diff options
-rw-r--r-- | Makefile.in | 13 | ||||
-rwxr-xr-x | configure | 25 | ||||
-rw-r--r-- | configure.ac | 17 | ||||
-rw-r--r-- | src/faudit/main.c | 13 | ||||
-rw-r--r-- | src/firecfg/Makefile.in | 8 | ||||
-rw-r--r-- | src/firejail/Makefile.in | 5 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 8 | ||||
-rw-r--r-- | src/firejail/sbox.c | 2 | ||||
-rw-r--r-- | src/firemon/Makefile.in | 11 | ||||
-rw-r--r-- | src/fnet/Makefile.in | 8 | ||||
-rw-r--r-- | src/fnet/interface.c | 1 | ||||
-rw-r--r-- | src/fseccomp/Makefile.in | 8 | ||||
-rw-r--r-- | src/ftee/Makefile.in | 8 | ||||
-rw-r--r-- | src/lib/Makefile.in | 6 | ||||
-rw-r--r-- | test/arguments/Makefile | 13 | ||||
-rwxr-xr-x | test/arguments/arguments.sh | 4 | ||||
-rwxr-xr-x | test/arguments/bashrun.sh | 12 | ||||
-rwxr-xr-x | test/arguments/joinrun.sh | 12 | ||||
-rw-r--r-- | test/arguments/main.c | 31 | ||||
-rwxr-xr-x | test/arguments/outrun.sh | 12 | ||||
-rw-r--r-- | test/arguments/readme | 9 | ||||
-rwxr-xr-x | test/fs/fs.sh | 8 | ||||
-rwxr-xr-x | test/fs/private-home-dir.exp | 70 | ||||
-rwxr-xr-x | test/fs/private-home.exp | 45 | ||||
-rwxr-xr-x | test/fs/private.exp | 51 | ||||
-rwxr-xr-x | test/network/interface.exp | 66 | ||||
-rwxr-xr-x | test/network/net_scan.exp | 75 | ||||
-rwxr-xr-x | test/network/network.sh | 6 |
28 files changed, 417 insertions, 130 deletions
diff --git a/Makefile.in b/Makefile.in index 86acc206c..d93eee502 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -39,6 +39,7 @@ clean: | |||
39 | for dir in $(APPS) $(MYLIBS); do \ | 39 | for dir in $(APPS) $(MYLIBS); do \ |
40 | $(MAKE) -C $$dir clean; \ | 40 | $(MAKE) -C $$dir clean; \ |
41 | done | 41 | done |
42 | rm -fr gcov-file gcov-dir | ||
42 | rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm | 43 | rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm |
43 | rm -f test/utils/index.html* | 44 | rm -f test/utils/index.html* |
44 | rm -f test/utils/wget-log | 45 | rm -f test/utils/wget-log |
@@ -214,11 +215,21 @@ test-environment: | |||
214 | test-filters: | 215 | test-filters: |
215 | cd test/filters; ./filters.sh | grep TESTING | 216 | cd test/filters; ./filters.sh | grep TESTING |
216 | 217 | ||
218 | test-arguments: | ||
219 | cd test/arguments; ./arguments.sh | grep TESTING | ||
220 | |||
217 | test-network: | 221 | test-network: |
218 | echo "Please read test/network/README file and run the test manually" | 222 | echo "Please read test/network/README file and run the test manually" |
219 | 223 | ||
220 | test-fs: | 224 | test-fs: |
221 | cd test/fs; ./fs.sh | grep TESTING | 225 | cd test/fs; ./fs.sh | grep TESTING |
222 | 226 | ||
223 | test: test-profiles test-fs test-utils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters | 227 | test: test-profiles test-fs test-utils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters test-arguments |
224 | echo "TEST COMPLETE" | 228 | echo "TEST COMPLETE" |
229 | |||
230 | gcov:; | ||
231 | lcov --capture -d src/firejail -d src/firemon -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg --output-file gcov-file | ||
232 | rm -fr gcov-dir | ||
233 | genhtml gcov-file --output-directory gcov-dir | ||
234 | |||
235 | \ No newline at end of file | ||
@@ -625,6 +625,7 @@ ac_includes_default="\ | |||
625 | ac_subst_vars='LTLIBOBJS | 625 | ac_subst_vars='LTLIBOBJS |
626 | LIBOBJS | 626 | LIBOBJS |
627 | HAVE_SECCOMP_H | 627 | HAVE_SECCOMP_H |
628 | HAVE_GCOV | ||
628 | BUSYBOX_WORKAROUND | 629 | BUSYBOX_WORKAROUND |
629 | HAVE_FATAL_WARNINGS | 630 | HAVE_FATAL_WARNINGS |
630 | HAVE_WHITELIST | 631 | HAVE_WHITELIST |
@@ -709,6 +710,7 @@ enable_file_transfer | |||
709 | enable_whitelist | 710 | enable_whitelist |
710 | enable_fatal_warnings | 711 | enable_fatal_warnings |
711 | enable_busybox_workaround | 712 | enable_busybox_workaround |
713 | enable_gcov | ||
712 | ' | 714 | ' |
713 | ac_precious_vars='build_alias | 715 | ac_precious_vars='build_alias |
714 | host_alias | 716 | host_alias |
@@ -1346,6 +1348,7 @@ Optional Features: | |||
1346 | --enable-fatal-warnings -W -Wall -Werror | 1348 | --enable-fatal-warnings -W -Wall -Werror |
1347 | --enable-busybox-workaround | 1349 | --enable-busybox-workaround |
1348 | enable busybox workaround | 1350 | enable busybox workaround |
1351 | --enable-gcov Gcov instrumentation | ||
1349 | 1352 | ||
1350 | Some influential environment variables: | 1353 | Some influential environment variables: |
1351 | CC C compiler command | 1354 | CC C compiler command |
@@ -3508,7 +3511,7 @@ fi | |||
3508 | fi | 3511 | fi |
3509 | if test "x$enable_apparmor" = "xyes"; then : | 3512 | if test "x$enable_apparmor" = "xyes"; then : |
3510 | 3513 | ||
3511 | EXTRA_LDFLAGS="-lapparmor" | 3514 | EXTRA_LDFLAGS+="-lapparmor " |
3512 | 3515 | ||
3513 | fi | 3516 | fi |
3514 | 3517 | ||
@@ -3693,6 +3696,21 @@ if test "x$enable_busybox_workaround" = "xyes"; then : | |||
3693 | fi | 3696 | fi |
3694 | 3697 | ||
3695 | 3698 | ||
3699 | HAVE_GCOV="" | ||
3700 | # Check whether --enable-gcov was given. | ||
3701 | if test "${enable_gcov+set}" = set; then : | ||
3702 | enableval=$enable_gcov; | ||
3703 | fi | ||
3704 | |||
3705 | if test "x$enable_gcov" = "xyes"; then : | ||
3706 | |||
3707 | HAVE_GCOV="--coverage -DHAVE_GCOV " | ||
3708 | EXTRA_LDFLAGS+="-lgcov --coverage " | ||
3709 | |||
3710 | |||
3711 | fi | ||
3712 | |||
3713 | |||
3696 | 3714 | ||
3697 | # checking pthread library | 3715 | # checking pthread library |
3698 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5 | 3716 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5 |
@@ -4952,9 +4970,10 @@ echo " whitelisting: $HAVE_WHITELIST" | |||
4952 | echo " private home support: $HAVE_PRIVATE_HOME" | 4970 | echo " private home support: $HAVE_PRIVATE_HOME" |
4953 | echo " file transfer support: $HAVE_FILE_TRANSFER" | 4971 | echo " file transfer support: $HAVE_FILE_TRANSFER" |
4954 | echo " overlayfs support: $HAVE_OVERLAYFS" | 4972 | echo " overlayfs support: $HAVE_OVERLAYFS" |
4955 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" | ||
4956 | echo " busybox workaround: $BUSYBOX_WORKAROUND" | 4973 | echo " busybox workaround: $BUSYBOX_WORKAROUND" |
4957 | printf " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" | 4974 | echo " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" |
4975 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" | ||
4976 | echo " Gcov instrumentation: $HAVE_GCOV" | ||
4958 | echo | 4977 | echo |
4959 | 4978 | ||
4960 | 4979 | ||
diff --git a/configure.ac b/configure.ac index 9e7680d7d..74ba09f43 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -22,7 +22,7 @@ AS_IF([test "x$enable_apparmor" = "xyes"], [ | |||
22 | [Couldn't find sys/apparmor.h... please install apparmor user space library and development files] )]) | 22 | [Couldn't find sys/apparmor.h... please install apparmor user space library and development files] )]) |
23 | ]) | 23 | ]) |
24 | AS_IF([test "x$enable_apparmor" = "xyes"], [ | 24 | AS_IF([test "x$enable_apparmor" = "xyes"], [ |
25 | EXTRA_LDFLAGS="-lapparmor" | 25 | EXTRA_LDFLAGS+="-lapparmor " |
26 | ]) | 26 | ]) |
27 | AC_SUBST([EXTRA_LDFLAGS]) | 27 | AC_SUBST([EXTRA_LDFLAGS]) |
28 | 28 | ||
@@ -136,6 +136,16 @@ AS_IF([test "x$enable_busybox_workaround" = "xyes"], [ | |||
136 | ]) | 136 | ]) |
137 | 137 | ||
138 | 138 | ||
139 | HAVE_GCOV="" | ||
140 | AC_ARG_ENABLE([gcov], | ||
141 | AS_HELP_STRING([--enable-gcov], [Gcov instrumentation])) | ||
142 | AS_IF([test "x$enable_gcov" = "xyes"], [ | ||
143 | HAVE_GCOV="--coverage -DHAVE_GCOV " | ||
144 | EXTRA_LDFLAGS+="-lgcov --coverage " | ||
145 | AC_SUBST(HAVE_GCOV) | ||
146 | ]) | ||
147 | |||
148 | |||
139 | 149 | ||
140 | # checking pthread library | 150 | # checking pthread library |
141 | AC_CHECK_LIB([pthread], [main], [], AC_MSG_ERROR([*** POSIX thread support not installed ***])) | 151 | AC_CHECK_LIB([pthread], [main], [], AC_MSG_ERROR([*** POSIX thread support not installed ***])) |
@@ -168,9 +178,10 @@ echo " whitelisting: $HAVE_WHITELIST" | |||
168 | echo " private home support: $HAVE_PRIVATE_HOME" | 178 | echo " private home support: $HAVE_PRIVATE_HOME" |
169 | echo " file transfer support: $HAVE_FILE_TRANSFER" | 179 | echo " file transfer support: $HAVE_FILE_TRANSFER" |
170 | echo " overlayfs support: $HAVE_OVERLAYFS" | 180 | echo " overlayfs support: $HAVE_OVERLAYFS" |
171 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" | ||
172 | echo " busybox workaround: $BUSYBOX_WORKAROUND" | 181 | echo " busybox workaround: $BUSYBOX_WORKAROUND" |
173 | printf " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" | 182 | echo " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" |
183 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" | ||
184 | echo " Gcov instrumentation: $HAVE_GCOV" | ||
174 | echo | 185 | echo |
175 | 186 | ||
176 | 187 | ||
diff --git a/src/faudit/main.c b/src/faudit/main.c index 61005945d..7f47ccaf0 100644 --- a/src/faudit/main.c +++ b/src/faudit/main.c | |||
@@ -21,6 +21,19 @@ | |||
21 | char *prog; | 21 | char *prog; |
22 | 22 | ||
23 | int main(int argc, char **argv) { | 23 | int main(int argc, char **argv) { |
24 | // make test-arguments helper | ||
25 | if (getenv("FIREJAIL_TEST_ARGUMENTS")) { | ||
26 | printf("Arguments:\n"); | ||
27 | |||
28 | int i; | ||
29 | for (i = 0; i < argc; i++) { | ||
30 | printf("#%s#\n", argv[i]); | ||
31 | } | ||
32 | |||
33 | return 0; | ||
34 | } | ||
35 | |||
36 | |||
24 | if (argc != 1) { | 37 | if (argc != 1) { |
25 | int i; | 38 | int i; |
26 | 39 | ||
diff --git a/src/firecfg/Makefile.in b/src/firecfg/Makefile.in index 11f8b1e8d..f9fe08768 100644 --- a/src/firecfg/Makefile.in +++ b/src/firecfg/Makefile.in | |||
@@ -16,22 +16,24 @@ HAVE_NETWORK=@HAVE_NETWORK@ | |||
16 | HAVE_USERNS=@HAVE_USERNS@ | 16 | HAVE_USERNS=@HAVE_USERNS@ |
17 | HAVE_X11=@HAVE_X11@ | 17 | HAVE_X11=@HAVE_X11@ |
18 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | 18 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ |
19 | HAVE_GCOV=@HAVE_GCOV@ | ||
20 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
19 | 21 | ||
20 | 22 | ||
21 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 23 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
22 | C_FILE_LIST = $(sort $(wildcard *.c)) | 24 | C_FILE_LIST = $(sort $(wildcard *.c)) |
23 | OBJS = $(C_FILE_LIST:.c=.o) | 25 | OBJS = $(C_FILE_LIST:.c=.o) |
24 | BINOBJS = $(foreach file, $(OBJS), $file) | 26 | BINOBJS = $(foreach file, $(OBJS), $file) |
25 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_SECCOMP) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | 27 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_SECCOMP) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security |
26 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 28 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
27 | 29 | ||
28 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/libnetlink.h ../include/pid.h | 30 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/libnetlink.h ../include/pid.h |
29 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 31 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ |
30 | 32 | ||
31 | firecfg: $(OBJS) ../lib/common.o | 33 | firecfg: $(OBJS) ../lib/common.o |
32 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o $(LIBS) | 34 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o $(LIBS) $(EXTRA_LDFLAGS) |
33 | 35 | ||
34 | clean:; rm -f *.o firecfg firecfg.1 firecfg.1.gz | 36 | clean:; rm -f *.o firecfg firecfg.1 firecfg.1.gz *.gcov *.gcda *.gcno |
35 | 37 | ||
36 | distclean: clean | 38 | distclean: clean |
37 | rm -fr Makefile | 39 | rm -fr Makefile |
diff --git a/src/firejail/Makefile.in b/src/firejail/Makefile.in index c99b6c30c..6e5071925 100644 --- a/src/firejail/Makefile.in +++ b/src/firejail/Makefile.in | |||
@@ -21,13 +21,14 @@ HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | |||
21 | HAVE_APPARMOR=@HAVE_APPARMOR@ | 21 | HAVE_APPARMOR=@HAVE_APPARMOR@ |
22 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | 22 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ |
23 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | 23 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ |
24 | HAVE_GCOV=@HAVE_GCOV@ | ||
24 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
25 | 26 | ||
26 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 27 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
27 | C_FILE_LIST = $(sort $(wildcard *.c)) | 28 | C_FILE_LIST = $(sort $(wildcard *.c)) |
28 | OBJS = $(C_FILE_LIST:.c=.o) | 29 | OBJS = $(C_FILE_LIST:.c=.o) |
29 | BINOBJS = $(foreach file, $(OBJS), $file) | 30 | BINOBJS = $(foreach file, $(OBJS), $file) |
30 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | 31 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security |
31 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 32 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
32 | 33 | ||
33 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall.h | 34 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall.h |
@@ -36,7 +37,7 @@ LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | |||
36 | firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o | 37 | firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o |
37 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o $(LIBS) $(EXTRA_LDFLAGS) | 38 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o $(LIBS) $(EXTRA_LDFLAGS) |
38 | 39 | ||
39 | clean:; rm -f *.o firejail firejail.1 firejail.1.gz | 40 | clean:; rm -f *.o firejail firejail.1 firejail.1.gz *.gcov *.gcda *.gcno |
40 | 41 | ||
41 | distclean: clean | 42 | distclean: clean |
42 | rm -fr Makefile | 43 | rm -fr Makefile |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 556cb1fca..6b7f7f003 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -481,28 +481,24 @@ int sandbox(void* sandbox_arg) { | |||
481 | sandbox_if_up(&cfg.bridge3); | 481 | sandbox_if_up(&cfg.bridge3); |
482 | 482 | ||
483 | 483 | ||
484 | // todo: this code seems to be dead!!! | 484 | // moving an interface in a namespace using --interface will reset the interface configuration; |
485 | // enable interfaces | 485 | // we need to put the configuration back |
486 | if (cfg.interface0.configured && cfg.interface0.ip) { | 486 | if (cfg.interface0.configured && cfg.interface0.ip) { |
487 | assert(0); | ||
488 | if (arg_debug) | 487 | if (arg_debug) |
489 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface0.ip), cfg.interface0.dev); | 488 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface0.ip), cfg.interface0.dev); |
490 | net_config_interface(cfg.interface0.dev, cfg.interface0.ip, cfg.interface0.mask, cfg.interface0.mtu); | 489 | net_config_interface(cfg.interface0.dev, cfg.interface0.ip, cfg.interface0.mask, cfg.interface0.mtu); |
491 | } | 490 | } |
492 | if (cfg.interface1.configured && cfg.interface1.ip) { | 491 | if (cfg.interface1.configured && cfg.interface1.ip) { |
493 | assert(0); | ||
494 | if (arg_debug) | 492 | if (arg_debug) |
495 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface1.ip), cfg.interface1.dev); | 493 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface1.ip), cfg.interface1.dev); |
496 | net_config_interface(cfg.interface1.dev, cfg.interface1.ip, cfg.interface1.mask, cfg.interface1.mtu); | 494 | net_config_interface(cfg.interface1.dev, cfg.interface1.ip, cfg.interface1.mask, cfg.interface1.mtu); |
497 | } | 495 | } |
498 | if (cfg.interface2.configured && cfg.interface2.ip) { | 496 | if (cfg.interface2.configured && cfg.interface2.ip) { |
499 | assert(0); | ||
500 | if (arg_debug) | 497 | if (arg_debug) |
501 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface2.ip), cfg.interface2.dev); | 498 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface2.ip), cfg.interface2.dev); |
502 | net_config_interface(cfg.interface2.dev, cfg.interface2.ip, cfg.interface2.mask, cfg.interface2.mtu); | 499 | net_config_interface(cfg.interface2.dev, cfg.interface2.ip, cfg.interface2.mask, cfg.interface2.mtu); |
503 | } | 500 | } |
504 | if (cfg.interface3.configured && cfg.interface3.ip) { | 501 | if (cfg.interface3.configured && cfg.interface3.ip) { |
505 | assert(0); | ||
506 | if (arg_debug) | 502 | if (arg_debug) |
507 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface3.ip), cfg.interface3.dev); | 503 | printf("Configuring %d.%d.%d.%d address on interface %s\n", PRINT_IP(cfg.interface3.ip), cfg.interface3.dev); |
508 | net_config_interface(cfg.interface3.dev, cfg.interface3.ip, cfg.interface3.mask, cfg.interface3.mtu); | 504 | net_config_interface(cfg.interface3.dev, cfg.interface3.ip, cfg.interface3.mask, cfg.interface3.mtu); |
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index b16736dee..3d4eef3aa 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c | |||
@@ -156,9 +156,11 @@ int sbox_run(unsigned filter, int num, ...) { | |||
156 | caps_drop_all(); | 156 | caps_drop_all(); |
157 | } | 157 | } |
158 | else if (filter & SBOX_CAPS_NETWORK) { | 158 | else if (filter & SBOX_CAPS_NETWORK) { |
159 | #ifndef HAVE_GCOV // the following filter will prevent GCOV from saving info in .gcda files | ||
159 | uint64_t set = ((uint64_t) 1) << CAP_NET_ADMIN; | 160 | uint64_t set = ((uint64_t) 1) << CAP_NET_ADMIN; |
160 | set |= ((uint64_t) 1) << CAP_NET_RAW; | 161 | set |= ((uint64_t) 1) << CAP_NET_RAW; |
161 | caps_set(set); | 162 | caps_set(set); |
163 | #endif | ||
162 | } | 164 | } |
163 | 165 | ||
164 | if (filter & SBOX_SECCOMP) { | 166 | if (filter & SBOX_SECCOMP) { |
diff --git a/src/firemon/Makefile.in b/src/firemon/Makefile.in index 21888d354..efc48b212 100644 --- a/src/firemon/Makefile.in +++ b/src/firemon/Makefile.in | |||
@@ -4,21 +4,26 @@ PREFIX=@prefix@ | |||
4 | VERSION=@PACKAGE_VERSION@ | 4 | VERSION=@PACKAGE_VERSION@ |
5 | NAME=@PACKAGE_NAME@ | 5 | NAME=@PACKAGE_NAME@ |
6 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | 6 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ |
7 | HAVE_GCOV=@HAVE_GCOV@ | ||
8 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
7 | 9 | ||
8 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 10 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
9 | C_FILE_LIST = $(sort $(wildcard *.c)) | 11 | C_FILE_LIST = $(sort $(wildcard *.c)) |
10 | OBJS = $(C_FILE_LIST:.c=.o) | 12 | OBJS = $(C_FILE_LIST:.c=.o) |
11 | BINOBJS = $(foreach file, $(OBJS), $file) | 13 | BINOBJS = $(foreach file, $(OBJS), $file) |
12 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | 14 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security |
13 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now | 15 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now |
16 | HAVE_GCOV=@HAVE_GCOV@ | ||
17 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
18 | |||
14 | 19 | ||
15 | %.o : %.c $(H_FILE_LIST) | 20 | %.o : %.c $(H_FILE_LIST) |
16 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 21 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ |
17 | 22 | ||
18 | firemon: $(OBJS) ../lib/common.o ../lib/pid.o | 23 | firemon: $(OBJS) ../lib/common.o ../lib/pid.o |
19 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/pid.o $(LIBS) | 24 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/pid.o $(LIBS) $(EXTRA_LDFLAGS) |
20 | 25 | ||
21 | clean:; rm -f *.o firemon | 26 | clean:; rm -f *.o firemon *.gcov *.gcda *.gcno |
22 | 27 | ||
23 | distclean: clean | 28 | distclean: clean |
24 | rm -fr Makefile | 29 | rm -fr Makefile |
diff --git a/src/fnet/Makefile.in b/src/fnet/Makefile.in index bba4406d4..32f08882a 100644 --- a/src/fnet/Makefile.in +++ b/src/fnet/Makefile.in | |||
@@ -22,21 +22,23 @@ HAVE_APPARMOR=@HAVE_APPARMOR@ | |||
22 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | 22 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ |
23 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | 23 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ |
24 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 24 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
25 | HAVE_GCOV=@HAVE_GCOV@ | ||
26 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
25 | 27 | ||
26 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 28 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
27 | C_FILE_LIST = $(sort $(wildcard *.c)) | 29 | C_FILE_LIST = $(sort $(wildcard *.c)) |
28 | OBJS = $(C_FILE_LIST:.c=.o) | 30 | OBJS = $(C_FILE_LIST:.c=.o) |
29 | BINOBJS = $(foreach file, $(OBJS), $file) | 31 | BINOBJS = $(foreach file, $(OBJS), $file) |
30 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | 32 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security |
31 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 33 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
32 | 34 | ||
33 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/libnetlink.h | 35 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/libnetlink.h |
34 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 36 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ |
35 | 37 | ||
36 | fnet: $(OBJS) ../lib/libnetlink.o | 38 | fnet: $(OBJS) ../lib/libnetlink.o |
37 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/libnetlink.o $(LIBS) | 39 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/libnetlink.o $(LIBS) $(EXTRA_LDFLAGS) |
38 | 40 | ||
39 | clean:; rm -f *.o fnet | 41 | clean:; rm -f *.o fnet *.gcov *.gcda *.gcno |
40 | 42 | ||
41 | distclean: clean | 43 | distclean: clean |
42 | rm -fr Makefile | 44 | rm -fr Makefile |
diff --git a/src/fnet/interface.c b/src/fnet/interface.c index 67af062bf..046b2c972 100644 --- a/src/fnet/interface.c +++ b/src/fnet/interface.c | |||
@@ -284,6 +284,7 @@ void net_if_ip(const char *ifname, uint32_t ip, uint32_t mask, int mtu) { | |||
284 | ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr = htonl(ip); | 284 | ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr = htonl(ip); |
285 | if (ioctl( sock, SIOCSIFADDR, &ifr ) < 0) { | 285 | if (ioctl( sock, SIOCSIFADDR, &ifr ) < 0) { |
286 | close(sock); | 286 | close(sock); |
287 | fprintf(stderr, "Error fnet: cannot find interface %s\n", ifname); | ||
287 | errExit("ioctl"); | 288 | errExit("ioctl"); |
288 | } | 289 | } |
289 | 290 | ||
diff --git a/src/fseccomp/Makefile.in b/src/fseccomp/Makefile.in index 1878ad2f3..04c46f128 100644 --- a/src/fseccomp/Makefile.in +++ b/src/fseccomp/Makefile.in | |||
@@ -22,21 +22,23 @@ HAVE_APPARMOR=@HAVE_APPARMOR@ | |||
22 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | 22 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ |
23 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | 23 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ |
24 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 24 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
25 | HAVE_GCOV=@HAVE_GCOV@ | ||
26 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
25 | 27 | ||
26 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 28 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
27 | C_FILE_LIST = $(sort $(wildcard *.c)) | 29 | C_FILE_LIST = $(sort $(wildcard *.c)) |
28 | OBJS = $(C_FILE_LIST:.c=.o) | 30 | OBJS = $(C_FILE_LIST:.c=.o) |
29 | BINOBJS = $(foreach file, $(OBJS), $file) | 31 | BINOBJS = $(foreach file, $(OBJS), $file) |
30 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | 32 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security |
31 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 33 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
32 | 34 | ||
33 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h | 35 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h |
34 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 36 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ |
35 | 37 | ||
36 | fseccomp: $(OBJS) | 38 | fseccomp: $(OBJS) |
37 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) | 39 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) |
38 | 40 | ||
39 | clean:; rm -f *.o fseccomp | 41 | clean:; rm -f *.o fseccomp *.gcov *.gcda *.gcno |
40 | 42 | ||
41 | distclean: clean | 43 | distclean: clean |
42 | rm -fr Makefile | 44 | rm -fr Makefile |
diff --git a/src/ftee/Makefile.in b/src/ftee/Makefile.in index be159225f..ad508cadd 100644 --- a/src/ftee/Makefile.in +++ b/src/ftee/Makefile.in | |||
@@ -4,21 +4,23 @@ PREFIX=@prefix@ | |||
4 | VERSION=@PACKAGE_VERSION@ | 4 | VERSION=@PACKAGE_VERSION@ |
5 | NAME=@PACKAGE_NAME@ | 5 | NAME=@PACKAGE_NAME@ |
6 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | 6 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ |
7 | HAVE_GCOV=@HAVE_GCOV@ | ||
8 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
7 | 9 | ||
8 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 10 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
9 | C_FILE_LIST = $(sort $(wildcard *.c)) | 11 | C_FILE_LIST = $(sort $(wildcard *.c)) |
10 | OBJS = $(C_FILE_LIST:.c=.o) | 12 | OBJS = $(C_FILE_LIST:.c=.o) |
11 | BINOBJS = $(foreach file, $(OBJS), $file) | 13 | BINOBJS = $(foreach file, $(OBJS), $file) |
12 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(PREFIX)"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | 14 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(PREFIX)"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security |
13 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 15 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
14 | 16 | ||
15 | %.o : %.c $(H_FILE_LIST) | 17 | %.o : %.c $(H_FILE_LIST) |
16 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 18 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ |
17 | 19 | ||
18 | ftee: $(OBJS) | 20 | ftee: $(OBJS) |
19 | $(CC) $(LDFLAGS) -o $@ $(OBJS) | 21 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(EXTRA_LDFLAGS) |
20 | 22 | ||
21 | clean:; rm -f *.o ftee | 23 | clean:; rm -f *.o ftee *.gcov *.gcda *.gcno |
22 | 24 | ||
23 | distclean: clean | 25 | distclean: clean |
24 | rm -fr Makefile | 26 | rm -fr Makefile |
diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index 71f96bab1..5549aca11 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in | |||
@@ -2,12 +2,14 @@ PREFIX=@prefix@ | |||
2 | VERSION=@PACKAGE_VERSION@ | 2 | VERSION=@PACKAGE_VERSION@ |
3 | NAME=@PACKAGE_NAME@ | 3 | NAME=@PACKAGE_NAME@ |
4 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | 4 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ |
5 | HAVE_GCOV=@HAVE_GCOV@ | ||
6 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
5 | 7 | ||
6 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 8 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
7 | C_FILE_LIST = $(sort $(wildcard *.c)) | 9 | C_FILE_LIST = $(sort $(wildcard *.c)) |
8 | OBJS = $(C_FILE_LIST:.c=.o) | 10 | OBJS = $(C_FILE_LIST:.c=.o) |
9 | BINOBJS = $(foreach file, $(OBJS), $file) | 11 | BINOBJS = $(foreach file, $(OBJS), $file) |
10 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security | 12 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security |
11 | LDFLAGS:=-pic -Wl,-z,relro -Wl,-z,now | 13 | LDFLAGS:=-pic -Wl,-z,relro -Wl,-z,now |
12 | 14 | ||
13 | all: $(OBJS) | 15 | all: $(OBJS) |
@@ -15,7 +17,7 @@ all: $(OBJS) | |||
15 | %.o : %.c $(H_FILE_LIST) | 17 | %.o : %.c $(H_FILE_LIST) |
16 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 18 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ |
17 | 19 | ||
18 | clean:; rm -f $(OBJS) | 20 | clean:; rm -f $(OBJS) *.gcov *.gcda *.gcno |
19 | 21 | ||
20 | distclean: clean | 22 | distclean: clean |
21 | rm -fr Makefile | 23 | rm -fr Makefile |
diff --git a/test/arguments/Makefile b/test/arguments/Makefile deleted file mode 100644 index 3ccab3702..000000000 --- a/test/arguments/Makefile +++ /dev/null | |||
@@ -1,13 +0,0 @@ | |||
1 | all: argtest | ||
2 | |||
3 | argtest: main.c | ||
4 | gcc -o argtest main.c | ||
5 | |||
6 | clean:; rm -f argtest; rm -fr symtest; rm -f out out.* | ||
7 | |||
8 | install:;install -c -m 0755 argtest /usr/local/bin/argtest | ||
9 | |||
10 | uninstall:; rm -f /usr/local/bin/argtest | ||
11 | |||
12 | |||
13 | test:; ./arguments.sh | grep TESTING | ||
diff --git a/test/arguments/arguments.sh b/test/arguments/arguments.sh index 2f53eb3fa..db4c9b472 100755 --- a/test/arguments/arguments.sh +++ b/test/arguments/arguments.sh | |||
@@ -4,12 +4,16 @@ | |||
4 | 4 | ||
5 | echo "TESTING: 1. regular bash session" | 5 | echo "TESTING: 1. regular bash session" |
6 | ./bashrun.exp | 6 | ./bashrun.exp |
7 | sleep 1 | ||
7 | 8 | ||
8 | echo "TESTING: 2. symbolic link to firejail" | 9 | echo "TESTING: 2. symbolic link to firejail" |
9 | ./symrun.exp | 10 | ./symrun.exp |
11 | rm -fr symtest | ||
12 | sleep 1 | ||
10 | 13 | ||
11 | echo "TESTING: 3. --join option" | 14 | echo "TESTING: 3. --join option" |
12 | ./joinrun.exp | 15 | ./joinrun.exp |
16 | sleep 1 | ||
13 | 17 | ||
14 | echo "TESTING: 4. --output option" | 18 | echo "TESTING: 4. --output option" |
15 | ./outrun.exp | 19 | ./outrun.exp |
diff --git a/test/arguments/bashrun.sh b/test/arguments/bashrun.sh index c2f209548..0797c92c2 100755 --- a/test/arguments/bashrun.sh +++ b/test/arguments/bashrun.sh | |||
@@ -1,22 +1,22 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | 2 | ||
3 | echo "TESTING: 1.1 - simple args" | 3 | echo "TESTING: 1.1 - simple args" |
4 | firejail --quiet ./argtest arg1 arg2 | 4 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit arg1 arg2 |
5 | 5 | ||
6 | # simple quotes, testing spaces in file names | 6 | # simple quotes, testing spaces in file names |
7 | echo "TESTING: 1.2 - args with space and \"" | 7 | echo "TESTING: 1.2 - args with space and \"" |
8 | firejail --quiet ./argtest "arg1 tail" "arg2 tail" | 8 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit "arg1 tail" "arg2 tail" |
9 | 9 | ||
10 | echo "TESTING: 1.3 - args with space and '" | 10 | echo "TESTING: 1.3 - args with space and '" |
11 | firejail --quiet ./argtest 'arg1 tail' 'arg2 tail' | 11 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit 'arg1 tail' 'arg2 tail' |
12 | 12 | ||
13 | # escaped space in file names | 13 | # escaped space in file names |
14 | echo "TESTING: 1.4 - args with space and \\" | 14 | echo "TESTING: 1.4 - args with space and \\" |
15 | firejail --quiet ./argtest arg1\ tail arg2\ tail | 15 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit arg1\ tail arg2\ tail |
16 | 16 | ||
17 | # & char appears in URLs - URLs should be quoted | 17 | # & char appears in URLs - URLs should be quoted |
18 | echo "TESTING: 1.5 - args with & and \"" | 18 | echo "TESTING: 1.5 - args with & and \"" |
19 | firejail --quiet ./argtest "arg1&tail" "arg2&tail" | 19 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit "arg1&tail" "arg2&tail" |
20 | 20 | ||
21 | echo "TESTING: 1.6 - args with & and '" | 21 | echo "TESTING: 1.6 - args with & and '" |
22 | firejail --quiet ./argtest 'arg1&tail' 'arg2&tail' | 22 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit 'arg1&tail' 'arg2&tail' |
diff --git a/test/arguments/joinrun.sh b/test/arguments/joinrun.sh index f6c2b2e22..2743d823e 100755 --- a/test/arguments/joinrun.sh +++ b/test/arguments/joinrun.sh | |||
@@ -1,22 +1,22 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | 2 | ||
3 | echo "TESTING: 3.1 - simple args" | 3 | echo "TESTING: 3.1 - simple args" |
4 | firejail --join=joinrun ./argtest arg1 arg2 | 4 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --join=joinrun /usr/lib/firejail/faudit arg1 arg2 |
5 | 5 | ||
6 | # simple quotes, testing spaces in file names | 6 | # simple quotes, testing spaces in file names |
7 | echo "TESTING: 3.2 - args with space and \"" | 7 | echo "TESTING: 3.2 - args with space and \"" |
8 | firejail --quiet ./argtest "arg1 tail" "arg2 tail" | 8 | firejail--env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit "arg1 tail" "arg2 tail" |
9 | 9 | ||
10 | echo "TESTING: 3.3 - args with space and '" | 10 | echo "TESTING: 3.3 - args with space and '" |
11 | firejail --quiet ./argtest 'arg1 tail' 'arg2 tail' | 11 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit 'arg1 tail' 'arg2 tail' |
12 | 12 | ||
13 | # escaped space in file names | 13 | # escaped space in file names |
14 | echo "TESTING: 3.4 - args with space and \\" | 14 | echo "TESTING: 3.4 - args with space and \\" |
15 | firejail --quiet ./argtest arg1\ tail arg2\ tail | 15 | firejail--env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit arg1\ tail arg2\ tail |
16 | 16 | ||
17 | # & char appears in URLs - URLs should be quoted | 17 | # & char appears in URLs - URLs should be quoted |
18 | echo "TESTING: 3.5 - args with & and \"" | 18 | echo "TESTING: 3.5 - args with & and \"" |
19 | firejail --quiet ./argtest "arg1&tail" "arg2&tail" | 19 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit "arg1&tail" "arg2&tail" |
20 | 20 | ||
21 | echo "TESTING: 3.6 - args with & and '" | 21 | echo "TESTING: 3.6 - args with & and '" |
22 | firejail --quiet ./argtest 'arg1&tail' 'arg2&tail' | 22 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit 'arg1&tail' 'arg2&tail' |
diff --git a/test/arguments/main.c b/test/arguments/main.c deleted file mode 100644 index 75bdca715..000000000 --- a/test/arguments/main.c +++ /dev/null | |||
@@ -1,31 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2016 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | #include <stdio.h> | ||
21 | |||
22 | int main(int argc, char **argv) { | ||
23 | printf("Arguments:\n"); | ||
24 | |||
25 | int i; | ||
26 | for (i = 0; i < argc; i++) { | ||
27 | printf("#%s#\n", argv[i]); | ||
28 | } | ||
29 | |||
30 | return 0; | ||
31 | } | ||
diff --git a/test/arguments/outrun.sh b/test/arguments/outrun.sh index cfd8e684c..a21243873 100755 --- a/test/arguments/outrun.sh +++ b/test/arguments/outrun.sh | |||
@@ -1,22 +1,22 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | 2 | ||
3 | echo "TESTING: 4.1 - simple args" | 3 | echo "TESTING: 4.1 - simple args" |
4 | firejail --output=out ./argtest arg1 arg2 | 4 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit arg1 arg2 |
5 | 5 | ||
6 | # simple quotes, testing spaces in file names | 6 | # simple quotes, testing spaces in file names |
7 | echo "TESTING: 4.2 - args with space and \"" | 7 | echo "TESTING: 4.2 - args with space and \"" |
8 | firejail --output=out ./argtest "arg1 tail" "arg2 tail" | 8 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit "arg1 tail" "arg2 tail" |
9 | 9 | ||
10 | echo "TESTING: 4.3 - args with space and '" | 10 | echo "TESTING: 4.3 - args with space and '" |
11 | firejail --output=out ./argtest 'arg1 tail' 'arg2 tail' | 11 | firejail--env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit 'arg1 tail' 'arg2 tail' |
12 | 12 | ||
13 | # escaped space in file names | 13 | # escaped space in file names |
14 | echo "TESTING: 4.4 - args with space and \\" | 14 | echo "TESTING: 4.4 - args with space and \\" |
15 | firejail --output=out ./argtest arg1\ tail arg2\ tail | 15 | firejail--env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit arg1\ tail arg2\ tail |
16 | 16 | ||
17 | # & char appears in URLs - URLs should be quoted | 17 | # & char appears in URLs - URLs should be quoted |
18 | echo "TESTING: 4.5 - args with & and \"" | 18 | echo "TESTING: 4.5 - args with & and \"" |
19 | firejail --output=out ./argtest "arg1&tail" "arg2&tail" | 19 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit "arg1&tail" "arg2&tail" |
20 | 20 | ||
21 | echo "TESTING: 4.6 - args with & and '" | 21 | echo "TESTING: 4.6 - args with & and '" |
22 | firejail --output=out ./argtest 'arg1&tail' 'arg2&tail' | 22 | firejail--env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit 'arg1&tail' 'arg2&tail' |
diff --git a/test/arguments/readme b/test/arguments/readme deleted file mode 100644 index c28461478..000000000 --- a/test/arguments/readme +++ /dev/null | |||
@@ -1,9 +0,0 @@ | |||
1 | Argument testing fremework for Firejail. | ||
2 | |||
3 | A small test program, argtest, is compiled and installed in /usr/local/bin directory. | ||
4 | Run "make && sudo make install" to install it. | ||
5 | |||
6 | Run "make test" to run the tests. | ||
7 | |||
8 | Run "sudo make uninstall" to remove the test program. | ||
9 | |||
diff --git a/test/fs/fs.sh b/test/fs/fs.sh index 3139b8eae..812da02b0 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh | |||
@@ -22,7 +22,13 @@ echo "TESTING: read/write /dev/shm (test/fs/fs_dev_shm.exp)" | |||
22 | ./fs_dev_shm.exp | 22 | ./fs_dev_shm.exp |
23 | 23 | ||
24 | echo "TESTING: private (test/fs/private.exp)" | 24 | echo "TESTING: private (test/fs/private.exp)" |
25 | ./private.exp `whoami` | 25 | ./private.exp |
26 | |||
27 | echo "TESTING: private home (test/fs/private-home.exp)" | ||
28 | ./private-home.exp | ||
29 | |||
30 | echo "TESTING: private home dir (test/fs/private-home-dir.exp)" | ||
31 | ./private-home-dir.exp | ||
26 | 32 | ||
27 | echo "TESTING: private-etc (test/fs/private-etc.exp)" | 33 | echo "TESTING: private-etc (test/fs/private-etc.exp)" |
28 | ./private-etc.exp | 34 | ./private-etc.exp |
diff --git a/test/fs/private-home-dir.exp b/test/fs/private-home-dir.exp new file mode 100755 index 000000000..5491be834 --- /dev/null +++ b/test/fs/private-home-dir.exp | |||
@@ -0,0 +1,70 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | |||
11 | if {[file exists ~/.asoundrc]} { | ||
12 | puts "found .asoundrc file\n" | ||
13 | } else { | ||
14 | send -- "touch ~/.asoundrc\r" | ||
15 | } | ||
16 | after 100 | ||
17 | |||
18 | if {[file exists ~/.Xauthority]} { | ||
19 | puts "found .Xauthority file\n" | ||
20 | } else { | ||
21 | send -- "touch ~/.Xauthority\r" | ||
22 | } | ||
23 | after 100 | ||
24 | send -- "mkdir ~/_firejail_test_dir_\r" | ||
25 | sleep 1 | ||
26 | |||
27 | # testing profile and private | ||
28 | send -- "firejail --private=~/_firejail_test_dir_\r" | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 0\n";exit} | ||
31 | "Child process initialized" | ||
32 | } | ||
33 | sleep 1 | ||
34 | |||
35 | send -- "ls -l ~\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 1\n";exit} | ||
38 | "total 0" | ||
39 | } | ||
40 | after 100 | ||
41 | |||
42 | send -- "ls -al ~\r" | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 2\n";exit} | ||
45 | ".asoundrc" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 3\n";exit} | ||
49 | ".bashrc" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 4\n";exit} | ||
53 | ".Xauthority" | ||
54 | } | ||
55 | after 100 | ||
56 | |||
57 | send -- "exit\r" | ||
58 | sleep 1 | ||
59 | |||
60 | |||
61 | # testing profile and private | ||
62 | send -- "firejail --private=/etc\r" | ||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 5\n";exit} | ||
65 | "private directory should be owned by the current user" | ||
66 | } | ||
67 | sleep 1 | ||
68 | |||
69 | |||
70 | puts "all done\n" | ||
diff --git a/test/fs/private-home.exp b/test/fs/private-home.exp new file mode 100755 index 000000000..de5a88dea --- /dev/null +++ b/test/fs/private-home.exp | |||
@@ -0,0 +1,45 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # create some test files in user home directory | ||
11 | send -- "touch ~/_firejail_test_file1\r" | ||
12 | send -- "touch ~/_firejail_test_file2\r" | ||
13 | send -- "mkdir ~/_firejail_test_dir1\r" | ||
14 | send -- "mkdir ~/_firejail_test_dir1/_firejail_test_dir2\r" | ||
15 | send -- "touch ~/_firejail_test_dir1/_firejail_test_dir2/_firejail_test_file3\r" | ||
16 | after 100 | ||
17 | |||
18 | send -- "firejail --private-home=_firejail_test_file1,_firejail_test_file2,_firejail_test_dir1\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1\n";exit} | ||
21 | "Child process initialized" | ||
22 | } | ||
23 | after 100 | ||
24 | |||
25 | send -- "find ~\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 2\n";exit} | ||
28 | "_firejail_test_file3" | ||
29 | } | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 3\n";exit} | ||
32 | "_firejail_test_file2" | ||
33 | } | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4\n";exit} | ||
36 | "_firejail_test_file1" | ||
37 | } | ||
38 | after 100 | ||
39 | |||
40 | send -- "rm -f ~/_firejail_test_file*\r" | ||
41 | send -- "rm -fr ~/_firejail_test_dir*\r" | ||
42 | after 100 | ||
43 | |||
44 | puts "\nall done\n" | ||
45 | |||
diff --git a/test/fs/private.exp b/test/fs/private.exp index 67435b888..8114ee45d 100755 --- a/test/fs/private.exp +++ b/test/fs/private.exp | |||
@@ -7,53 +7,52 @@ set timeout 10 | |||
7 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
8 | match_max 100000 | 8 | match_max 100000 |
9 | 9 | ||
10 | if { $argc != 1 } { | 10 | |
11 | puts "TESTING ERROR: argument missing" | 11 | if {[file exists ~/.asoundrc]} { |
12 | puts "Usage: private.exp username" | 12 | puts "found .asoundrc file\n" |
13 | puts "where username is the name of the current user" | 13 | } else { |
14 | exit | 14 | send -- "touch ~/.asoundrc\r" |
15 | } | 15 | } |
16 | after 100 | ||
17 | |||
18 | if {[file exists ~/.Xauthority]} { | ||
19 | puts "found .Xauthority file\n" | ||
20 | } else { | ||
21 | send -- "touch ~/.Xauthority\r" | ||
22 | } | ||
23 | after 100 | ||
16 | 24 | ||
17 | # testing profile and private | 25 | # testing profile and private |
18 | send -- "firejail --private --profile=/etc/firejail/default.profile\r" | 26 | send -- "firejail --private\r" |
19 | expect { | 27 | expect { |
20 | timeout {puts "TESTING ERROR 0\n";exit} | 28 | timeout {puts "TESTING ERROR 0\n";exit} |
21 | "Child process initialized" | 29 | "Child process initialized" |
22 | } | 30 | } |
23 | sleep 1 | 31 | sleep 1 |
24 | send -- "exit\r" | ||
25 | sleep 1 | ||
26 | 32 | ||
27 | send -- "firejail --private --noprofile\r" | 33 | send -- "ls -l ~\r" |
28 | expect { | 34 | expect { |
29 | timeout {puts "TESTING ERROR 1\n";exit} | 35 | timeout {puts "TESTING ERROR 1\n";exit} |
30 | "Child process initialized" | 36 | "total 0" |
31 | } | 37 | } |
38 | after 100 | ||
32 | 39 | ||
33 | sleep 1 | 40 | send -- "ls -al ~\r" |
34 | send -- "cd ~; ls -al; echo done\r" | ||
35 | expect { | 41 | expect { |
36 | timeout {puts "TESTING ERROR 2\n";exit} | 42 | timeout {puts "TESTING ERROR 2\n";exit} |
37 | ".bashrc" | 43 | ".asoundrc" |
38 | } | 44 | } |
39 | expect { | 45 | expect { |
40 | timeout {puts "TESTING ERROR 3\n";exit} | 46 | timeout {puts "TESTING ERROR 3\n";exit} |
41 | done | 47 | ".bashrc" |
42 | } | ||
43 | |||
44 | # owner /tmp | ||
45 | send -- "stat -c %U%a /tmp;echo done\r" | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 10\n";exit} | ||
48 | "root777" {puts "version 1\n";} | ||
49 | "root1777" {puts "version 2\n";} | ||
50 | "nobody777" {puts "version 3\n";} | ||
51 | "nobody1777" {puts "version 4\n";} | ||
52 | } | 48 | } |
53 | expect { | 49 | expect { |
54 | timeout {puts "TESTING ERROR 11\n";exit} | 50 | timeout {puts "TESTING ERROR 4\n";exit} |
55 | "done" | 51 | ".Xauthority" |
56 | } | 52 | } |
57 | after 100 | 53 | after 100 |
58 | 54 | ||
55 | send -- "exit\r" | ||
56 | sleep 1 | ||
57 | |||
59 | puts "all done\n" | 58 | puts "all done\n" |
diff --git a/test/network/interface.exp b/test/network/interface.exp new file mode 100755 index 000000000..b15563eec --- /dev/null +++ b/test/network/interface.exp | |||
@@ -0,0 +1,66 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # | ||
3 | # interface | ||
4 | # | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | set overlay [lindex $argv 0] | ||
10 | set chroot [lindex $argv 1] | ||
11 | |||
12 | # | ||
13 | # N | ||
14 | # | ||
15 | # todo: seems to be unable to find interface eth0.7 | ||
16 | #send -- "firejail --noprofile --interface=eth0.5 --interface=eth0.6 --interface=eth0.7\r" | ||
17 | send -- "firejail --noprofile --interface=eth0.7 --interface=eth0.6\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 0\n";exit} | ||
20 | "Child process initialized" | ||
21 | } | ||
22 | sleep 1 | ||
23 | |||
24 | send -- "/sbin/ifconfig\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 1\n";exit} | ||
27 | "eth0.5" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 2n";exit} | ||
31 | "Link" | ||
32 | } | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 3\n";exit} | ||
35 | "10.10.205.10" | ||
36 | } | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 4\n";exit} | ||
39 | "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" | ||
40 | } | ||
41 | after 100 | ||
42 | |||
43 | send -- "/sbin/ifconfig\r" | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 5\n";exit} | ||
46 | "eth0.6" | ||
47 | } | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 6\n";exit} | ||
50 | "Link" | ||
51 | } | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 7\n";exit} | ||
54 | "10.10.206.10" | ||
55 | } | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 8\n";exit} | ||
58 | "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" | ||
59 | } | ||
60 | after 100 | ||
61 | |||
62 | send -- "exit\r" | ||
63 | sleep 1 | ||
64 | |||
65 | |||
66 | puts "\nall done\n" | ||
diff --git a/test/network/net_scan.exp b/test/network/net_scan.exp new file mode 100755 index 000000000..5afbbeea6 --- /dev/null +++ b/test/network/net_scan.exp | |||
@@ -0,0 +1,75 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # | ||
11 | send -- "firejail --net=br1 --ip=10.10.30.50\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "eth0" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "10.10.30.50" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 2\n";exit} | ||
22 | "255.255.255.0" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3\n";exit} | ||
26 | "Child process initialized" | ||
27 | } | ||
28 | sleep 1 | ||
29 | |||
30 | spawn $env(SHELL) | ||
31 | send -- "firejail --net=br1 --ip=10.10.30.51\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 4\n";exit} | ||
34 | "eth0" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 5\n";exit} | ||
38 | "10.10.30.51" | ||
39 | } | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 6\n";exit} | ||
42 | "255.255.255.0" | ||
43 | } | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 7\n";exit} | ||
46 | "Child process initialized" | ||
47 | } | ||
48 | sleep 1 | ||
49 | |||
50 | spawn $env(SHELL) | ||
51 | send -- "firejail --net=br1 --scan\r" | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 8\n";exit} | ||
54 | "eth0" | ||
55 | } | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 9\n";exit} | ||
58 | "10.10.30.50" | ||
59 | } | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 10\n";exit} | ||
62 | "10.10.30.51" | ||
63 | } | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 11\n";exit} | ||
66 | "Child process initialized" | ||
67 | } | ||
68 | sleep 1 | ||
69 | |||
70 | |||
71 | |||
72 | after 100 | ||
73 | |||
74 | puts "\nall done\n" | ||
75 | |||
diff --git a/test/network/network.sh b/test/network/network.sh index 7b6d66e34..e0087411d 100755 --- a/test/network/network.sh +++ b/test/network/network.sh | |||
@@ -52,6 +52,12 @@ echo "TESTING: network default gateway test 2 (net_defaultgw2.exp)" | |||
52 | echo "TESTING: network default gateway test 3 (net_defaultgw3.exp)" | 52 | echo "TESTING: network default gateway test 3 (net_defaultgw3.exp)" |
53 | ./net_defaultgw3.exp | 53 | ./net_defaultgw3.exp |
54 | 54 | ||
55 | echo "TESTING: scan (net_scan.exp)" | ||
56 | ./net_scan.exp | ||
57 | |||
58 | echo "TESTING: interface (interface.exp)" | ||
59 | ./interface.exp | ||
60 | |||
55 | echo "TESTING: netfilter (net_netfilter.exp)" | 61 | echo "TESTING: netfilter (net_netfilter.exp)" |
56 | ./net_netfilter.exp | 62 | ./net_netfilter.exp |
57 | 63 | ||