diff options
-rw-r--r-- | src/firejail/fs_dev.c | 1 | ||||
-rw-r--r-- | src/firejail/main.c | 4 | ||||
-rw-r--r-- | src/firejail/network.c | 2 | ||||
-rwxr-xr-x | test/hostname.exp (renamed from test/name.exp) | 0 | ||||
-rwxr-xr-x | test/net_mtu.exp | 30 | ||||
-rwxr-xr-x | test/noroot.exp | 7 | ||||
-rwxr-xr-x | test/option-join.exp | 6 | ||||
-rwxr-xr-x | test/quiet.exp | 17 | ||||
-rwxr-xr-x | test/test.sh | 12 |
9 files changed, 60 insertions, 19 deletions
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index 881f20b1f..ee67a5696 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c | |||
@@ -76,6 +76,7 @@ void fs_private_dev(void){ | |||
76 | fs_build_mnt_dir(); | 76 | fs_build_mnt_dir(); |
77 | 77 | ||
78 | if (have_dri) { | 78 | if (have_dri) { |
79 | /* coverity[toctou] */ | ||
79 | rv = mkdir(DRI_DIR, 0755); | 80 | rv = mkdir(DRI_DIR, 0755); |
80 | if (rv == -1) | 81 | if (rv == -1) |
81 | errExit("mkdir"); | 82 | errExit("mkdir"); |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 3d6d4cfb3..8d2664c16 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -946,10 +946,6 @@ int main(int argc, char **argv) { | |||
946 | fprintf(stderr, "Error: no network device configured\n"); | 946 | fprintf(stderr, "Error: no network device configured\n"); |
947 | return 1; | 947 | return 1; |
948 | } | 948 | } |
949 | if (br->mtu) { | ||
950 | fprintf(stderr, "Error: cannot configure mtu twice for the same interface\n"); | ||
951 | return 1; | ||
952 | } | ||
953 | 949 | ||
954 | if (sscanf(argv[i] + 6, "%d", &br->mtu) != 1 || br->mtu < 68 || br->mtu > 9198) { | 950 | if (sscanf(argv[i] + 6, "%d", &br->mtu) != 1 || br->mtu < 68 || br->mtu > 9198) { |
955 | fprintf(stderr, "Error: invalid mtu value\n"); | 951 | fprintf(stderr, "Error: invalid mtu value\n"); |
diff --git a/src/firejail/network.c b/src/firejail/network.c index 5469bbcd1..461946d83 100644 --- a/src/firejail/network.c +++ b/src/firejail/network.c | |||
@@ -106,6 +106,7 @@ int net_get_mtu(const char *ifname) { | |||
106 | if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) | 106 | if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) |
107 | errExit("socket"); | 107 | errExit("socket"); |
108 | 108 | ||
109 | memset(&ifr, 0, sizeof(ifr)); | ||
109 | ifr.ifr_addr.sa_family = AF_INET; | 110 | ifr.ifr_addr.sa_family = AF_INET; |
110 | strncpy(ifr.ifr_name, ifname, IFNAMSIZ); | 111 | strncpy(ifr.ifr_name, ifname, IFNAMSIZ); |
111 | if (ioctl(s, SIOCGIFMTU, (caddr_t)&ifr) == 0) | 112 | if (ioctl(s, SIOCGIFMTU, (caddr_t)&ifr) == 0) |
@@ -133,6 +134,7 @@ void net_set_mtu(const char *ifname, int mtu) { | |||
133 | if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) | 134 | if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) |
134 | errExit("socket"); | 135 | errExit("socket"); |
135 | 136 | ||
137 | memset(&ifr, 0, sizeof(ifr)); | ||
136 | ifr.ifr_addr.sa_family = AF_INET; | 138 | ifr.ifr_addr.sa_family = AF_INET; |
137 | strncpy(ifr.ifr_name, ifname, IFNAMSIZ); | 139 | strncpy(ifr.ifr_name, ifname, IFNAMSIZ); |
138 | ifr.ifr_mtu = mtu; | 140 | ifr.ifr_mtu = mtu; |
diff --git a/test/name.exp b/test/hostname.exp index 42f78dd12..42f78dd12 100755 --- a/test/name.exp +++ b/test/hostname.exp | |||
diff --git a/test/net_mtu.exp b/test/net_mtu.exp new file mode 100755 index 000000000..2940241c1 --- /dev/null +++ b/test/net_mtu.exp | |||
@@ -0,0 +1,30 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # check ip address | ||
8 | send -- "firejail --net=br0 --mtu=1000\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 1\n";exit} | ||
11 | "Child process initialized" | ||
12 | } | ||
13 | sleep 1 | ||
14 | |||
15 | send -- "ip link show\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 2\n";exit} | ||
18 | "eth0" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 3\n";exit} | ||
22 | "mtu 1000" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 4\n";exit} | ||
26 | "state UP" | ||
27 | } | ||
28 | |||
29 | puts "\nall done\n" | ||
30 | |||
diff --git a/test/noroot.exp b/test/noroot.exp index d16c28dbe..37d55fe78 100755 --- a/test/noroot.exp +++ b/test/noroot.exp | |||
@@ -51,13 +51,6 @@ expect { | |||
51 | } | 51 | } |
52 | puts "\n" | 52 | puts "\n" |
53 | 53 | ||
54 | send -- "cat /etc/hostname\r" | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 3\n";exit} | ||
57 | "noroot-sandbox" | ||
58 | } | ||
59 | puts "\n" | ||
60 | |||
61 | send -- "ping 0\r" | 54 | send -- "ping 0\r" |
62 | expect { | 55 | expect { |
63 | timeout {puts "TESTING ERROR 4\n";exit} | 56 | timeout {puts "TESTING ERROR 4\n";exit} |
diff --git a/test/option-join.exp b/test/option-join.exp index ad8ba73e0..6250e87a2 100755 --- a/test/option-join.exp +++ b/test/option-join.exp | |||
@@ -17,10 +17,6 @@ expect { | |||
17 | timeout {puts "TESTING ERROR 1\n";exit} | 17 | timeout {puts "TESTING ERROR 1\n";exit} |
18 | "Switching to pid" | 18 | "Switching to pid" |
19 | } | 19 | } |
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 2 (join) \n";exit} | ||
22 | "@svntesting" | ||
23 | } | ||
24 | sleep 1 | 20 | sleep 1 |
25 | 21 | ||
26 | 22 | ||
@@ -40,4 +36,4 @@ expect { | |||
40 | } | 36 | } |
41 | sleep 1 | 37 | sleep 1 |
42 | 38 | ||
43 | puts "\n" | 39 | puts "\nall done\n" |
diff --git a/test/quiet.exp b/test/quiet.exp new file mode 100755 index 000000000..fa46aebf2 --- /dev/null +++ b/test/quiet.exp | |||
@@ -0,0 +1,17 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 4 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # check ip address | ||
8 | send -- "firejail --net=br0 --quiet\r" | ||
9 | expect { | ||
10 | "Child process initialized" {puts "TESTING ERROR 1\n";exit} | ||
11 | "Interface" {puts "TESTING ERROR 1\n";exit} | ||
12 | } | ||
13 | sleep 1 | ||
14 | send -- "\r" | ||
15 | |||
16 | puts "\nall done\n" | ||
17 | |||
diff --git a/test/test.sh b/test/test.sh index 80aa7f3e8..7d43a5786 100755 --- a/test/test.sh +++ b/test/test.sh | |||
@@ -125,9 +125,6 @@ ls -al > tmpreadonly | |||
125 | sleep 5 | 125 | sleep 5 |
126 | rm -f tmpreadonly | 126 | rm -f tmpreadonly |
127 | 127 | ||
128 | echo "TESTING: name" | ||
129 | ./name.exp | ||
130 | |||
131 | echo "TESTING: zsh" | 128 | echo "TESTING: zsh" |
132 | ./shell_zsh.exp | 129 | ./shell_zsh.exp |
133 | 130 | ||
@@ -354,6 +351,9 @@ echo "TESTING: read/write /var/lock" | |||
354 | echo "TESTING: read/write /dev/shm" | 351 | echo "TESTING: read/write /dev/shm" |
355 | ./fs_dev_shm.exp | 352 | ./fs_dev_shm.exp |
356 | 353 | ||
354 | echo "TESTING: quiet" | ||
355 | ./quiet.exp | ||
356 | |||
357 | echo "TESTING: local network" | 357 | echo "TESTING: local network" |
358 | ./net_local.exp | 358 | ./net_local.exp |
359 | 359 | ||
@@ -366,6 +366,12 @@ echo "TESTING: network IP" | |||
366 | echo "TESTING: network MAC" | 366 | echo "TESTING: network MAC" |
367 | ./net_mac.exp | 367 | ./net_mac.exp |
368 | 368 | ||
369 | echo "TESTING: network MTU" | ||
370 | ./net_mtu.exp | ||
371 | |||
372 | echo "TESTING: network hostname" | ||
373 | ./hostname.exp | ||
374 | |||
369 | echo "TESTING: network bad IP" | 375 | echo "TESTING: network bad IP" |
370 | ./net_badip.exp | 376 | ./net_badip.exp |
371 | 377 | ||