aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README.md2
-rw-r--r--src/firejail/profile.c5
-rw-r--r--src/firejail/protocol.c2
-rwxr-xr-xtest/protocol.exp184
-rw-r--r--test/protocol1.profile1
-rw-r--r--test/protocol2.profile1
-rwxr-xr-xtest/test.sh3
7 files changed, 196 insertions, 2 deletions
diff --git a/README.md b/README.md
index b94f11299..ebf005db7 100644
--- a/README.md
+++ b/README.md
@@ -58,7 +58,7 @@ whitelist ~/.vimperator
58 58
59I intend to bring in all files and directories used by Firefox addons and plugins. So far I have 59I intend to bring in all files and directories used by Firefox addons and plugins. So far I have
60[Video DownloadHelper](https://addons.mozilla.org/en-US/firefox/addon/video-downloadhelper/), 60[Video DownloadHelper](https://addons.mozilla.org/en-US/firefox/addon/video-downloadhelper/),
61[Zotero](https://www.zotero.org/download/) 61[Zotero](https://www.zotero.org/download/),
62[LastPass](https://addons.mozilla.org/en-US/firefox/addon/lastpass-password-manager/), 62[LastPass](https://addons.mozilla.org/en-US/firefox/addon/lastpass-password-manager/),
63and [Vimperator](https://addons.mozilla.org/en-US/firefox/addon/vimperator/) 63and [Vimperator](https://addons.mozilla.org/en-US/firefox/addon/vimperator/)
64If you're using a anything else, please let me know. 64If you're using a anything else, please let me know.
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 1fadab1fa..05a8ece35 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -151,6 +151,11 @@ int profile_check_line(char *ptr, int lineno) {
151 return 0; 151 return 0;
152 } 152 }
153 153
154 if (strncmp(ptr, "protocol ", 9) == 0) {
155 protocol_store(ptr + 9);
156 return 0;
157 }
158
154 if (strncmp(ptr, "env ", 4) == 0) { 159 if (strncmp(ptr, "env ", 4) == 0) {
155 env_store(ptr + 4); 160 env_store(ptr + 4);
156 return 0; 161 return 0;
diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c
index 8e75277c2..ba784fc2e 100644
--- a/src/firejail/protocol.c
+++ b/src/firejail/protocol.c
@@ -177,9 +177,9 @@ printf("entries %u\n", (unsigned) (sizeof(filter_start) / sizeof(struct sock_fil
177 } 177 }
178 printf("\n"); 178 printf("\n");
179} 179}
180printf("whitelist_len %u, struct sock_filter len %u\n", whitelist_len, (unsigned) sizeof(struct sock_filter));
180#endif 181#endif
181 182
182printf("whitelist_len %u, struct sock_filter len %u\n", whitelist_len, (unsigned) sizeof(struct sock_filter));
183 183
184 // parse list and add commands 184 // parse list and add commands
185 char *tmplist = strdup(cfg.protocol); 185 char *tmplist = strdup(cfg.protocol);
diff --git a/test/protocol.exp b/test/protocol.exp
new file mode 100755
index 000000000..018f4cd9b
--- /dev/null
+++ b/test/protocol.exp
@@ -0,0 +1,184 @@
1#!/usr/bin/expect -f
2
3set timeout 10
4spawn $env(SHELL)
5match_max 100000
6
7send -- "firejail --noprofile --protocol=unix ../src/tools/syscall_test socket\r"
8expect {
9 timeout {puts "TESTING ERROR 1\n";exit}
10 "Child process initialized"
11}
12expect {
13 timeout {puts "TESTING ERROR 1.1\n";exit}
14 "socket AF_INET"
15}
16expect {
17 timeout {puts "TESTING ERROR 1.2\n";exit}
18 "Operation not supported"
19}
20expect {
21 timeout {puts "TESTING ERROR 1.3\n";exit}
22 "socket AF_INET6"
23}
24expect {
25 timeout {puts "TESTING ERROR 1.4\n";exit}
26 "Operation not supported"
27}
28expect {
29 timeout {puts "TESTING ERROR 1.5\n";exit}
30 "socket AF_NETLINK"
31}
32expect {
33 timeout {puts "TESTING ERROR 1.6\n";exit}
34 "Operation not supported"
35}
36expect {
37 timeout {puts "TESTING ERROR 1.7\n";exit}
38 "socket AF_UNIX"
39}
40expect {
41 timeout {puts "TESTING ERROR 1.8\n";exit}
42 "socket AF_PACKETX"
43}
44expect {
45 timeout {puts "TESTING ERROR 1.9\n";exit}
46 "Operation not supported"
47}
48sleep 1
49
50send -- "firejail --noprofile --protocol=inet6,packet ../src/tools/syscall_test socket\r"
51expect {
52 timeout {puts "TESTING ERROR 2\n";exit}
53 "Child process initialized"
54}
55expect {
56 timeout {puts "TESTING ERROR 2.1\n";exit}
57 "socket AF_INET"
58}
59expect {
60 timeout {puts "TESTING ERROR 2.2\n";exit}
61 "Operation not supported"
62}
63expect {
64 timeout {puts "TESTING ERROR 2.3\n";exit}
65 "socket AF_INET6"
66}
67expect {
68 timeout {puts "TESTING ERROR 2.4\n";exit}
69 "socket AF_NETLINK"
70}
71expect {
72 timeout {puts "TESTING ERROR 2.5\n";exit}
73 "Operation not supported"
74}
75expect {
76 timeout {puts "TESTING ERROR 2.6\n";exit}
77 "socket AF_UNIX"
78}
79expect {
80 timeout {puts "TESTING ERROR 2.7\n";exit}
81 "Operation not supported"
82}
83expect {
84 timeout {puts "TESTING ERROR 2.8\n";exit}
85 "socket AF_PACKETX"
86}
87expect {
88 timeout {puts "TESTING ERROR 2.9\n";exit}
89 "after socket"
90}
91sleep 1
92
93# profile testing
94send -- "firejail --profile=protocol1.profile ../src/tools/syscall_test socket\r"
95expect {
96 timeout {puts "TESTING ERROR 3\n";exit}
97 "Child process initialized"
98}
99expect {
100 timeout {puts "TESTING ERROR 3.1\n";exit}
101 "socket AF_INET"
102}
103expect {
104 timeout {puts "TESTING ERROR 3.2\n";exit}
105 "Operation not supported"
106}
107expect {
108 timeout {puts "TESTING ERROR 3.3\n";exit}
109 "socket AF_INET6"
110}
111expect {
112 timeout {puts "TESTING ERROR 3.4\n";exit}
113 "Operation not supported"
114}
115expect {
116 timeout {puts "TESTING ERROR 3.5\n";exit}
117 "socket AF_NETLINK"
118}
119expect {
120 timeout {puts "TESTING ERROR 3.6\n";exit}
121 "Operation not supported"
122}
123expect {
124 timeout {puts "TESTING ERROR 3.7\n";exit}
125 "socket AF_UNIX"
126}
127expect {
128 timeout {puts "TESTING ERROR 3.8\n";exit}
129 "socket AF_PACKETX"
130}
131expect {
132 timeout {puts "TESTING ERROR 3.9\n";exit}
133 "Operation not supported"
134}
135sleep 1
136
137send -- "firejail --profile=protocol2.profile ../src/tools/syscall_test socket\r"
138expect {
139 timeout {puts "TESTING ERROR 4\n";exit}
140 "Child process initialized"
141}
142expect {
143 timeout {puts "TESTING ERROR 4.1\n";exit}
144 "socket AF_INET"
145}
146expect {
147 timeout {puts "TESTING ERROR 4.2\n";exit}
148 "Operation not supported"
149}
150expect {
151 timeout {puts "TESTING ERROR 4.3\n";exit}
152 "socket AF_INET6"
153}
154expect {
155 timeout {puts "TESTING ERROR 4.4\n";exit}
156 "socket AF_NETLINK"
157}
158expect {
159 timeout {puts "TESTING ERROR 4.5\n";exit}
160 "Operation not supported"
161}
162expect {
163 timeout {puts "TESTING ERROR 4.6\n";exit}
164 "socket AF_UNIX"
165}
166expect {
167 timeout {puts "TESTING ERROR 4.7\n";exit}
168 "Operation not supported"
169}
170expect {
171 timeout {puts "TESTING ERROR 4.8\n";exit}
172 "socket AF_PACKETX"
173}
174expect {
175 timeout {puts "TESTING ERROR 4.9\n";exit}
176 "after socket"
177}
178sleep 1
179
180
181
182
183
184puts "\nall done\n"
diff --git a/test/protocol1.profile b/test/protocol1.profile
new file mode 100644
index 000000000..3e1ea2a29
--- /dev/null
+++ b/test/protocol1.profile
@@ -0,0 +1 @@
protocol unix
diff --git a/test/protocol2.profile b/test/protocol2.profile
new file mode 100644
index 000000000..b7eb4ab91
--- /dev/null
+++ b/test/protocol2.profile
@@ -0,0 +1 @@
protocol inet6,packet
diff --git a/test/test.sh b/test/test.sh
index 406ef92a3..8e673911e 100755
--- a/test/test.sh
+++ b/test/test.sh
@@ -12,6 +12,9 @@ done
12 12
13./fscheck.sh 13./fscheck.sh
14 14
15echo "TESTING: protocol"
16./protocol.exp
17
15echo "TESTING: invalid filename" 18echo "TESTING: invalid filename"
16./invalid_filename.exp 19./invalid_filename.exp
17 20
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 14:37:14 +0000