diff options
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | src/firejail/profile.c | 5 | ||||
-rw-r--r-- | src/firejail/protocol.c | 2 | ||||
-rwxr-xr-x | test/protocol.exp | 184 | ||||
-rw-r--r-- | test/protocol1.profile | 1 | ||||
-rw-r--r-- | test/protocol2.profile | 1 | ||||
-rwxr-xr-x | test/test.sh | 3 |
7 files changed, 196 insertions, 2 deletions
@@ -58,7 +58,7 @@ whitelist ~/.vimperator | |||
58 | 58 | ||
59 | I intend to bring in all files and directories used by Firefox addons and plugins. So far I have | 59 | I intend to bring in all files and directories used by Firefox addons and plugins. So far I have |
60 | [Video DownloadHelper](https://addons.mozilla.org/en-US/firefox/addon/video-downloadhelper/), | 60 | [Video DownloadHelper](https://addons.mozilla.org/en-US/firefox/addon/video-downloadhelper/), |
61 | [Zotero](https://www.zotero.org/download/) | 61 | [Zotero](https://www.zotero.org/download/), |
62 | [LastPass](https://addons.mozilla.org/en-US/firefox/addon/lastpass-password-manager/), | 62 | [LastPass](https://addons.mozilla.org/en-US/firefox/addon/lastpass-password-manager/), |
63 | and [Vimperator](https://addons.mozilla.org/en-US/firefox/addon/vimperator/) | 63 | and [Vimperator](https://addons.mozilla.org/en-US/firefox/addon/vimperator/) |
64 | If you're using a anything else, please let me know. | 64 | If you're using a anything else, please let me know. |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 1fadab1fa..05a8ece35 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -151,6 +151,11 @@ int profile_check_line(char *ptr, int lineno) { | |||
151 | return 0; | 151 | return 0; |
152 | } | 152 | } |
153 | 153 | ||
154 | if (strncmp(ptr, "protocol ", 9) == 0) { | ||
155 | protocol_store(ptr + 9); | ||
156 | return 0; | ||
157 | } | ||
158 | |||
154 | if (strncmp(ptr, "env ", 4) == 0) { | 159 | if (strncmp(ptr, "env ", 4) == 0) { |
155 | env_store(ptr + 4); | 160 | env_store(ptr + 4); |
156 | return 0; | 161 | return 0; |
diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c index 8e75277c2..ba784fc2e 100644 --- a/src/firejail/protocol.c +++ b/src/firejail/protocol.c | |||
@@ -177,9 +177,9 @@ printf("entries %u\n", (unsigned) (sizeof(filter_start) / sizeof(struct sock_fil | |||
177 | } | 177 | } |
178 | printf("\n"); | 178 | printf("\n"); |
179 | } | 179 | } |
180 | printf("whitelist_len %u, struct sock_filter len %u\n", whitelist_len, (unsigned) sizeof(struct sock_filter)); | ||
180 | #endif | 181 | #endif |
181 | 182 | ||
182 | printf("whitelist_len %u, struct sock_filter len %u\n", whitelist_len, (unsigned) sizeof(struct sock_filter)); | ||
183 | 183 | ||
184 | // parse list and add commands | 184 | // parse list and add commands |
185 | char *tmplist = strdup(cfg.protocol); | 185 | char *tmplist = strdup(cfg.protocol); |
diff --git a/test/protocol.exp b/test/protocol.exp new file mode 100755 index 000000000..018f4cd9b --- /dev/null +++ b/test/protocol.exp | |||
@@ -0,0 +1,184 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --noprofile --protocol=unix ../src/tools/syscall_test socket\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 1\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
14 | "socket AF_INET" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
18 | "Operation not supported" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1.3\n";exit} | ||
22 | "socket AF_INET6" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 1.4\n";exit} | ||
26 | "Operation not supported" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 1.5\n";exit} | ||
30 | "socket AF_NETLINK" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 1.6\n";exit} | ||
34 | "Operation not supported" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 1.7\n";exit} | ||
38 | "socket AF_UNIX" | ||
39 | } | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 1.8\n";exit} | ||
42 | "socket AF_PACKETX" | ||
43 | } | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 1.9\n";exit} | ||
46 | "Operation not supported" | ||
47 | } | ||
48 | sleep 1 | ||
49 | |||
50 | send -- "firejail --noprofile --protocol=inet6,packet ../src/tools/syscall_test socket\r" | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 2\n";exit} | ||
53 | "Child process initialized" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
57 | "socket AF_INET" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
61 | "Operation not supported" | ||
62 | } | ||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 2.3\n";exit} | ||
65 | "socket AF_INET6" | ||
66 | } | ||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 2.4\n";exit} | ||
69 | "socket AF_NETLINK" | ||
70 | } | ||
71 | expect { | ||
72 | timeout {puts "TESTING ERROR 2.5\n";exit} | ||
73 | "Operation not supported" | ||
74 | } | ||
75 | expect { | ||
76 | timeout {puts "TESTING ERROR 2.6\n";exit} | ||
77 | "socket AF_UNIX" | ||
78 | } | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 2.7\n";exit} | ||
81 | "Operation not supported" | ||
82 | } | ||
83 | expect { | ||
84 | timeout {puts "TESTING ERROR 2.8\n";exit} | ||
85 | "socket AF_PACKETX" | ||
86 | } | ||
87 | expect { | ||
88 | timeout {puts "TESTING ERROR 2.9\n";exit} | ||
89 | "after socket" | ||
90 | } | ||
91 | sleep 1 | ||
92 | |||
93 | # profile testing | ||
94 | send -- "firejail --profile=protocol1.profile ../src/tools/syscall_test socket\r" | ||
95 | expect { | ||
96 | timeout {puts "TESTING ERROR 3\n";exit} | ||
97 | "Child process initialized" | ||
98 | } | ||
99 | expect { | ||
100 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
101 | "socket AF_INET" | ||
102 | } | ||
103 | expect { | ||
104 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
105 | "Operation not supported" | ||
106 | } | ||
107 | expect { | ||
108 | timeout {puts "TESTING ERROR 3.3\n";exit} | ||
109 | "socket AF_INET6" | ||
110 | } | ||
111 | expect { | ||
112 | timeout {puts "TESTING ERROR 3.4\n";exit} | ||
113 | "Operation not supported" | ||
114 | } | ||
115 | expect { | ||
116 | timeout {puts "TESTING ERROR 3.5\n";exit} | ||
117 | "socket AF_NETLINK" | ||
118 | } | ||
119 | expect { | ||
120 | timeout {puts "TESTING ERROR 3.6\n";exit} | ||
121 | "Operation not supported" | ||
122 | } | ||
123 | expect { | ||
124 | timeout {puts "TESTING ERROR 3.7\n";exit} | ||
125 | "socket AF_UNIX" | ||
126 | } | ||
127 | expect { | ||
128 | timeout {puts "TESTING ERROR 3.8\n";exit} | ||
129 | "socket AF_PACKETX" | ||
130 | } | ||
131 | expect { | ||
132 | timeout {puts "TESTING ERROR 3.9\n";exit} | ||
133 | "Operation not supported" | ||
134 | } | ||
135 | sleep 1 | ||
136 | |||
137 | send -- "firejail --profile=protocol2.profile ../src/tools/syscall_test socket\r" | ||
138 | expect { | ||
139 | timeout {puts "TESTING ERROR 4\n";exit} | ||
140 | "Child process initialized" | ||
141 | } | ||
142 | expect { | ||
143 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
144 | "socket AF_INET" | ||
145 | } | ||
146 | expect { | ||
147 | timeout {puts "TESTING ERROR 4.2\n";exit} | ||
148 | "Operation not supported" | ||
149 | } | ||
150 | expect { | ||
151 | timeout {puts "TESTING ERROR 4.3\n";exit} | ||
152 | "socket AF_INET6" | ||
153 | } | ||
154 | expect { | ||
155 | timeout {puts "TESTING ERROR 4.4\n";exit} | ||
156 | "socket AF_NETLINK" | ||
157 | } | ||
158 | expect { | ||
159 | timeout {puts "TESTING ERROR 4.5\n";exit} | ||
160 | "Operation not supported" | ||
161 | } | ||
162 | expect { | ||
163 | timeout {puts "TESTING ERROR 4.6\n";exit} | ||
164 | "socket AF_UNIX" | ||
165 | } | ||
166 | expect { | ||
167 | timeout {puts "TESTING ERROR 4.7\n";exit} | ||
168 | "Operation not supported" | ||
169 | } | ||
170 | expect { | ||
171 | timeout {puts "TESTING ERROR 4.8\n";exit} | ||
172 | "socket AF_PACKETX" | ||
173 | } | ||
174 | expect { | ||
175 | timeout {puts "TESTING ERROR 4.9\n";exit} | ||
176 | "after socket" | ||
177 | } | ||
178 | sleep 1 | ||
179 | |||
180 | |||
181 | |||
182 | |||
183 | |||
184 | puts "\nall done\n" | ||
diff --git a/test/protocol1.profile b/test/protocol1.profile new file mode 100644 index 000000000..3e1ea2a29 --- /dev/null +++ b/test/protocol1.profile | |||
@@ -0,0 +1 @@ | |||
protocol unix | |||
diff --git a/test/protocol2.profile b/test/protocol2.profile new file mode 100644 index 000000000..b7eb4ab91 --- /dev/null +++ b/test/protocol2.profile | |||
@@ -0,0 +1 @@ | |||
protocol inet6,packet | |||
diff --git a/test/test.sh b/test/test.sh index 406ef92a3..8e673911e 100755 --- a/test/test.sh +++ b/test/test.sh | |||
@@ -12,6 +12,9 @@ done | |||
12 | 12 | ||
13 | ./fscheck.sh | 13 | ./fscheck.sh |
14 | 14 | ||
15 | echo "TESTING: protocol" | ||
16 | ./protocol.exp | ||
17 | |||
15 | echo "TESTING: invalid filename" | 18 | echo "TESTING: invalid filename" |
16 | ./invalid_filename.exp | 19 | ./invalid_filename.exp |
17 | 20 | ||