diff options
-rw-r--r-- | README | 10 | ||||
-rwxr-xr-x | test/blacklist.exp | 76 | ||||
-rw-r--r-- | test/blacklist1.profile | 1 | ||||
-rw-r--r-- | test/blacklist2.profile | 1 | ||||
-rwxr-xr-x | test/private-etc.exp | 46 | ||||
-rwxr-xr-x | test/test.sh | 8 |
6 files changed, 138 insertions, 4 deletions
@@ -15,6 +15,12 @@ License: GPL v2 | |||
15 | Firejail Authors: | 15 | Firejail Authors: |
16 | 16 | ||
17 | netblue30 (netblue30@yahoo.com) | 17 | netblue30 (netblue30@yahoo.com) |
18 | Peter Millerchip (https://github.com/pmillerchip) | ||
19 | - memory allocation fix | ||
20 | - --private.keep to --private-home transition | ||
21 | - support for files and directories starting with ~ in blacklist option | ||
22 | - support for files and directories with spaces in blacklist option | ||
23 | - lots of other fixes | ||
18 | Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/) | 24 | Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/) |
19 | - user namespace implementation | 25 | - user namespace implementation |
20 | Reiner Herrmann - a number of build patches, man page fixes, Debian integration | 26 | Reiner Herrmann - a number of build patches, man page fixes, Debian integration |
@@ -27,10 +33,6 @@ G4JC (http://sourceforge.net/u/gaming4jc/profile/) | |||
27 | dewbasaur (https://github.com/dewbasaur) | 33 | dewbasaur (https://github.com/dewbasaur) |
28 | - block access to history files | 34 | - block access to history files |
29 | - Firefox PDF.js exploit (CVE-2015-4495) fixes | 35 | - Firefox PDF.js exploit (CVE-2015-4495) fixes |
30 | Peter Millerchip (https://github.com/pmillerchip) | ||
31 | - memory allocation fix | ||
32 | - --private.keep to --private-home transition | ||
33 | - lots of other fixes | ||
34 | Michael Haas (https://github.com/mhaas) | 36 | Michael Haas (https://github.com/mhaas) |
35 | - bugfixes | 37 | - bugfixes |
36 | mjudtmann (https://github.com/mjudtmann) | 38 | mjudtmann (https://github.com/mjudtmann) |
diff --git a/test/blacklist.exp b/test/blacklist.exp new file mode 100755 index 000000000..70012d167 --- /dev/null +++ b/test/blacklist.exp | |||
@@ -0,0 +1,76 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # directory with ~ | ||
8 | send -- "firejail --blacklist=~/.config\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 1\n";exit} | ||
11 | "Child process initialized" | ||
12 | } | ||
13 | sleep 1 | ||
14 | |||
15 | send -- "ls -al ~/.config\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 2\n";exit} | ||
18 | "cannot open directory" | ||
19 | } | ||
20 | |||
21 | send -- "exit\r" | ||
22 | sleep 1 | ||
23 | |||
24 | # directory with ~ in profile file | ||
25 | send -- "firejail --profile=blacklist1.profile\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 3\n";exit} | ||
28 | "Child process initialized" | ||
29 | } | ||
30 | sleep 1 | ||
31 | |||
32 | send -- "ls -al ~/.config\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 4\n";exit} | ||
35 | "cannot open directory" | ||
36 | } | ||
37 | |||
38 | send -- "exit\r" | ||
39 | sleep 1 | ||
40 | |||
41 | |||
42 | # directory with space | ||
43 | send -- "firejail \"--blacklist=dir with space\"\r" | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 5\n";exit} | ||
46 | "Child process initialized" | ||
47 | } | ||
48 | sleep 1 | ||
49 | |||
50 | send -- "ls -al \"dir with space\"\r" | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 6\n";exit} | ||
53 | "cannot open directory" | ||
54 | } | ||
55 | |||
56 | send -- "exit\r" | ||
57 | sleep 1 | ||
58 | |||
59 | # directory with space in profile | ||
60 | send -- "firejail --profile=blacklist2.profile\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 7\n";exit} | ||
63 | "Child process initialized" | ||
64 | } | ||
65 | sleep 1 | ||
66 | |||
67 | send -- "ls -al \"dir with space\"\r" | ||
68 | expect { | ||
69 | timeout {puts "TESTING ERROR 8\n";exit} | ||
70 | "cannot open directory" | ||
71 | } | ||
72 | |||
73 | |||
74 | |||
75 | puts "\n" | ||
76 | |||
diff --git a/test/blacklist1.profile b/test/blacklist1.profile new file mode 100644 index 000000000..f12facd05 --- /dev/null +++ b/test/blacklist1.profile | |||
@@ -0,0 +1 @@ | |||
blacklist ~/.config | |||
diff --git a/test/blacklist2.profile b/test/blacklist2.profile new file mode 100644 index 000000000..4bb603db2 --- /dev/null +++ b/test/blacklist2.profile | |||
@@ -0,0 +1 @@ | |||
blacklist dir with space | |||
diff --git a/test/private-etc.exp b/test/private-etc.exp new file mode 100755 index 000000000..9df798e22 --- /dev/null +++ b/test/private-etc.exp | |||
@@ -0,0 +1,46 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # directory with ~ | ||
8 | send -- "firejail --private-etc=passwd,group,resolv.conf,bash_completion.d,timezone\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 1\n";exit} | ||
11 | "Child process initialized" | ||
12 | } | ||
13 | sleep 1 | ||
14 | |||
15 | send -- "ls -al /etc\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 2\n";exit} | ||
18 | "bash_completion.d" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 3\n";exit} | ||
22 | "group" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 4\n";exit} | ||
26 | "passwd" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 5\n";exit} | ||
30 | "resolv.conf" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 6\n";exit} | ||
34 | "timezone" | ||
35 | } | ||
36 | |||
37 | send -- "ls -al /etc\r" | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 7\n";exit} | ||
40 | "shadow" {puts "TESTING ERROR 8\n";exit} | ||
41 | "timezone" | ||
42 | } | ||
43 | |||
44 | sleep 1 | ||
45 | puts "\n" | ||
46 | |||
diff --git a/test/test.sh b/test/test.sh index 5fe01eb2a..83d249b4f 100755 --- a/test/test.sh +++ b/test/test.sh | |||
@@ -4,6 +4,14 @@ | |||
4 | 4 | ||
5 | ./fscheck.sh | 5 | ./fscheck.sh |
6 | 6 | ||
7 | echo "TESTING: private-etc" | ||
8 | ./private-etc.exp | ||
9 | |||
10 | mkdir dir\ with\ space | ||
11 | echo "TESTING: blacklist" | ||
12 | ./blacklist.exp | ||
13 | rm -fr dir\ with\ space | ||
14 | |||
7 | echo "TESTING: version" | 15 | echo "TESTING: version" |
8 | ./option_version.exp | 16 | ./option_version.exp |
9 | 17 | ||