diff options
-rwxr-xr-x | gcov.sh | 11 | ||||
-rw-r--r-- | src/firejail/seccomp.c | 9 | ||||
-rwxr-xr-x | test/environment/dns.exp | 2 | ||||
-rwxr-xr-x | test/utils/shutdown.exp | 14 | ||||
-rw-r--r-- | todo | 2 |
5 files changed, 25 insertions, 13 deletions
@@ -13,16 +13,17 @@ gcov_init() { | |||
13 | } | 13 | } |
14 | 14 | ||
15 | generate() { | 15 | generate() { |
16 | lcov -q --capture -d src/firejail -d src/firemon -d src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg --output-file gcov-file | 16 | lcov -q --capture -d src/firejail -d src/firemon -d src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg --output-file gcov-file-new |
17 | lcov --add-tracefile gcov-file-old --add-tracefile gcov-file-new --output-file gcov-file | ||
17 | rm -fr gcov-dir | 18 | rm -fr gcov-dir |
18 | genhtml -q gcov-file --output-directory gcov-dir | 19 | genhtml -q gcov-file --output-directory gcov-dir |
20 | sudo rm `find . -name *.gcda` | ||
21 | cp gcov-file gcov-file-old | ||
22 | gcov_init | ||
19 | } | 23 | } |
20 | 24 | ||
21 | gcov_init | ||
22 | generate | ||
23 | echo "press any key to continue, or Ctrl-C to exit" | ||
24 | read text | ||
25 | 25 | ||
26 | gcov_init | ||
26 | 27 | ||
27 | # running tests | 28 | # running tests |
28 | make test-root | 29 | make test-root |
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c index cdbbe4fdd..96dfdaff2 100644 --- a/src/firejail/seccomp.c +++ b/src/firejail/seccomp.c | |||
@@ -195,10 +195,8 @@ int seccomp_filter_keep(void) { | |||
195 | printf("Build drop seccomp filter\n"); | 195 | printf("Build drop seccomp filter\n"); |
196 | 196 | ||
197 | // build the seccomp filter as a regular user | 197 | // build the seccomp filter as a regular user |
198 | int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 4, | 198 | sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 4, |
199 | PATH_FSECCOMP, "keep", RUN_SECCOMP_CFG, cfg.seccomp_list_keep); | 199 | PATH_FSECCOMP, "keep", RUN_SECCOMP_CFG, cfg.seccomp_list_keep); |
200 | if (rv) | ||
201 | exit(rv); | ||
202 | if (arg_debug) | 200 | if (arg_debug) |
203 | printf("seccomp filter configured\n"); | 201 | printf("seccomp filter configured\n"); |
204 | 202 | ||
@@ -246,10 +244,7 @@ void seccomp_print_filter(pid_t pid) { | |||
246 | } | 244 | } |
247 | 245 | ||
248 | // read and print the filter - run this as root, the user doesn't have access | 246 | // read and print the filter - run this as root, the user doesn't have access |
249 | int rv = sbox_run(SBOX_ROOT | SBOX_SECCOMP, 3, | 247 | sbox_run(SBOX_ROOT | SBOX_SECCOMP, 3, PATH_FSECCOMP, "print", fname); |
250 | PATH_FSECCOMP, "print", fname); | ||
251 | if (rv) | ||
252 | exit(rv); | ||
253 | free(fname); | 248 | free(fname); |
254 | 249 | ||
255 | exit(0); | 250 | exit(0); |
diff --git a/test/environment/dns.exp b/test/environment/dns.exp index 3e2a0ffd4..0d12a82f2 100755 --- a/test/environment/dns.exp +++ b/test/environment/dns.exp | |||
@@ -71,6 +71,6 @@ after 100 | |||
71 | send -- "rm index.html\r" | 71 | send -- "rm index.html\r" |
72 | after 100 | 72 | after 100 |
73 | send -- "exit\r" | 73 | send -- "exit\r" |
74 | after 100 | 74 | sleep 1 |
75 | 75 | ||
76 | puts "\nall done\n" | 76 | puts "\nall done\n" |
diff --git a/test/utils/shutdown.exp b/test/utils/shutdown.exp index 15a9a62c8..1ab231bf4 100755 --- a/test/utils/shutdown.exp +++ b/test/utils/shutdown.exp | |||
@@ -32,4 +32,18 @@ expect { | |||
32 | } | 32 | } |
33 | sleep 1 | 33 | sleep 1 |
34 | 34 | ||
35 | send -- "firejail --shutdown=sutdowntesting\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 5\n";exit} | ||
38 | "cannot find sandbox sutdowntesting" | ||
39 | } | ||
40 | after 100 | ||
41 | |||
42 | send -- "firejail --shutdown=10\r" | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 5\n";exit} | ||
45 | "this is not a firejail sandbox" | ||
46 | } | ||
47 | after 100 | ||
48 | |||
35 | puts "\nall done\n" | 49 | puts "\nall done\n" |
@@ -297,3 +297,5 @@ install mount namespace | |||
297 | read-only /etc | 297 | read-only /etc |
298 | read-only /var | 298 | read-only /var |
299 | read-only /bin | 299 | read-only /bin |
300 | |||
301 | 31. --private and --allusers are coliding | ||