aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/firejail/appimage.c23
-rwxr-xr-xtest/appimage/appimage-v1.exp2
-rwxr-xr-xtest/appimage/appimage.sh4
-rwxr-xr-xtest/appimage/filename.exp35
4 files changed, 53 insertions, 11 deletions
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c
index 01a78c324..6a9ca1679 100644
--- a/src/firejail/appimage.c
+++ b/src/firejail/appimage.c
@@ -31,34 +31,39 @@
31static char *devloop = NULL; // device file 31static char *devloop = NULL; // device file
32static char *mntdir = NULL; // mount point in /tmp directory 32static char *mntdir = NULL; // mount point in /tmp directory
33 33
34void appimage_set(const char *appimage_path) { 34void appimage_set(const char *appimage) {
35 assert(appimage_path); 35 assert(appimage);
36 assert(devloop == NULL); // don't call this twice! 36 assert(devloop == NULL); // don't call this twice!
37 EUID_ASSERT(); 37 EUID_ASSERT();
38 38
39#ifdef LOOP_CTL_GET_FREE // test for older kernels; this definition is found in /usr/include/linux/loop.h 39#ifdef LOOP_CTL_GET_FREE // test for older kernels; this definition is found in /usr/include/linux/loop.h
40 // check appimage_path 40 // check appimage file
41 if (access(appimage_path, R_OK) == -1) { 41 invalid_filename(appimage);
42 if (access(appimage, R_OK) == -1) {
42 fprintf(stderr, "Error: cannot access AppImage file\n"); 43 fprintf(stderr, "Error: cannot access AppImage file\n");
43 exit(1); 44 exit(1);
44 } 45 }
45 46
46 // get appimage type and ELF size 47 // get appimage type and ELF size
47 // a value of 0 means we are dealing with a type1 appimage 48 // a value of 0 means we are dealing with a type1 appimage
48 long unsigned int size = appimage2_size(appimage_path); 49 long unsigned int size = appimage2_size(appimage);
49 if (arg_debug) 50 if (arg_debug)
50 printf("AppImage ELF size %lu\n", size); 51 printf("AppImage ELF size %lu\n", size);
51 52
52 // open as user to prevent race condition 53 // open appimage file
53 int ffd = open(appimage_path, O_RDONLY|O_CLOEXEC); 54 int ffd = open(appimage, O_RDONLY|O_CLOEXEC);
54 if (ffd == -1) { 55 if (ffd == -1) {
55 fprintf(stderr, "Error: /dev/loop-control interface is not supported by your kernel\n"); 56 fprintf(stderr, "Error: cannot open AppImage file\n");
56 exit(1); 57 exit(1);
57 } 58 }
58 59
59 // find or allocate a free loop device to use 60 // find or allocate a free loop device to use
60 EUID_ROOT(); 61 EUID_ROOT();
61 int cfd = open("/dev/loop-control", O_RDWR); 62 int cfd = open("/dev/loop-control", O_RDWR);
63 if (cfd == -1) {
64 fprintf(stderr, "Error: /dev/loop-control interface is not supported by your kernel\n");
65 exit(1);
66 }
62 int devnr = ioctl(cfd, LOOP_CTL_GET_FREE); 67 int devnr = ioctl(cfd, LOOP_CTL_GET_FREE);
63 if (devnr == -1) { 68 if (devnr == -1) {
64 fprintf(stderr, "Error: cannot allocate a new loopback device\n"); 69 fprintf(stderr, "Error: cannot allocate a new loopback device\n");
@@ -113,7 +118,7 @@ void appimage_set(const char *appimage_path) {
113 EUID_USER(); 118 EUID_USER();
114 119
115 // set environment 120 // set environment
116 if (appimage_path && setenv("APPIMAGE", appimage_path, 1) < 0) 121 if (appimage && setenv("APPIMAGE", appimage, 1) < 0)
117 errExit("setenv"); 122 errExit("setenv");
118 if (mntdir && setenv("APPDIR", mntdir, 1) < 0) 123 if (mntdir && setenv("APPDIR", mntdir, 1) < 0)
119 errExit("setenv"); 124 errExit("setenv");
diff --git a/test/appimage/appimage-v1.exp b/test/appimage/appimage-v1.exp
index 503da2b9b..f1c1c10f5 100755
--- a/test/appimage/appimage-v1.exp
+++ b/test/appimage/appimage-v1.exp
@@ -7,7 +7,7 @@ set timeout 10
7spawn $env(SHELL) 7spawn $env(SHELL)
8match_max 100000 8match_max 100000
9 9
10send -- "firejail --name=appimage-test --appimage Leafpad-0.8.17-x86_64.AppImage\r" 10send -- "firejail --name=appimage-test --debug --appimage Leafpad-0.8.17-x86_64.AppImage\r"
11expect { 11expect {
12 timeout {puts "TESTING ERROR 1\n";exit} 12 timeout {puts "TESTING ERROR 1\n";exit}
13 "Child process initialized" 13 "Child process initialized"
diff --git a/test/appimage/appimage.sh b/test/appimage/appimage.sh
index 6a73d0a7e..db221ec8a 100755
--- a/test/appimage/appimage.sh
+++ b/test/appimage/appimage.sh
@@ -10,5 +10,7 @@ echo "TESTING: AppImage v1 (test/appimage/appimage-v1.exp)"
10./appimage-v1.exp 10./appimage-v1.exp
11 11
12echo "TESTING: AppImage v2 (test/appimage/appimage-v2.exp)" 12echo "TESTING: AppImage v2 (test/appimage/appimage-v2.exp)"
13./appimage-v1.exp 13./appimage-v2.exp
14 14
15echo "TESTING: AppImage file name (test/appimage/filename.exp)";
16./filename.exp \ No newline at end of file
diff --git a/test/appimage/filename.exp b/test/appimage/filename.exp
new file mode 100755
index 000000000..ce8d70464
--- /dev/null
+++ b/test/appimage/filename.exp
@@ -0,0 +1,35 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail --appimage \"bla;bla\"\r"
11expect {
12 timeout {puts "TESTING ERROR 1\n";exit}
13 "is an invalid filename"
14}
15after 100
16
17send -- "firejail --appimage /etc/shadow\r"
18expect {
19 timeout {puts "TESTING ERROR 2\n";exit}
20 "cannot access"
21}
22after 100
23
24send -- "firejail --appimage appimage.sh\r"
25expect {
26 timeout {puts "TESTING ERROR 2\n";exit}
27 "Error mounting appimage"
28}
29after 100
30
31
32
33
34puts "\nall done\n"
35
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-04 14:45:28 +0000