diff options
-rw-r--r-- | Makefile.in | 16 | ||||
-rwxr-xr-x | gcov-test-init.sh | 11 | ||||
-rw-r--r-- | src/firejail/fs_home.c | 3 | ||||
-rw-r--r-- | src/firejail/preproc.c | 12 | ||||
-rw-r--r-- | src/firejail/pulseaudio.c | 4 | ||||
-rwxr-xr-x | test/apps-x11/xterm-xpra.exp | 12 | ||||
-rwxr-xr-x | test/environment/environment.sh | 6 | ||||
-rwxr-xr-x | test/rlimit/rlimit-profile.exp (renamed from test/environment/rlimit-profile.exp) | 0 | ||||
-rwxr-xr-x | test/rlimit/rlimit.exp (renamed from test/environment/rlimit.exp) | 0 | ||||
-rw-r--r-- | test/rlimit/rlimit.profile (renamed from test/environment/rlimit.profile) | 0 | ||||
-rwxr-xr-x | test/root/apache2.exp | 4 | ||||
-rwxr-xr-x | test/root/isc-dhcp.exp | 9 | ||||
-rwxr-xr-x | test/root/nginx.exp | 4 | ||||
-rwxr-xr-x | test/root/root.sh | 6 | ||||
-rwxr-xr-x | test/root/snmpd.exp | 10 | ||||
-rwxr-xr-x | test/root/unbound.exp | 9 |
16 files changed, 30 insertions, 76 deletions
diff --git a/Makefile.in b/Makefile.in index 8649475dd..86fd4f4b7 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -39,7 +39,6 @@ clean: | |||
39 | for dir in $(APPS) $(MYLIBS); do \ | 39 | for dir in $(APPS) $(MYLIBS); do \ |
40 | $(MAKE) -C $$dir clean; \ | 40 | $(MAKE) -C $$dir clean; \ |
41 | done | 41 | done |
42 | rm -fr gcov-file gcov-dir gcov-test-initialized | ||
43 | rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm | 42 | rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm |
44 | rm -f test/utils/index.html* | 43 | rm -f test/utils/index.html* |
45 | rm -f test/utils/wget-log | 44 | rm -f test/utils/wget-log |
@@ -146,7 +145,7 @@ uninstall: | |||
146 | rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firecfg | 145 | rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firecfg |
147 | 146 | ||
148 | DISTFILES = "src etc platform configure configure.ac Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh mkuid.sh COPYING README RELNOTES" | 147 | DISTFILES = "src etc platform configure configure.ac Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh mkuid.sh COPYING README RELNOTES" |
149 | DISTFILES_TEST = "test/apps test/apps-x11 test/apps-x11-xorg test/root test/environment test/profiles test/utils test/compile test/filters test/network test/arguments test/fs test/sysutils" | 148 | DISTFILES_TEST = "test/rlimit test/apps test/apps-x11 test/apps-x11-xorg test/root test/environment test/profiles test/utils test/compile test/filters test/network test/arguments test/fs test/sysutils" |
150 | 149 | ||
151 | dist: | 150 | dist: |
152 | mv config.status config.status.old | 151 | mv config.status config.status.old |
@@ -188,14 +187,6 @@ cppcheck: clean | |||
188 | scan-build: clean | 187 | scan-build: clean |
189 | scan-build make | 188 | scan-build make |
190 | 189 | ||
191 | gcov-test-initialized: | ||
192 | ./gcov-test-init.sh | ||
193 | |||
194 | gcov: gcov-test-initialized | ||
195 | lcov --capture -d src/firejail -d src/firemon -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg --output-file gcov-file | ||
196 | rm -fr gcov-dir | ||
197 | genhtml gcov-file --output-directory gcov-dir | ||
198 | |||
199 | 190 | ||
200 | # | 191 | # |
201 | # make test | 192 | # make test |
@@ -232,7 +223,10 @@ test-arguments: | |||
232 | test-fs: | 223 | test-fs: |
233 | cd test/fs; ./fs.sh | grep TESTING | 224 | cd test/fs; ./fs.sh | grep TESTING |
234 | 225 | ||
235 | test: test-profiles test-fs test-utils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters test-arguments | 226 | test-rlimit: |
227 | cd test/rlimit; ./rlimit.sh | grep TESTING | ||
228 | |||
229 | test: test-profiles test-fs test-utils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters test-arguments test-rlimit | ||
236 | echo "TEST COMPLETE" | 230 | echo "TEST COMPLETE" |
237 | 231 | ||
238 | ########################################## | 232 | ########################################## |
diff --git a/gcov-test-init.sh b/gcov-test-init.sh deleted file mode 100755 index e98d9fa79..000000000 --- a/gcov-test-init.sh +++ /dev/null | |||
@@ -1,11 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | USER=`whoami` | ||
4 | firejail --help | ||
5 | firemon --help | ||
6 | /usr/lib/firejail/fnet --help | ||
7 | /usr/lib/firejail/fseccomp --help | ||
8 | /usr/lib/firejail/ftee --help | ||
9 | firecfg --help | ||
10 | sudo chown $USER:$USER `find .` | ||
11 | touch gcov-test-initialized | ||
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 91fbe592a..242482d26 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -626,6 +626,9 @@ void fs_private_home_list(void) { | |||
626 | 626 | ||
627 | fs_logger_print(); // save the current log | 627 | fs_logger_print(); // save the current log |
628 | free(dlist); | 628 | free(dlist); |
629 | #ifdef HAVE_GCOV | ||
630 | __gcov_flush(); | ||
631 | #endif | ||
629 | _exit(0); | 632 | _exit(0); |
630 | } | 633 | } |
631 | // wait for the child to finish | 634 | // wait for the child to finish |
diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c index fe5f2eb44..ea4e6743f 100644 --- a/src/firejail/preproc.c +++ b/src/firejail/preproc.c | |||
@@ -104,16 +104,8 @@ void preproc_build_cp_command(void) { | |||
104 | preproc_mount_mnt_dir(); | 104 | preproc_mount_mnt_dir(); |
105 | if (stat(RUN_CP_COMMAND, &s)) { | 105 | if (stat(RUN_CP_COMMAND, &s)) { |
106 | char* fname = realpath("/bin/cp", NULL); | 106 | char* fname = realpath("/bin/cp", NULL); |
107 | if (fname == NULL) { | 107 | if (fname == NULL || stat(fname, &s) || is_link(fname)) { |
108 | fprintf(stderr, "Error: /bin/cp not found\n"); | 108 | fprintf(stderr, "Error: invalid /bin/cp\n"); |
109 | exit(1); | ||
110 | } | ||
111 | if (stat(fname, &s)) { | ||
112 | fprintf(stderr, "Error: /bin/cp not found\n"); | ||
113 | exit(1); | ||
114 | } | ||
115 | if (is_link(fname)) { | ||
116 | fprintf(stderr, "Error: invalid /bin/cp file\n"); | ||
117 | exit(1); | 109 | exit(1); |
118 | } | 110 | } |
119 | int rv = copy_file(fname, RUN_CP_COMMAND, 0, 0, 0755); | 111 | int rv = copy_file(fname, RUN_CP_COMMAND, 0, 0, 0755); |
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c index c76505591..6ec590eaa 100644 --- a/src/firejail/pulseaudio.c +++ b/src/firejail/pulseaudio.c | |||
@@ -130,7 +130,7 @@ void pulseaudio_init(void) { | |||
130 | int rv = mkdir(dir1, 0755); | 130 | int rv = mkdir(dir1, 0755); |
131 | if (rv == 0) { | 131 | if (rv == 0) { |
132 | if (set_perms(dir1, getuid(), getgid(), 0755)) | 132 | if (set_perms(dir1, getuid(), getgid(), 0755)) |
133 | ; // do nothing | 133 | {;} // do nothing |
134 | } | 134 | } |
135 | } | 135 | } |
136 | free(dir1); | 136 | free(dir1); |
@@ -140,7 +140,7 @@ void pulseaudio_init(void) { | |||
140 | int rv = mkdir(dir1, 0700); | 140 | int rv = mkdir(dir1, 0700); |
141 | if (rv == 0) { | 141 | if (rv == 0) { |
142 | if (set_perms(dir1, getuid(), getgid(), 0700)) | 142 | if (set_perms(dir1, getuid(), getgid(), 0700)) |
143 | ; // do nothing | 143 | {;} // do nothing |
144 | } | 144 | } |
145 | } | 145 | } |
146 | free(dir1); | 146 | free(dir1); |
diff --git a/test/apps-x11/xterm-xpra.exp b/test/apps-x11/xterm-xpra.exp index 379de131a..1fb5df486 100755 --- a/test/apps-x11/xterm-xpra.exp +++ b/test/apps-x11/xterm-xpra.exp | |||
@@ -79,6 +79,18 @@ expect { | |||
79 | "name=blablabla" | 79 | "name=blablabla" |
80 | } | 80 | } |
81 | sleep 1 | 81 | sleep 1 |
82 | |||
83 | send -- "firemon --x11\r" | ||
84 | expect { | ||
85 | timeout {puts "TESTING ERROR 7\n";exit} | ||
86 | "name=test xterm" | ||
87 | } | ||
88 | expect { | ||
89 | timeout {puts "TESTING ERROR 7.1\n";exit} | ||
90 | "DISPLAY" | ||
91 | } | ||
92 | sleep 1 | ||
93 | |||
82 | send -- "firejail --shutdown=test\r" | 94 | send -- "firejail --shutdown=test\r" |
83 | sleep 3 | 95 | sleep 3 |
84 | 96 | ||
diff --git a/test/environment/environment.sh b/test/environment/environment.sh index 04a1daaf6..5c4d49331 100755 --- a/test/environment/environment.sh +++ b/test/environment/environment.sh | |||
@@ -55,12 +55,6 @@ else | |||
55 | echo "TESTING SKIP: zsh not found" | 55 | echo "TESTING SKIP: zsh not found" |
56 | fi | 56 | fi |
57 | 57 | ||
58 | echo "TESTING: rlimit (test/environment/rlimit.exp)" | ||
59 | ./rlimit.exp | ||
60 | |||
61 | echo "TESTING: rlimit profile (test/environment/rlimit-profile.exp)" | ||
62 | ./rlimit-profile.exp | ||
63 | |||
64 | echo "TESTING: firejail in firejail - single sandbox (test/environment/firejail-in-firejail.exp)" | 58 | echo "TESTING: firejail in firejail - single sandbox (test/environment/firejail-in-firejail.exp)" |
65 | ./firejail-in-firejail.exp | 59 | ./firejail-in-firejail.exp |
66 | 60 | ||
diff --git a/test/environment/rlimit-profile.exp b/test/rlimit/rlimit-profile.exp index a9e54a405..a9e54a405 100755 --- a/test/environment/rlimit-profile.exp +++ b/test/rlimit/rlimit-profile.exp | |||
diff --git a/test/environment/rlimit.exp b/test/rlimit/rlimit.exp index 611f69821..611f69821 100755 --- a/test/environment/rlimit.exp +++ b/test/rlimit/rlimit.exp | |||
diff --git a/test/environment/rlimit.profile b/test/rlimit/rlimit.profile index 271891c03..271891c03 100644 --- a/test/environment/rlimit.profile +++ b/test/rlimit/rlimit.profile | |||
diff --git a/test/root/apache2.exp b/test/root/apache2.exp index 7f67f4706..0b102bad5 100755 --- a/test/root/apache2.exp +++ b/test/root/apache2.exp | |||
@@ -4,10 +4,6 @@ set timeout 5 | |||
4 | spawn $env(SHELL) | 4 | spawn $env(SHELL) |
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
7 | send -- "pkill apache\r" | ||
8 | sleep 2 | ||
9 | |||
10 | |||
11 | send -- "firejail --name=apache /etc/init.d/apache2 start\r" | 7 | send -- "firejail --name=apache /etc/init.d/apache2 start\r" |
12 | expect { | 8 | expect { |
13 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
diff --git a/test/root/isc-dhcp.exp b/test/root/isc-dhcp.exp index 86500707a..5d9597e7c 100755 --- a/test/root/isc-dhcp.exp +++ b/test/root/isc-dhcp.exp | |||
@@ -4,15 +4,6 @@ set timeout 5 | |||
4 | spawn $env(SHELL) | 4 | spawn $env(SHELL) |
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
7 | send -- "sudo ls; sudo whoami; sudo pwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
10 | "root" | ||
11 | } | ||
12 | |||
13 | send -- "pkill dhcpd\r" | ||
14 | sleep 2 | ||
15 | |||
16 | send -- "firejail --name=dhcpd /etc/init.d/isc-dhcp-server start\r" | 7 | send -- "firejail --name=dhcpd /etc/init.d/isc-dhcp-server start\r" |
17 | expect { | 8 | expect { |
18 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
diff --git a/test/root/nginx.exp b/test/root/nginx.exp index 0b62fada9..82ebe0ee7 100755 --- a/test/root/nginx.exp +++ b/test/root/nginx.exp | |||
@@ -4,10 +4,6 @@ set timeout 5 | |||
4 | spawn $env(SHELL) | 4 | spawn $env(SHELL) |
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
7 | send -- "pkill nginx\r" | ||
8 | sleep 2 | ||
9 | |||
10 | |||
11 | send -- "firejail --name=nginx /etc/init.d/nginx start\r" | 7 | send -- "firejail --name=nginx /etc/init.d/nginx start\r" |
12 | expect { | 8 | expect { |
13 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
diff --git a/test/root/root.sh b/test/root/root.sh index 471b7d535..494bd4fe7 100755 --- a/test/root/root.sh +++ b/test/root/root.sh | |||
@@ -48,6 +48,12 @@ else | |||
48 | fi | 48 | fi |
49 | 49 | ||
50 | #******************************** | 50 | #******************************** |
51 | # filesystem | ||
52 | #******************************** | ||
53 | echo "TESTING: fs private (test/root/private.exp)" | ||
54 | ./private.exp | ||
55 | |||
56 | #******************************** | ||
51 | # seccomp | 57 | # seccomp |
52 | #******************************** | 58 | #******************************** |
53 | echo "TESTING: seccomp umount (test/root/seccomp-umount.exp)" | 59 | echo "TESTING: seccomp umount (test/root/seccomp-umount.exp)" |
diff --git a/test/root/snmpd.exp b/test/root/snmpd.exp index 90e34470f..610fdb13a 100755 --- a/test/root/snmpd.exp +++ b/test/root/snmpd.exp | |||
@@ -4,16 +4,6 @@ set timeout 5 | |||
4 | spawn $env(SHELL) | 4 | spawn $env(SHELL) |
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
7 | send -- "sudo ls; sudo whoami; sudo pwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
10 | "root" | ||
11 | } | ||
12 | |||
13 | send -- "pkill snmpd\r" | ||
14 | sleep 2 | ||
15 | |||
16 | |||
17 | send -- "firejail --name=snmpd /etc/init.d/snmpd start\r" | 7 | send -- "firejail --name=snmpd /etc/init.d/snmpd start\r" |
18 | expect { | 8 | expect { |
19 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
diff --git a/test/root/unbound.exp b/test/root/unbound.exp index 193e662ff..9c496306a 100755 --- a/test/root/unbound.exp +++ b/test/root/unbound.exp | |||
@@ -4,15 +4,6 @@ set timeout 5 | |||
4 | spawn $env(SHELL) | 4 | spawn $env(SHELL) |
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
7 | send -- "sudo ls; sudo whoami; sudo pwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
10 | "root" | ||
11 | } | ||
12 | |||
13 | send -- "pkill unbound\r" | ||
14 | sleep 2 | ||
15 | |||
16 | send -- "firejail --name=unbound unbound\r" | 7 | send -- "firejail --name=unbound unbound\r" |
17 | expect { | 8 | expect { |
18 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |