19 +239,19 @@ scan-build: clean | |||
239 | # make test | 239 | # make test |
240 | # | 240 | # |
241 | 241 | ||
242 | TESTS=profiles private-lib apps apps-x11 apps-x11-xorg sysutils utils environment filters arguments fs fcopy fnetfilter | 242 | TESTS=profiles private-lib apps apps-x11 apps-x11-xorg sysutils utils environment filters fs fcopy fnetfilter |
243 | TEST_TARGETS=$(patsubst %,test-%,$(TESTS)) | 243 | TEST_TARGETS=$(patsubst %,test-%,$(TESTS)) |
244 | 244 | ||
245 | $(TEST_TARGETS): | 245 | $(TEST_TARGETS): |
246 | $(MAKE) -C test $(subst test-,,$@) | 246 | $(MAKE) -C test $(subst test-,,$@) |
247 | 247 | ||
248 | test: test-profiles test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters test-arguments | 248 | test: test-profiles test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters |
249 | echo "TEST COMPLETE" | 249 | echo "TEST COMPLETE" |
250 | 250 | ||
251 | test-noprofiles: test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters test-arguments | 251 | test-noprofiles: test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters |
252 | echo "TEST COMPLETE" | 252 | echo "TEST COMPLETE" |
253 | 253 | ||
254 | test-github: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-arguments | 254 | test-github: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment |
255 | echo "TEST COMPLETE" | 255 | echo "TEST COMPLETE" |
256 | 256 | ||
257 | ########################################## | 257 | ########################################## |
diff --git a/etc/profile-a-l/chromium-browser-privacy.profile b/etc/profile-a-l/chromium-browser-privacy.profile index 09eaa2d12..0283a6934 100644 --- a/etc/profile-a-l/chromium-browser-privacy.profile +++ b/etc/profile-a-l/chromium-browser-privacy.profile | |||
@@ -11,7 +11,7 @@ mkdir ${HOME}/.config/ungoogled-chromium | |||
11 | whitelist ${HOME}/.cache/ungoogled-chromium | 11 | whitelist ${HOME}/.cache/ungoogled-chromium |
12 | whitelist ${HOME}/.config/ungoogled-chromium | 12 | whitelist ${HOME}/.config/ungoogled-chromium |
13 | 13 | ||
14 | # private-bin basename,bash,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings | 14 | # private-bin basename,bash,cat,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings |
15 | 15 | ||
16 | # Redirect | 16 | # Redirect |
17 | include chromium.profile | 17 | include chromium.profile |
diff --git a/src/bash_completion/firejail.bash_completion.in b/src/bash_completion/firejail.bash_completion.in index 00f04c310..f68edf380 100644 --- a/src/bash_completion/firejail.bash_completion.in +++ b/src/bash_completion/firejail.bash_completion.in | |||
@@ -90,10 +90,6 @@ _firejail() | |||
90 | _filedir | 90 | _filedir |
91 | return 0 | 91 | return 0 |
92 | ;; | 92 | ;; |
93 | --audit) | ||
94 | _filedir | ||
95 | return 0 | ||
96 | ;; | ||
97 | --net) | 93 | --net) |
98 | comps=$(__interfaces) | 94 | comps=$(__interfaces) |
99 | COMPREPLY=( $(compgen -W '$comps' -- "$cur") ) | 95 | COMPREPLY=( $(compgen -W '$comps' -- "$cur") ) |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index a9acd7692..397150158 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -55,7 +55,7 @@ static char *usage_str = | |||
55 | #endif | 55 | #endif |
56 | " --cpu=cpu-number,cpu-number - set cpu affinity.\n" | 56 | " --cpu=cpu-number,cpu-number - set cpu affinity.\n" |
57 | " --cpu.print=name|pid - print the cpus in use.\n" | 57 | " --cpu.print=name|pid - print the cpus in use.\n" |
58 | #ifdef HAVE_DBUSPROXy | 58 | #ifdef HAVE_DBUSPROXY |
59 | " --dbus-log=file - set DBus log file location.\n" | 59 | " --dbus-log=file - set DBus log file location.\n" |
60 | " --dbus-system=filter|none - set system DBus access policy.\n" | 60 | " --dbus-system=filter|none - set system DBus access policy.\n" |
61 | " --dbus-system.broadcast=rule - allow signals on the system DBus according to rule.\n" | 61 | " --dbus-system.broadcast=rule - allow signals on the system DBus according to rule.\n" |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index f9111ae7b..68deb85ec 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -2476,7 +2476,7 @@ $ firejail --seccomp.print=browser | |||
2476 | $ | 2476 | $ |
2477 | 2477 | ||
2478 | .TP | 2478 | .TP |
2479 | \fB\-\-seccomp-error-action= kill | ERRNO | 2479 | \fB\-\-seccomp-error-action= kill | ERRNO | log |
2480 | By default, if a seccomp filter blocks a system call, the process gets | 2480 | By default, if a seccomp filter blocks a system call, the process gets |
2481 | EPERM as the error. With \-\-seccomp-error-action=error, another error | 2481 | EPERM as the error. With \-\-seccomp-error-action=error, another error |
2482 | number can be returned, for example ENOSYS or EACCES. The process can | 2482 | number can be returned, for example ENOSYS or EACCES. The process can |
diff --git a/src/zsh_completion/_firejail.in b/src/zsh_completion/_firejail.in index 7e8df138e..f58f0d4b9 100644 --- a/src/zsh_completion/_firejail.in +++ b/src/zsh_completion/_firejail.in | |||
@@ -76,6 +76,8 @@ _firejail_args=( | |||
76 | '(--cpu.print)'{--cpu.print=,--cpu.print=}'[print the cpus in use name|pid]: : _all_firejails' | 76 | '(--cpu.print)'{--cpu.print=,--cpu.print=}'[print the cpus in use name|pid]: : _all_firejails' |
77 | '--list[list all sandboxes]' | 77 | '--list[list all sandboxes]' |
78 | '(--dns)'{--dns=,--dns=}'[set DNS server]: :' | 78 | '(--dns)'{--dns=,--dns=}'[set DNS server]: :' |
79 | '*--mkdir=-[create a directory]:' | ||
80 | '*--mkfile=-[create a file]:' | ||
79 | '(--protocol)'{--protocol=,--protocol=}'[enable protocol filter]: :' | 81 | '(--protocol)'{--protocol=,--protocol=}'[enable protocol filter]: :' |
80 | '(--join-or-start)'{--join-or-start=,--join-or-start=}'[join the sandbox or start a new one name|pid]: : _all_firejails' | 82 | '(--join-or-start)'{--join-or-start=,--join-or-start=}'[join the sandbox or start a new one name|pid]: : _all_firejails' |
81 | '(--hosts-file)'{--hosts-file=,--hosts-file=}'[use file as /etc/hosts]: : _files' | 83 | '(--hosts-file)'{--hosts-file=,--hosts-file=}'[use file as /etc/hosts]: : _files' |
@@ -112,8 +114,6 @@ _firejail_args=( | |||
112 | '(--nice)'{--nice=,--nice=}'[set nice value]: :(1 10 15 20)' | 114 | '(--nice)'{--nice=,--nice=}'[set nice value]: :(1 10 15 20)' |
113 | # Should be _files, a comma and files or files -/ | 115 | # Should be _files, a comma and files or files -/ |
114 | '*'{--bind=,--bind=}'[mount-bind dirname1/filename1 on top of dirname2/filename2]: :(file1,file2 dir1,dir2)' | 116 | '*'{--bind=,--bind=}'[mount-bind dirname1/filename1 on top of dirname2/filename2]: :(file1,file2 dir1,dir2)' |
115 | '--audit[audit the sandbox]' | ||
116 | '(--audit)'{--audit=,--audit=}'[audit the sandbox with a test-program]: :' | ||
117 | '(--cgroup)'{--cgroup=,--cgroup=}'[place the sandbox in the specified control group]: :' | 117 | '(--cgroup)'{--cgroup=,--cgroup=}'[place the sandbox in the specified control group]: :' |
118 | '*'{--env=,--env=}'[set environment variable]: :' | 118 | '*'{--env=,--env=}'[set environment variable]: :' |
119 | '(--hostname)'{--hostname=,--hostname=}'[set sandbox hostname]: :' | 119 | '(--hostname)'{--hostname=,--hostname=}'[set sandbox hostname]: :' |
diff --git a/test/arguments/arguments.sh b/test/arguments/arguments.sh deleted file mode 100755 index 583d77a26..000000000 --- a/test/arguments/arguments.sh +++ /dev/null | |||
@@ -1,30 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2021 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export LC_ALL=C | ||
7 | |||
8 | if [ -f /etc/debian_version ]; then | ||
9 | libdir=$(dirname "$(dpkg -L firejail | grep faudit)") | ||
10 | export PATH="$PATH:$libdir" | ||
11 | fi | ||
12 | export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail" | ||
13 | |||
14 | echo "TESTING: 1. regular bash session" | ||
15 | ./bashrun.exp | ||
16 | sleep 1 | ||
17 | |||
18 | echo "TESTING: 2. symbolic link to firejail" | ||
19 | ./symrun.exp | ||
20 | rm -fr symtest | ||
21 | sleep 1 | ||
22 | |||
23 | echo "TESTING: 3. --join option" | ||
24 | ./joinrun.exp | ||
25 | sleep 1 | ||
26 | |||
27 | echo "TESTING: 4. --output option" | ||
28 | ./outrun.exp | ||
29 | rm out | ||
30 | rm out.* | ||
diff --git a/test/arguments/bashrun.exp b/test/arguments/bashrun.exp deleted file mode 100755 index 22c38bd4c..000000000 --- a/test/arguments/bashrun.exp +++ /dev/null | |||
@@ -1,89 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2021 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "./bashrun.sh\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1.1.1\n";exit} | ||
13 | "Arguments:" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1.1.2\n";exit} | ||
17 | "#arg1#" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1.1.3\n";exit} | ||
21 | "#arg2#" | ||
22 | } | ||
23 | |||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 1.2.1\n";exit} | ||
26 | "Arguments:" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 1.2.2\n";exit} | ||
30 | "#arg1 tail#" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 1.2.3\n";exit} | ||
34 | "#arg2 tail#" | ||
35 | } | ||
36 | |||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 1.3.1\n";exit} | ||
39 | "Arguments:" | ||
40 | } | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 1.3.2\n";exit} | ||
43 | "#arg1 tail#" | ||
44 | } | ||
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 1.3.3\n";exit} | ||
47 | "#arg2 tail#" | ||
48 | } | ||
49 | |||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 1.4.1\n";exit} | ||
52 | "Arguments:" | ||
53 | } | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 1.4.2\n";exit} | ||
56 | "#arg1 tail#" | ||
57 | } | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 1.4.3\n";exit} | ||
60 | "#arg2 tail#" | ||
61 | } | ||
62 | |||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 1.5.1\n";exit} | ||
65 | "Arguments:" | ||
66 | } | ||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 1.5.2\n";exit} | ||
69 | "#arg1&tail#" | ||
70 | } | ||
71 | expect { | ||
72 | timeout {puts "TESTING ERROR 1.5.3\n";exit} | ||
73 | "#arg2&tail#" | ||
74 | } | ||
75 | |||
76 | expect { | ||
77 | timeout {puts "TESTING ERROR 1.6.1\n";exit} | ||
78 | "Arguments:" | ||
79 | } | ||
80 | expect { | ||
81 | timeout {puts "TESTING ERROR 1.6.2\n";exit} | ||
82 | "#arg1&tail#" | ||
83 | } | ||
84 | expect { | ||
85 | timeout {puts "TESTING ERROR 1.6.3\n";exit} | ||
86 | "#arg2&tail#" | ||
87 | } | ||
88 | |||
89 | puts "\nall done\n" | ||
diff --git a/test/arguments/bashrun.sh b/test/arguments/bashrun.sh deleted file mode 100755 index ba4118cdd..000000000 --- a/test/arguments/bashrun.sh +++ /dev/null | |||
@@ -1,25 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2021 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | echo "TESTING: 1.1 - simple args" | ||
7 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit arg1 arg2 | ||
8 | |||
9 | # simple quotes, testing spaces in file names | ||
10 | echo "TESTING: 1.2 - args with space and \"" | ||
11 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit "arg1 tail" "arg2 tail" | ||
12 | |||
13 | echo "TESTING: 1.3 - args with space and '" | ||
14 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit 'arg1 tail' 'arg2 tail' | ||
15 | |||
16 | # escaped space in file names | ||
17 | echo "TESTING: 1.4 - args with space and \\" | ||
18 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit arg1\ tail arg2\ tail | ||
19 | |||
20 | # & char appears in URLs - URLs should be quoted | ||
21 | echo "TESTING: 1.5 - args with & and \"" | ||
22 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit "arg1&tail" "arg2&tail" | ||
23 | |||
24 | echo "TESTING: 1.6 - args with & and '" | ||
25 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit 'arg1&tail' 'arg2&tail' | ||
diff --git a/test/arguments/joinrun.exp b/test/arguments/joinrun.exp deleted file mode 100755 index 6095f0e55..000000000 --- a/test/arguments/joinrun.exp +++ /dev/null | |||
@@ -1,92 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2021 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | |||
11 | send -- "firejail --name=joinrun\r" | ||
12 | sleep 2 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "./joinrun.sh\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 3.1.1\n";exit} | ||
18 | "Arguments:" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 3.1.2\n";exit} | ||
22 | "#arg1#" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3.1.3\n";exit} | ||
26 | "#arg2#" | ||
27 | } | ||
28 | |||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 3.2.1\n";exit} | ||
31 | "Arguments:" | ||
32 | } | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 3.2.2\n";exit} | ||
35 | "#arg1 tail#" | ||
36 | } | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 3.2.3\n";exit} | ||
39 | "#arg2 tail#" | ||
40 | } | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 3.3.1\n";exit} | ||
43 | "Arguments:" | ||
44 | } | ||
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 3.3.2\n";exit} | ||
47 | "#arg1 tail#" | ||
48 | } | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 3.3.3\n";exit} | ||
51 | "#arg2 tail#" | ||
52 | } | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 3.4.1\n";exit} | ||
55 | "Arguments:" | ||
56 | } | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 3.4.2\n";exit} | ||
59 | "#arg1 tail#" | ||
60 | } | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 3.4.3\n";exit} | ||
63 | "#arg2 tail#" | ||
64 | } | ||
65 | |||
66 | expect { | ||
67 | timeout {puts "TESTING ERROR 3.5.1\n";exit} | ||
68 | "Arguments:" | ||
69 | } | ||
70 | expect { | ||
71 | timeout {puts "TESTING ERROR 3.5.2\n";exit} | ||
72 | "#arg1&tail#" | ||
73 | } | ||
74 | expect { | ||
75 | timeout {puts "TESTING ERROR 3.5.3\n";exit} | ||
76 | "#arg2&tail#" | ||
77 | } | ||
78 | |||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 3.6.1\n";exit} | ||
81 | "Arguments:" | ||
82 | } | ||
83 | expect { | ||
84 | timeout {puts "TESTING ERROR 3.6.2\n";exit} | ||
85 | "#arg1&tail#" | ||
86 | } | ||
87 | expect { | ||
88 | timeout {puts "TESTING ERROR 3.6.3\n";exit} | ||
89 | "#arg2&tail#" | ||
90 | } | ||
91 | |||
92 | puts "\nall done\n" | ||
diff --git a/test/arguments/joinrun.sh b/test/arguments/joinrun.sh deleted file mode 100755 index c929f0879..000000000 --- a/test/arguments/joinrun.sh +++ /dev/null | |||
@@ -1,25 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2021 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | echo "TESTING: 3.1 - simple args" | ||
7 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --join=joinrun faudit arg1 arg2 | ||
8 | |||
9 | # simple quotes, testing spaces in file names | ||
10 | echo "TESTING: 3.2 - args with space and \"" | ||
11 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --join=joinrun faudit "arg1 tail" "arg2 tail" | ||
12 | |||
13 | echo "TESTING: 3.3 - args with space and '" | ||
14 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --join=joinrun faudit 'arg1 tail' 'arg2 tail' | ||
15 | |||
16 | # escaped space in file names | ||
17 | echo "TESTING: 3.4 - args with space and \\" | ||
18 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --join=joinrun faudit arg1\ tail arg2\ tail | ||
19 | |||
20 | # & char appears in URLs - URLs should be quoted | ||
21 | echo "TESTING: 3.5 - args with & and \"" | ||
22 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --join=joinrun faudit "arg1&tail" "arg2&tail" | ||
23 | |||
24 | echo "TESTING: 3.6 - args with & and '" | ||
25 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --join=joinrun faudit 'arg1&tail' 'arg2&tail' | ||
diff --git a/test/arguments/outrun.exp b/test/arguments/outrun.exp deleted file mode 100755 index e727d44fb..000000000 --- a/test/arguments/outrun.exp +++ /dev/null | |||
@@ -1,93 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2021 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "./outrun.sh\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 4.1.1\n";exit} | ||
13 | "Arguments:" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 4.1.2\n";exit} | ||
17 | "#arg1#" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 4.1.3\n";exit} | ||
21 | "#arg2#" | ||
22 | } | ||
23 | |||
24 | exit | ||
25 | #*************************************************** | ||
26 | # breaking down from here on - bug to fix | ||
27 | #*************************************************** | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 4.2.1\n";exit} | ||
30 | "Arguments:" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 4.2.2\n";exit} | ||
34 | "#arg1 tail#" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 4.2.3\n";exit} | ||
38 | "#arg2 tail#" | ||
39 | } | ||
40 | |||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 4.3.1\n";exit} | ||
43 | "Arguments:" | ||
44 | } | ||
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 4.3.2\n";exit} | ||
47 | "#arg1 tail#" | ||
48 | } | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 4.3.3\n";exit} | ||
51 | "#arg2 tail#" | ||
52 | } | ||
53 | |||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 4.4.1\n";exit} | ||
56 | "Arguments:" | ||
57 | } | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 4.4.2\n";exit} | ||
60 | "#arg1 tail#" | ||
61 | } | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 4.4.3\n";exit} | ||
64 | "#arg2 tail#" | ||
65 | } | ||
66 | |||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 4.5.1\n";exit} | ||
69 | "Arguments:" | ||
70 | } | ||
71 | expect { | ||
72 | timeout {puts "TESTING ERROR 4.5.2\n";exit} | ||
73 | "#arg1&tail#" | ||
74 | } | ||
75 | expect { | ||
76 | timeout {puts "TESTING ERROR 4.5.3\n";exit} | ||
77 | "#arg2&tail#" | ||
78 | } | ||
79 | |||
80 | expect { | ||
81 | timeout {puts "TESTING ERROR 4.6.1\n";exit} | ||
82 | "Arguments:" | ||
83 | } | ||
84 | expect { | ||
85 | timeout {puts "TESTING ERROR 4.6.2\n";exit} | ||
86 | "#arg1&tail#" | ||
87 | } | ||
88 | expect { | ||
89 | timeout {puts "TESTING ERROR 4.6.3\n";exit} | ||
90 | "#arg2&tail#" | ||
91 | } | ||
92 | |||
93 | puts "\nall done\n" | ||
diff --git a/test/arguments/outrun.sh b/test/arguments/outrun.sh deleted file mode 100755 index b7870bb70..000000000 --- a/test/arguments/outrun.sh +++ /dev/null | |||
@@ -1,25 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2021 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | echo "TESTING: 4.1 - simple args" | ||
7 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit arg1 arg2 | ||
8 | |||
9 | # simple quotes, testing spaces in file names | ||
10 | echo "TESTING: 4.2 - args with space and \"" | ||
11 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit "arg1 tail" "arg2 tail" | ||
12 | |||
13 | echo "TESTING: 4.3 - args with space and '" | ||
14 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit 'arg1 tail' 'arg2 tail' | ||
15 | |||
16 | # escaped space in file names | ||
17 | echo "TESTING: 4.4 - args with space and \\" | ||
18 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit arg1\ tail arg2\ tail | ||
19 | |||
20 | # & char appears in URLs - URLs should be quoted | ||
21 | echo "TESTING: 4.5 - args with & and \"" | ||
22 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit "arg1&tail" "arg2&tail" | ||
23 | |||
24 | echo "TESTING: 4.6 - args with & and '" | ||
25 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit 'arg1&tail' 'arg2&tail' | ||
diff --git a/test/arguments/symrun.exp b/test/arguments/symrun.exp deleted file mode 100755 index b1f660715..000000000 --- a/test/arguments/symrun.exp +++ /dev/null | |||
@@ -1,74 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2021 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "./symrun.sh\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 2.1.1\n";exit} | ||
13 | "Arguments:" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 2.1.2\n";exit} | ||
17 | "#arg1#" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2.1.3\n";exit} | ||
21 | "#arg2#" | ||
22 | } | ||
23 | |||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 2.3.1\n";exit} | ||
26 | "Arguments:" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 2.3.2\n";exit} | ||
30 | "#arg1 tail#" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 2.3.3\n";exit} | ||
34 | "#arg2 tail#" | ||
35 | } | ||
36 | |||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 2.4.1\n";exit} | ||
39 | "Arguments:" | ||
40 | } | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 2.4.2\n";exit} | ||
43 | "#arg1 tail#" | ||
44 | } | ||
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 2.4.3\n";exit} | ||
47 | "#arg2 tail#" | ||
48 | } | ||
49 | |||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 2.5.1\n";exit} | ||
52 | "Arguments:" | ||
53 | } | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 2.5.2\n";exit} | ||
56 | "#arg1&tail#" | ||
57 | } | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 2.5.3\n";exit} | ||
60 | "#arg2&tail#" | ||
61 | } | ||
62 | |||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 2.6.1\n";exit} | ||
65 | "Arguments:" | ||
66 | } | ||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 2.6.2\n";exit} | ||
69 | "#arg1&tail#" | ||
70 | } | ||
71 | expect { | ||
72 | timeout {puts "TESTING ERROR 2.6.3\n";exit} | ||
73 | "#arg2&tail#" | ||
74 | } | ||
diff --git a/test/arguments/symrun.sh b/test/arguments/symrun.sh deleted file mode 100755 index 7bc4d21cf..000000000 --- a/test/arguments/symrun.sh +++ /dev/null | |||
@@ -1,34 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2021 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | mkdir symtest | ||
7 | ln -s /usr/bin/firejail symtest/faudit | ||
8 | |||
9 | # search for faudit in current directory | ||
10 | export PATH=$PATH:. | ||
11 | export FIREJAIL_TEST_ARGUMENTS=yes | ||
12 | |||
13 | echo "TESTING: 2.1 - simple args" | ||
14 | symtest/faudit arg1 arg2 | ||
15 | |||
16 | # simple quotes, testing spaces in file names | ||
17 | echo "TESTING: 2.2 - args with space and \"" | ||
18 | symtest/faudit "arg1 tail" "arg2 tail" | ||
19 | |||
20 | echo "TESTING: 2.3 - args with space and '" | ||
21 | symtest/faudit 'arg1 tail' 'arg2 tail' | ||
22 | |||
23 | # escaped space in file names | ||
24 | echo "TESTING: 2.4 - args with space and \\" | ||
25 | symtest/faudit arg1\ tail arg2\ tail | ||
26 | |||
27 | # & char appears in URLs - URLs should be quoted | ||
28 | echo "TESTING: 2.5 - args with & and \"" | ||
29 | symtest/faudit "arg1&tail" "arg2&tail" | ||
30 | |||
31 | echo "TESTING: 2.6 - args with & and '" | ||
32 | symtest/faudit 'arg1&tail' 'arg2&tail' | ||
33 | |||
34 | rm -fr symtest | ||
diff --git a/test/utils/audit.exp b/test/utils/audit.exp deleted file mode 100755 index ba537c3af..000000000 --- a/test/utils/audit.exp +++ /dev/null | |||
@@ -1,167 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2021 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --audit\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Firejail Audit" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "is running in a PID namespace" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "container/sandbox firejail" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | "seccomp BPF enabled" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 4\n";exit} | ||
29 | "all capabilities are disabled" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 5\n";exit} | ||
33 | "dev directory seems to be fully populated" | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
37 | "Parent is shutting down, bye..." | ||
38 | } | ||
39 | after 100 | ||
40 | |||
41 | |||
42 | send -- "firejail --audit\r" | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 6\n";exit} | ||
45 | "Firejail Audit" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 7\n";exit} | ||
49 | "is running in a PID namespace" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 8\n";exit} | ||
53 | "container/sandbox firejail" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 9\n";exit} | ||
57 | "seccomp BPF enabled" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 10\n";exit} | ||
61 | "all capabilities are disabled" | ||
62 | } | ||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 11\n";exit} | ||
65 | "dev directory seems to be fully populated" | ||
66 | } | ||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 11.1\n";exit} | ||
69 | "Parent is shutting down, bye..." | ||
70 | } | ||
71 | after 100 | ||
72 | |||
73 | send -- "firejail --audit=blablabla\r" | ||
74 | expect { | ||
75 | timeout {puts "TESTING ERROR 12\n";exit} | ||
76 | "cannot find the audit program" | ||
77 | } | ||
78 | after 100 | ||
79 | |||
80 | send -- "firejail --audit=\r" | ||
81 | expect { | ||
82 | timeout {puts "TESTING ERROR 12\n";exit} | ||
83 | "invalid audit program" | ||
84 | } | ||
85 | after 100 | ||
86 | |||
87 | # run audit executable without a sandbox | ||
88 | send -- "faudit\r" | ||
89 | expect { | ||
90 | timeout {puts "TESTING ERROR 13\n";exit} | ||
91 | "is not running in a PID namespace" | ||
92 | } | ||
93 | expect { | ||
94 | timeout {puts "TESTING ERROR 14\n";exit} | ||
95 | "BAD: seccomp disabled" | ||
96 | } | ||
97 | expect { | ||
98 | timeout {puts "TESTING ERROR 15\n";exit} | ||
99 | "BAD: the capability map is" | ||
100 | } | ||
101 | expect { | ||
102 | timeout {puts "TESTING ERROR 16\n";exit} | ||
103 | "MAYBE: /dev directory seems to be fully populated" | ||
104 | } | ||
105 | after 100 | ||
106 | |||
107 | # test seccomp | ||
108 | send -- "firejail --seccomp.drop=mkdir --audit\r" | ||
109 | expect { | ||
110 | timeout {puts "TESTING ERROR 17\n";exit} | ||
111 | "Firejail Audit" | ||
112 | } | ||
113 | expect { | ||
114 | timeout {puts "TESTING ERROR 18\n";exit} | ||
115 | "GOOD: seccomp BPF enabled" | ||
116 | } | ||
117 | expect { | ||
118 | timeout {puts "TESTING ERROR 19\n";exit} | ||
119 | "UGLY: mount syscall permitted" | ||
120 | } | ||
121 | expect { | ||
122 | timeout {puts "TESTING ERROR 20\n";exit} | ||
123 | "UGLY: umount2 syscall permitted" | ||
124 | } | ||
125 | expect { | ||
126 | timeout {puts "TESTING ERROR 21\n";exit} | ||
127 | "UGLY: ptrace syscall permitted" | ||
128 | } | ||
129 | expect { | ||
130 | timeout {puts "TESTING ERROR 22\n";exit} | ||
131 | "UGLY: swapon syscall permitted" | ||
132 | } | ||
133 | expect { | ||
134 | timeout {puts "TESTING ERROR 23\n";exit} | ||
135 | "UGLY: swapoff syscall permitted" | ||
136 | } | ||
137 | expect { | ||
138 | timeout {puts "TESTING ERROR 24\n";exit} | ||
139 | "UGLY: init_module syscall permitted" | ||
140 | } | ||
141 | expect { | ||
142 | timeout {puts "TESTING ERROR 25\n";exit} | ||
143 | "UGLY: delete_module syscall permitted" | ||
144 | } | ||
145 | expect { | ||
146 | timeout {puts "TESTING ERROR 26\n";exit} | ||
147 | "UGLY: chroot syscall permitted" | ||
148 | } | ||
149 | expect { | ||
150 | timeout {puts "TESTING ERROR 27\n";exit} | ||
151 | "UGLY: pivot_root syscall permitted" | ||
152 | } | ||
153 | expect { | ||
154 | timeout {puts "TESTING ERROR 28\n";exit} | ||
155 | "UGLY: iopl syscall permitted" | ||
156 | } | ||
157 | expect { | ||
158 | timeout {puts "TESTING ERROR 29\n";exit} | ||
159 | "UGLY: ioperm syscall permitted" | ||
160 | } | ||
161 | expect { | ||
162 | timeout {puts "TESTING ERROR 30\n";exit} | ||
163 | "GOOD: all capabilities are disabled" | ||
164 | } | ||
165 | after 100 | ||
166 | |||
167 | puts "\nall done\n" | ||
diff --git a/test/utils/utils.sh b/test/utils/utils.sh index 9ef409ae7..c021d6287 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh | |||
@@ -8,7 +8,7 @@ export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | |||
8 | export LC_ALL=C | 8 | export LC_ALL=C |
9 | 9 | ||
10 | if [ -f /etc/debian_version ]; then | 10 | if [ -f /etc/debian_version ]; then |
11 | libdir=$(dirname "$(dpkg -L firejail | grep faudit)") | 11 | libdir=$(dirname "$(dpkg -L firejail | grep fcopy)") |
12 | export PATH="$PATH:$libdir" | 12 | export PATH="$PATH:$libdir" |
13 | fi | 13 | fi |
14 | export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail" | 14 | export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail" |
@@ -18,13 +18,6 @@ echo "TESTING: build (test/utils/build.exp)" | |||
18 | rm -f ~/firejail-test-file-7699 | 18 | rm -f ~/firejail-test-file-7699 |
19 | rm -f firejail-test-file-4388 | 19 | rm -f firejail-test-file-4388 |
20 | 20 | ||
21 | if [ $(faudit | grep -c "is running in a PID namespace.") -gt 0 ]; then | ||
22 | echo "TESTING SKIP: already running in pid namespace (test/utils/audit.exp)" | ||
23 | else | ||
24 | echo "TESTING: audit (test/utils/audit.exp)" | ||
25 | ./audit.exp | ||
26 | fi | ||
27 | |||
28 | echo "TESTING: name (test/utils/name.exp)" | 21 | echo "TESTING: name (test/utils/name.exp)" |
29 | ./name.exp | 22 | ./name.exp |
30 | 23 | ||