diff options
-rw-r--r-- | .github/workflows/build-extra.yml | 26 | ||||
-rw-r--r-- | .github/workflows/build.yml | 6 | ||||
-rw-r--r-- | .github/workflows/profile-checks.yml | 2 | ||||
-rw-r--r-- | src/firejail/fs_bin.c | 6 | ||||
-rw-r--r-- | src/firejail/fs_var.c | 2 | ||||
-rw-r--r-- | src/lib/ldd_utils.c | 2 | ||||
-rw-r--r-- | test/Makefile | 2 | ||||
-rwxr-xr-x | test/environment/dns.exp | 32 | ||||
-rwxr-xr-x | test/sysutils/less.exp | 1 | ||||
-rwxr-xr-x | test/utils/man.exp | 1 | ||||
-rwxr-xr-x | test/utils/trace.exp | 4 |
11 files changed, 47 insertions, 37 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index 6f9a4bc2c..ff812ca32 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml | |||
@@ -28,11 +28,13 @@ on: | |||
28 | 28 | ||
29 | jobs: | 29 | jobs: |
30 | build-clang: | 30 | build-clang: |
31 | runs-on: ubuntu-20.04 | 31 | runs-on: ubuntu-22.04 |
32 | steps: | 32 | steps: |
33 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | 33 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b |
34 | - name: install dependencies | ||
35 | run: sudo apt-get install libapparmor-dev libselinux1-dev | ||
34 | - name: configure | 36 | - name: configure |
35 | run: CC=clang-11 ./configure --enable-fatal-warnings | 37 | run: CC=clang-14 ./configure --enable-fatal-warnings --enable-apparmor --enable-selinux |
36 | - name: make | 38 | - name: make |
37 | run: make | 39 | run: make |
38 | - name: make install | 40 | - name: make install |
@@ -40,16 +42,26 @@ jobs: | |||
40 | - name: print version | 42 | - name: print version |
41 | run: command -V firejail && firejail --version | 43 | run: command -V firejail && firejail --version |
42 | scan-build: | 44 | scan-build: |
43 | runs-on: ubuntu-20.04 | 45 | runs-on: ubuntu-22.04 |
44 | steps: | 46 | steps: |
45 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | 47 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b |
46 | - name: install clang-tools-11 | 48 | - name: install clang-tools-14 and dependencies |
47 | run: sudo apt-get install clang-tools-11 | 49 | run: sudo apt-get install clang-tools-14 libapparmor-dev libselinux1-dev |
48 | - name: configure | 50 | - name: configure |
49 | run: CC=clang-11 ./configure --enable-fatal-warnings | 51 | run: CC=clang-14 ./configure --enable-fatal-warnings --enable-apparmor --enable-selinux |
50 | - name: scan-build | 52 | - name: scan-build |
51 | run: NO_EXTRA_CFLAGS="yes" scan-build-11 --status-bugs make | 53 | run: NO_EXTRA_CFLAGS="yes" scan-build-14 --status-bugs make |
52 | cppcheck: | 54 | cppcheck: |
55 | runs-on: ubuntu-22.04 | ||
56 | steps: | ||
57 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | ||
58 | - name: install cppcheck | ||
59 | run: sudo apt-get install cppcheck | ||
60 | - name: cppcheck | ||
61 | run: cppcheck -q --force --error-exitcode=1 --enable=warning,performance -i src/firejail/checkcfg.c -i src/firejail/main.c . | ||
62 | # new cppcheck version currently chokes on checkcfg.c and main.c, therefore scan all files also | ||
63 | # with older cppcheck version from ubuntu 20.04. | ||
64 | cppcheck_old: | ||
53 | runs-on: ubuntu-20.04 | 65 | runs-on: ubuntu-20.04 |
54 | steps: | 66 | steps: |
55 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | 67 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b |
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cc7893305..75811d83a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
@@ -20,15 +20,15 @@ on: | |||
20 | 20 | ||
21 | jobs: | 21 | jobs: |
22 | build_and_test: | 22 | build_and_test: |
23 | runs-on: ubuntu-20.04 | 23 | runs-on: ubuntu-22.04 |
24 | steps: | 24 | steps: |
25 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | 25 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b |
26 | - name: update package information | 26 | - name: update package information |
27 | run: sudo apt-get update | 27 | run: sudo apt-get update |
28 | - name: install dependencies | 28 | - name: install dependencies |
29 | run: sudo apt-get install gcc-11 libapparmor-dev libselinux1-dev expect xzdec | 29 | run: sudo apt-get install gcc-12 libapparmor-dev libselinux1-dev expect xzdec |
30 | - name: configure | 30 | - name: configure |
31 | run: CC=gcc-11 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux --prefix=/usr | 31 | run: CC=gcc-12 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux --prefix=/usr |
32 | - name: make | 32 | - name: make |
33 | run: make | 33 | run: make |
34 | - name: make install | 34 | - name: make install |
diff --git a/.github/workflows/profile-checks.yml b/.github/workflows/profile-checks.yml index 9138e8a57..d235aeb64 100644 --- a/.github/workflows/profile-checks.yml +++ b/.github/workflows/profile-checks.yml | |||
@@ -18,7 +18,7 @@ on: | |||
18 | 18 | ||
19 | jobs: | 19 | jobs: |
20 | profile-checks: | 20 | profile-checks: |
21 | runs-on: ubuntu-20.04 | 21 | runs-on: ubuntu-latest |
22 | steps: | 22 | steps: |
23 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | 23 | - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b |
24 | - name: sort.py | 24 | - name: sort.py |
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index 2b0b3003e..6228e9740 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c | |||
@@ -27,7 +27,7 @@ | |||
27 | 27 | ||
28 | static int prog_cnt = 0; | 28 | static int prog_cnt = 0; |
29 | 29 | ||
30 | static char *paths[] = { | 30 | static const char * const paths[] = { |
31 | "/usr/local/bin", | 31 | "/usr/local/bin", |
32 | "/usr/bin", | 32 | "/usr/bin", |
33 | "/bin", | 33 | "/bin", |
@@ -40,7 +40,7 @@ static char *paths[] = { | |||
40 | }; | 40 | }; |
41 | 41 | ||
42 | // return 1 if found, 0 if not found | 42 | // return 1 if found, 0 if not found |
43 | static char *check_dir_or_file(const char *name) { | 43 | static const char *check_dir_or_file(const char *name) { |
44 | EUID_ASSERT(); | 44 | EUID_ASSERT(); |
45 | assert(name); | 45 | assert(name); |
46 | struct stat s; | 46 | struct stat s; |
@@ -160,7 +160,7 @@ static void duplicate(char *fname) { | |||
160 | else { | 160 | else { |
161 | // Find the standard directory (by looping through paths[]) | 161 | // Find the standard directory (by looping through paths[]) |
162 | // where the filename fname is located | 162 | // where the filename fname is located |
163 | char *path = check_dir_or_file(fname); | 163 | const char *path = check_dir_or_file(fname); |
164 | if (!path) | 164 | if (!path) |
165 | return; | 165 | return; |
166 | if (asprintf(&full_path, "%s/%s", path, fname) == -1) | 166 | if (asprintf(&full_path, "%s/%s", path, fname) == -1) |
diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c index 9523875d7..ad5ee6759 100644 --- a/src/firejail/fs_var.c +++ b/src/firejail/fs_var.c | |||
@@ -300,7 +300,7 @@ void fs_var_utmp(void) { | |||
300 | 300 | ||
301 | // read current utmp | 301 | // read current utmp |
302 | struct utmp *u; | 302 | struct utmp *u; |
303 | struct utmp u_boot; | 303 | struct utmp u_boot = {0}; |
304 | setutent(); | 304 | setutent(); |
305 | while ((u = getutent()) != NULL) { | 305 | while ((u = getutent()) != NULL) { |
306 | if (u->ut_type == BOOT_TIME) { | 306 | if (u->ut_type == BOOT_TIME) { |
diff --git a/src/lib/ldd_utils.c b/src/lib/ldd_utils.c index bc4f7cf9c..a50b759c3 100644 --- a/src/lib/ldd_utils.c +++ b/src/lib/ldd_utils.c | |||
@@ -47,7 +47,7 @@ int is_lib_64(const char *exe) { | |||
47 | if (fd < 0) | 47 | if (fd < 0) |
48 | return 0; | 48 | return 0; |
49 | 49 | ||
50 | unsigned char buf[EI_NIDENT]; | 50 | unsigned char buf[EI_NIDENT] = {0}; |
51 | ssize_t len = 0; | 51 | ssize_t len = 0; |
52 | while (len < EI_NIDENT) { | 52 | while (len < EI_NIDENT) { |
53 | ssize_t sz = read(fd, buf + len, EI_NIDENT - len); | 53 | ssize_t sz = read(fd, buf + len, EI_NIDENT - len); |
diff --git a/test/Makefile b/test/Makefile index 2f3a97d73..2c376da58 100644 --- a/test/Makefile +++ b/test/Makefile | |||
@@ -3,7 +3,7 @@ TESTS=$(patsubst %/,%,$(wildcard */)) | |||
3 | .PHONY: $(TESTS) | 3 | .PHONY: $(TESTS) |
4 | $(TESTS): | 4 | $(TESTS): |
5 | cd $@ && ./$@.sh 2>&1 | tee $@.log | 5 | cd $@ && ./$@.sh 2>&1 | tee $@.log |
6 | cd $@ && grep -a TESTING $@.log && grep -a -L "TESTING ERROR" $@.log | 6 | cd $@ && grep -a TESTING $@.log && ! grep -a -q "TESTING ERROR" $@.log |
7 | 7 | ||
8 | .PHONY: clean | 8 | .PHONY: clean |
9 | clean: | 9 | clean: |
diff --git a/test/environment/dns.exp b/test/environment/dns.exp index b5a8c119b..2c00cfa1c 100755 --- a/test/environment/dns.exp +++ b/test/environment/dns.exp | |||
@@ -110,23 +110,23 @@ expect { | |||
110 | send -- "exit\r" | 110 | send -- "exit\r" |
111 | sleep 1 | 111 | sleep 1 |
112 | 112 | ||
113 | send -- "firejail --trace --dns=208.67.222.222 wget -q debian.org\r" | 113 | # test disabled, as Github CI uses systemd-resolved, which does not work |
114 | expect { | 114 | # properly with --dns=, so curl does not use the specified nameserver |
115 | timeout {puts "TESTING ERROR 6.1\n";exit} | 115 | #send -- "firejail --trace --dns=208.67.222.222 -- curl --silent --output /dev/null debian.org\r" |
116 | "connect" | 116 | #expect { |
117 | } | 117 | # timeout {puts "TESTING ERROR 6.1\n";exit} |
118 | expect { | 118 | # "connect" |
119 | timeout {puts "TESTING ERROR 6.2\n";exit} | 119 | #} |
120 | "208.67.222.222" | 120 | #expect { |
121 | } | 121 | # timeout {puts "TESTING ERROR 6.2\n";exit} |
122 | expect { | 122 | # "208.67.222.222" |
123 | timeout {puts "TESTING ERROR 6.3\n";exit} | 123 | #} |
124 | "53" | 124 | #expect { |
125 | } | 125 | # timeout {puts "TESTING ERROR 6.3\n";exit} |
126 | after 100 | 126 | # "53" |
127 | #} | ||
128 | #after 100 | ||
127 | 129 | ||
128 | send -- "rm index.html\r" | ||
129 | after 100 | ||
130 | send -- "exit\r" | 130 | send -- "exit\r" |
131 | sleep 1 | 131 | sleep 1 |
132 | 132 | ||
diff --git a/test/sysutils/less.exp b/test/sysutils/less.exp index e6698eab0..01a298fe0 100755 --- a/test/sysutils/less.exp +++ b/test/sysutils/less.exp | |||
@@ -11,6 +11,7 @@ send -- "firejail less sysutils.sh\r" | |||
11 | expect { | 11 | expect { |
12 | timeout {puts "TESTING ERROR 1\n";exit} | 12 | timeout {puts "TESTING ERROR 1\n";exit} |
13 | "(press RETURN)" {puts "TESTING SKIP 1.1\n";exit} | 13 | "(press RETURN)" {puts "TESTING SKIP 1.1\n";exit} |
14 | "Press RETURN to continue" {puts "TESTING SKIP 1.2\n";exit} | ||
14 | "MALLOC_CHECK" | 15 | "MALLOC_CHECK" |
15 | } | 16 | } |
16 | expect { | 17 | expect { |
diff --git a/test/utils/man.exp b/test/utils/man.exp index 3a0ca46d6..f62859a8f 100755 --- a/test/utils/man.exp +++ b/test/utils/man.exp | |||
@@ -11,6 +11,7 @@ send -- "man firejail\r" | |||
11 | expect { | 11 | expect { |
12 | timeout {puts "TESTING ERROR 0\n";exit} | 12 | timeout {puts "TESTING ERROR 0\n";exit} |
13 | "(press RETURN)" {puts "TESTING SKIP 1.1\n";exit} | 13 | "(press RETURN)" {puts "TESTING SKIP 1.1\n";exit} |
14 | "Press RETURN to continue" {puts "TESTING SKIP 1.2\n";exit} | ||
14 | "Linux namespaces sandbox program" | 15 | "Linux namespaces sandbox program" |
15 | } | 16 | } |
16 | after 100 | 17 | after 100 |
diff --git a/test/utils/trace.exp b/test/utils/trace.exp index f14001c88..beb59d337 100755 --- a/test/utils/trace.exp +++ b/test/utils/trace.exp | |||
@@ -68,10 +68,6 @@ expect { | |||
68 | "wget:fopen /etc/wgetrc" {puts "OK\n";} | 68 | "wget:fopen /etc/wgetrc" {puts "OK\n";} |
69 | } | 69 | } |
70 | expect { | 70 | expect { |
71 | timeout {puts "TESTING ERROR 8.4\n";exit} | ||
72 | "wget:fopen /etc/hosts" | ||
73 | } | ||
74 | expect { | ||
75 | timeout {puts "TESTING ERROR 8.5\n";exit} | 71 | timeout {puts "TESTING ERROR 8.5\n";exit} |
76 | "wget:connect" | 72 | "wget:connect" |
77 | } | 73 | } |