diff options
| -rw-r--r-- | src/firejail/Makefile.in | 2 | ||||
| -rw-r--r-- | src/include/rundefs.h | 102 | ||||
| -rw-r--r-- | src/libpostexecseccomp/libpostexecseccomp.h | 25 | ||||
| -rw-r--r-- | src/libtracelog/Makefile.in | 2 | ||||
| -rw-r--r-- | src/libtracelog/libtracelog.c | 2 | ||||
| -rwxr-xr-x | test/filters/seccomp-debug.exp | 46 | ||||
| -rwxr-xr-x | test/filters/seccomp-join.exp | 44 |
7 files changed, 150 insertions, 73 deletions
diff --git a/src/firejail/Makefile.in b/src/firejail/Makefile.in index d0f43041c..8cb994aca 100644 --- a/src/firejail/Makefile.in +++ b/src/firejail/Makefile.in | |||
| @@ -2,7 +2,7 @@ all: firejail | |||
| 2 | 2 | ||
| 3 | include ../common.mk | 3 | include ../common.mk |
| 4 | 4 | ||
| 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/ldd_utils.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall.h ../include/firejail_user.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/rundefs.h ../include/common.h ../include/ldd_utils.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall.h ../include/firejail_user.h |
| 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
| 7 | 7 | ||
| 8 | firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o ../lib/ldd_utils.o ../lib/firejail_user.o | 8 | firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o ../lib/ldd_utils.o ../lib/firejail_user.o |
diff --git a/src/include/rundefs.h b/src/include/rundefs.h new file mode 100644 index 000000000..67d7cfa4f --- /dev/null +++ b/src/include/rundefs.h | |||
| @@ -0,0 +1,102 @@ | |||
| 1 | /* | ||
| 2 | * Copyright (C) 2014-2019 Firejail Authors | ||
| 3 | * | ||
| 4 | * This file is part of firejail project | ||
| 5 | * | ||
| 6 | * This program is free software; you can redistribute it and/or modify | ||
| 7 | * it under the terms of the GNU General Public License as published by | ||
| 8 | * the Free Software Foundation; either version 2 of the License, or | ||
| 9 | * (at your option) any later version. | ||
| 10 | * | ||
| 11 | * This program is distributed in the hope that it will be useful, | ||
| 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| 14 | * GNU General Public License for more details. | ||
| 15 | * | ||
| 16 | * You should have received a copy of the GNU General Public License along | ||
| 17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
| 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
| 19 | */ | ||
| 20 | |||
| 21 | #ifndef RUNDEFS_H | ||
| 22 | #define RUNDEFS_H | ||
| 23 | // filesystem | ||
| 24 | #define RUN_FIREJAIL_BASEDIR "/run" | ||
| 25 | #define RUN_FIREJAIL_DIR "/run/firejail" | ||
| 26 | #define RUN_FIREJAIL_APPIMAGE_DIR "/run/firejail/appimage" | ||
| 27 | #define RUN_FIREJAIL_NAME_DIR "/run/firejail/name" // also used in src/lib/pid.c - todo: move it in a common place | ||
| 28 | #define RUN_FIREJAIL_LIB_DIR "/run/firejail/lib" | ||
| 29 | #define RUN_FIREJAIL_X11_DIR "/run/firejail/x11" | ||
| 30 | #define RUN_FIREJAIL_NETWORK_DIR "/run/firejail/network" | ||
| 31 | #define RUN_FIREJAIL_BANDWIDTH_DIR "/run/firejail/bandwidth" | ||
| 32 | #define RUN_FIREJAIL_PROFILE_DIR "/run/firejail/profile" | ||
| 33 | #define RUN_NETWORK_LOCK_FILE "/run/firejail/firejail-network.lock" | ||
| 34 | #define RUN_DIRECTORY_LOCK_FILE "/run/firejail/firejail-run.lock" | ||
| 35 | #define RUN_RO_DIR "/run/firejail/firejail.ro.dir" | ||
| 36 | #define RUN_RO_FILE "/run/firejail/firejail.ro.file" | ||
| 37 | #define RUN_MNT_DIR "/run/firejail/mnt" // a tmpfs is mounted on this directory before any of the files below are created | ||
| 38 | #define RUN_CGROUP_CFG "/run/firejail/mnt/cgroup" | ||
| 39 | #define RUN_CPU_CFG "/run/firejail/mnt/cpu" | ||
| 40 | #define RUN_GROUPS_CFG "/run/firejail/mnt/groups" | ||
| 41 | #define RUN_PROTOCOL_CFG "/run/firejail/mnt/protocol" | ||
| 42 | #define RUN_NONEWPRIVS_CFG "/run/firejail/mnt/nonewprivs" | ||
| 43 | #define RUN_HOME_DIR "/run/firejail/mnt/home" | ||
| 44 | #define RUN_ETC_DIR "/run/firejail/mnt/etc" | ||
| 45 | #define RUN_OPT_DIR "/run/firejail/mnt/opt" | ||
| 46 | #define RUN_SRV_DIR "/run/firejail/mnt/srv" | ||
| 47 | #define RUN_BIN_DIR "/run/firejail/mnt/bin" | ||
| 48 | #define RUN_PULSE_DIR "/run/firejail/mnt/pulse" | ||
| 49 | #define RUN_LIB_DIR "/run/firejail/mnt/lib" | ||
| 50 | #define RUN_LIB_FILE "/run/firejail/mnt/libfiles" | ||
| 51 | #define RUN_DNS_ETC "/run/firejail/mnt/dns-etc" | ||
| 52 | |||
| 53 | #define RUN_SECCOMP_DIR "/run/firejail/mnt/seccomp" | ||
| 54 | #define RUN_SECCOMP_LIST "/run/firejail/mnt/seccomp/seccomp.list" // list of seccomp files installed | ||
| 55 | #define RUN_SECCOMP_PROTOCOL "/run/firejail/mnt/seccomp/seccomp.protocol" // protocol filter | ||
| 56 | #define RUN_SECCOMP_CFG "/run/firejail/mnt/seccomp/seccomp" // configured filter | ||
| 57 | #define RUN_SECCOMP_32 "/run/firejail/mnt/seccomp/seccomp.32" // 32bit arch filter installed on 64bit architectures | ||
| 58 | #define RUN_SECCOMP_MDWX "/run/firejail/mnt/seccomp/seccomp.mdwx" // filter for memory-deny-write-execute | ||
| 59 | #define RUN_SECCOMP_BLOCK_SECONDARY "/run/firejail/mnt/seccomp/seccomp.block_secondary" // secondary arch blocking filter | ||
| 60 | #define RUN_SECCOMP_POSTEXEC "/run/firejail/mnt/seccomp/seccomp.postexec" // filter for post-exec library | ||
| 61 | #define PATH_SECCOMP_DEFAULT (LIBDIR "/firejail/seccomp") // default filter built during make | ||
| 62 | #define PATH_SECCOMP_DEFAULT_DEBUG (LIBDIR "/firejail/seccomp.debug") // default filter built during make | ||
| 63 | #define PATH_SECCOMP_32 (LIBDIR "/firejail/seccomp.32") // 32bit arch filter built during make | ||
| 64 | #define PATH_SECCOMP_MDWX (LIBDIR "/firejail/seccomp.mdwx") // filter for memory-deny-write-execute built during make | ||
| 65 | #define PATH_SECCOMP_BLOCK_SECONDARY (LIBDIR "/firejail/seccomp.block_secondary") // secondary arch blocking filter built during make | ||
| 66 | |||
| 67 | |||
| 68 | #define RUN_DEV_DIR "/run/firejail/mnt/dev" | ||
| 69 | #define RUN_DEVLOG_FILE "/run/firejail/mnt/devlog" | ||
| 70 | |||
| 71 | #define RUN_WHITELIST_X11_DIR "/run/firejail/mnt/orig-x11" | ||
| 72 | #define RUN_WHITELIST_HOME_DIR "/run/firejail/mnt/orig-home" // default home directory masking | ||
| 73 | #define RUN_WHITELIST_RUN_DIR "/run/firejail/mnt/orig-run" // default run directory masking | ||
| 74 | #define RUN_WHITELIST_HOME_USER_DIR "/run/firejail/mnt/orig-home-user" // home directory whitelisting | ||
| 75 | #define RUN_WHITELIST_RUN_USER_DIR "/run/firejail/mnt/orig-run-user" // run directory whitelisting | ||
| 76 | #define RUN_WHITELIST_TMP_DIR "/run/firejail/mnt/orig-tmp" | ||
| 77 | #define RUN_WHITELIST_MEDIA_DIR "/run/firejail/mnt/orig-media" | ||
| 78 | #define RUN_WHITELIST_MNT_DIR "/run/firejail/mnt/orig-mnt" | ||
| 79 | #define RUN_WHITELIST_VAR_DIR "/run/firejail/mnt/orig-var" | ||
| 80 | #define RUN_WHITELIST_DEV_DIR "/run/firejail/mnt/orig-dev" | ||
| 81 | #define RUN_WHITELIST_OPT_DIR "/run/firejail/mnt/orig-opt" | ||
| 82 | #define RUN_WHITELIST_SRV_DIR "/run/firejail/mnt/orig-srv" | ||
| 83 | #define RUN_WHITELIST_ETC_DIR "/run/firejail/mnt/orig-etc" | ||
| 84 | #define RUN_WHITELIST_SHARE_DIR "/run/firejail/mnt/orig-share" | ||
| 85 | #define RUN_WHITELIST_MODULE_DIR "/run/firejail/mnt/orig-module" | ||
| 86 | |||
| 87 | #define RUN_XAUTHORITY_FILE "/run/firejail/mnt/.Xauthority" | ||
| 88 | #define RUN_XAUTHORITY_SEC_FILE "/run/firejail/mnt/sec.Xauthority" | ||
| 89 | #define RUN_ASOUNDRC_FILE "/run/firejail/mnt/.asoundrc" | ||
| 90 | #define RUN_HOSTNAME_FILE "/run/firejail/mnt/hostname" | ||
| 91 | #define RUN_HOSTS_FILE "/run/firejail/mnt/hosts" | ||
| 92 | #define RUN_MACHINEID "/run/firejail/mnt/machine-id" | ||
| 93 | #define RUN_LDPRELOAD_FILE "/run/firejail/mnt/ld.so.preload" | ||
| 94 | #define RUN_UTMP_FILE "/run/firejail/mnt/utmp" | ||
| 95 | #define RUN_PASSWD_FILE "/run/firejail/mnt/passwd" | ||
| 96 | #define RUN_GROUP_FILE "/run/firejail/mnt/group" | ||
| 97 | #define RUN_FSLOGGER_FILE "/run/firejail/mnt/fslogger" | ||
| 98 | #define RUN_UMASK_FILE "/run/firejail/mnt/umask" | ||
| 99 | #define RUN_OVERLAY_ROOT "/run/firejail/mnt/oroot" | ||
| 100 | #define RUN_READY_FOR_JOIN "/run/firejail/mnt/ready-for-join" | ||
| 101 | |||
| 102 | #endif | ||
diff --git a/src/libpostexecseccomp/libpostexecseccomp.h b/src/libpostexecseccomp/libpostexecseccomp.h deleted file mode 100644 index 908364d43..000000000 --- a/src/libpostexecseccomp/libpostexecseccomp.h +++ /dev/null | |||
| @@ -1,25 +0,0 @@ | |||
| 1 | /* | ||
| 2 | * Copyright (C) 2014-2019 Firejail Authors | ||
| 3 | * | ||
| 4 | * This file is part of firejail project | ||
| 5 | * | ||
| 6 | * This program is free software; you can redistribute it and/or modify | ||
| 7 | * it under the terms of the GNU General Public License as published by | ||
| 8 | * the Free Software Foundation; either version 2 of the License, or | ||
| 9 | * (at your option) any later version. | ||
| 10 | * | ||
| 11 | * This program is distributed in the hope that it will be useful, | ||
| 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| 14 | * GNU General Public License for more details. | ||
| 15 | * | ||
| 16 | * You should have received a copy of the GNU General Public License along | ||
| 17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
| 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
| 19 | */ | ||
| 20 | #ifndef LIBPOSTEXECSECCOMP_H | ||
| 21 | #define LIBPOSTEXECSECCOMP_H | ||
| 22 | |||
| 23 | #define RUN_SECCOMP_POSTEXEC "/run/firejail/mnt/seccomp.postexec" | ||
| 24 | |||
| 25 | #endif | ||
diff --git a/src/libtracelog/Makefile.in b/src/libtracelog/Makefile.in index 3927c762a..5c27f3cb3 100644 --- a/src/libtracelog/Makefile.in +++ b/src/libtracelog/Makefile.in | |||
| @@ -13,7 +13,7 @@ LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now | |||
| 13 | 13 | ||
| 14 | all: libtracelog.so | 14 | all: libtracelog.so |
| 15 | 15 | ||
| 16 | %.o : %.c $(H_FILE_LIST) | 16 | %.o : %.c $(H_FILE_LIST) ../include/rundefs.h |
| 17 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 17 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ |
| 18 | 18 | ||
| 19 | libtracelog.so: $(OBJS) | 19 | libtracelog.so: $(OBJS) |
diff --git a/src/libtracelog/libtracelog.c b/src/libtracelog/libtracelog.c index 420c9370c..3641a81af 100644 --- a/src/libtracelog/libtracelog.c +++ b/src/libtracelog/libtracelog.c | |||
| @@ -32,6 +32,7 @@ | |||
| 32 | #include <syslog.h> | 32 | #include <syslog.h> |
| 33 | #include <dirent.h> | 33 | #include <dirent.h> |
| 34 | #include <limits.h> | 34 | #include <limits.h> |
| 35 | #include "../include/rundefs.h" | ||
| 35 | 36 | ||
| 36 | //#define DEBUG | 37 | //#define DEBUG |
| 37 | 38 | ||
| @@ -163,7 +164,6 @@ static char *storage_find(const char *str) { | |||
| 163 | // | 164 | // |
| 164 | // load blacklist form /run/firejail/mnt/fslogger | 165 | // load blacklist form /run/firejail/mnt/fslogger |
| 165 | // | 166 | // |
| 166 | #define RUN_FSLOGGER_FILE "/run/firejail/mnt/fslogger" | ||
| 167 | #define MAXBUF 4096 | 167 | #define MAXBUF 4096 |
| 168 | static int blacklist_loaded = 0; | 168 | static int blacklist_loaded = 0; |
| 169 | static char *sandbox_pid_str = NULL; | 169 | static char *sandbox_pid_str = NULL; |
diff --git a/test/filters/seccomp-debug.exp b/test/filters/seccomp-debug.exp index 39f836ed0..dc4bf34f2 100755 --- a/test/filters/seccomp-debug.exp +++ b/test/filters/seccomp-debug.exp | |||
| @@ -13,7 +13,7 @@ after 100 | |||
| 13 | send -- "firejail --debug sleep 1; echo done\r" | 13 | send -- "firejail --debug sleep 1; echo done\r" |
| 14 | expect { | 14 | expect { |
| 15 | timeout {puts "TESTING ERROR 0\n";exit} | 15 | timeout {puts "TESTING ERROR 0\n";exit} |
| 16 | "seccomp entries in /run/firejail/mnt/seccomp" | 16 | "seccomp entries in /run/firejail/mnt/seccomp/seccomp" |
| 17 | } | 17 | } |
| 18 | expect { | 18 | expect { |
| 19 | timeout {puts "TESTING ERROR 2\n";exit} | 19 | timeout {puts "TESTING ERROR 2\n";exit} |
| @@ -38,15 +38,15 @@ expect { | |||
| 38 | } | 38 | } |
| 39 | expect { | 39 | expect { |
| 40 | timeout {puts "TESTING ERROR 6\n";exit} | 40 | timeout {puts "TESTING ERROR 6\n";exit} |
| 41 | "Installing /run/firejail/mnt/seccomp seccomp filter" | 41 | "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" |
| 42 | } | 42 | } |
| 43 | expect { | 43 | expect { |
| 44 | timeout {puts "TESTING ERROR 7\n";exit} | 44 | timeout {puts "TESTING ERROR 7\n";exit} |
| 45 | "Installing /run/firejail/mnt/seccomp.32 seccomp filter" | 45 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" |
| 46 | } | 46 | } |
| 47 | expect { | 47 | expect { |
| 48 | timeout {puts "TESTING ERROR 8\n";exit} | 48 | timeout {puts "TESTING ERROR 8\n";exit} |
| 49 | "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" | 49 | "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" |
| 50 | } | 50 | } |
| 51 | expect { | 51 | expect { |
| 52 | timeout {puts "TESTING ERROR 9\n";exit} | 52 | timeout {puts "TESTING ERROR 9\n";exit} |
| @@ -58,15 +58,15 @@ after 100 | |||
| 58 | send -- "firejail --debug --ignore=seccomp sleep 1; echo done\r" | 58 | send -- "firejail --debug --ignore=seccomp sleep 1; echo done\r" |
| 59 | expect { | 59 | expect { |
| 60 | timeout {puts "TESTING ERROR 10\n";exit} | 60 | timeout {puts "TESTING ERROR 10\n";exit} |
| 61 | "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 11\n";exit} | 61 | "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" {puts "TESTING ERROR 11\n";exit} |
| 62 | "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 12\n";exit} | 62 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 12\n";exit} |
| 63 | "Child process initialized" | 63 | "Child process initialized" |
| 64 | } | 64 | } |
| 65 | expect { | 65 | expect { |
| 66 | timeout {puts "TESTING ERROR 13\n";exit} | 66 | timeout {puts "TESTING ERROR 13\n";exit} |
| 67 | "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 14\n";exit} | 67 | "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" {puts "TESTING ERROR 14\n";exit} |
| 68 | "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 15\n";exit} | 68 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 15\n";exit} |
| 69 | "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" | 69 | "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" |
| 70 | } | 70 | } |
| 71 | expect { | 71 | expect { |
| 72 | timeout {puts "TESTING ERROR 16\n";exit} | 72 | timeout {puts "TESTING ERROR 16\n";exit} |
| @@ -78,18 +78,18 @@ after 100 | |||
| 78 | send -- "firejail --debug --ignore=protocol sleep 1; echo done\r" | 78 | send -- "firejail --debug --ignore=protocol sleep 1; echo done\r" |
| 79 | expect { | 79 | expect { |
| 80 | timeout {puts "TESTING ERROR 17\n";exit} | 80 | timeout {puts "TESTING ERROR 17\n";exit} |
| 81 | "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 18\n";exit} | 81 | "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" {puts "TESTING ERROR 18\n";exit} |
| 82 | "Child process initialized" | 82 | "Child process initialized" |
| 83 | } | 83 | } |
| 84 | expect { | 84 | expect { |
| 85 | timeout {puts "TESTING ERROR 19\n";exit} | 85 | timeout {puts "TESTING ERROR 19\n";exit} |
| 86 | "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 20\n";exit} | 86 | "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" {puts "TESTING ERROR 20\n";exit} |
| 87 | "Installing /run/firejail/mnt/seccomp seccomp filter" | 87 | "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" |
| 88 | } | 88 | } |
| 89 | expect { | 89 | expect { |
| 90 | timeout {puts "TESTING ERROR 21\n";exit} | 90 | timeout {puts "TESTING ERROR 21\n";exit} |
| 91 | "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 22\n";exit} | 91 | "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" {puts "TESTING ERROR 22\n";exit} |
| 92 | "Installing /run/firejail/mnt/seccomp.32 seccomp filter" | 92 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" |
| 93 | } | 93 | } |
| 94 | expect { | 94 | expect { |
| 95 | timeout {puts "TESTING ERROR 23\n";exit} | 95 | timeout {puts "TESTING ERROR 23\n";exit} |
| @@ -105,7 +105,7 @@ expect { | |||
| 105 | } | 105 | } |
| 106 | expect { | 106 | expect { |
| 107 | timeout {puts "TESTING ERROR 25\n";exit} | 107 | timeout {puts "TESTING ERROR 25\n";exit} |
| 108 | "Installing /run/firejail/mnt/seccomp.mdwx seccomp filter" | 108 | "Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter" |
| 109 | } | 109 | } |
| 110 | expect { | 110 | expect { |
| 111 | timeout {puts "TESTING ERROR 26\n";exit} | 111 | timeout {puts "TESTING ERROR 26\n";exit} |
| @@ -117,18 +117,18 @@ expect { | |||
| 117 | send -- "firejail --debug --seccomp.block-secondary sleep 1; echo done\r" | 117 | send -- "firejail --debug --seccomp.block-secondary sleep 1; echo done\r" |
| 118 | expect { | 118 | expect { |
| 119 | timeout {puts "TESTING ERROR 27\n";exit} | 119 | timeout {puts "TESTING ERROR 27\n";exit} |
| 120 | "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 28\n";exit} | 120 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 28\n";exit} |
| 121 | "Child process initialized" | 121 | "Child process initialized" |
| 122 | } | 122 | } |
| 123 | expect { | 123 | expect { |
| 124 | timeout {puts "TESTING ERROR 29\n";exit} | 124 | timeout {puts "TESTING ERROR 29\n";exit} |
| 125 | "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 30\n";exit} | 125 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 30\n";exit} |
| 126 | "Installing /run/firejail/mnt/seccomp seccomp filter" | 126 | "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" |
| 127 | } | 127 | } |
| 128 | expect { | 128 | expect { |
| 129 | timeout {puts "TESTING ERROR 31\n";exit} | 129 | timeout {puts "TESTING ERROR 31\n";exit} |
| 130 | "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 32\n";exit} | 130 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 32\n";exit} |
| 131 | "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" | 131 | "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" |
| 132 | } | 132 | } |
| 133 | expect { | 133 | expect { |
| 134 | timeout {puts "TESTING ERROR 33\n";exit} | 134 | timeout {puts "TESTING ERROR 33\n";exit} |
| @@ -140,13 +140,13 @@ after 100 | |||
| 140 | send -- "firejail --debug --profile=block-secondary.profile sleep 1; echo done\r" | 140 | send -- "firejail --debug --profile=block-secondary.profile sleep 1; echo done\r" |
| 141 | expect { | 141 | expect { |
| 142 | timeout {puts "TESTING ERROR 33\n";exit} | 142 | timeout {puts "TESTING ERROR 33\n";exit} |
| 143 | "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 34\n";exit} | 143 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 34\n";exit} |
| 144 | "Child process initialized" | 144 | "Child process initialized" |
| 145 | } | 145 | } |
| 146 | expect { | 146 | expect { |
| 147 | timeout {puts "TESTING ERROR 35\n";exit} | 147 | timeout {puts "TESTING ERROR 35\n";exit} |
| 148 | "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit} | 148 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit} |
| 149 | "Installing /run/firejail/mnt/seccomp seccomp filter" | 149 | "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" |
| 150 | } | 150 | } |
| 151 | expect { | 151 | expect { |
| 152 | timeout {puts "TESTING ERROR 37\n";exit} | 152 | timeout {puts "TESTING ERROR 37\n";exit} |
diff --git a/test/filters/seccomp-join.exp b/test/filters/seccomp-join.exp index f9201f926..f1d57238b 100755 --- a/test/filters/seccomp-join.exp +++ b/test/filters/seccomp-join.exp | |||
| @@ -20,15 +20,15 @@ set spawn_id $id1 | |||
| 20 | send -- "firejail --name=jointesting --debug\r" | 20 | send -- "firejail --name=jointesting --debug\r" |
| 21 | expect { | 21 | expect { |
| 22 | timeout {puts "TESTING ERROR 0\n";exit} | 22 | timeout {puts "TESTING ERROR 0\n";exit} |
| 23 | "Installing /run/firejail/mnt/seccomp seccomp filter" | 23 | "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" |
| 24 | } | 24 | } |
| 25 | expect { | 25 | expect { |
| 26 | timeout {puts "TESTING ERROR 1\n";exit} | 26 | timeout {puts "TESTING ERROR 1\n";exit} |
| 27 | "Installing /run/firejail/mnt/seccomp.32 seccomp filter" | 27 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" |
| 28 | } | 28 | } |
| 29 | expect { | 29 | expect { |
| 30 | timeout {puts "TESTING ERROR 2\n";exit} | 30 | timeout {puts "TESTING ERROR 2\n";exit} |
| 31 | "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" | 31 | "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" |
| 32 | } | 32 | } |
| 33 | sleep 1 | 33 | sleep 1 |
| 34 | 34 | ||
| @@ -37,15 +37,15 @@ set spawn_id $id2 | |||
| 37 | send -- "firejail --debug --join=jointesting\r" | 37 | send -- "firejail --debug --join=jointesting\r" |
| 38 | expect { | 38 | expect { |
| 39 | timeout {puts "TESTING ERROR 3\n";exit} | 39 | timeout {puts "TESTING ERROR 3\n";exit} |
| 40 | "Installing /run/firejail/mnt/seccomp seccomp filter" | 40 | "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" |
| 41 | } | 41 | } |
| 42 | expect { | 42 | expect { |
| 43 | timeout {puts "TESTING ERROR 4\n";exit} | 43 | timeout {puts "TESTING ERROR 4\n";exit} |
| 44 | "Installing /run/firejail/mnt/seccomp.32 seccomp filter" | 44 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" |
| 45 | } | 45 | } |
| 46 | expect { | 46 | expect { |
| 47 | timeout {puts "TESTING ERROR 5\n";exit} | 47 | timeout {puts "TESTING ERROR 5\n";exit} |
| 48 | "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" | 48 | "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" |
| 49 | } | 49 | } |
| 50 | sleep 1 | 50 | sleep 1 |
| 51 | 51 | ||
| @@ -64,16 +64,16 @@ set spawn_id $id1 | |||
| 64 | send -- "firejail --name=jointesting --seccomp.block-secondary --debug\r" | 64 | send -- "firejail --name=jointesting --seccomp.block-secondary --debug\r" |
| 65 | expect { | 65 | expect { |
| 66 | timeout {puts "TESTING ERROR 10\n";exit} | 66 | timeout {puts "TESTING ERROR 10\n";exit} |
| 67 | "Installing /run/firejail/mnt/seccomp seccomp filter" | 67 | "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" |
| 68 | } | 68 | } |
| 69 | expect { | 69 | expect { |
| 70 | timeout {puts "TESTING ERROR 11\n";exit} | 70 | timeout {puts "TESTING ERROR 11\n";exit} |
| 71 | "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 12\n";exit} | 71 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 12\n";exit} |
| 72 | "Installing /run/firejail/mnt/seccomp.block_secondary seccomp filter" | 72 | "Installing /run/firejail/mnt/seccomp/seccomp.block_secondary seccomp filter" |
| 73 | } | 73 | } |
| 74 | expect { | 74 | expect { |
| 75 | timeout {puts "TESTING ERROR 13\n";exit} | 75 | timeout {puts "TESTING ERROR 13\n";exit} |
| 76 | "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" | 76 | "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" |
| 77 | } | 77 | } |
| 78 | sleep 1 | 78 | sleep 1 |
| 79 | 79 | ||
| @@ -81,15 +81,15 @@ set spawn_id $id2 | |||
| 81 | send -- "firejail --debug --join=jointesting\r" | 81 | send -- "firejail --debug --join=jointesting\r" |
| 82 | expect { | 82 | expect { |
| 83 | timeout {puts "TESTING ERROR 14\n";exit} | 83 | timeout {puts "TESTING ERROR 14\n";exit} |
| 84 | "Installing /run/firejail/mnt/seccomp seccomp filter" | 84 | "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" |
| 85 | } | 85 | } |
| 86 | expect { | 86 | expect { |
| 87 | timeout {puts "TESTING ERROR 15\n";exit} | 87 | timeout {puts "TESTING ERROR 15\n";exit} |
| 88 | "Installing /run/firejail/mnt/seccomp.block_secondary seccomp filter" | 88 | "Installing /run/firejail/mnt/seccomp/seccomp.block_secondary seccomp filter" |
| 89 | } | 89 | } |
| 90 | expect { | 90 | expect { |
| 91 | timeout {puts "TESTING ERROR 16\n";exit} | 91 | timeout {puts "TESTING ERROR 16\n";exit} |
| 92 | "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" | 92 | "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" |
| 93 | } | 93 | } |
| 94 | sleep 1 | 94 | sleep 1 |
| 95 | 95 | ||
| @@ -106,7 +106,7 @@ set spawn_id $id1 | |||
| 106 | send -- "firejail --name=jointesting --noprofile --protocol=inet --debug\r" | 106 | send -- "firejail --name=jointesting --noprofile --protocol=inet --debug\r" |
| 107 | expect { | 107 | expect { |
| 108 | timeout {puts "TESTING ERROR 22\n";exit} | 108 | timeout {puts "TESTING ERROR 22\n";exit} |
| 109 | "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" | 109 | "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" |
| 110 | } | 110 | } |
| 111 | sleep 1 | 111 | sleep 1 |
| 112 | 112 | ||
| @@ -115,9 +115,9 @@ set spawn_id $id2 | |||
| 115 | send -- "firejail --debug --join=jointesting\r" | 115 | send -- "firejail --debug --join=jointesting\r" |
| 116 | expect { | 116 | expect { |
| 117 | timeout {puts "TESTING ERROR 23\n";exit} | 117 | timeout {puts "TESTING ERROR 23\n";exit} |
| 118 | "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 24\n";exit} | 118 | "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" {puts "TESTING ERROR 24\n";exit} |
| 119 | "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 25\n";exit} | 119 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 25\n";exit} |
| 120 | "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" | 120 | "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" |
| 121 | } | 121 | } |
| 122 | sleep 1 | 122 | sleep 1 |
| 123 | 123 | ||
| @@ -134,7 +134,7 @@ set spawn_id $id1 | |||
| 134 | send -- "firejail --name=jointesting --noprofile --memory-deny-write-execute --debug\r" | 134 | send -- "firejail --name=jointesting --noprofile --memory-deny-write-execute --debug\r" |
| 135 | expect { | 135 | expect { |
| 136 | timeout {puts "TESTING ERROR 32\n";exit} | 136 | timeout {puts "TESTING ERROR 32\n";exit} |
| 137 | "Installing /run/firejail/mnt/seccomp.mdwx seccomp filter" | 137 | "Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter" |
| 138 | } | 138 | } |
| 139 | sleep 1 | 139 | sleep 1 |
| 140 | 140 | ||
| @@ -143,10 +143,10 @@ set spawn_id $id2 | |||
| 143 | send -- "firejail --debug --join=jointesting\r" | 143 | send -- "firejail --debug --join=jointesting\r" |
| 144 | expect { | 144 | expect { |
| 145 | timeout {puts "TESTING ERROR 33\n";exit} | 145 | timeout {puts "TESTING ERROR 33\n";exit} |
| 146 | "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 34\n";exit} | 146 | "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" {puts "TESTING ERROR 34\n";exit} |
| 147 | "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit} | 147 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit} |
| 148 | "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 36\n";exit} | 148 | "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" {puts "TESTING ERROR 36\n";exit} |
| 149 | "Installing /run/firejail/mnt/seccomp.mdwx seccomp filter" | 149 | "Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter" |
| 150 | } | 150 | } |
| 151 | sleep 1 | 151 | sleep 1 |
| 152 | 152 | ||