23 files changed, 770 insertions, 190 deletions

diff --git a/Makefile.in b/Makefile.in
index 134e7bd66..ebf9d40e8 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -299,6 +299,10 @@ test-travis: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sy
 # with them you will need to restart your computer.
 ##########################################
 
+# a firejail-test account is required, public/private key setup
+test-ssh:
+        cd test/ssh; ./ssh.sh | grep TESTING
+
 # requires root access
 test-chroot:
         cd test/chroot; ./chroot.sh | grep testing
diff --git a/gcov.sh b/gcov.sh
index ff910cbe0..8fb4a9a8d 100755
--- a/gcov.sh
+++ b/gcov.sh
@@ -34,7 +34,7 @@ generate() {
 gcov_init
 lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder -d  src/fcopy -d  src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd  --output-file gcov-file-old
 
-#make test-environment
+#make test-utils
 #generate
 #sleep 2
 #exit
@@ -57,6 +57,10 @@ make test-stress
 generate
 sleep 2
 
+make test-ssh
+generate
+sleep 2
+
 make test-appimage
 generate
 sleep 2
diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c
index 0a6a0bbf0..49e58528c 100644
--- a/src/firecfg/desktop_files.c
+++ b/src/firecfg/desktop_files.c
@@ -136,15 +136,9 @@ void fix_desktop_files(char *homedir) {
 
         // source
         DIR *dir = opendir("/usr/share/applications");
-        if (!dir) {
+        if (!dir || chdir("/usr/share/applications")) {
                 perror("opendir");
-                fprintf(stderr, "Warning: cannot open /usr/share/applications directory, desktop files fixing skipped...\n");
-                free(user_apps_dir);
-                return;
-        }
-        if (chdir("/usr/share/applications")) {
-                perror("chdir");
-                fprintf(stderr, "Warning: cannot chdir to /usr/share/applications, desktop files fixing skipped...\n");
+                fprintf(stderr, "Warning: cannot access /usr/share/applications directory, desktop files fixing skipped...\n");
                 free(user_apps_dir);
                 return;
         }
diff --git a/src/firecfg/main.c b/src/firecfg/main.c
index ab0fd53e3..e636dc385 100644
--- a/src/firecfg/main.c
+++ b/src/firecfg/main.c
@@ -21,38 +21,41 @@
 #include "firecfg.h"
 int arg_debug = 0;
 
+static char *usage_str =
+        "Firecfg is the desktop configuration utility for Firejail software. The utility\n"
+        "creates several symbolic links to firejail executable. This allows the user to\n"
+        "sandbox applications automatically, just by clicking on a regular desktop\n"
+        "menus and icons.\n\n"
+        "The symbolic links are placed in /usr/local/bin. For more information, see\n"
+        "DESKTOP INTEGRATION section in man 1 firejail.\n\n"
+        "Usage: firecfg [OPTIONS]\n\n"
+        "   --clean - remove all firejail symbolic links.\n\n"
+        "   --debug - print debug messages.\n\n"
+        "   --fix - fix .desktop files.\n\n"
+        "   --fix-sound - create ~/.config/pulse/client.conf file.\n\n"
+        "   --help, -? - this help screen.\n\n"
+        "   --list - list all firejail symbolic links.\n\n"
+        "   --version - print program version and exit.\n\n"
+        "Example:\n\n"
+        "   $ sudo firecfg\n"
+        "   /usr/local/bin/firefox created\n"
+        "   /usr/local/bin/vlc created\n"
+        "   [...]\n"
+        "   $ firecfg --list\n"
+        "   /usr/local/bin/firefox\n"
+        "   /usr/local/bin/vlc\n"
+        "   [...]\n"
+        "   $ sudo firecfg --clean\n"
+        "   /usr/local/bin/firefox removed\n"
+        "   /usr/local/bin/vlc removed\n"
+        "   [...]\n"
+        "\n"
+        "License GPL version 2 or later\n"
+        "Homepage: http://firejail.wordpress.com\n\n";
+
 static void usage(void) {
         printf("firecfg - version %s\n\n", VERSION);
-        printf("Firecfg is the desktop configuration utility for Firejail software. The utility\n");
-        printf("creates several symbolic links to firejail executable. This allows the user to\n");
-        printf("sandbox applications automatically, just by clicking on a regular desktop\n");
-        printf("menus and icons.\n\n");
-        printf("The symbolic links are placed in /usr/local/bin. For more information, see\n");
-        printf("DESKTOP INTEGRATION section in man 1 firejail.\n\n");
-        printf("Usage: firecfg [OPTIONS]\n\n");
-        printf("   --clean - remove all firejail symbolic links.\n\n");
-        printf("   --debug - print debug messages.\n\n");
-        printf("   --fix - fix .desktop files.\n\n");
-        printf("   --fix-sound - create ~/.config/pulse/client.conf file.\n\n");
-        printf("   --help, -? - this help screen.\n\n");
-        printf("   --list - list all firejail symbolic links.\n\n");
-        printf("   --version - print program version and exit.\n\n");
-        printf("Example:\n\n");
-        printf("   $ sudo firecfg\n");
-        printf("   /usr/local/bin/firefox created\n");
-        printf("   /usr/local/bin/vlc created\n");
-        printf("   [...]\n");
-        printf("   $ firecfg --list\n");
-        printf("   /usr/local/bin/firefox\n");
-        printf("   /usr/local/bin/vlc\n");
-        printf("   [...]\n");
-        printf("   $ sudo firecfg --clean\n");
-        printf("   /usr/local/bin/firefox removed\n");
-        printf("   /usr/local/bin/vlc removed\n");
-        printf("   [...]\n");
-        printf("\n");
-        printf("License GPL version 2 or later\n");
-        printf("Homepage: http://firejail.wordpress.com\n\n");
+        puts(usage_str);
 }
 
 
diff --git a/src/firemon/usage.c b/src/firemon/usage.c
index 617f4dacd..37bd4e874 100644
--- a/src/firemon/usage.c
+++ b/src/firemon/usage.c
@@ -19,62 +19,65 @@
 */
 #include "firemon.h"
 
-void usage(void) {
-        printf("firemon - version %s\n", VERSION);
-        printf("Usage: firemon [OPTIONS] [PID]\n\n");
-        printf("Monitor processes started in a Firejail sandbox. Without any PID specified,\n");
-        printf("all processes started by Firejail are monitored. Descendants of these processes\n");
-        printf("are also being monitored. On Grsecurity systems only root user\n");
-        printf("can run this program.\n\n");
-        printf("Options:\n");
-        printf("\t--apparmor - print AppArmor confinement status for each sandbox.\n\n");
-        printf("\t--arp - print ARP table for each sandbox.\n\n");
-        printf("\t--caps - print capabilities configuration for each sandbox.\n\n");
-        printf("\t--cgroup - print control group information for each sandbox.\n\n");
-        printf("\t--cpu - print CPU affinity for each sandbox.\n\n");
-        printf("\t--help, -? - this help screen.\n\n");
-        printf("\t--interface - print network interface information for each sandbox.\n\n");
-        printf("\t--list - list all sandboxes.\n\n");
-        printf("\t--name=name - print information only about named sandbox.\n\n");
-        printf("\t--netstats - monitor network statistics for sandboxes creating a new\n");
-        printf("\t\tnetwork namespace.\n\n");
-        printf("\t--nowrap - enable line wrapping in terminals.\n\n");
-        printf("\t--route - print route table for each sandbox.\n\n");
-        printf("\t--seccomp - print seccomp configuration for each sandbox.\n\n");
-        printf("\t--tree - print a tree of all sandboxed processes.\n\n");
-        printf("\t--top - monitor the most CPU-intensive sandboxes.\n\n");
-        printf("\t--version - print program version and exit.\n\n");
+static char *help_str =
+        "Usage: firemon [OPTIONS] [PID]\n\n"
+        "Monitor processes started in a Firejail sandbox. Without any PID specified,\n"
+        "all processes started by Firejail are monitored. Descendants of these processes\n"
+        "are also being monitored. On Grsecurity systems only root user\n"
+        "can run this program.\n\n"
+        "Options:\n"
+        "\t--apparmor - print AppArmor confinement status for each sandbox.\n\n"
+        "\t--arp - print ARP table for each sandbox.\n\n"
+        "\t--caps - print capabilities configuration for each sandbox.\n\n"
+        "\t--cgroup - print control group information for each sandbox.\n\n"
+        "\t--cpu - print CPU affinity for each sandbox.\n\n"
+        "\t--help, -? - this help screen.\n\n"
+        "\t--interface - print network interface information for each sandbox.\n\n"
+        "\t--list - list all sandboxes.\n\n"
+        "\t--name=name - print information only about named sandbox.\n\n"
+        "\t--netstats - monitor network statistics for sandboxes creating a new\n"
+        "\t\tnetwork namespace.\n\n"
+        "\t--nowrap - enable line wrapping in terminals.\n\n"
+        "\t--route - print route table for each sandbox.\n\n"
+        "\t--seccomp - print seccomp configuration for each sandbox.\n\n"
+        "\t--tree - print a tree of all sandboxed processes.\n\n"
+        "\t--top - monitor the most CPU-intensive sandboxes.\n\n"
+        "\t--version - print program version and exit.\n\n"
+
+        "Without any options, firemon monitors all fork, exec, id change, and exit\n"
+        "events in the sandbox. Monitoring a specific PID is also supported.\n\n"
 
-        printf("Without any options, firemon monitors all fork, exec, id change, and exit events\n");
-        printf("in the sandbox. Monitoring a specific PID is also supported.\n\n");
+        "Option --list prints a list of all sandboxes. The format for each entry is as\n"
+        "follows:\n\n"
+        "\tPID:USER:Command\n\n"
 
-        printf("Option --list prints a list of all sandboxes. The format for each entry is as\n");
-        printf("follows:\n\n");
-        printf("\tPID:USER:Command\n\n");
+        "Option --tree prints the tree of processes running in the sandbox. The format\n"
+        "for each process entry is as follows:\n\n"
+        "\tPID:USER:Command\n\n"
 
-        printf("Option --tree prints the tree of processes running in the sandbox. The format\n");
-        printf("for each process entry is as follows:\n\n");
-        printf("\tPID:USER:Command\n\n");
+        "Option --top is similar to the UNIX top command, however it applies only to\n"
+        "sandboxes. Listed below are the available fields (columns) in alphabetical\n"
+        "order:\n\n"
+        "\tCommand - command used to start the sandbox.\n"
+        "\tCPU%% - CPU usage, the sandbox share of the elapsed CPU time since the\n"
+        "\t       last screen update\n"
+        "\tPID - Unique process ID for the task controlling the sandbox.\n"
+        "\tPrcs - number of processes running in sandbox, including the\n"
+        "\t       controlling process.\n"
+        "\tRES - Resident Memory Size (KiB), sandbox non-swapped physical memory.\n"
+        "\t      It is a sum of the RES values for all processes running in the\n"
+        "\t      sandbox.\n"
+        "\tSHR - Shared Memory Size (KiB), it reflects memory shared with other\n"
+        "\t      processes. It is a sum of the SHR values for all processes\n"
+        "\t      running in the sandbox, including the controlling process.\n"
+        "\tUptime - sandbox running time in hours:minutes:seconds format.\n"
+        "\tUser - The owner of the sandbox.\n"
+        "\n"
+        "License GPL version 2 or later\n"
+        "Homepage: http://firejail.wordpress.com\n"
+        "\n";
 
-        printf("Option --top is similar to the UNIX top command, however it applies only to\n");
-        printf("sandboxes. Listed below are the available fields (columns) in alphabetical\n");
-        printf("order:\n\n");
-        printf("\tCommand - command used to start the sandbox.\n");
-        printf("\tCPU%% - CPU usage, the sandbox share of the elapsed CPU time since the\n");
-        printf("\t       last screen update\n");
-        printf("\tPID - Unique process ID for the task controlling the sandbox.\n");
-        printf("\tPrcs - number of processes running in sandbox, including the controlling\n");
-        printf("\t       process.\n");
-        printf("\tRES - Resident Memory Size (KiB), sandbox non-swapped physical memory.\n");
-        printf("\t      It is a sum of the RES values for all processes running in the\n");
-        printf("\t      sandbox.\n");
-        printf("\tSHR - Shared Memory Size (KiB), it reflects memory shared with other\n");
-        printf("\t      processes. It is a sum of the SHR values for all processes running\n");
-        printf("\t      in the sandbox, including the controlling process.\n");
-        printf("\tUptime - sandbox running time in hours:minutes:seconds format.\n");
-        printf("\tUser - The owner of the sandbox.\n");
-        printf("\n");
-        printf("License GPL version 2 or later\n");
-        printf("Homepage: http://firejail.wordpress.com\n");
-        printf("\n");
+void usage(void) {
+        printf("firemon - version %s\n", VERSION);
+        puts(help_str);
 }
diff --git a/src/fnetfilter/main.c b/src/fnetfilter/main.c
index 828b30d40..ba58ba3c9 100644
--- a/src/fnetfilter/main.c
+++ b/src/fnetfilter/main.c
@@ -50,19 +50,20 @@ static void usage(void) {
         printf("\tfnetfilter netfilter-command destination-file\n");
 }
 
+static void err_exit_cannot_open_file(const char *fname) {
+        fprintf(stderr, "Error fnetfilter: cannot open %s\n", fname);
+        exit(1);
+}
+
 
 static void copy(const char *src, const char *dest) {
         FILE *fp1 = fopen(src, "r");
-        if (!fp1) {
-                fprintf(stderr, "Error fnetfilter: cannot open %s\n", src);
-                exit(1);
-        }
+        if (!fp1)
+                err_exit_cannot_open_file(src);
 
         FILE *fp2 = fopen(dest, "w");
-        if (!fp2) {
-                fprintf(stderr, "Error fnetfilter: cannot open %s\n", dest);
-                exit(1);
-        }
+        if (!fp2)
+                err_exit_cannot_open_file(dest);
 
         char buf[MAXBUF];
         while (fgets(buf, MAXBUF, fp1))
@@ -106,16 +107,12 @@ for (i = 0; i < argcnt; i++)
 
         // open the files
         FILE *fp1 = fopen(src, "r");
-        if (!fp1) {
-                fprintf(stderr, "Error fnetfilter: cannot open %s\n", src);
-                exit(1);
-        }
+        if (!fp1)
+                err_exit_cannot_open_file(src);
 
         FILE *fp2 = fopen(dest, "w");
-        if (!fp2) {
-                fprintf(stderr, "Error fnetfilter: cannot open %s\n", dest);
-                exit(1);
-        }
+        if (!fp2)
+                err_exit_cannot_open_file(dest);
 
         int line = 0;
         char buf[MAXBUF];
@@ -186,19 +183,15 @@ printf("\n");
 //printf("destfile %s\n", destfile);
         // destfile is a real filename
         int len = strlen(destfile);
-        if (strcspn(destfile, "\\&!?\"'<>%^(){};,*[]") != (size_t)len) {
-                fprintf(stderr, "Error fnetfilter: invalid destination file in netfilter command\n");
-                exit(1);
-        }
+        if (strcspn(destfile, "\\&!?\"'<>%^(){};,*[]") != (size_t)len)
+                err_exit_cannot_open_file(destfile);
 
         // handle default config (command = NULL, destfile)
         if (command == NULL) {
                 // create a default filter file
                 FILE *fp = fopen(destfile, "w");
-                if (!fp) {
-                        fprintf(stderr, "Error fnetfilter: cannot open %s\n", destfile);
-                        exit(1);
-                }
+                if (!fp)
+                        err_exit_cannot_open_file(destfile);
                 fprintf(fp, "%s\n", default_filter);
                 fclose(fp);
         }
diff --git a/test/environment/csh.exp b/test/environment/csh.exp
index 7b9fe7dc4..10a278ebc 100755
--- a/test/environment/csh.exp
+++ b/test/environment/csh.exp
@@ -30,6 +30,20 @@ expect {
         "/bin/csh"
 }
 send -- "exit\r"
+sleep 1
+
+send -- "firejail --shell=none --csh\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "shell=none was already specified"
+}
+after 100
+
+send -- "firejail --csh --shell=none\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "a shell was already specified"
+}
 after 100
 
 puts "\n"
diff --git a/test/environment/zsh.exp b/test/environment/zsh.exp
index 65fe440c7..e7f610e98 100755
--- a/test/environment/zsh.exp
+++ b/test/environment/zsh.exp
@@ -30,6 +30,20 @@ expect {
         "/bin/zsh"
 }
 send -- "exit\r"
+sleep 1
+
+send -- "firejail --shell=none --zsh\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "shell=none was already specified"
+}
+after 100
+
+send -- "firejail --zsh --shell=none\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "a shell was already specified"
+}
 after 100
 
 puts "\nall done\n"
diff --git a/test/login_ssh.exp b/test/login_ssh.exp
deleted file mode 100755
index db0721d25..000000000
--- a/test/login_ssh.exp
+++ /dev/null
@@ -1,59 +0,0 @@
-#!/usr/bin/expect -f
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "ssh bingo@0\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "password:" {
-                puts "\nTESTING: please enter SSH password"
-                set oldmode [stty -echo -raw]
-                expect_user -re "(.*)\n"
-                send_user "\n"
-                eval stty $oldmode
-#               stty echo
-                set pass $expect_out(1,string)
-                send -- "$pass\r"
-                puts "TESTING: password sent to the server"
-        }
-        "Child process initialized"
-}
-sleep 1
-
-# test default gw
-send -- "bash\r"
-sleep 1
-send -- "ps aux; pwd\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "/bin/bash"
-}
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "bash"
-}
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "ps aux"
-}
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "home"
-}
-sleep 1
-
-
-send -- "ps aux |wc -l; pwd\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "6"
-}
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        "home"
-}
-sleep 1
-
-puts "\nall done\n"
diff --git a/test/network/netfilter-template.exp b/test/network/netfilter-template.exp
index 1ad28a103..5a15152d3 100755
--- a/test/network/netfilter-template.exp
+++ b/test/network/netfilter-template.exp
@@ -7,6 +7,14 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
 
+
+send -- "firejail --net=br1 --ip=10.10.30.10 --name=test1 --netfilter=/etc/firejail/blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "invalid network filter file"
+}
+sleep 1
+
 send -- "firejail --net=br1 --ip=10.10.30.10 --name=test1 --netfilter=/etc/firejail/tcpserver.net,5555 ./tcpserver 5555\r"
 expect {
         timeout {puts "TESTING ERROR 1\n";exit}
@@ -15,6 +23,21 @@ expect {
 sleep 1
 
 spawn $env(SHELL)
+send -- "firejail --netfilter.print=test1\r"
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "Chain INPUT"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.2\n";exit}
+        "Chain FORWARD"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.3\n";exit}
+        "Chain OUTPUT"
+}
+sleep 1
+
 send -- "telnet 10.10.30.10 5555\r"
 expect {
         timeout {puts "TESTING ERROR 2\n";exit}
diff --git a/test/root/firecfg.exp b/test/root/firecfg.exp
index 656b8e215..b73167bd1 100755
--- a/test/root/firecfg.exp
+++ b/test/root/firecfg.exp
@@ -7,10 +7,10 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
 
-send -- "firecfg\r"
+send -- "firecfg --debug\r"
 sleep 1
 
-send --  "firecfg --clean\r"
+send --  "firecfg --debug --clean\r"
 expect {
         timeout {puts "TESTING ERROR 0\n";exit}
         "less removed"
@@ -27,7 +27,7 @@ expect {
 }
 sleep 1
 
-send --  "firecfg\r"
+send --  "firecfg --debug\r"
 expect {
         timeout {puts "TESTING ERROR 3\n";exit}
         "less created"
diff --git a/test/root/login_nobody.exp b/test/root/login_nobody.exp
new file mode 100755
index 000000000..8e9ec4367
--- /dev/null
+++ b/test/root/login_nobody.exp
@@ -0,0 +1,35 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2018 Firejail Authors
+# License GPL v2
+
+set timeout 10
+cd /home
+spawn $env(SHELL)
+match_max 100000
+
+send --  "su - nobody -s /usr/bin/firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+after 100
+
+send -- "cat /proc/self/status | grep Seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "2"
+}
+after 100
+
+send -- "cat /proc/self/status | grep CapBnd\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "0000000000000000"
+}
+after 100
+
+send -- "exit\r"
+sleep 1
+
+puts "\nall done\n"
diff --git a/test/root/root.sh b/test/root/root.sh
index 22b12cf86..4132bc739 100755
--- a/test/root/root.sh
+++ b/test/root/root.sh
@@ -3,6 +3,21 @@
 # set a new firejail config file
 #cp firejail.config /etc/firejail/firejail.config
 
+
+#********************************
+# firecfg
+#********************************
+which less
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: firecfg (test/root/firecfg.exp)"
+        mv /home/netblue/.local/share/applications /home/netblue/.local/share/applications-store
+        ./firecfg.exp
+        mv /home/netblue/.local/share/applications-store /home/netblue/.local/share/applications
+else
+        echo "TESTING SKIP: firecfg, less not found"
+fi
+
 #********************************
 # servers
 #********************************
@@ -65,6 +80,9 @@ echo "TESTING: join (test/root/join.exp)"
 echo "TESTING: git-install (test/root/git.exp)"
 ./git.exp
 
+echo "TESTING: login-nobody (test/root/login_nobody.exp)"
+./login_nobody.exp
+
 #********************************
 # seccomp
 #********************************
@@ -107,17 +125,6 @@ rm -f tmpfile
 echo "TESTING: firemon events (test/root/firemon-events.exp)"
 ./firemon-events.exp
 
-#********************************
-# firecfg
-#********************************
-which less
-if [ "$?" -eq 0 ];
-then
-        echo "TESTING: firecfg (test/root/firecfg.exp)"
-        ./firecfg.exp
-else
-        echo "TESTING SKIP: firecfg, less not found"
-fi
 
 # restore the default config file
 #cp ../../etc/firejail.config /etc/firejail/firejail.config
diff --git a/test/ssh/login.exp b/test/ssh/login.exp
new file mode 100755
index 000000000..479292c91
--- /dev/null
+++ b/test/ssh/login.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "ssh firejail-test@0\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized" {puts "OK\n"}
+        "an existing sandbox was detected" {puts "OK\n"}
+}
+sleep 1
+
+send -- "ps aux | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "5"
+}
+after 100
+
+send -- "ls -l /home | grep drw | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "1"
+}
+after 100
+
+send -- "cat /proc/self/status | grep Seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "2"
+}
+after 100
+
+send -- "cat /proc/self/status | grep CapBnd\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "0000000000000000"
+}
+after 100
+
+# preparing scp/sftp tests
+send -- "rm testfile\r"
+
+send -- "exit\r"
+sleep 1
+
+puts "\nall done\n"
diff --git a/test/ssh/scp.exp b/test/ssh/scp.exp
new file mode 100755
index 000000000..355125751
--- /dev/null
+++ b/test/ssh/scp.exp
@@ -0,0 +1,63 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "ssh firejail-test@0\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized" {puts "OK\n"}
+        "an existing sandbox was detected" {puts "OK\n"}
+}
+sleep 1
+
+send -- "rm -f testfile\r"
+after 100
+send -- "exit\r"
+sleep 1
+
+send -- "echo 12345 > testfile\r"
+after 100
+send -- "scp testfile firejail-test@0:~/testfile\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "100%"
+}
+sleep 1
+
+
+send -- "ssh firejail-test@0\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Child process initialized" {puts "OK\n"}
+        "an existing sandbox was detected" {puts "OK\n"}
+}
+sleep 1
+send -- "cat testfile\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "12345"
+}
+after 100
+send -- "exit\r"
+sleep 1
+
+send -- "rm testfile\r"
+after 100
+send -- "scp firejail-test@0:~/testfile testfile\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "100%"
+}
+sleep 1
+send -- "cat testfile\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "12345"
+}
+after 100
+send -- "rm testfile\r"
+sleep 1
+
+puts "\nall done\n"
diff --git a/test/ssh/sftp.exp b/test/ssh/sftp.exp
new file mode 100755
index 000000000..3b0124ec7
--- /dev/null
+++ b/test/ssh/sftp.exp
@@ -0,0 +1,87 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "ssh firejail-test@0\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized" {puts "OK\n"}
+        "an existing sandbox was detected" {puts "OK\n"}
+}
+sleep 1
+
+send -- "rm -f testfile\r"
+after 100
+send -- "exit\r"
+sleep 1
+
+send -- "echo 12345 > testfile\r"
+after 100
+send -- "sftp firejail-test@0\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Connected to 0"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "sftp>"
+}
+after 100
+send -- "put testfile\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "100%"
+}
+after 100
+send -- "exit\r"
+sleep 1
+
+
+send -- "ssh firejail-test@0\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized" {puts "OK\n"}
+        "an existing sandbox was detected" {puts "OK\n"}
+}
+sleep 1
+send -- "cat testfile\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "12345"
+}
+after 100
+send -- "exit\r"
+sleep 1
+
+send -- "rm testfile\r"
+after 100
+send -- "sftp firejail-test@0\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "Connected to 0"
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "sftp>"
+}
+after 100
+send -- "get testfile\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "100%"
+}
+after 100
+send -- "exit\r"
+sleep 1
+send -- "cat testfile\r"
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "12345"
+}
+after 100
+send -- "rm testfile\r"
+sleep 1
+
+puts "\nall done\n"
diff --git a/test/ssh/ssh.sh b/test/ssh/ssh.sh
new file mode 100755
index 000000000..20a70b1b6
--- /dev/null
+++ b/test/ssh/ssh.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+# This file is part of Firejail project
+# Copyright (C) 2014-2018 Firejail Authors
+# License GPL v2
+
+export MALLOC_CHECK_=3
+export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
+
+echo "TESTING: ssh login (test/ssh/login.exp)"
+./login.exp
+
+echo "TESTING: sftp (test/ssh/sftp.exp)"
+./sftp.exp
+
+echo "TESTING: scp (test/ssh/scp.exp)"
+./scp.exp
diff --git a/test/utils/audit.exp b/test/utils/audit.exp
index 684886af7..6352dc62d 100755
--- a/test/utils/audit.exp
+++ b/test/utils/audit.exp
@@ -96,4 +96,64 @@ expect {
 }
 after 100
 
+# test seccomp
+send -- "firejail --seccomp.drop=mkdir --audit\r"
+expect {
+        timeout {puts "TESTING ERROR 17\n";exit}
+        "Firejail Audit"
+}
+expect {
+        timeout {puts "TESTING ERROR 18\n";exit}
+        "GOOD: seccomp BPF enabled"
+}
+expect {
+        timeout {puts "TESTING ERROR 19\n";exit}
+        "UGLY: mount syscall permitted"
+}
+expect {
+        timeout {puts "TESTING ERROR 20\n";exit}
+        "UGLY: umount2 syscall permitted"
+}
+expect {
+        timeout {puts "TESTING ERROR 21\n";exit}
+        "UGLY: ptrace syscall permitted"
+}
+expect {
+        timeout {puts "TESTING ERROR 22\n";exit}
+        "UGLY: swapon syscall permitted"
+}
+expect {
+        timeout {puts "TESTING ERROR 23\n";exit}
+        "UGLY: swapoff syscall permitted"
+}
+expect {
+        timeout {puts "TESTING ERROR 24\n";exit}
+        "UGLY: init_module syscall permitted"
+}
+expect {
+        timeout {puts "TESTING ERROR 25\n";exit}
+        "UGLY: delete_module syscall permitted"
+}
+expect {
+        timeout {puts "TESTING ERROR 26\n";exit}
+        "UGLY: chroot syscall permitted"
+}
+expect {
+        timeout {puts "TESTING ERROR 27\n";exit}
+        "UGLY: pivot_root syscall permitted"
+}
+expect {
+        timeout {puts "TESTING ERROR 28\n";exit}
+        "UGLY: iopl syscall permitted"
+}
+expect {
+        timeout {puts "TESTING ERROR 29\n";exit}
+        "UGLY: ioperm syscall permitted"
+}
+expect {
+        timeout {puts "TESTING ERROR 30\n";exit}
+        "GOOD: all capabilities are disabled"
+}
+after 100
+
 puts "\nall done\n"
diff --git a/test/utils/build.exp b/test/utils/build.exp
index de2a9b6ae..5e883e4ba 100755
--- a/test/utils/build.exp
+++ b/test/utils/build.exp
@@ -54,5 +54,38 @@ expect {
 }
 after 100
 
+send -- "firejail --build cat /etc/passwd\r"
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "private-etc passwd,"
+}
+after 100
+
+send -- "firejail --build cat /var/tmp/firejail-test-file-7699\r"
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "whitelist /var/tmp/firejail-test-file-7699"
+}
+after 100
+
+send -- "firejail --build man firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 12\n";exit}
+        "whitelist /usr/share/man"
+}
+after 100
+
+send -- "firejail --build wget blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 13\n";exit}
+        "protocol inet"
+}
+after 100
+
+
+send -- "firejail --build cat /tmp/firejail-test-file-7699\r"
+#todo - bug: it comes back with private-tmp
+sleep 1
+
 
 puts "all done\n"
diff --git a/test/utils/command.exp b/test/utils/command.exp
new file mode 100755
index 000000000..3b18540db
--- /dev/null
+++ b/test/utils/command.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2018 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --quiet --private-etc=passwd,group -c ls -al /etc\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "cron" {puts "TESTING ERROR 2\n";exit}
+        "group"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "passwd"
+}
+
+
+after 100
+puts "\nall done\n"
diff --git a/test/utils/name.exp b/test/utils/name.exp
new file mode 100755
index 000000000..f00b5866e
--- /dev/null
+++ b/test/utils/name.exp
@@ -0,0 +1,174 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2018 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+
+send -- "firejail --name=ftest\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+after 100
+
+spawn $env(SHELL)
+send -- "firejail --name=ftest\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+after 100
+
+spawn $env(SHELL)
+send -- "firejail --name=ftest\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Child process initialized"
+}
+after 100
+
+spawn $env(SHELL)
+send -- "firejail --name=ftest\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Child process initialized"
+}
+after 100
+
+spawn $env(SHELL)
+send -- "firejail --name=ftest\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+after 100
+
+spawn $env(SHELL)
+send -- "firejail --name=ftest\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "Child process initialized"
+}
+after 100
+
+spawn $env(SHELL)
+send -- "firejail --name=ftest\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "Child process initialized"
+}
+after 100
+
+spawn $env(SHELL)
+send -- "firejail --name=ftest\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "Child process initialized"
+}
+after 100
+
+spawn $env(SHELL)
+send -- "firejail --name=ftest\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "Child process initialized"
+}
+after 100
+
+spawn $env(SHELL)
+send -- "firejail --name=ftest\r"
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "Child process initialized"
+}
+after 100
+
+spawn $env(SHELL)
+send -- "firejail --name=ftest\r"
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "Child process initialized"
+}
+after 100
+
+spawn $env(SHELL)
+send -- "firejail --name=ftest\r"
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "Child process initialized"
+}
+after 100
+
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 12\n";exit}
+        ":ftest:"
+}
+expect {
+        timeout {puts "TESTING ERROR 13\n";exit}
+        ":ftest-1:"
+}
+expect {
+        timeout {puts "TESTING ERROR 14\n";exit}
+        ":ftest-2:"
+}
+expect {
+        timeout {puts "TESTING ERROR 15\n";exit}
+        ":ftest-3:"
+}
+expect {
+        timeout {puts "TESTING ERROR 16\n";exit}
+        ":ftest-4:"
+}
+expect {
+        timeout {puts "TESTING ERROR 17\n";exit}
+        ":ftest-5:"
+}
+expect {
+        timeout {puts "TESTING ERROR 18\n";exit}
+        ":ftest-6:"
+}
+expect {
+        timeout {puts "TESTING ERROR 19\n";exit}
+        ":ftest-7:"
+}
+expect {
+        timeout {puts "TESTING ERROR 20\n";exit}
+        ":ftest-8:"
+}
+expect {
+        timeout {puts "TESTING ERROR 21\n";exit}
+        ":ftest-9:"
+}
+expect {
+        timeout {puts "TESTING ERROR 22\n";exit}
+        ":ftest-"
+}
+expect {
+        timeout {puts "TESTING ERROR 23\n";exit}
+        ":ftest-"
+}
+after 100
+
+send -- "firejail --shutdown=ftest-5\r"
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "Sending SIGTERM"
+}
+sleep 1
+
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 12\n";exit}
+        ":ftest-5:"  {puts "TESTING ERROR 15\n";exit}
+        ":ftest-9:"
+}
+
+after 100
+puts "all done\n"
diff --git a/test/utils/profile_print.exp b/test/utils/profile_print.exp
new file mode 100755
index 000000000..20d88a264
--- /dev/null
+++ b/test/utils/profile_print.exp
@@ -0,0 +1,27 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2018 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+
+send -- "firejail --name=ftest\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+after 100
+
+spawn $env(SHELL)
+send -- "firejail --profile.print=ftest\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "/etc/firejail/default.profile"
+}
+
+
+after 100
+puts "all done\n"
diff --git a/test/utils/utils.sh b/test/utils/utils.sh
index d72cc2269..5438e11a8 100755
--- a/test/utils/utils.sh
+++ b/test/utils/utils.sh
@@ -13,13 +13,26 @@ fi
 export PATH="$PATH:/usr/lib/firejail"
 
 echo "testing" > ~/firejail-test-file-7699
+echo "testing" > /tmp/firejail-test-file-7699
+echo "testing" > /var/tmp/firejail-test-file-7699
 echo "TESTING: build (test/utils/build.exp)"
 ./build.exp
 rm -f ~/firejail-test-file-7699
+rm -f /tmp/firejail-test-file-7699
+rm -f /var/tmp/firejail-test-file-7699
 
 echo "TESTING: audit (test/utils/audit.exp)"
 ./audit.exp
 
+echo "TESTING: name (test/utils/name.exp)"
+./name.exp
+
+echo "TESTING: command (test/utils/command.exp)"
+./command.exp
+
+echo "TESTING: profile.print (test/utils/profile_print.exp)"
+./profile_print.exp
+
 echo "TESTING: version (test/utils/version.exp)"
 ./version.exp