diff options
72 files changed, 508 insertions, 107 deletions
@@ -183,7 +183,7 @@ Fred-Barclay (https://github.com/Fred-Barclay) | |||
183 | - tighten keepassx | 183 | - tighten keepassx |
184 | - added Thunar profile | 184 | - added Thunar profile |
185 | - added mousepad, qpicview, and cvlc profiles | 185 | - added mousepad, qpicview, and cvlc profiles |
186 | - addedd BibleTime profile | 186 | - added BibleTime and profiles |
187 | G4JC (http://sourceforge.net/u/gaming4jc/profile/) | 187 | G4JC (http://sourceforge.net/u/gaming4jc/profile/) |
188 | - ARM support | 188 | - ARM support |
189 | - profile fixes | 189 | - profile fixes |
@@ -356,6 +356,10 @@ SpotComms (https://github.com/SpotComms) | |||
356 | - added PDFSam, Pithos, and Xonotic profiles | 356 | - added PDFSam, Pithos, and Xonotic profiles |
357 | - disabled Go, Rust, and OpenSSL in disable-devel.conf | 357 | - disabled Go, Rust, and OpenSSL in disable-devel.conf |
358 | - added dino profile | 358 | - added dino profile |
359 | - added Kodi profile | ||
360 | - lots of profile tightening | ||
361 | - added viking, youtube-dl, meld profiles | ||
362 | - more profile tightening | ||
359 | SYN-cook (https://github.com/SYN-cook) | 363 | SYN-cook (https://github.com/SYN-cook) |
360 | - keepass/keepassx browser fixes | 364 | - keepass/keepassx browser fixes |
361 | - disable-common.inc fixes | 365 | - disable-common.inc fixes |
@@ -196,4 +196,4 @@ simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, | |||
196 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, | 196 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, |
197 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, | 197 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, |
198 | Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file, | 198 | Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file, |
199 | Nylas, dino, BibleTime | 199 | Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld |
@@ -36,7 +36,8 @@ firejail (0.9.46-rc1) baseline; urgency=low | |||
36 | * new profiles: Xonotic, wireshark, keepassx2, QupZilla, FossaMail, | 36 | * new profiles: Xonotic, wireshark, keepassx2, QupZilla, FossaMail, |
37 | * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa, | 37 | * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa, |
38 | * new profiles: Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, | 38 | * new profiles: Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, |
39 | * new profiles: baloo_file, Nylas, dino, BibleTime | 39 | * new profiles: baloo_file, Nylas, dino, BibleTime, viewnior, Kodi, viking, |
40 | * new profiles: youtube-dl, meld | ||
40 | * bugfixes | 41 | * bugfixes |
41 | -- netblue30 <netblue30@yahoo.com> Fri, 7 Apr 2017 08:00:00 -0500 | 42 | -- netblue30 <netblue30@yahoo.com> Fri, 7 Apr 2017 08:00:00 -0500 |
42 | 43 | ||
diff --git a/etc/audacity.profile b/etc/audacity.profile index 4394416ff..779cd8cdb 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile | |||
@@ -11,7 +11,9 @@ include /etc/firejail/disable-passwdmgr.inc | |||
11 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | net none | ||
14 | netfilter | 15 | netfilter |
16 | no3d | ||
15 | nogroups | 17 | nogroups |
16 | nonewprivs | 18 | nonewprivs |
17 | noroot | 19 | noroot |
@@ -23,3 +25,6 @@ tracelog | |||
23 | private-bin audacity | 25 | private-bin audacity |
24 | private-dev | 26 | private-dev |
25 | private-tmp | 27 | private-tmp |
28 | |||
29 | noexec ${HOME} | ||
30 | noexec /tmp | ||
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index b406b9985..7ea55f505 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile | |||
@@ -9,17 +9,21 @@ include /etc/firejail/disable-devel.inc | |||
9 | include /etc/firejail/disable-passwdmgr.inc | 9 | include /etc/firejail/disable-passwdmgr.inc |
10 | 10 | ||
11 | caps.drop all | 11 | caps.drop all |
12 | net none | ||
12 | netfilter | 13 | netfilter |
14 | no3d | ||
13 | nogroups | 15 | nogroups |
14 | nonewprivs | 16 | nonewprivs |
15 | noroot | 17 | noroot |
16 | nosound | 18 | nosound |
17 | shell none | ||
18 | seccomp | ||
19 | protocol unix | 19 | protocol unix |
20 | seccomp | ||
21 | shell none | ||
20 | 22 | ||
21 | # private-bin | 23 | # private-bin |
22 | # private-dev | 24 | # private-dev |
23 | # private-tmp | 25 | # private-tmp |
24 | # private-etc | 26 | # private-etc |
25 | 27 | ||
28 | noexec ${HOME} | ||
29 | noexec /tmp | ||
diff --git a/etc/bless.profile b/etc/bless.profile index b8325de39..869f13cc0 100644 --- a/etc/bless.profile +++ b/etc/bless.profile | |||
@@ -17,8 +17,20 @@ include /etc/firejail/disable-devel.inc | |||
17 | 17 | ||
18 | #Options | 18 | #Options |
19 | caps.drop all | 19 | caps.drop all |
20 | net none | ||
20 | netfilter | 21 | netfilter |
22 | no3d | ||
23 | nogroups | ||
21 | nonewprivs | 24 | nonewprivs |
22 | noroot | 25 | noroot |
23 | protocol unix,inet,inet6 | 26 | nosound |
27 | protocol unix | ||
24 | seccomp | 28 | seccomp |
29 | shell none | ||
30 | |||
31 | private-dev | ||
32 | private-etc fonts,mono | ||
33 | private-tmp | ||
34 | |||
35 | noexec ${HOME} | ||
36 | noexec /tmp | ||
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index 603d6345c..efd8b463b 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile | |||
@@ -11,7 +11,17 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | netfilter | ||
15 | no3d | ||
16 | nogroups | ||
14 | nonewprivs | 17 | nonewprivs |
15 | noroot | 18 | noroot |
16 | protocol unix,inet,inet6 | 19 | protocol unix,inet,inet6 |
17 | seccomp | 20 | seccomp |
21 | shell none | ||
22 | |||
23 | private-dev | ||
24 | private-tmp | ||
25 | |||
26 | noexec ${HOME} | ||
27 | noexec /tmp | ||
diff --git a/etc/dino.profile b/etc/dino.profile index a71ab27d7..3de858618 100644 --- a/etc/dino.profile +++ b/etc/dino.profile | |||
@@ -13,9 +13,9 @@ include /etc/firejail/disable-programs.inc | |||
13 | whitelist ${HOME}/Downloads | 13 | whitelist ${HOME}/Downloads |
14 | mkdir ${HOME}/.local/share/dino | 14 | mkdir ${HOME}/.local/share/dino |
15 | whitelist ${HOME}/.local/share/dino | 15 | whitelist ${HOME}/.local/share/dino |
16 | include /etc/firejail/whitelist-common.inc | ||
16 | 17 | ||
17 | caps.drop all | 18 | caps.drop all |
18 | machine-id | ||
19 | netfilter | 19 | netfilter |
20 | no3d | 20 | no3d |
21 | nogroups | 21 | nogroups |
@@ -30,3 +30,6 @@ private-bin dino | |||
30 | #private-etc fonts #breaks server connection | 30 | #private-etc fonts #breaks server connection |
31 | private-dev | 31 | private-dev |
32 | private-tmp | 32 | private-tmp |
33 | |||
34 | noexec ${HOME} | ||
35 | noexec /tmp | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index bad1f0263..32adac298 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -124,6 +124,7 @@ blacklist ${HOME}/.config/totem | |||
124 | blacklist ${HOME}/.config/tox | 124 | blacklist ${HOME}/.config/tox |
125 | blacklist ${HOME}/.config/transmission | 125 | blacklist ${HOME}/.config/transmission |
126 | blacklist ${HOME}/.config/uGet | 126 | blacklist ${HOME}/.config/uGet |
127 | blacklist ${HOME}/.config/viewnior | ||
127 | blacklist ${HOME}/.config/vivaldi | 128 | blacklist ${HOME}/.config/vivaldi |
128 | blacklist ${HOME}/.config/vlc | 129 | blacklist ${HOME}/.config/vlc |
129 | blacklist ${HOME}/.config/wesnoth | 130 | blacklist ${HOME}/.config/wesnoth |
@@ -198,6 +199,7 @@ blacklist ${HOME}/.kde/share/config/okularrc | |||
198 | blacklist ${HOME}/.killingfloor | 199 | blacklist ${HOME}/.killingfloor |
199 | blacklist ${HOME}/.kino-history | 200 | blacklist ${HOME}/.kino-history |
200 | blacklist ${HOME}/.kinorc | 201 | blacklist ${HOME}/.kinorc |
202 | blacklist ${HOME}/.kodi | ||
201 | blacklist ${HOME}/.linphone-history.db | 203 | blacklist ${HOME}/.linphone-history.db |
202 | blacklist ${HOME}/.linphonerc | 204 | blacklist ${HOME}/.linphonerc |
203 | blacklist ${HOME}/.lmmsrc.xml | 205 | blacklist ${HOME}/.lmmsrc.xml |
@@ -230,6 +232,7 @@ blacklist ${HOME}/.local/share/gnome-music | |||
230 | blacklist ${HOME}/.local/share/gnome-photos | 232 | blacklist ${HOME}/.local/share/gnome-photos |
231 | blacklist ${HOME}/.local/share/kate | 233 | blacklist ${HOME}/.local/share/kate |
232 | blacklist ${HOME}/.local/share/lollypop | 234 | blacklist ${HOME}/.local/share/lollypop |
235 | blacklist ${HOME}/.local/share/meld | ||
233 | blacklist ${HOME}/.local/share/multimc5 | 236 | blacklist ${HOME}/.local/share/multimc5 |
234 | blacklist ${HOME}/.local/share/mupen64plus | 237 | blacklist ${HOME}/.local/share/mupen64plus |
235 | blacklist ${HOME}/.local/share/nautilus | 238 | blacklist ${HOME}/.local/share/nautilus |
@@ -286,6 +289,8 @@ blacklist ${HOME}/.synfig | |||
286 | blacklist ${HOME}/.tconn | 289 | blacklist ${HOME}/.tconn |
287 | blacklist ${HOME}/.thunderbird | 290 | blacklist ${HOME}/.thunderbird |
288 | blacklist ${HOME}/.ts3client | 291 | blacklist ${HOME}/.ts3client |
292 | blacklist ${HOME}/.viking | ||
293 | blacklist ${HOME}/.viking-maps | ||
289 | blacklist ${HOME}/.vst | 294 | blacklist ${HOME}/.vst |
290 | blacklist ${HOME}/.w3m | 295 | blacklist ${HOME}/.w3m |
291 | blacklist ${HOME}/.warzone2100-3.* | 296 | blacklist ${HOME}/.warzone2100-3.* |
diff --git a/etc/eog.profile b/etc/eog.profile index c5afec7fa..7c2cd557c 100644 --- a/etc/eog.profile +++ b/etc/eog.profile | |||
@@ -11,7 +11,9 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | net none | ||
14 | netfilter | 15 | netfilter |
16 | no3d | ||
15 | nogroups | 17 | nogroups |
16 | nonewprivs | 18 | nonewprivs |
17 | noroot | 19 | noroot |
@@ -24,3 +26,6 @@ private-bin eog | |||
24 | private-dev | 26 | private-dev |
25 | private-etc fonts | 27 | private-etc fonts |
26 | private-tmp | 28 | private-tmp |
29 | |||
30 | noexec ${HOME} | ||
31 | noexec /tmp | ||
diff --git a/etc/evince.profile b/etc/evince.profile index 94cefdd8b..ae50425b9 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
13 | caps.drop all | 13 | caps.drop all |
14 | netfilter | 14 | netfilter |
15 | #net none - creates some problems on some distributions | 15 | #net none - creates some problems on some distributions |
16 | no3d | ||
16 | nogroups | 17 | nogroups |
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
@@ -27,3 +28,6 @@ private-dev | |||
27 | private-etc fonts | 28 | private-etc fonts |
28 | # evince needs access to /tmp/mozilla* to work in firefox | 29 | # evince needs access to /tmp/mozilla* to work in firefox |
29 | # private-tmp | 30 | # private-tmp |
31 | |||
32 | noexec ${HOME} | ||
33 | noexec /tmp | ||
diff --git a/etc/evolution.profile b/etc/evolution.profile index cb6615716..04bf480ff 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile | |||
@@ -9,6 +9,7 @@ noblacklist ~/.cache/evolution | |||
9 | noblacklist ~/.pki | 9 | noblacklist ~/.pki |
10 | noblacklist ~/.pki/nssdb | 10 | noblacklist ~/.pki/nssdb |
11 | noblacklist ~/.gnupg | 11 | noblacklist ~/.gnupg |
12 | noblacklist ~/.bogofilter | ||
12 | 13 | ||
13 | noblacklist /var/spool/mail | 14 | noblacklist /var/spool/mail |
14 | noblacklist /var/mail | 15 | noblacklist /var/mail |
@@ -20,6 +21,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
20 | 21 | ||
21 | caps.drop all | 22 | caps.drop all |
22 | netfilter | 23 | netfilter |
24 | no3d | ||
23 | nogroups | 25 | nogroups |
24 | nonewprivs | 26 | nonewprivs |
25 | noroot | 27 | noroot |
@@ -30,3 +32,6 @@ shell none | |||
30 | 32 | ||
31 | private-dev | 33 | private-dev |
32 | private-tmp | 34 | private-tmp |
35 | |||
36 | noexec ${HOME} | ||
37 | noexec /tmp | ||
diff --git a/etc/file-roller.profile b/etc/file-roller.profile index 804d20ce1..a3f687651 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile | |||
@@ -9,13 +9,15 @@ include /etc/firejail/disable-devel.inc | |||
9 | include /etc/firejail/disable-passwdmgr.inc | 9 | include /etc/firejail/disable-passwdmgr.inc |
10 | 10 | ||
11 | caps.drop all | 11 | caps.drop all |
12 | net none | ||
13 | netfilter | ||
14 | no3d | ||
12 | nogroups | 15 | nogroups |
13 | nonewprivs | 16 | nonewprivs |
14 | noroot | 17 | noroot |
15 | nosound | 18 | nosound |
16 | protocol unix | 19 | protocol unix |
17 | seccomp | 20 | seccomp |
18 | netfilter | ||
19 | shell none | 21 | shell none |
20 | tracelog | 22 | tracelog |
21 | 23 | ||
@@ -23,3 +25,6 @@ tracelog | |||
23 | # private-tmp | 25 | # private-tmp |
24 | private-dev | 26 | private-dev |
25 | # private-etc fonts | 27 | # private-etc fonts |
28 | |||
29 | noexec ${HOME} | ||
30 | noexec /tmp | ||
diff --git a/etc/firefox.profile b/etc/firefox.profile index 1bc3eb769..4d96c05c8 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -21,6 +21,7 @@ nonewprivs | |||
21 | noroot | 21 | noroot |
22 | protocol unix,inet,inet6,netlink | 22 | protocol unix,inet,inet6,netlink |
23 | seccomp | 23 | seccomp |
24 | shell none | ||
24 | tracelog | 25 | tracelog |
25 | 26 | ||
26 | whitelist ${DOWNLOADS} | 27 | whitelist ${DOWNLOADS} |
@@ -59,3 +60,6 @@ include /etc/firejail/whitelist-common.inc | |||
59 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse | 60 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse |
60 | private-dev | 61 | private-dev |
61 | private-tmp | 62 | private-tmp |
63 | |||
64 | noexec ${HOME} | ||
65 | noexec /tmp | ||
diff --git a/etc/gedit.profile b/etc/gedit.profile index 9f4eee9b3..07bdb1bbe 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile | |||
@@ -14,17 +14,22 @@ include /etc/firejail/disable-programs.inc | |||
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | ||
18 | net none | ||
19 | no3d | ||
17 | nogroups | 20 | nogroups |
18 | nonewprivs | 21 | nonewprivs |
19 | noroot | 22 | noroot |
20 | nosound | 23 | nosound |
21 | protocol unix | 24 | protocol unix |
22 | seccomp | 25 | seccomp |
23 | netfilter | ||
24 | shell none | 26 | shell none |
25 | tracelog | 27 | tracelog |
26 | 28 | ||
27 | # private-bin gedit | 29 | # private-bin gedit |
28 | private-tmp | ||
29 | private-dev | 30 | private-dev |
30 | # private-etc fonts | 31 | # private-etc fonts |
32 | private-tmp | ||
33 | |||
34 | noexec ${HOME} | ||
35 | noexec /tmp | ||
diff --git a/etc/gimp.profile b/etc/gimp.profile index 4088bd680..5f8ccb4fb 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile | |||
@@ -10,16 +10,18 @@ include /etc/firejail/disable-passwdmgr.inc | |||
10 | 10 | ||
11 | caps.drop all | 11 | caps.drop all |
12 | netfilter | 12 | netfilter |
13 | net none | ||
13 | nogroups | 14 | nogroups |
14 | nonewprivs | 15 | nonewprivs |
15 | noroot | 16 | noroot |
16 | nosound | 17 | nosound |
17 | protocol unix | 18 | protocol unix |
18 | seccomp | 19 | seccomp |
20 | shell none | ||
19 | 21 | ||
20 | # gimp plugins are installed by the user in ~/.gimp-2.8/plug-ins/ directory | 22 | # gimp plugins are installed by the user in ~/.gimp-2.8/plug-ins/ directory |
21 | # if you are not using external plugins, you can enable noexec statement below | 23 | # if you are not using external plugins, you can enable noexec statement below |
22 | # noexec ${HOME} | 24 | # noexec ${HOME} |
23 | 25 | ||
24 | noexec /tmp | 26 | noexec /tmp |
25 | 27 | ||
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index 714a97650..e9366f07d 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile | |||
@@ -17,7 +17,20 @@ include /etc/firejail/whitelist-common.inc | |||
17 | #Options | 17 | #Options |
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
20 | #net none | ||
21 | no3d | ||
22 | nogroups | ||
20 | nonewprivs | 23 | nonewprivs |
21 | noroot | 24 | noroot |
25 | nosound | ||
22 | protocol unix,inet,inet6 | 26 | protocol unix,inet,inet6 |
23 | seccomp | 27 | seccomp |
28 | shell none | ||
29 | |||
30 | private-bin gnome-calculator | ||
31 | private-dev | ||
32 | private-etc fonts | ||
33 | private-tmp | ||
34 | |||
35 | noexec ${HOME} | ||
36 | noexec /tmp | ||
diff --git a/etc/hexchat.profile b/etc/hexchat.profile index 53f447f7e..d24f492d8 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-devel.inc | |||
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | no3d | ||
16 | nogroups | 17 | nogroups |
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
@@ -30,3 +31,6 @@ private-bin hexchat | |||
30 | #debug note: private-bin requires perl, python, etc on some systems | 31 | #debug note: private-bin requires perl, python, etc on some systems |
31 | private-dev | 32 | private-dev |
32 | private-tmp | 33 | private-tmp |
34 | |||
35 | noexec ${HOME} | ||
36 | noexec /tmp | ||
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index 2ba1a4380..6ff618187 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile | |||
@@ -16,8 +16,19 @@ include /etc/firejail/disable-devel.inc | |||
16 | 16 | ||
17 | #Options | 17 | #Options |
18 | caps.drop all | 18 | caps.drop all |
19 | net none | ||
19 | netfilter | 20 | netfilter |
21 | no3d | ||
22 | nogroups | ||
20 | nonewprivs | 23 | nonewprivs |
21 | noroot | 24 | noroot |
22 | protocol unix,inet,inet6 | 25 | nosound |
26 | protocol unix | ||
23 | seccomp | 27 | seccomp |
28 | shell none | ||
29 | |||
30 | private-dev | ||
31 | private-tmp | ||
32 | |||
33 | noexec ${HOME} | ||
34 | noexec /tmp | ||
diff --git a/etc/keepass.profile b/etc/keepass.profile index d269c3e8a..abe52eca3 100644 --- a/etc/keepass.profile +++ b/etc/keepass.profile | |||
@@ -15,14 +15,18 @@ include /etc/firejail/disable-devel.inc | |||
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | ||
19 | no3d | ||
18 | nogroups | 20 | nogroups |
19 | nonewprivs | 21 | nonewprivs |
20 | noroot | 22 | noroot |
21 | nosound | 23 | nosound |
22 | protocol unix,inet,inet6 | 24 | protocol unix,inet,inet6 |
23 | seccomp | 25 | seccomp |
24 | netfilter | ||
25 | shell none | 26 | shell none |
26 | 27 | ||
27 | private-tmp | ||
28 | private-dev | 28 | private-dev |
29 | private-tmp | ||
30 | |||
31 | noexec ${HOME} | ||
32 | noexec /tmp | ||
diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 379b8a668..845a1bcc9 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | net none | 17 | net none |
18 | no3d | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -28,3 +29,6 @@ private-bin keepassx | |||
28 | private-etc fonts | 29 | private-etc fonts |
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
32 | |||
33 | noexec ${HOME} | ||
34 | noexec /tmp | ||
diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile index a21caf3f1..32dddc2fe 100644 --- a/etc/keepassx2.profile +++ b/etc/keepassx2.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | net none | 17 | net none |
18 | no3d | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -24,6 +25,9 @@ seccomp | |||
24 | shell none | 25 | shell none |
25 | 26 | ||
26 | private-bin keepassx2 | 27 | private-bin keepassx2 |
27 | private-etc fonts | ||
28 | private-dev | 28 | private-dev |
29 | private-etc fonts | ||
29 | private-tmp | 30 | private-tmp |
31 | |||
32 | noexec ${HOME} | ||
33 | noexec /tmp | ||
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index 654a30682..369d4a5ae 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
16 | # To use KeePassHTTP, comment out `net none` | 16 | # To use KeePassHTTP, comment out `net none` |
17 | caps.drop all | 17 | caps.drop all |
18 | net none | 18 | net none |
19 | no3d | ||
19 | nogroups | 20 | nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
@@ -25,6 +26,9 @@ seccomp | |||
25 | shell none | 26 | shell none |
26 | 27 | ||
27 | private-bin keepassxc | 28 | private-bin keepassxc |
28 | private-etc fonts | ||
29 | private-dev | 29 | private-dev |
30 | private-etc fonts | ||
30 | private-tmp | 31 | private-tmp |
32 | |||
33 | noexec ${HOME} | ||
34 | noexec /tmp | ||
diff --git a/etc/kodi.profile b/etc/kodi.profile new file mode 100644 index 000000000..b81b010bf --- /dev/null +++ b/etc/kodi.profile | |||
@@ -0,0 +1,27 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/kodi.local | ||
4 | |||
5 | # Firejail profile for kodi | ||
6 | noblacklist ${HOME}/.kodi | ||
7 | |||
8 | include /etc/firejail/disable-common.inc | ||
9 | include /etc/firejail/disable-passwdmgr.inc | ||
10 | include /etc/firejail/disable-programs.inc | ||
11 | include /etc/firejail/disable-devel.inc | ||
12 | |||
13 | caps.drop all | ||
14 | netfilter | ||
15 | nogroups | ||
16 | nonewprivs | ||
17 | noroot | ||
18 | protocol unix,inet,inet6,netlink | ||
19 | seccomp | ||
20 | shell none | ||
21 | tracelog | ||
22 | |||
23 | private-dev | ||
24 | private-tmp | ||
25 | |||
26 | noexec ${HOME} | ||
27 | noexec /tmp | ||
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 685073e7c..fb82195b3 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile | |||
@@ -17,7 +17,11 @@ nonewprivs | |||
17 | noroot | 17 | noroot |
18 | protocol unix,inet,inet6 | 18 | protocol unix,inet,inet6 |
19 | seccomp | 19 | seccomp |
20 | shell none | ||
20 | tracelog | 21 | tracelog |
21 | 22 | ||
22 | private-dev | 23 | private-dev |
23 | # whitelist /tmp/.X11-unix/ | 24 | # whitelist /tmp/.X11-unix/ |
25 | |||
26 | noexec ${HOME} | ||
27 | noexec /tmp | ||
diff --git a/etc/lollypop.profile b/etc/lollypop.profile index 06ed415d6..e84118b9e 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile | |||
@@ -18,7 +18,17 @@ include /etc/firejail/disable-devel.inc | |||
18 | #Options | 18 | #Options |
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | no3d | ||
22 | nogroups | ||
21 | nonewprivs | 23 | nonewprivs |
22 | noroot | 24 | noroot |
23 | protocol unix,inet,inet6 | 25 | protocol unix,inet,inet6 |
24 | seccomp | 26 | seccomp |
27 | shell none | ||
28 | |||
29 | private-dev | ||
30 | private-etc fonts | ||
31 | private-tmp | ||
32 | |||
33 | noexec ${HOME} | ||
34 | noexec /tmp | ||
diff --git a/etc/meld.profile b/etc/meld.profile new file mode 100644 index 000000000..4b95b866d --- /dev/null +++ b/etc/meld.profile | |||
@@ -0,0 +1,29 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/meld.local | ||
4 | |||
5 | # Firejail profile for meld | ||
6 | noblacklist ${HOME}/.local/share/meld | ||
7 | |||
8 | include /etc/firejail/disable-common.inc | ||
9 | include /etc/firejail/disable-devel.inc | ||
10 | include /etc/firejail/disable-passwdmgr.inc | ||
11 | include /etc/firejail/disable-programs.inc | ||
12 | |||
13 | caps.drop all | ||
14 | net none | ||
15 | netfilter | ||
16 | no3d | ||
17 | nogroups | ||
18 | nonewprivs | ||
19 | noroot | ||
20 | nosound | ||
21 | protocol unix | ||
22 | seccomp | ||
23 | shell none | ||
24 | |||
25 | private-dev | ||
26 | private-tmp | ||
27 | |||
28 | noexec ${HOME} | ||
29 | noexec /tmp | ||
diff --git a/etc/multimc5.profile b/etc/multimc5.profile index 6b8946be3..12a7646ae 100644 --- a/etc/multimc5.profile +++ b/etc/multimc5.profile | |||
@@ -26,6 +26,15 @@ include /etc/firejail/whitelist-common.inc | |||
26 | #Options | 26 | #Options |
27 | caps.drop all | 27 | caps.drop all |
28 | netfilter | 28 | netfilter |
29 | nogroups | ||
29 | nonewprivs | 30 | nonewprivs |
30 | noroot | 31 | noroot |
31 | protocol unix,inet,inet6 | 32 | protocol unix,inet,inet6 |
33 | #seccomp | ||
34 | shell none | ||
35 | |||
36 | private-dev | ||
37 | private-tmp | ||
38 | |||
39 | noexec ${HOME} | ||
40 | noexec /tmp | ||
diff --git a/etc/mumble.profile b/etc/mumble.profile index d5405a6ae..c5c6a4d1a 100644 --- a/etc/mumble.profile +++ b/etc/mumble.profile | |||
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-common.inc | |||
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | no3d | ||
21 | nonewprivs | 22 | nonewprivs |
22 | nogroups | 23 | nogroups |
23 | noroot | 24 | noroot |
@@ -28,3 +29,6 @@ tracelog | |||
28 | 29 | ||
29 | private-bin mumble | 30 | private-bin mumble |
30 | private-tmp | 31 | private-tmp |
32 | |||
33 | noexec ${HOME} | ||
34 | noexec /tmp | ||
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index 37adabb39..dfe463c98 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile | |||
@@ -14,8 +14,19 @@ include /etc/firejail/disable-devel.inc | |||
14 | 14 | ||
15 | #Options | 15 | #Options |
16 | caps.drop all | 16 | caps.drop all |
17 | net none | ||
17 | netfilter | 18 | netfilter |
19 | no3d | ||
20 | nogroups | ||
18 | nonewprivs | 21 | nonewprivs |
19 | noroot | 22 | noroot |
20 | protocol unix,inet,inet6 | 23 | nosound |
24 | protocol unix | ||
21 | seccomp | 25 | seccomp |
26 | shell none | ||
27 | |||
28 | private-dev | ||
29 | private-tmp | ||
30 | |||
31 | noexec ${HOME} | ||
32 | noexec /tmp | ||
diff --git a/etc/pithos.profile b/etc/pithos.profile index 500e35989..c25b5772b 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile | |||
@@ -17,7 +17,16 @@ include /etc/firejail/whitelist-common.inc | |||
17 | #Options | 17 | #Options |
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
20 | no3d | ||
21 | nogroups | ||
20 | nonewprivs | 22 | nonewprivs |
21 | noroot | 23 | noroot |
22 | protocol unix,inet,inet6 | 24 | protocol unix,inet,inet6 |
23 | seccomp | 25 | seccomp |
26 | shell none | ||
27 | |||
28 | private-dev | ||
29 | private-tmp | ||
30 | |||
31 | noexec ${HOME} | ||
32 | noexec /tmp | ||
diff --git a/etc/qtox.profile b/etc/qtox.profile index 40a959d05..f3158b206 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile | |||
@@ -3,7 +3,8 @@ | |||
3 | include /etc/firejail/qtox.local | 3 | include /etc/firejail/qtox.local |
4 | 4 | ||
5 | # qTox instant messaging profile | 5 | # qTox instant messaging profile |
6 | noblacklist ${HOME}/.config/tox | 6 | noblacklist ~/.config/tox |
7 | noblacklist ~/.config/qt5ct | ||
7 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
8 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
9 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
@@ -11,6 +12,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
11 | 12 | ||
12 | mkdir ${HOME}/.config/tox | 13 | mkdir ${HOME}/.config/tox |
13 | whitelist ${HOME}/.config/tox | 14 | whitelist ${HOME}/.config/tox |
15 | mkdir ${HOME}/.config/qt5ct | ||
16 | whitelist ${HOME}/.config/qt5ct | ||
14 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
15 | 18 | ||
16 | caps.drop all | 19 | caps.drop all |
diff --git a/etc/ssh.profile b/etc/ssh.profile index b1ef6b27e..425841399 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -14,7 +14,18 @@ include /etc/firejail/disable-passwdmgr.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | no3d | ||
18 | nogroups | ||
17 | nonewprivs | 19 | nonewprivs |
18 | noroot | 20 | noroot |
21 | nosound | ||
19 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
20 | seccomp | 23 | seccomp |
24 | shell none | ||
25 | tracelog | ||
26 | |||
27 | private-dev | ||
28 | #private-tmp #Breaks when exiting | ||
29 | |||
30 | noexec ${HOME} | ||
31 | noexec /tmp | ||
diff --git a/etc/steam.profile b/etc/steam.profile index b527589de..536588e4b 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
@@ -12,7 +12,13 @@ include /etc/firejail/disable-passwdmgr.inc | |||
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | netfilter | 14 | netfilter |
15 | nogroups | ||
15 | nonewprivs | 16 | nonewprivs |
16 | noroot | 17 | noroot |
17 | protocol unix,inet,inet6,netlink | 18 | protocol unix,inet,inet6,netlink |
18 | seccomp | 19 | seccomp |
20 | shell none | ||
21 | tracelog | ||
22 | |||
23 | private-dev | ||
24 | private-tmp | ||
diff --git a/etc/totem.profile b/etc/totem.profile index 0b3942cf0..fadfbb00b 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -12,8 +12,18 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | ||
16 | nogroups | ||
15 | nonewprivs | 17 | nonewprivs |
16 | noroot | 18 | noroot |
17 | netfilter | ||
18 | protocol unix,inet,inet6 | 19 | protocol unix,inet,inet6 |
19 | seccomp | 20 | seccomp |
21 | shell none | ||
22 | |||
23 | private-bin totem | ||
24 | private-dev | ||
25 | private-etc fonts | ||
26 | private-tmp | ||
27 | |||
28 | noexec ${HOME} | ||
29 | noexec /tmp | ||
diff --git a/etc/viewnior.profile b/etc/viewnior.profile new file mode 100644 index 000000000..190c04e39 --- /dev/null +++ b/etc/viewnior.profile | |||
@@ -0,0 +1,30 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/viewnior.local | ||
4 | |||
5 | # Firejail profile for viewnior | ||
6 | noblacklist ~/.config/viewnior | ||
7 | |||
8 | include /etc/firejail/disable-common.inc | ||
9 | include /etc/firejail/disable-programs.inc | ||
10 | include /etc/firejail/disable-devel.inc | ||
11 | include /etc/firejail/disable-passwdmgr.inc | ||
12 | |||
13 | blacklist ~/.bashrc | ||
14 | blacklist ~/.Xauthority | ||
15 | |||
16 | caps.drop all | ||
17 | net none | ||
18 | nogroups | ||
19 | nonewprivs | ||
20 | noroot | ||
21 | nosound | ||
22 | protocol unix | ||
23 | seccomp | ||
24 | shell none | ||
25 | tracelog | ||
26 | |||
27 | private-bin viewnior | ||
28 | private-dev | ||
29 | private-etc fonts | ||
30 | private-tmp | ||
diff --git a/etc/viking.profile b/etc/viking.profile new file mode 100644 index 000000000..2b68d731c --- /dev/null +++ b/etc/viking.profile | |||
@@ -0,0 +1,30 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/viking.local | ||
4 | |||
5 | # Firejail profile for viking | ||
6 | |||
7 | noblacklist ${HOME}/.viking | ||
8 | noblacklist ${HOME}/.viking-maps | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | ||
11 | include /etc/firejail/disable-programs.inc | ||
12 | include /etc/firejail/disable-passwdmgr.inc | ||
13 | include /etc/firejail/disable-devel.inc | ||
14 | |||
15 | caps.drop all | ||
16 | netfilter | ||
17 | no3d | ||
18 | nogroups | ||
19 | nonewprivs | ||
20 | noroot | ||
21 | nosound | ||
22 | protocol unix,inet,inet6 | ||
23 | seccomp | ||
24 | shell none | ||
25 | |||
26 | private-dev | ||
27 | private-tmp | ||
28 | |||
29 | noexec ${HOME} | ||
30 | noexec /tmp | ||
diff --git a/etc/vlc.profile b/etc/vlc.profile index 0c96f0108..21282dfbd 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -22,3 +22,6 @@ shell none | |||
22 | private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc | 22 | private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc |
23 | # private-dev | 23 | # private-dev |
24 | private-tmp | 24 | private-tmp |
25 | |||
26 | noexec ${HOME} | ||
27 | noexec /tmp | ||
diff --git a/etc/wget.profile b/etc/wget.profile index cd156a376..3ba97d95d 100644 --- a/etc/wget.profile +++ b/etc/wget.profile | |||
@@ -10,11 +10,11 @@ include /etc/firejail/disable-passwdmgr.inc | |||
10 | 10 | ||
11 | caps.drop all | 11 | caps.drop all |
12 | netfilter | 12 | netfilter |
13 | no3d | ||
14 | nogroups | ||
13 | nonewprivs | 15 | nonewprivs |
14 | noroot | 16 | noroot |
15 | nogroups | ||
16 | nosound | 17 | nosound |
17 | no3d | ||
18 | protocol unix,inet,inet6 | 18 | protocol unix,inet,inet6 |
19 | seccomp | 19 | seccomp |
20 | shell none | 20 | shell none |
@@ -22,7 +22,9 @@ shell none | |||
22 | blacklist /tmp/.X11-unix | 22 | blacklist /tmp/.X11-unix |
23 | 23 | ||
24 | # private-bin wget | 24 | # private-bin wget |
25 | # private-etc resolv.conf | ||
26 | private-dev | 25 | private-dev |
26 | # private-etc resolv.conf | ||
27 | private-tmp | 27 | private-tmp |
28 | 28 | ||
29 | noexec ${HOME} | ||
30 | noexec /tmp | ||
diff --git a/etc/wireshark.profile b/etc/wireshark.profile index 90909edf1..dc224b31c 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile | |||
@@ -18,6 +18,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
18 | #protocol unix,inet,inet6,netlink | 18 | #protocol unix,inet,inet6,netlink |
19 | 19 | ||
20 | netfilter | 20 | netfilter |
21 | no3d | ||
21 | nogroups | 22 | nogroups |
22 | nonewprivs | 23 | nonewprivs |
23 | nosound | 24 | nosound |
@@ -28,3 +29,6 @@ tracelog | |||
28 | #private-bin wireshark | 29 | #private-bin wireshark |
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
32 | |||
33 | noexec ${HOME} | ||
34 | noexec /tmp | ||
diff --git a/etc/xonotic.profile b/etc/xonotic.profile index f2690c6c3..6bfb26484 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile | |||
@@ -23,7 +23,16 @@ include /etc/firejail/whitelist-common.inc | |||
23 | #Options | 23 | #Options |
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
26 | nogroups | ||
26 | nonewprivs | 27 | nonewprivs |
27 | noroot | 28 | noroot |
28 | protocol unix,inet,inet6 | 29 | protocol unix,inet,inet6 |
29 | seccomp | 30 | seccomp |
31 | shell none | ||
32 | |||
33 | private-bin xonotic-sdl,xonotic-glx,blind-id | ||
34 | private-dev | ||
35 | private-tmp | ||
36 | |||
37 | noexec ${HOME} | ||
38 | noexec /tmp | ||
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile new file mode 100644 index 000000000..720a27af2 --- /dev/null +++ b/etc/youtube-dl.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/youtube-dl.local | ||
4 | |||
5 | # Firejail profile for youtube-dl | ||
6 | |||
7 | include /etc/firejail/disable-common.inc | ||
8 | include /etc/firejail/disable-programs.inc | ||
9 | include /etc/firejail/disable-passwdmgr.inc | ||
10 | include /etc/firejail/disable-devel.inc | ||
11 | |||
12 | caps.drop all | ||
13 | netfilter | ||
14 | no3d | ||
15 | nogroups | ||
16 | nonewprivs | ||
17 | noroot | ||
18 | nosound | ||
19 | protocol unix,inet,inet6 | ||
20 | seccomp | ||
21 | shell none | ||
22 | |||
23 | private-dev | ||
24 | |||
25 | noexec ${HOME} | ||
26 | noexec /tmp | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 5f994128a..0f1f14bf5 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -119,6 +119,7 @@ | |||
119 | /etc/firejail/keepassx2.profile | 119 | /etc/firejail/keepassx2.profile |
120 | /etc/firejail/keepassxc.profile | 120 | /etc/firejail/keepassxc.profile |
121 | /etc/firejail/kmail.profile | 121 | /etc/firejail/kmail.profile |
122 | /etc/firejail/kodi.profile | ||
122 | /etc/firejail/konversation.profile | 123 | /etc/firejail/konversation.profile |
123 | /etc/firejail/less.profile | 124 | /etc/firejail/less.profile |
124 | /etc/firejail/libreoffice.profile | 125 | /etc/firejail/libreoffice.profile |
@@ -137,6 +138,7 @@ | |||
137 | /etc/firejail/mathematica.profile | 138 | /etc/firejail/mathematica.profile |
138 | /etc/firejail/mcabber.profile | 139 | /etc/firejail/mcabber.profile |
139 | /etc/firejail/mediainfo.profile | 140 | /etc/firejail/mediainfo.profile |
141 | /etc/firejail/meld.profile | ||
140 | /etc/firejail/midori.profile | 142 | /etc/firejail/midori.profile |
141 | /etc/firejail/mousepad.profile | 143 | /etc/firejail/mousepad.profile |
142 | /etc/firejail/mpv.profile | 144 | /etc/firejail/mpv.profile |
@@ -205,6 +207,8 @@ | |||
205 | /etc/firejail/unrar.profile | 207 | /etc/firejail/unrar.profile |
206 | /etc/firejail/unzip.profile | 208 | /etc/firejail/unzip.profile |
207 | /etc/firejail/uudeview.profile | 209 | /etc/firejail/uudeview.profile |
210 | /etc/firejail/viewnior.profile | ||
211 | /etc/firejail/viking.profile | ||
208 | /etc/firejail/vim.profile | 212 | /etc/firejail/vim.profile |
209 | /etc/firejail/virtualbox.profile | 213 | /etc/firejail/virtualbox.profile |
210 | /etc/firejail/vivaldi.profile | 214 | /etc/firejail/vivaldi.profile |
@@ -232,6 +236,7 @@ | |||
232 | /etc/firejail/xviewer.profile | 236 | /etc/firejail/xviewer.profile |
233 | /etc/firejail/xz.profile | 237 | /etc/firejail/xz.profile |
234 | /etc/firejail/xzdec.profile | 238 | /etc/firejail/xzdec.profile |
239 | /etc/firejail/youtube-dl.profile | ||
235 | /etc/firejail/zathura.profile | 240 | /etc/firejail/zathura.profile |
236 | /etc/firejail/zoom.profile | 241 | /etc/firejail/zoom.profile |
237 | /etc/firejail/wget.profile | 242 | /etc/firejail/wget.profile |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 4a40402d7..dc8df9bac 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -17,6 +17,7 @@ transmission-qt | |||
17 | transmission-cli | 17 | transmission-cli |
18 | transmission-show | 18 | transmission-show |
19 | uget-gtk | 19 | uget-gtk |
20 | youtube-dl | ||
20 | 21 | ||
21 | # browsers/email | 22 | # browsers/email |
22 | abrowser | 23 | abrowser |
@@ -130,6 +131,7 @@ google-play-music-desktop-player | |||
130 | gpicview | 131 | gpicview |
131 | img2txt | 132 | img2txt |
132 | k3b | 133 | k3b |
134 | kodi | ||
133 | mediainfo | 135 | mediainfo |
134 | mediathekview | 136 | mediathekview |
135 | mpv | 137 | mpv |
@@ -140,6 +142,7 @@ simple-scan | |||
140 | skanlite | 142 | skanlite |
141 | spotify | 143 | spotify |
142 | totem | 144 | totem |
145 | viewnior | ||
143 | vlc | 146 | vlc |
144 | xfburn | 147 | xfburn |
145 | xmms | 148 | xmms |
@@ -201,11 +204,13 @@ keepass2 | |||
201 | keepassx | 204 | keepassx |
202 | keepassx2 | 205 | keepassx2 |
203 | keepassxc | 206 | keepassxc |
207 | meld | ||
204 | mousepad | 208 | mousepad |
205 | pluma | 209 | pluma |
206 | Thunar | 210 | Thunar |
207 | thunar | 211 | thunar |
208 | tracker | 212 | tracker |
213 | viking | ||
209 | wireshark | 214 | wireshark |
210 | xiphos | 215 | xiphos |
211 | xed | 216 | xed |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index fa66da617..025e715e6 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -113,7 +113,7 @@ static void disable_file(OPERATION op, const char *filename) { | |||
113 | else { | 113 | else { |
114 | if (arg_debug) { | 114 | if (arg_debug) { |
115 | if (strcmp(filename, fname)) | 115 | if (strcmp(filename, fname)) |
116 | printf("Disable %s (requesterd %s)\n", fname, filename); | 116 | printf("Disable %s (requested %s)\n", fname, filename); |
117 | else | 117 | else |
118 | printf("Disable %s\n", fname); | 118 | printf("Disable %s\n", fname); |
119 | } | 119 | } |
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index d24f19da7..70f0388e6 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -23,6 +23,7 @@ | |||
23 | #include <glob.h> | 23 | #include <glob.h> |
24 | #include <dirent.h> | 24 | #include <dirent.h> |
25 | #include <fcntl.h> | 25 | #include <fcntl.h> |
26 | #include <errno.h> | ||
26 | #include <sys/stat.h> | 27 | #include <sys/stat.h> |
27 | #include <sys/types.h> | 28 | #include <sys/types.h> |
28 | #include <sys/wait.h> | 29 | #include <sys/wait.h> |
@@ -301,7 +302,7 @@ void fs_private(void) { | |||
301 | if (mkdir(homedir, S_IRWXU) == -1) { | 302 | if (mkdir(homedir, S_IRWXU) == -1) { |
302 | if (mkpath_as_root(homedir) == -1) | 303 | if (mkpath_as_root(homedir) == -1) |
303 | errExit("mkpath"); | 304 | errExit("mkpath"); |
304 | if (mkdir(homedir, S_IRWXU) == -1) | 305 | if (mkdir(homedir, S_IRWXU) == -1 && errno != EEXIST) |
305 | errExit("mkdir"); | 306 | errExit("mkdir"); |
306 | } | 307 | } |
307 | if (chown(homedir, u, g) < 0) | 308 | if (chown(homedir, u, g) < 0) |
diff --git a/test/arguments/arguments.sh b/test/arguments/arguments.sh index db4c9b472..d9b7058bf 100755 --- a/test/arguments/arguments.sh +++ b/test/arguments/arguments.sh | |||
@@ -1,6 +1,11 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | 2 | ||
3 | [ -f argtest ] || make argtest | 3 | if [ -f /etc/debian_version ]; then |
4 | libdir=$(dirname "$(dpkg -L firejail | grep faudit)") | ||
5 | export PATH="$PATH:$libdir" | ||
6 | else | ||
7 | export PATH="$PATH:/usr/lib/firejail" | ||
8 | fi | ||
4 | 9 | ||
5 | echo "TESTING: 1. regular bash session" | 10 | echo "TESTING: 1. regular bash session" |
6 | ./bashrun.exp | 11 | ./bashrun.exp |
diff --git a/test/arguments/bashrun.sh b/test/arguments/bashrun.sh index 0797c92c2..a4773fd6c 100755 --- a/test/arguments/bashrun.sh +++ b/test/arguments/bashrun.sh | |||
@@ -1,22 +1,22 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | 2 | ||
3 | echo "TESTING: 1.1 - simple args" | 3 | echo "TESTING: 1.1 - simple args" |
4 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit arg1 arg2 | 4 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit arg1 arg2 |
5 | 5 | ||
6 | # simple quotes, testing spaces in file names | 6 | # simple quotes, testing spaces in file names |
7 | echo "TESTING: 1.2 - args with space and \"" | 7 | echo "TESTING: 1.2 - args with space and \"" |
8 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit "arg1 tail" "arg2 tail" | 8 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit "arg1 tail" "arg2 tail" |
9 | 9 | ||
10 | echo "TESTING: 1.3 - args with space and '" | 10 | echo "TESTING: 1.3 - args with space and '" |
11 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit 'arg1 tail' 'arg2 tail' | 11 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit 'arg1 tail' 'arg2 tail' |
12 | 12 | ||
13 | # escaped space in file names | 13 | # escaped space in file names |
14 | echo "TESTING: 1.4 - args with space and \\" | 14 | echo "TESTING: 1.4 - args with space and \\" |
15 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit arg1\ tail arg2\ tail | 15 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit arg1\ tail arg2\ tail |
16 | 16 | ||
17 | # & char appears in URLs - URLs should be quoted | 17 | # & char appears in URLs - URLs should be quoted |
18 | echo "TESTING: 1.5 - args with & and \"" | 18 | echo "TESTING: 1.5 - args with & and \"" |
19 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit "arg1&tail" "arg2&tail" | 19 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit "arg1&tail" "arg2&tail" |
20 | 20 | ||
21 | echo "TESTING: 1.6 - args with & and '" | 21 | echo "TESTING: 1.6 - args with & and '" |
22 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit 'arg1&tail' 'arg2&tail' | 22 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit 'arg1&tail' 'arg2&tail' |
diff --git a/test/arguments/joinrun.sh b/test/arguments/joinrun.sh index 2743d823e..3ed166839 100755 --- a/test/arguments/joinrun.sh +++ b/test/arguments/joinrun.sh | |||
@@ -1,22 +1,22 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | 2 | ||
3 | echo "TESTING: 3.1 - simple args" | 3 | echo "TESTING: 3.1 - simple args" |
4 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --join=joinrun /usr/lib/firejail/faudit arg1 arg2 | 4 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --join=joinrun faudit arg1 arg2 |
5 | 5 | ||
6 | # simple quotes, testing spaces in file names | 6 | # simple quotes, testing spaces in file names |
7 | echo "TESTING: 3.2 - args with space and \"" | 7 | echo "TESTING: 3.2 - args with space and \"" |
8 | firejail--env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit "arg1 tail" "arg2 tail" | 8 | firejail--env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit "arg1 tail" "arg2 tail" |
9 | 9 | ||
10 | echo "TESTING: 3.3 - args with space and '" | 10 | echo "TESTING: 3.3 - args with space and '" |
11 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit 'arg1 tail' 'arg2 tail' | 11 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit 'arg1 tail' 'arg2 tail' |
12 | 12 | ||
13 | # escaped space in file names | 13 | # escaped space in file names |
14 | echo "TESTING: 3.4 - args with space and \\" | 14 | echo "TESTING: 3.4 - args with space and \\" |
15 | firejail--env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit arg1\ tail arg2\ tail | 15 | firejail--env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit arg1\ tail arg2\ tail |
16 | 16 | ||
17 | # & char appears in URLs - URLs should be quoted | 17 | # & char appears in URLs - URLs should be quoted |
18 | echo "TESTING: 3.5 - args with & and \"" | 18 | echo "TESTING: 3.5 - args with & and \"" |
19 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit "arg1&tail" "arg2&tail" | 19 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit "arg1&tail" "arg2&tail" |
20 | 20 | ||
21 | echo "TESTING: 3.6 - args with & and '" | 21 | echo "TESTING: 3.6 - args with & and '" |
22 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit 'arg1&tail' 'arg2&tail' | 22 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet faudit 'arg1&tail' 'arg2&tail' |
diff --git a/test/arguments/outrun.sh b/test/arguments/outrun.sh index a21243873..e2b3046d6 100755 --- a/test/arguments/outrun.sh +++ b/test/arguments/outrun.sh | |||
@@ -1,22 +1,22 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | 2 | ||
3 | echo "TESTING: 4.1 - simple args" | 3 | echo "TESTING: 4.1 - simple args" |
4 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit arg1 arg2 | 4 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit arg1 arg2 |
5 | 5 | ||
6 | # simple quotes, testing spaces in file names | 6 | # simple quotes, testing spaces in file names |
7 | echo "TESTING: 4.2 - args with space and \"" | 7 | echo "TESTING: 4.2 - args with space and \"" |
8 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit "arg1 tail" "arg2 tail" | 8 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit "arg1 tail" "arg2 tail" |
9 | 9 | ||
10 | echo "TESTING: 4.3 - args with space and '" | 10 | echo "TESTING: 4.3 - args with space and '" |
11 | firejail--env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit 'arg1 tail' 'arg2 tail' | 11 | firejail--env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit 'arg1 tail' 'arg2 tail' |
12 | 12 | ||
13 | # escaped space in file names | 13 | # escaped space in file names |
14 | echo "TESTING: 4.4 - args with space and \\" | 14 | echo "TESTING: 4.4 - args with space and \\" |
15 | firejail--env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit arg1\ tail arg2\ tail | 15 | firejail--env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit arg1\ tail arg2\ tail |
16 | 16 | ||
17 | # & char appears in URLs - URLs should be quoted | 17 | # & char appears in URLs - URLs should be quoted |
18 | echo "TESTING: 4.5 - args with & and \"" | 18 | echo "TESTING: 4.5 - args with & and \"" |
19 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit "arg1&tail" "arg2&tail" | 19 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit "arg1&tail" "arg2&tail" |
20 | 20 | ||
21 | echo "TESTING: 4.6 - args with & and '" | 21 | echo "TESTING: 4.6 - args with & and '" |
22 | firejail--env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit 'arg1&tail' 'arg2&tail' | 22 | firejail--env=FIREJAIL_TEST_ARGUMENTS=yes --output=out faudit 'arg1&tail' 'arg2&tail' |
diff --git a/test/environment/csh.exp b/test/environment/csh.exp index bd0cf8c86..89de94b3c 100755 --- a/test/environment/csh.exp +++ b/test/environment/csh.exp | |||
@@ -14,7 +14,7 @@ expect { | |||
14 | } | 14 | } |
15 | sleep 1 | 15 | sleep 1 |
16 | 16 | ||
17 | send -- "find /home\r" | 17 | send -- "find ~\r" |
18 | expect { | 18 | expect { |
19 | timeout {puts "TESTING ERROR 1\n";exit} | 19 | timeout {puts "TESTING ERROR 1\n";exit} |
20 | ".cshrc" | 20 | ".cshrc" |
diff --git a/test/environment/zsh.exp b/test/environment/zsh.exp index 4380f476c..1b6cdcdc5 100755 --- a/test/environment/zsh.exp +++ b/test/environment/zsh.exp | |||
@@ -14,7 +14,7 @@ expect { | |||
14 | } | 14 | } |
15 | sleep 1 | 15 | sleep 1 |
16 | 16 | ||
17 | send -- "find /home\r" | 17 | send -- "find ~\r" |
18 | expect { | 18 | expect { |
19 | timeout {puts "TESTING ERROR 1\n";exit} | 19 | timeout {puts "TESTING ERROR 1\n";exit} |
20 | ".zshrc" | 20 | ".zshrc" |
diff --git a/test/fcopy/cmdline.exp b/test/fcopy/cmdline.exp index 10dd8da58..798c9e718 100755 --- a/test/fcopy/cmdline.exp +++ b/test/fcopy/cmdline.exp | |||
@@ -7,7 +7,7 @@ set timeout 10 | |||
7 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
8 | match_max 100000 | 8 | match_max 100000 |
9 | 9 | ||
10 | send -- "/usr/lib/firejail/fcopy\r" | 10 | send -- "fcopy\r" |
11 | expect { | 11 | expect { |
12 | timeout {puts "TESTING ERROR 0\n";exit} | 12 | timeout {puts "TESTING ERROR 0\n";exit} |
13 | "arguments missing" | 13 | "arguments missing" |
@@ -18,7 +18,7 @@ expect { | |||
18 | } | 18 | } |
19 | after 100 | 19 | after 100 |
20 | 20 | ||
21 | send -- "/usr/lib/firejail/fcopy foo\r" | 21 | send -- "fcopy foo\r" |
22 | expect { | 22 | expect { |
23 | timeout {puts "TESTING ERROR 2\n";exit} | 23 | timeout {puts "TESTING ERROR 2\n";exit} |
24 | "arguments missing" | 24 | "arguments missing" |
@@ -29,14 +29,14 @@ expect { | |||
29 | } | 29 | } |
30 | after 100 | 30 | after 100 |
31 | 31 | ||
32 | send -- "/usr/lib/firejail/fcopy f%oo1 foo2\r" | 32 | send -- "fcopy f%oo1 foo2\r" |
33 | expect { | 33 | expect { |
34 | timeout {puts "TESTING ERROR 4\n";exit} | 34 | timeout {puts "TESTING ERROR 4\n";exit} |
35 | "invalid source file name" | 35 | "invalid source file name" |
36 | } | 36 | } |
37 | after 100 | 37 | after 100 |
38 | 38 | ||
39 | send -- "/usr/lib/firejail/fcopy foo1 f,oo2\r" | 39 | send -- "fcopy foo1 f,oo2\r" |
40 | expect { | 40 | expect { |
41 | timeout {puts "TESTING ERROR 5\n";exit} | 41 | timeout {puts "TESTING ERROR 5\n";exit} |
42 | "invalid dest file name" | 42 | "invalid dest file name" |
diff --git a/test/fcopy/dircopy.exp b/test/fcopy/dircopy.exp index 573f454c8..e8462ae82 100755 --- a/test/fcopy/dircopy.exp +++ b/test/fcopy/dircopy.exp | |||
@@ -13,7 +13,7 @@ match_max 100000 | |||
13 | send -- "rm -fr dest/*\r" | 13 | send -- "rm -fr dest/*\r" |
14 | after 100 | 14 | after 100 |
15 | 15 | ||
16 | send -- "/usr/lib/firejail/fcopy src dest\r" | 16 | send -- "fcopy src dest\r" |
17 | after 100 | 17 | after 100 |
18 | 18 | ||
19 | send -- "find dest\r" | 19 | send -- "find dest\r" |
diff --git a/test/fcopy/fcopy.sh b/test/fcopy/fcopy.sh index 0ae50399a..d122eff5d 100755 --- a/test/fcopy/fcopy.sh +++ b/test/fcopy/fcopy.sh | |||
@@ -6,6 +6,13 @@ | |||
6 | export MALLOC_CHECK_=3 | 6 | export MALLOC_CHECK_=3 |
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | 7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) |
8 | 8 | ||
9 | if [ -f /etc/debian_version ]; then | ||
10 | libdir=$(dirname "$(dpkg -L firejail | grep fcopy)") | ||
11 | export PATH="$PATH:$libdir" | ||
12 | else | ||
13 | export PATH="$PATH:/usr/lib/firejail" | ||
14 | fi | ||
15 | |||
9 | mkdir dest | 16 | mkdir dest |
10 | 17 | ||
11 | echo "TESTING: fcopy cmdline (test/fcopy/cmdline.exp)" | 18 | echo "TESTING: fcopy cmdline (test/fcopy/cmdline.exp)" |
diff --git a/test/fcopy/filecopy.exp b/test/fcopy/filecopy.exp index e0d959c32..824a22bba 100755 --- a/test/fcopy/filecopy.exp +++ b/test/fcopy/filecopy.exp | |||
@@ -13,7 +13,7 @@ match_max 100000 | |||
13 | send -- "rm -fr dest/*\r" | 13 | send -- "rm -fr dest/*\r" |
14 | after 100 | 14 | after 100 |
15 | 15 | ||
16 | send -- "/usr/lib/firejail/fcopy dircopy.exp dest\r" | 16 | send -- "fcopy dircopy.exp dest\r" |
17 | after 100 | 17 | after 100 |
18 | 18 | ||
19 | send -- "find dest\r" | 19 | send -- "find dest\r" |
diff --git a/test/fcopy/linkcopy.exp b/test/fcopy/linkcopy.exp index beceb3675..46ee327cb 100755 --- a/test/fcopy/linkcopy.exp +++ b/test/fcopy/linkcopy.exp | |||
@@ -13,7 +13,7 @@ match_max 100000 | |||
13 | send -- "rm -fr dest/*\r" | 13 | send -- "rm -fr dest/*\r" |
14 | after 100 | 14 | after 100 |
15 | 15 | ||
16 | send -- "/usr/lib/firejail/fcopy src/dircopy.exp dest\r" | 16 | send -- "fcopy src/dircopy.exp dest\r" |
17 | after 100 | 17 | after 100 |
18 | 18 | ||
19 | send -- "find dest\r" | 19 | send -- "find dest\r" |
diff --git a/test/filters/filters.sh b/test/filters/filters.sh index 4996e6d66..59d7d7e7f 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh | |||
@@ -6,6 +6,13 @@ | |||
6 | export MALLOC_CHECK_=3 | 6 | export MALLOC_CHECK_=3 |
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | 7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) |
8 | 8 | ||
9 | if [ -f /etc/debian_version ]; then | ||
10 | libdir=$(dirname "$(dpkg -L firejail | grep fseccomp)") | ||
11 | export PATH="$PATH:$libdir" | ||
12 | else | ||
13 | export PATH="$PATH:/usr/lib/firejail" | ||
14 | fi | ||
15 | |||
9 | echo "TESTING: debug options (test/filters/debug.exp)" | 16 | echo "TESTING: debug options (test/filters/debug.exp)" |
10 | ./debug.exp | 17 | ./debug.exp |
11 | 18 | ||
diff --git a/test/filters/fseccomp.exp b/test/filters/fseccomp.exp index 4d876df08..433524680 100755 --- a/test/filters/fseccomp.exp +++ b/test/filters/fseccomp.exp | |||
@@ -8,39 +8,39 @@ spawn $env(SHELL) | |||
8 | match_max 100000 | 8 | match_max 100000 |
9 | 9 | ||
10 | after 100 | 10 | after 100 |
11 | send -- "/usr/lib/firejail/fseccomp debug-syscalls\r" | 11 | send -- "fseccomp debug-syscalls\r" |
12 | expect { | 12 | expect { |
13 | timeout {puts "TESTING ERROR 1\n";exit} | 13 | timeout {puts "TESTING ERROR 1\n";exit} |
14 | "1 - write" | 14 | "1 - write" |
15 | } | 15 | } |
16 | 16 | ||
17 | after 100 | 17 | after 100 |
18 | send -- "/usr/lib/firejail/fseccomp debug-errnos\r" | 18 | send -- "fseccomp debug-errnos\r" |
19 | expect { | 19 | expect { |
20 | timeout {puts "TESTING ERROR 2\n";exit} | 20 | timeout {puts "TESTING ERROR 2\n";exit} |
21 | "1 - EPERM" | 21 | "1 - EPERM" |
22 | } | 22 | } |
23 | 23 | ||
24 | after 100 | 24 | after 100 |
25 | send -- "/usr/lib/firejail/fseccomp debug-protocols\r" | 25 | send -- "fseccomp debug-protocols\r" |
26 | expect { | 26 | expect { |
27 | timeout {puts "TESTING ERROR 3\n";exit} | 27 | timeout {puts "TESTING ERROR 3\n";exit} |
28 | "unix, inet, inet6, netlink, packet," | 28 | "unix, inet, inet6, netlink, packet," |
29 | } | 29 | } |
30 | 30 | ||
31 | after 100 | 31 | after 100 |
32 | send -- "/usr/lib/firejail/fseccomp protocol build unix,inet seccomp-test-file\r" | 32 | send -- "fseccomp protocol build unix,inet seccomp-test-file\r" |
33 | after 100 | 33 | after 100 |
34 | send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r" | 34 | send -- "fseccomp print seccomp-test-file\r" |
35 | expect { | 35 | expect { |
36 | timeout {puts "TESTING ERROR 4.1\n";exit} | 36 | timeout {puts "TESTING ERROR 4.1\n";exit} |
37 | "WHITELIST 41 socket" | 37 | "WHITELIST 41 socket" |
38 | } | 38 | } |
39 | 39 | ||
40 | after 100 | 40 | after 100 |
41 | send -- "/usr/lib/firejail/fseccomp secondary 64 seccomp-test-file\r" | 41 | send -- "fseccomp secondary 64 seccomp-test-file\r" |
42 | after 100 | 42 | after 100 |
43 | send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r" | 43 | send -- "fseccomp print seccomp-test-file\r" |
44 | expect { | 44 | expect { |
45 | timeout {puts "TESTING ERROR 5.1\n";exit} | 45 | timeout {puts "TESTING ERROR 5.1\n";exit} |
46 | "BLACKLIST 165 mount" | 46 | "BLACKLIST 165 mount" |
@@ -55,9 +55,9 @@ expect { | |||
55 | } | 55 | } |
56 | 56 | ||
57 | after 100 | 57 | after 100 |
58 | send -- "/usr/lib/firejail/fseccomp default seccomp-test-file\r" | 58 | send -- "fseccomp default seccomp-test-file\r" |
59 | after 100 | 59 | after 100 |
60 | send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r" | 60 | send -- "fseccomp print seccomp-test-file\r" |
61 | expect { | 61 | expect { |
62 | timeout {puts "TESTING ERROR 6.1\n";exit} | 62 | timeout {puts "TESTING ERROR 6.1\n";exit} |
63 | "BLACKLIST 165 mount" | 63 | "BLACKLIST 165 mount" |
@@ -72,9 +72,9 @@ expect { | |||
72 | } | 72 | } |
73 | 73 | ||
74 | after 100 | 74 | after 100 |
75 | send -- "/usr/lib/firejail/fseccomp drop seccomp-test-file chmod,chown\r" | 75 | send -- "fseccomp drop seccomp-test-file chmod,chown\r" |
76 | after 100 | 76 | after 100 |
77 | send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r" | 77 | send -- "fseccomp print seccomp-test-file\r" |
78 | expect { | 78 | expect { |
79 | timeout {puts "TESTING ERROR 7.1\n";exit} | 79 | timeout {puts "TESTING ERROR 7.1\n";exit} |
80 | "BLACKLIST 165 mount" {puts "TESTING ERROR 7.2\n";exit} | 80 | "BLACKLIST 165 mount" {puts "TESTING ERROR 7.2\n";exit} |
@@ -91,9 +91,9 @@ expect { | |||
91 | } | 91 | } |
92 | 92 | ||
93 | after 100 | 93 | after 100 |
94 | send -- "/usr/lib/firejail/fseccomp default drop seccomp-test-file chmod,chown\r" | 94 | send -- "fseccomp default drop seccomp-test-file chmod,chown\r" |
95 | after 100 | 95 | after 100 |
96 | send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r" | 96 | send -- "fseccomp print seccomp-test-file\r" |
97 | expect { | 97 | expect { |
98 | timeout {puts "TESTING ERROR 8.1\n";exit} | 98 | timeout {puts "TESTING ERROR 8.1\n";exit} |
99 | "BLACKLIST 165 mount" | 99 | "BLACKLIST 165 mount" |
@@ -115,9 +115,9 @@ expect { | |||
115 | "RETURN_ALLOW" | 115 | "RETURN_ALLOW" |
116 | } | 116 | } |
117 | after 100 | 117 | after 100 |
118 | send -- "/usr/lib/firejail/fseccomp keep seccomp-test-file chmod,chown\r" | 118 | send -- "fseccomp keep seccomp-test-file chmod,chown\r" |
119 | after 100 | 119 | after 100 |
120 | send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r" | 120 | send -- "fseccomp print seccomp-test-file\r" |
121 | expect { | 121 | expect { |
122 | timeout {puts "TESTING ERROR 9.1\n";exit} | 122 | timeout {puts "TESTING ERROR 9.1\n";exit} |
123 | "WHITELIST 90 chmod" | 123 | "WHITELIST 90 chmod" |
diff --git a/test/fs/mkdir_mkfile.exp b/test/fs/mkdir_mkfile.exp index 28a5ae459..1faa913e0 100755 --- a/test/fs/mkdir_mkfile.exp +++ b/test/fs/mkdir_mkfile.exp | |||
@@ -16,11 +16,7 @@ expect { | |||
16 | } | 16 | } |
17 | sleep 1 | 17 | sleep 1 |
18 | 18 | ||
19 | send -- "find ~\r" | 19 | send -- "find ~ | LC_ALL=C sort\r" |
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "_firejail_test_file" | ||
23 | } | ||
24 | expect { | 20 | expect { |
25 | timeout {puts "TESTING ERROR 1\n";exit} | 21 | timeout {puts "TESTING ERROR 1\n";exit} |
26 | "_firejail_test_dir" | 22 | "_firejail_test_dir" |
@@ -41,6 +37,10 @@ expect { | |||
41 | timeout {puts "TESTING ERROR 1\n";exit} | 37 | timeout {puts "TESTING ERROR 1\n";exit} |
42 | "_firejail_test_dir/dir1/dir2/dir3/file1" | 38 | "_firejail_test_dir/dir1/dir2/dir3/file1" |
43 | } | 39 | } |
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 1\n";exit} | ||
42 | "_firejail_test_file" | ||
43 | } | ||
44 | after 100 | 44 | after 100 |
45 | send -- "exit\r" | 45 | send -- "exit\r" |
46 | after 100 | 46 | after 100 |
diff --git a/test/fs/private-home-dir.exp b/test/fs/private-home-dir.exp index 77baeeb5f..9c97ff4ea 100755 --- a/test/fs/private-home-dir.exp +++ b/test/fs/private-home-dir.exp | |||
@@ -41,7 +41,11 @@ expect { | |||
41 | } | 41 | } |
42 | after 100 | 42 | after 100 |
43 | 43 | ||
44 | send -- "ls -al ~\r" | 44 | send -- "find ~ | LC_ALL=C sort\r" |
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 4\n";exit} | ||
47 | ".Xauthority" | ||
48 | } | ||
45 | expect { | 49 | expect { |
46 | timeout {puts "TESTING ERROR 2\n";exit} | 50 | timeout {puts "TESTING ERROR 2\n";exit} |
47 | ".asoundrc" | 51 | ".asoundrc" |
@@ -50,10 +54,6 @@ expect { | |||
50 | timeout {puts "TESTING ERROR 3\n";exit} | 54 | timeout {puts "TESTING ERROR 3\n";exit} |
51 | ".bashrc" | 55 | ".bashrc" |
52 | } | 56 | } |
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 4\n";exit} | ||
55 | ".Xauthority" | ||
56 | } | ||
57 | after 100 | 57 | after 100 |
58 | 58 | ||
59 | send -- "exit\r" | 59 | send -- "exit\r" |
diff --git a/test/fs/private.exp b/test/fs/private.exp index c7059079d..e522ca5a1 100755 --- a/test/fs/private.exp +++ b/test/fs/private.exp | |||
@@ -37,18 +37,18 @@ expect { | |||
37 | } | 37 | } |
38 | after 100 | 38 | after 100 |
39 | 39 | ||
40 | send -- "ls -al ~\r" | 40 | send -- "find ~ | LC_ALL=C sort\r" |
41 | expect { | 41 | expect { |
42 | timeout {puts "TESTING ERROR 2\n";exit} | 42 | timeout {puts "TESTING ERROR 2\n";exit} |
43 | ".asoundrc" | 43 | ".Xauthority" |
44 | } | 44 | } |
45 | expect { | 45 | expect { |
46 | timeout {puts "TESTING ERROR 3\n";exit} | 46 | timeout {puts "TESTING ERROR 3\n";exit} |
47 | ".bashrc" | 47 | ".asoundrc" |
48 | } | 48 | } |
49 | expect { | 49 | expect { |
50 | timeout {puts "TESTING ERROR 4\n";exit} | 50 | timeout {puts "TESTING ERROR 4\n";exit} |
51 | ".Xauthority" | 51 | ".bashrc" |
52 | } | 52 | } |
53 | after 100 | 53 | after 100 |
54 | 54 | ||
diff --git a/test/fs/whitelist-double.exp b/test/fs/whitelist-double.exp index dd2336ce1..ac6adc165 100755 --- a/test/fs/whitelist-double.exp +++ b/test/fs/whitelist-double.exp | |||
@@ -32,10 +32,10 @@ expect { | |||
32 | "123" | 32 | "123" |
33 | } | 33 | } |
34 | 34 | ||
35 | send -- "rm /tmp/firejal-deleteme\r" | 35 | send -- "rm -v /tmp/firejal-deleteme\r" |
36 | expect { | 36 | expect { |
37 | timeout {puts "TESTING ERROR 3\n";exit} | 37 | timeout {puts "TESTING ERROR 3\n";exit} |
38 | "0" | 38 | "removed" |
39 | } | 39 | } |
40 | after 100 | 40 | after 100 |
41 | 41 | ||
diff --git a/test/fs/whitelist-empty.exp b/test/fs/whitelist-empty.exp index e1c3ffb4a..9e4406263 100755 --- a/test/fs/whitelist-empty.exp +++ b/test/fs/whitelist-empty.exp | |||
@@ -14,36 +14,36 @@ expect { | |||
14 | } | 14 | } |
15 | sleep 1 | 15 | sleep 1 |
16 | 16 | ||
17 | send -- "ls -l ~/ | wc -l\r" | 17 | send -- "ls -l ~\r" |
18 | expect { | 18 | expect { |
19 | timeout {puts "TESTING ERROR 1\n";exit} | 19 | timeout {puts "TESTING ERROR 1\n";exit} |
20 | "0" | 20 | "0" |
21 | } | 21 | } |
22 | 22 | ||
23 | send -- "ls -l /tmp | wc -l\r" | 23 | send -- "ls -l /tmp\r" |
24 | expect { | 24 | expect { |
25 | timeout {puts "TESTING ERROR 2\n";exit} | 25 | timeout {puts "TESTING ERROR 2\n";exit} |
26 | "0" | 26 | "0" |
27 | } | 27 | } |
28 | 28 | ||
29 | send -- "ls -l /media | wc -l\r" | 29 | send -- "ls -l /media\r" |
30 | expect { | 30 | expect { |
31 | timeout {puts "TESTING ERROR 3\n";exit} | 31 | timeout {puts "TESTING ERROR 3\n";exit} |
32 | "0" | 32 | "0" |
33 | } | 33 | } |
34 | 34 | ||
35 | send -- "ls -l /var | wc -l\r" | 35 | send -- "ls -l /var\r" |
36 | expect { | 36 | expect { |
37 | timeout {puts "TESTING ERROR 4\n";exit} | 37 | timeout {puts "TESTING ERROR 4\n";exit} |
38 | "0" | 38 | "0" |
39 | } | 39 | } |
40 | 40 | ||
41 | send -- "ls -l /dev | wc -l\r" | 41 | send -- "ls -l /dev\r" |
42 | expect { | 42 | expect { |
43 | timeout {puts "TESTING ERROR 5\n";exit} | 43 | timeout {puts "TESTING ERROR 5\n";exit} |
44 | "0" | 44 | "0" |
45 | } | 45 | } |
46 | send -- "ls -l /opt | wc -l\r" | 46 | send -- "ls -l /opt\r" |
47 | expect { | 47 | expect { |
48 | timeout {puts "TESTING ERROR 6\n";exit} | 48 | timeout {puts "TESTING ERROR 6\n";exit} |
49 | "0" | 49 | "0" |
diff --git a/test/network/4bridges_arp.exp b/test/network/4bridges_arp.exp index 80760eb3a..e84ec719c 100755 --- a/test/network/4bridges_arp.exp +++ b/test/network/4bridges_arp.exp | |||
@@ -150,22 +150,26 @@ expect { | |||
150 | send -- "ip route show\r" | 150 | send -- "ip route show\r" |
151 | expect { | 151 | expect { |
152 | timeout {puts "TESTING ERROR 10.2\n";exit} | 152 | timeout {puts "TESTING ERROR 10.2\n";exit} |
153 | "10.10.20.0/29 dev eth0 proto kernel scope link" | 153 | "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "old iproute2\n";} |
154 | "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "new iproute2\n";} | ||
154 | } | 155 | } |
155 | send -- "ip route show\r" | 156 | send -- "ip route show\r" |
156 | expect { | 157 | expect { |
157 | timeout {puts "TESTING ERROR 10.2\n";exit} | 158 | timeout {puts "TESTING ERROR 10.2\n";exit} |
158 | "10.10.30.0/24 dev eth1 proto kernel scope link" | 159 | "10.10.30.0/24 dev eth1 proto kernel scope link" {puts "old iproute2\n";} |
160 | "10.10.30.0/24 dev eth1 proto kernel scope link" {puts "new iproute2\n";} | ||
159 | } | 161 | } |
160 | send -- "ip route show\r" | 162 | send -- "ip route show\r" |
161 | expect { | 163 | expect { |
162 | timeout {puts "TESTING ERROR 10.2\n";exit} | 164 | timeout {puts "TESTING ERROR 10.2\n";exit} |
163 | "10.10.40.0/24 dev eth2 proto kernel scope link" | 165 | "10.10.40.0/24 dev eth2 proto kernel scope link" {puts "old iproute2\n";} |
166 | "10.10.40.0/24 dev eth2 proto kernel scope link" {puts "new iproute2\n";} | ||
164 | } | 167 | } |
165 | send -- "ip route show\r" | 168 | send -- "ip route show\r" |
166 | expect { | 169 | expect { |
167 | timeout {puts "TESTING ERROR 10.2\n";exit} | 170 | timeout {puts "TESTING ERROR 10.2\n";exit} |
168 | "10.10.50.0/24 dev eth3 proto kernel scope link" | 171 | "10.10.50.0/24 dev eth3 proto kernel scope link" {puts "old iproute2\n";} |
172 | "10.10.50.0/24 dev eth3 proto kernel scope link" {puts "new iproute2\n";} | ||
169 | } | 173 | } |
170 | send -- "exit\r" | 174 | send -- "exit\r" |
171 | after 100 | 175 | after 100 |
diff --git a/test/network/4bridges_ip.exp b/test/network/4bridges_ip.exp index 5e136926b..74a1e5d68 100755 --- a/test/network/4bridges_ip.exp +++ b/test/network/4bridges_ip.exp | |||
@@ -150,25 +150,29 @@ expect { | |||
150 | send -- "ip route show\r" | 150 | send -- "ip route show\r" |
151 | expect { | 151 | expect { |
152 | timeout {puts "TESTING ERROR 10.2\n";exit} | 152 | timeout {puts "TESTING ERROR 10.2\n";exit} |
153 | "10.10.20.0/29 dev eth0 proto kernel scope link" | 153 | "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "old iproute2\n";} |
154 | "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "new iproute2\n";} | ||
154 | } | 155 | } |
155 | 156 | ||
156 | send -- "ip route show\r" | 157 | send -- "ip route show\r" |
157 | expect { | 158 | expect { |
158 | timeout {puts "TESTING ERROR 10.3\n";exit} | 159 | timeout {puts "TESTING ERROR 10.3\n";exit} |
159 | "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" | 160 | "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" {puts "old iproute2\n";} |
161 | "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" {puts "new iproute2\n";} | ||
160 | } | 162 | } |
161 | 163 | ||
162 | send -- "ip route show\r" | 164 | send -- "ip route show\r" |
163 | expect { | 165 | expect { |
164 | timeout {puts "TESTING ERROR 10.4\n";exit} | 166 | timeout {puts "TESTING ERROR 10.4\n";exit} |
165 | "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" | 167 | "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" {puts "old iproute2\n";} |
168 | "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" {puts "new iproute2\n";} | ||
166 | } | 169 | } |
167 | 170 | ||
168 | send -- "ip route show\r" | 171 | send -- "ip route show\r" |
169 | expect { | 172 | expect { |
170 | timeout {puts "TESTING ERROR 10.5\n";exit} | 173 | timeout {puts "TESTING ERROR 10.5\n";exit} |
171 | "10.10.50.0/24 dev eth3 proto kernel scope link" | 174 | "10.10.50.0/24 dev eth3 proto kernel scope link" {puts "old iproute2\n";} |
175 | "10.10.50.0/24 dev eth3 proto kernel scope link" {puts "new iproute2\n";} | ||
172 | } | 176 | } |
173 | 177 | ||
174 | send -- "exit\r" | 178 | send -- "exit\r" |
diff --git a/test/network/interface.exp b/test/network/interface.exp index bd8777c33..638e6d32b 100755 --- a/test/network/interface.exp +++ b/test/network/interface.exp | |||
@@ -27,8 +27,9 @@ expect { | |||
27 | "eth0.5" | 27 | "eth0.5" |
28 | } | 28 | } |
29 | expect { | 29 | expect { |
30 | timeout {puts "TESTING ERROR 2n";exit} | 30 | timeout {puts "TESTING ERROR 2\n";exit} |
31 | "Link" | 31 | "Link" {puts "old net-tools\n";} |
32 | "flags" {puts "new net-tools\n";} | ||
32 | } | 33 | } |
33 | expect { | 34 | expect { |
34 | timeout {puts "TESTING ERROR 3\n";exit} | 35 | timeout {puts "TESTING ERROR 3\n";exit} |
@@ -47,7 +48,8 @@ expect { | |||
47 | } | 48 | } |
48 | expect { | 49 | expect { |
49 | timeout {puts "TESTING ERROR 6\n";exit} | 50 | timeout {puts "TESTING ERROR 6\n";exit} |
50 | "Link" | 51 | "Link" {puts "old net-tools\n";} |
52 | "flags" {puts "new net-tools\n";} | ||
51 | } | 53 | } |
52 | expect { | 54 | expect { |
53 | timeout {puts "TESTING ERROR 7\n";exit} | 55 | timeout {puts "TESTING ERROR 7\n";exit} |
diff --git a/test/network/net_defaultgw.exp b/test/network/net_defaultgw.exp index c7178616a..763eee38e 100755 --- a/test/network/net_defaultgw.exp +++ b/test/network/net_defaultgw.exp | |||
@@ -41,7 +41,8 @@ expect { | |||
41 | send -- "ip route show\r" | 41 | send -- "ip route show\r" |
42 | expect { | 42 | expect { |
43 | timeout {puts "TESTING ERROR 10.2\n";exit} | 43 | timeout {puts "TESTING ERROR 10.2\n";exit} |
44 | "10.10.20.0/29 dev eth0 proto kernel scope link" | 44 | "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "old iproute2\n";} |
45 | "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "new iproute2\n";} | ||
45 | } | 46 | } |
46 | send -- "exit\r" | 47 | send -- "exit\r" |
47 | after 100 | 48 | after 100 |
diff --git a/test/network/net_defaultgw2.exp b/test/network/net_defaultgw2.exp index 088dfeee8..e7483c921 100755 --- a/test/network/net_defaultgw2.exp +++ b/test/network/net_defaultgw2.exp | |||
@@ -29,13 +29,15 @@ expect { | |||
29 | send -- "ip route show\r" | 29 | send -- "ip route show\r" |
30 | expect { | 30 | expect { |
31 | timeout {puts "TESTING ERROR 10.2\n";exit} | 31 | timeout {puts "TESTING ERROR 10.2\n";exit} |
32 | "10.10.20.0/29 dev eth0 proto kernel scope link" | 32 | "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "old iproute2\n";} |
33 | "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "new iproute2\n";} | ||
33 | } | 34 | } |
34 | 35 | ||
35 | send -- "ip route show\r" | 36 | send -- "ip route show\r" |
36 | expect { | 37 | expect { |
37 | timeout {puts "TESTING ERROR 10.3\n";exit} | 38 | timeout {puts "TESTING ERROR 10.3\n";exit} |
38 | "10.10.30.0/24 dev eth1 proto kernel scope link" | 39 | "10.10.30.0/24 dev eth1 proto kernel scope link" {puts "old iproute2\n";} |
40 | "10.10.30.0/24 dev eth1 proto kernel scope link" {puts "new iproute2\n";} | ||
39 | } | 41 | } |
40 | send -- "exit\r" | 42 | send -- "exit\r" |
41 | after 100 | 43 | after 100 |
diff --git a/test/network/net_ip.exp b/test/network/net_ip.exp index c6b84781c..8ec676dd1 100755 --- a/test/network/net_ip.exp +++ b/test/network/net_ip.exp | |||
@@ -67,7 +67,8 @@ expect { | |||
67 | send -- "ip route show\r" | 67 | send -- "ip route show\r" |
68 | expect { | 68 | expect { |
69 | timeout {puts "TESTING ERROR 10\n";exit} | 69 | timeout {puts "TESTING ERROR 10\n";exit} |
70 | "10.10.20.0/29 dev eth0 proto kernel scope link" | 70 | "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "old iproute2\n";} |
71 | "10.10.20.0/29 dev eth0 proto kernel scope link" {puts "new iproute2\n";} | ||
71 | } | 72 | } |
72 | send -- "exit\r" | 73 | send -- "exit\r" |
73 | after 100 | 74 | after 100 |
diff --git a/test/network/net_profile.exp b/test/network/net_profile.exp index febbcfcd7..b3bc9b441 100755 --- a/test/network/net_profile.exp +++ b/test/network/net_profile.exp | |||
@@ -38,13 +38,15 @@ sleep 1 | |||
38 | send -- "ip route show\r" | 38 | send -- "ip route show\r" |
39 | expect { | 39 | expect { |
40 | timeout {puts "TESTING ERROR 1\n";exit} | 40 | timeout {puts "TESTING ERROR 1\n";exit} |
41 | "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" | 41 | "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" {puts "old iproute2\n";} |
42 | "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" {puts "new iproute2\n";} | ||
42 | } | 43 | } |
43 | 44 | ||
44 | send -- "ip route show\r" | 45 | send -- "ip route show\r" |
45 | expect { | 46 | expect { |
46 | timeout {puts "TESTING ERROR 2\n";exit} | 47 | timeout {puts "TESTING ERROR 2\n";exit} |
47 | "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" | 48 | "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" {puts "old iproute2\n";} |
49 | "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" {puts "new iproute2\n";} | ||
48 | } | 50 | } |
49 | 51 | ||
50 | 52 | ||
diff --git a/test/utils/audit.exp b/test/utils/audit.exp index 566493947..f0c1906a0 100755 --- a/test/utils/audit.exp +++ b/test/utils/audit.exp | |||
@@ -35,7 +35,7 @@ expect { | |||
35 | after 100 | 35 | after 100 |
36 | 36 | ||
37 | 37 | ||
38 | send -- "firejail --audit=/usr/lib/firejail/faudit\r" | 38 | send -- "firejail --audit\r" |
39 | expect { | 39 | expect { |
40 | timeout {puts "TESTING ERROR 6\n";exit} | 40 | timeout {puts "TESTING ERROR 6\n";exit} |
41 | "Firejail Audit" | 41 | "Firejail Audit" |