aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile.in45
-rw-r--r--src/firejail/fs.c6
-rw-r--r--src/fnet/interface.c76
-rwxr-xr-xtest/overlay/firefox-x11-xorg.exp90
-rwxr-xr-xtest/overlay/firefox-x11.exp90
-rwxr-xr-xtest/overlay/firefox.exp99
-rwxr-xr-xtest/overlay/fs.exp (renamed from test/fs_overlay.exp)42
-rwxr-xr-xtest/overlay/overlay.sh57
8 files changed, 408 insertions, 97 deletions
diff --git a/Makefile.in b/Makefile.in
index 64970d4a5..03b6befbe 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -161,6 +161,8 @@ dist:
161 tar -cJvf $(NAME)-$(VERSION).tar.xz $(NAME)-$(VERSION) 161 tar -cJvf $(NAME)-$(VERSION).tar.xz $(NAME)-$(VERSION)
162 rm -fr $(NAME)-$(VERSION) 162 rm -fr $(NAME)-$(VERSION)
163 163
164asc:; ./mkasc.sh $(VERSION)
165
164deb: dist 166deb: dist
165 ./mkdeb.sh $(NAME) $(VERSION) 167 ./mkdeb.sh $(NAME) $(VERSION)
166 168
@@ -173,9 +175,6 @@ install-snap: snap
173test-compile: dist 175test-compile: dist
174 cd test/compile; ./compile.sh $(NAME)-$(VERSION) 176 cd test/compile; ./compile.sh $(NAME)-$(VERSION)
175 177
176test-root:
177 cd test/root; su -c ./root.sh | grep TESTING
178
179.PHONY: rpms 178.PHONY: rpms
180rpms: 179rpms:
181 ./platform/rpm/mkrpm.sh $(NAME) $(VERSION) 180 ./platform/rpm/mkrpm.sh $(NAME) $(VERSION)
@@ -189,7 +188,19 @@ cppcheck: clean
189scan-build: clean 188scan-build: clean
190 scan-build make 189 scan-build make
191 190
192asc:; ./mkasc.sh $(VERSION) 191gcov-test-initialized:
192 ./gcov-test-init.sh
193
194gcov: gcov-test-initialized
195 lcov --capture -d src/firejail -d src/firemon -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg --output-file gcov-file
196 rm -fr gcov-dir
197 genhtml gcov-file --output-directory gcov-dir
198
199
200#
201# make test
202#
203
193 204
194test-profiles: 205test-profiles:
195 cd test/profiles; ./profiles.sh | grep TESTING 206 cd test/profiles; ./profiles.sh | grep TESTING
@@ -218,21 +229,25 @@ test-filters:
218test-arguments: 229test-arguments:
219 cd test/arguments; ./arguments.sh | grep TESTING 230 cd test/arguments; ./arguments.sh | grep TESTING
220 231
221test-network:
222 cd test/network; ./network.sh | grep TESTING
223
224test-fs: 232test-fs:
225 cd test/fs; ./fs.sh | grep TESTING 233 cd test/fs; ./fs.sh | grep TESTING
226 234
227test: test-profiles test-fs test-utils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters test-arguments 235test: test-profiles test-fs test-utils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters test-arguments
228 echo "TEST COMPLETE" 236 echo "TEST COMPLETE"
229 237
230gcov-test-initialized: 238#
231 ./gcov-test-init.sh 239# individual tests, some of them requiring root access
232 240#
233gcov: gcov-test-initialized 241
234 lcov --capture -d src/firejail -d src/firemon -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg --output-file gcov-file 242# root access, network devices are created before the test
235 rm -fr gcov-dir 243test-network:
236 genhtml gcov-file --output-directory gcov-dir 244 cd test/network; ./network.sh | grep TESTING
245
246# all the tests are run as root
247test-root:
248 cd test/root; su -c ./root.sh | grep TESTING
237 249
238 \ No newline at end of file 250# runs as regular user
251test-overlay:
252 cd test/overlay; ./overlay.sh | grep TESTING
253
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 4556f0a82..65b0773ca 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -919,6 +919,9 @@ void fs_overlayfs(void) {
919 } 919 }
920 920
921 // chroot in the new filesystem 921 // chroot in the new filesystem
922#ifdef HAVE_GCOV
923 __gcov_flush();
924#endif
922 if (chroot(oroot) == -1) 925 if (chroot(oroot) == -1)
923 errExit("chroot"); 926 errExit("chroot");
924 927
@@ -1102,6 +1105,9 @@ void fs_chroot(const char *rootdir) {
1102 } 1105 }
1103 1106
1104 // chroot into the new directory 1107 // chroot into the new directory
1108#ifdef HAVE_GCOV
1109 __gcov_flush();
1110#endif
1105 if (arg_debug) 1111 if (arg_debug)
1106 printf("Chrooting into %s\n", rootdir); 1112 printf("Chrooting into %s\n", rootdir);
1107 if (chroot(rootdir) < 0) 1113 if (chroot(rootdir) < 0)
diff --git a/src/fnet/interface.c b/src/fnet/interface.c
index 046b2c972..3958efddd 100644
--- a/src/fnet/interface.c
+++ b/src/fnet/interface.c
@@ -29,13 +29,18 @@
29#include <net/route.h> 29#include <net/route.h>
30#include <linux/if_bridge.h> 30#include <linux/if_bridge.h>
31 31
32// add a veth device to a bridge 32static void check_if_name(const char *ifname) {
33void net_bridge_add_interface(const char *bridge, const char *dev) { 33 if (strlen(ifname) > IFNAMSIZ) {
34 if (strlen(bridge) > IFNAMSIZ) { 34 fprintf(stderr, "Error fnet: invalid network device name %s\n", ifname);
35 fprintf(stderr, "Error fnet: invalid network device name %s\n", bridge);
36 exit(1); 35 exit(1);
37 } 36 }
37}
38 38
39// add a veth device to a bridge
40void net_bridge_add_interface(const char *bridge, const char *dev) {
41 check_if_name(bridge);
42 check_if_name(dev);
43
39 // somehow adding the interface to the bridge resets MTU on bridge device!!! 44 // somehow adding the interface to the bridge resets MTU on bridge device!!!
40 // workaround: restore MTU on the bridge device 45 // workaround: restore MTU on the bridge device
41 // todo: put a real fix in 46 // todo: put a real fix in
@@ -69,18 +74,14 @@ void net_bridge_add_interface(const char *bridge, const char *dev) {
69 close(sock); 74 close(sock);
70 75
71 int mtu2 = net_get_mtu(bridge); 76 int mtu2 = net_get_mtu(bridge);
72 if (mtu1 != mtu2) { 77 if (mtu1 != mtu2)
73 net_set_mtu(bridge, mtu1); 78 net_set_mtu(bridge, mtu1);
74 }
75} 79}
76 80
77 81
78// bring interface up 82// bring interface up
79void net_if_up(const char *ifname) { 83void net_if_up(const char *ifname) {
80 if (strlen(ifname) > IFNAMSIZ) { 84 check_if_name(ifname);
81 fprintf(stderr, "Error fnet: invalid network device name %s\n", ifname);
82 exit(1);
83 }
84 85
85 int sock = socket(AF_INET,SOCK_DGRAM,0); 86 int sock = socket(AF_INET,SOCK_DGRAM,0);
86 if (sock < 0) 87 if (sock < 0)
@@ -93,28 +94,19 @@ void net_if_up(const char *ifname) {
93 ifr.ifr_addr.sa_family = AF_INET; 94 ifr.ifr_addr.sa_family = AF_INET;
94 95
95 // read the existing flags 96 // read the existing flags
96 if (ioctl(sock, SIOCGIFFLAGS, &ifr ) < 0) { 97 if (ioctl(sock, SIOCGIFFLAGS, &ifr ) < 0)
97 close(sock);
98 printf("Error fnet: cannot bring up interface %s\n", ifname);
99 errExit("ioctl"); 98 errExit("ioctl");
100 }
101 99
102 ifr.ifr_flags |= IFF_UP; 100 ifr.ifr_flags |= IFF_UP;
103 101
104 // set the new flags 102 // set the new flags
105 if (ioctl( sock, SIOCSIFFLAGS, &ifr ) < 0) { 103 if (ioctl( sock, SIOCSIFFLAGS, &ifr ) < 0)
106 close(sock);
107 printf("Error fnet: cannot bring up interface %s\n", ifname);
108 errExit("ioctl"); 104 errExit("ioctl");
109 }
110 105
111 // checking 106 // checking
112 // read the existing flags 107 // read the existing flags
113 if (ioctl(sock, SIOCGIFFLAGS, &ifr ) < 0) { 108 if (ioctl(sock, SIOCGIFFLAGS, &ifr ) < 0)
114 close(sock);
115 printf("Error fnet: cannot bring up interface %s\n", ifname);
116 errExit("ioctl"); 109 errExit("ioctl");
117 }
118 110
119 // wait not more than 500ms for the interface to come up 111 // wait not more than 500ms for the interface to come up
120 int cnt = 0; 112 int cnt = 0;
@@ -122,11 +114,8 @@ void net_if_up(const char *ifname) {
122 usleep(10000); // sleep 10ms 114 usleep(10000); // sleep 10ms
123 115
124 // read the existing flags 116 // read the existing flags
125 if (ioctl(sock, SIOCGIFFLAGS, &ifr ) < 0) { 117 if (ioctl(sock, SIOCGIFFLAGS, &ifr ) < 0)
126 close(sock);
127 printf("Error fnet: cannot bring up interface %s\n", ifname);
128 errExit("ioctl"); 118 errExit("ioctl");
129 }
130 if (ifr.ifr_flags & IFF_RUNNING) 119 if (ifr.ifr_flags & IFF_RUNNING)
131 break; 120 break;
132 cnt++; 121 cnt++;
@@ -136,12 +125,8 @@ void net_if_up(const char *ifname) {
136} 125}
137 126
138int net_get_mtu(const char *ifname) { 127int net_get_mtu(const char *ifname) {
128 check_if_name(ifname);
139 int mtu = 0; 129 int mtu = 0;
140 if (strlen(ifname) > IFNAMSIZ) {
141 fprintf(stderr, "Error fnet: invalid network device name %s\n", ifname);
142 exit(1);
143 }
144
145 int s; 130 int s;
146 struct ifreq ifr; 131 struct ifreq ifr;
147 132
@@ -160,11 +145,7 @@ int net_get_mtu(const char *ifname) {
160} 145}
161 146
162void net_set_mtu(const char *ifname, int mtu) { 147void net_set_mtu(const char *ifname, int mtu) {
163 if (strlen(ifname) > IFNAMSIZ) { 148 check_if_name(ifname);
164 fprintf(stderr, "Error fnet: invalid network device name %s\n", ifname);
165 exit(1);
166 }
167
168 int s; 149 int s;
169 struct ifreq ifr; 150 struct ifreq ifr;
170 151
@@ -246,6 +227,7 @@ void net_ifprint(int scan) {
246} 227}
247 228
248int net_get_mac(const char *ifname, unsigned char mac[6]) { 229int net_get_mac(const char *ifname, unsigned char mac[6]) {
230 check_if_name(ifname);
249 231
250 struct ifreq ifr; 232 struct ifreq ifr;
251 int sock; 233 int sock;
@@ -267,11 +249,7 @@ int net_get_mac(const char *ifname, unsigned char mac[6]) {
267 249
268// configure interface ipv4 address 250// configure interface ipv4 address
269void net_if_ip(const char *ifname, uint32_t ip, uint32_t mask, int mtu) { 251void net_if_ip(const char *ifname, uint32_t ip, uint32_t mask, int mtu) {
270 if (strlen(ifname) > IFNAMSIZ) { 252 check_if_name(ifname);
271 fprintf(stderr, "Error: invalid network device name %s\n", ifname);
272 exit(1);
273 }
274
275 int sock = socket(AF_INET,SOCK_DGRAM,0); 253 int sock = socket(AF_INET,SOCK_DGRAM,0);
276 if (sock < 0) 254 if (sock < 0)
277 errExit("socket"); 255 errExit("socket");
@@ -282,34 +260,29 @@ void net_if_ip(const char *ifname, uint32_t ip, uint32_t mask, int mtu) {
282 ifr.ifr_addr.sa_family = AF_INET; 260 ifr.ifr_addr.sa_family = AF_INET;
283 261
284 ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr = htonl(ip); 262 ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr = htonl(ip);
285 if (ioctl( sock, SIOCSIFADDR, &ifr ) < 0) { 263 if (ioctl( sock, SIOCSIFADDR, &ifr ) < 0)
286 close(sock);
287 fprintf(stderr, "Error fnet: cannot find interface %s\n", ifname);
288 errExit("ioctl"); 264 errExit("ioctl");
289 }
290 265
291 if (ip != 0) { 266 if (ip != 0) {
292 ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr = htonl(mask); 267 ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr = htonl(mask);
293 if (ioctl( sock, SIOCSIFNETMASK, &ifr ) < 0) { 268 if (ioctl( sock, SIOCSIFNETMASK, &ifr ) < 0)
294 close(sock);
295 errExit("ioctl"); 269 errExit("ioctl");
296 }
297 } 270 }
298 271
299 // configure mtu 272 // configure mtu
300 if (mtu > 0) { 273 if (mtu > 0) {
301 ifr.ifr_mtu = mtu; 274 ifr.ifr_mtu = mtu;
302 if (ioctl( sock, SIOCSIFMTU, &ifr ) < 0) { 275 if (ioctl( sock, SIOCSIFMTU, &ifr ) < 0)
303 close(sock);
304 errExit("ioctl"); 276 errExit("ioctl");
305 }
306 } 277 }
307 278
308 close(sock); 279 close(sock);
309 usleep(10000); // sleep 10ms 280 usleep(10000); // sleep 10ms
281 return;
310} 282}
311 283
312int net_if_mac(const char *ifname, const unsigned char mac[6]) { 284int net_if_mac(const char *ifname, const unsigned char mac[6]) {
285 check_if_name(ifname);
313 struct ifreq ifr; 286 struct ifreq ifr;
314 int sock; 287 int sock;
315 288
@@ -335,6 +308,7 @@ struct ifreq6 {
335 unsigned int ifr6_ifindex; 308 unsigned int ifr6_ifindex;
336}; 309};
337void net_if_ip6(const char *ifname, const char *addr6) { 310void net_if_ip6(const char *ifname, const char *addr6) {
311 check_if_name(ifname);
338 if (strchr(addr6, ':') == NULL) { 312 if (strchr(addr6, ':') == NULL) {
339 fprintf(stderr, "Error fnet: invalid IPv6 address %s\n", addr6); 313 fprintf(stderr, "Error fnet: invalid IPv6 address %s\n", addr6);
340 exit(1); 314 exit(1);
diff --git a/test/overlay/firefox-x11-xorg.exp b/test/overlay/firefox-x11-xorg.exp
new file mode 100755
index 000000000..76c0e55fc
--- /dev/null
+++ b/test/overlay/firefox-x11-xorg.exp
@@ -0,0 +1,90 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail --overlay --name=test --x11=xorg firefox -no-remote www.gentoo.org\r"
11sleep 10
12
13spawn $env(SHELL)
14send -- "firejail --list\r"
15expect {
16 timeout {puts "TESTING ERROR 3\n";exit}
17 ":firejail"
18}
19expect {
20 timeout {puts "TESTING ERROR 3.1\n";exit}
21 "firefox" {puts "firefox detected\n";}
22 "iceweasel" {puts "iceweasel detected\n";}
23}
24expect {
25 timeout {puts "TESTING ERROR 3.2\n";exit}
26 "no-remote"
27}
28sleep 1
29# grsecurity exit
30send -- "file /proc/sys/kernel/grsecurity\r"
31expect {
32 timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
33 "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
34 "cannot open" {puts "grsecurity not present\n"}
35}
36send -- "firejail --overlay --name=blablabla\r"
37expect {
38 timeout {puts "TESTING ERROR 4\n";exit}
39 "Child process initialized"
40}
41sleep 2
42
43spawn $env(SHELL)
44send -- "firemon --seccomp\r"
45expect {
46 timeout {puts "TESTING ERROR 5\n";exit}
47 " firefox" {puts "firefox detected\n";}
48 " iceweasel" {puts "iceweasel detected\n";}
49}
50expect {
51 timeout {puts "TESTING ERROR 5.0\n";exit}
52 "no-remote"
53}
54expect {
55 timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
56 "Seccomp: 2"
57}
58expect {
59 timeout {puts "TESTING ERROR 5.1\n";exit}
60 "name=blablabla"
61}
62sleep 1
63send -- "firemon --caps\r"
64expect {
65 timeout {puts "TESTING ERROR 6\n";exit}
66 " firefox" {puts "firefox detected\n";}
67 " iceweasel" {puts "iceweasel detected\n";}
68}
69expect {
70 timeout {puts "TESTING ERROR 6.0\n";exit}
71 "no-remote"
72}
73expect {
74 timeout {puts "TESTING ERROR 6.1\n";exit}
75 "CapBnd:"
76}
77expect {
78 timeout {puts "TESTING ERROR 6.2\n";exit}
79 "0000000000000000"
80}
81expect {
82 timeout {puts "TESTING ERROR 6.3\n";exit}
83 "name=blablabla"
84}
85sleep 1
86send -- "firejail --shutdown=test\r"
87sleep 3
88
89puts "\nall done\n"
90
diff --git a/test/overlay/firefox-x11.exp b/test/overlay/firefox-x11.exp
new file mode 100755
index 000000000..aa248f328
--- /dev/null
+++ b/test/overlay/firefox-x11.exp
@@ -0,0 +1,90 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail --overlay --name=test --x11 firefox -no-remote www.gentoo.org\r"
11sleep 10
12
13spawn $env(SHELL)
14send -- "firejail --list\r"
15expect {
16 timeout {puts "TESTING ERROR 3\n";exit}
17 ":firejail"
18}
19expect {
20 timeout {puts "TESTING ERROR 3.1\n";exit}
21 "firefox" {puts "firefox detected\n";}
22 "iceweasel" {puts "iceweasel detected\n";}
23}
24expect {
25 timeout {puts "TESTING ERROR 3.2\n";exit}
26 "no-remote"
27}
28sleep 1
29# grsecurity exit
30send -- "file /proc/sys/kernel/grsecurity\r"
31expect {
32 timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
33 "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
34 "cannot open" {puts "grsecurity not present\n"}
35}
36send -- "firejail --name=blablabla --overlay\r"
37expect {
38 timeout {puts "TESTING ERROR 4\n";exit}
39 "Child process initialized"
40}
41sleep 2
42
43spawn $env(SHELL)
44send -- "firemon --seccomp\r"
45expect {
46 timeout {puts "TESTING ERROR 5\n";exit}
47 " firefox" {puts "firefox detected\n";}
48 " iceweasel" {puts "iceweasel detected\n";}
49}
50expect {
51 timeout {puts "TESTING ERROR 5.0\n";exit}
52 "no-remote"
53}
54expect {
55 timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
56 "Seccomp: 2"
57}
58expect {
59 timeout {puts "TESTING ERROR 5.1\n";exit}
60 "name=blablabla"
61}
62sleep 1
63send -- "firemon --caps\r"
64expect {
65 timeout {puts "TESTING ERROR 6\n";exit}
66 " firefox" {puts "firefox detected\n";}
67 " iceweasel" {puts "iceweasel detected\n";}
68}
69expect {
70 timeout {puts "TESTING ERROR 6.0\n";exit}
71 "no-remote"
72}
73expect {
74 timeout {puts "TESTING ERROR 6.1\n";exit}
75 "CapBnd:"
76}
77expect {
78 timeout {puts "TESTING ERROR 6.2\n";exit}
79 "0000000000000000"
80}
81expect {
82 timeout {puts "TESTING ERROR 6.3\n";exit}
83 "name=blablabla"
84}
85sleep 1
86send -- "firejail --shutdown=test\r"
87sleep 3
88
89puts "\nall done\n"
90
diff --git a/test/overlay/firefox.exp b/test/overlay/firefox.exp
new file mode 100755
index 000000000..6ef23558d
--- /dev/null
+++ b/test/overlay/firefox.exp
@@ -0,0 +1,99 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail --overlay firefox -no-remote www.gentoo.org\r"
11expect {
12 timeout {puts "TESTING ERROR 0\n";exit}
13 "Reading profile /etc/firejail/firefox.profile"
14}
15expect {
16 timeout {puts "TESTING ERROR 1\n";exit}
17 "Child process initialized"
18}
19sleep 10
20
21spawn $env(SHELL)
22send -- "firejail --list\r"
23expect {
24 timeout {puts "TESTING ERROR 3\n";exit}
25 ":firejail"
26}
27expect {
28 timeout {puts "TESTING ERROR 3.1\n";exit}
29 "firefox" {puts "firefox detected\n";}
30 "iceweasel" {puts "iceweasel detected\n";}
31}
32expect {
33 timeout {puts "TESTING ERROR 3.2\n";exit}
34 "no-remote"
35}
36after 100
37
38# grsecurity exit
39send -- "file /proc/sys/kernel/grsecurity\r"
40expect {
41 timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
42 "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
43 "cannot open" {puts "grsecurity not present\n"}
44}
45
46
47send -- "firejail --name=blablabla --overlay\r"
48expect {
49 timeout {puts "TESTING ERROR 4\n";exit}
50 "Child process initialized"
51}
52sleep 2
53
54spawn $env(SHELL)
55send -- "firemon --seccomp\r"
56expect {
57 timeout {puts "TESTING ERROR 5\n";exit}
58 " firefox" {puts "firefox detected\n";}
59 " iceweasel" {puts "iceweasel detected\n";}
60}
61expect {
62 timeout {puts "TESTING ERROR 5.0\n";exit}
63 "no-remote"
64}
65expect {
66 timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
67 "Seccomp: 2"
68}
69expect {
70 timeout {puts "TESTING ERROR 5.1\n";exit}
71 "name=blablabla"
72}
73after 100
74send -- "firemon --caps\r"
75expect {
76 timeout {puts "TESTING ERROR 6\n";exit}
77 " firefox" {puts "firefox detected\n";}
78 " iceweasel" {puts "iceweasel detected\n";}
79}
80expect {
81 timeout {puts "TESTING ERROR 6.0\n";exit}
82 "no-remote"
83}
84expect {
85 timeout {puts "TESTING ERROR 6.1\n";exit}
86 "CapBnd:"
87}
88expect {
89 timeout {puts "TESTING ERROR 6.2\n";exit}
90 "0000000000000000"
91}
92expect {
93 timeout {puts "TESTING ERROR 6.3\n";exit}
94 "name=blablabla"
95}
96after 100
97
98puts "\nall done\n"
99
diff --git a/test/fs_overlay.exp b/test/overlay/fs.exp
index b7eeba80f..15ada9203 100755
--- a/test/fs_overlay.exp
+++ b/test/overlay/fs.exp
@@ -4,19 +4,7 @@ set timeout 10
4spawn $env(SHELL) 4spawn $env(SHELL)
5match_max 100000 5match_max 100000
6 6
7send -- "rm -f /tmp/firejail-overlay-test;pwd\r" 7send -- "firejail --overlay\r"
8expect {
9 timeout {puts "TESTING ERROR 0\n";exit}
10 "home"
11}
12
13send -- "ls > /tmp/firejail-overlay-test;pwd\r"
14expect {
15 timeout {puts "TESTING ERROR 1\n";exit}
16 "home"
17}
18
19send -- "firejail --noprofile --overlay\r"
20expect { 8expect {
21 timeout {puts "TESTING ERROR 2\n";exit} 9 timeout {puts "TESTING ERROR 2\n";exit}
22 "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit} 10 "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit}
@@ -25,42 +13,34 @@ expect {
25} 13}
26sleep 1 14sleep 1
27 15
28send -- "echo xyzxyzxyz > /tmp/firejail-overlay-test;pwd\r" 16send -- "echo xyzxyzxyz > ~/_firejail_test_file; echo done\r"
29expect { 17expect {
30 timeout {puts "TESTING ERROR 3\n";exit} 18 timeout {puts "TESTING ERROR 3\n";exit}
31 "home" 19 "done"
32} 20}
33sleep 1 21after 100
34 22
35send -- "cat /tmp/firejail-overlay-test;pwd\r" 23send -- "cat ~/_firejail_test_file; echo done\r"
36expect { 24expect {
37 timeout {puts "TESTING ERROR 4\n";exit} 25 timeout {puts "TESTING ERROR 4\n";exit}
38 "xyzxyzxyz" 26 "xyzxyzxyz"
39} 27}
40expect { 28expect {
41 timeout {puts "TESTING ERROR 4.1\n";exit} 29 timeout {puts "TESTING ERROR 4.1\n";exit}
42 "home" 30 "done"
43} 31}
44sleep 1 32after 100
45 33
46send -- "exit\r" 34send -- "exit\r"
47sleep 2 35sleep 2
48 36
49send -- "cat /tmp/firejail-overlay-test;pwd\r" 37send -- "cat ~/_firejail_test_file; echo done\r"
50expect { 38expect {
51 timeout {puts "TESTING ERROR 5\n";exit} 39 timeout {puts "TESTING ERROR 5\n";exit}
52 "xyzxyzxyz" {puts "TESTING ERROR 5.1\n";exit} 40 "xyzxyzxyz" {puts "TESTING ERROR 5.1\n";exit}
53 "home" 41 "done"
54} 42}
55 43
56sleep 1 44after 100
57send -- "rm -f /tmp/firejail-overlay-test;pwd\r" 45puts "\nall done\n"
58expect {
59 timeout {puts "TESTING ERROR 0\n";exit}
60 "home"
61}
62
63
64sleep 1
65puts "all done \n"
66 46
diff --git a/test/overlay/overlay.sh b/test/overlay/overlay.sh
new file mode 100755
index 000000000..971adddfe
--- /dev/null
+++ b/test/overlay/overlay.sh
@@ -0,0 +1,57 @@
1#!/bin/bash
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6export MALLOC_CHECK_=3
7export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
8
9echo "TESTING: overlay fs (test/overlay/fs.exp)"
10rm -fr ~/_firejail_test_*
11./fs.exp
12rm -fr ~/_firejail_test_*
13
14which firefox
15if [ "$?" -eq 0 ];
16then
17 echo "TESTING: overlay firefox"
18 ./firefox.exp
19else
20 echo "TESTING SKIP: firefox not found"
21fi
22
23which firefox
24if [ "$?" -eq 0 ];
25then
26 echo "TESTING: overlay firefox x11 xorg"
27 ./firefox.exp
28else
29 echo "TESTING SKIP: firefox not found"
30fi
31
32
33# check xpra/xephyr
34which xpra
35if [ "$?" -eq 0 ];
36then
37 echo "xpra found"
38else
39 echo "xpra not found"
40 which Xephyr
41 if [ "$?" -eq 0 ];
42 then
43 echo "Xephyr found"
44 else
45 echo "TESTING SKIP: xpra and/or Xephyr not found"
46 exit
47 fi
48fi
49
50which firefox
51if [ "$?" -eq 0 ];
52then
53 echo "TESTING: overlay firefox x11"
54 ./firefox.exp
55else
56 echo "TESTING SKIP: firefox not found"
57fi
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-04 06:39:10 +0000