21 files changed, 212 insertions, 188 deletions
diff --git a/Makefile.in b/Makefile.in
index 41885ddcf..64970d4a5 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -174,7 +174,7 @@ test-compile: dist
        cd test/compile; ./compile.sh $(NAME)-$(VERSION)
 test-root:
-        cd test/root; su -c ./start.sh
+        cd test/root; su -c ./root.sh | grep TESTING
        
 .PHONY: rpms
 rpms:
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
index a3576e7c4..c906e32c0 100644
--- a/src/firejail/fs_bin.c
+++ b/src/firejail/fs_bin.c
@@ -247,6 +247,9 @@ void fs_private_bin_list(void) {
                        duplicate(ptr);
                free(dlist);    
                fs_logger_print();
+#ifdef HAVE_GCOV
+                __gcov_flush();
+#endif
                _exit(0);
        }
        // wait for the child to finish
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index 830de7c9f..ebcde29a3 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -171,6 +171,9 @@ void fs_private_etc_list(void) {
                                duplicate(ptr);
                        free(dlist);    
                        fs_logger_print();
+#ifdef HAVE_GCOV
+                        __gcov_flush();
+#endif
                        _exit(0);
                }
                // wait for the child to finish
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c
index cffe32a7a..6bcb3f33e 100644
--- a/src/firejail/fs_mkdir.c
+++ b/src/firejail/fs_mkdir.c
@@ -81,6 +81,9 @@ void fs_mkdir(const char *name) {
                // create directory
                mkdir_recursive(expanded);
+#ifdef HAVE_GCOV
+                __gcov_flush();
+#endif
                _exit(0);
        }
        // wait for the child to finish
@@ -126,6 +129,9 @@ void fs_mkfile(const char *name) {
                        (void) rv;
                        fclose(fp);
                }
+#ifdef HAVE_GCOV
+                __gcov_flush();
+#endif
                _exit(0);
        }
        // wait for the child to finish
diff --git a/src/firejail/ls.c b/src/firejail/ls.c
index 7c5585324..1b759d7a1 100644
--- a/src/firejail/ls.c
+++ b/src/firejail/ls.c
@@ -358,6 +358,9 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) {
                        // copy the file
                        if (copy_file(src_fname, tmp_fname, getuid(), getgid(), 0600))
                                _exit(1);
+#ifdef HAVE_GCOV
+                        __gcov_flush();
+#endif
                        _exit(0);
                }
@@ -381,6 +384,9 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) {
                        // copy the file
                        if (copy_file(tmp_fname, dest_fname, getuid(), getgid(), 0600))
                                _exit(1);
+#ifdef HAVE_GCOV
+                        __gcov_flush();
+#endif
                        _exit(0);
                }
@@ -423,6 +429,9 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) {
                        // copy the file
                        if (copy_file(src_fname, tmp_fname, getuid(), getgid(), 0600))
                                _exit(1);
+#ifdef HAVE_GCOV
+                        __gcov_flush();
+#endif
                        _exit(0);
                }
@@ -452,6 +461,9 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) {
                        // copy the file
                        if (copy_file(tmp_fname, dest_fname, getuid(), getgid(), 0600))
                                _exit(1);
+#ifdef HAVE_GCOV
+                        __gcov_flush();
+#endif
                        _exit(0);
                }
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 4759e6a5f..3f005b547 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -2461,6 +2461,9 @@ int main(int argc, char **argv) {
                        network_main(child);
                        if (arg_debug)
                                printf("Host network configured\n");                    
+#ifdef HAVE_GCOV
+                        __gcov_flush();
+#endif
                        _exit(0);                       
                }
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
index ecab8880a..54f947c45 100644
--- a/src/firejail/x11.c
+++ b/src/firejail/x11.c
@@ -692,6 +692,9 @@ void x11_xorg(void) {
                execlp("/usr/bin/xauth", "/usr/bin/xauth", "-f", tmpfname,
                        "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL); 
                
+#ifdef HAVE_GCOV
+                __gcov_flush();
+#endif
                _exit(0);
        }
diff --git a/src/firemon/interface.c b/src/firemon/interface.c
index bceed93d3..58990e6e5 100644
--- a/src/firemon/interface.c
+++ b/src/firemon/interface.c
@@ -146,6 +146,9 @@ static void print_sandbox(pid_t pid) {
                        return;
                net_ifprint();
                printf("\n");
+#ifdef HAVE_GCOV
+                __gcov_flush();
+#endif
                _exit(0);
        }
        
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c
index 78a3a4fb2..1940f4a34 100644
--- a/src/firemon/procevent.c
+++ b/src/firemon/procevent.c
@@ -192,6 +192,10 @@ static int procevent_monitor(const int sock, pid_t mypid) {
        tv.tv_usec = 0;
        while (1) {
+#ifdef HAVE_GCOV
+                __gcov_flush();
+#endif
 #define BUFFSIZE 4096 
                char __attribute__ ((aligned(NLMSG_ALIGNTO)))buf[BUFFSIZE];
                
diff --git a/test/fs/fs.sh b/test/fs/fs.sh
index 8ad67141a..0b9cf977e 100755
--- a/test/fs/fs.sh
+++ b/test/fs/fs.sh
@@ -8,6 +8,15 @@ export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
 rm -fr ~/_firejail_test_*
 echo "TESTING: mkdir/mkfile (test/fs/mkdir_mkfile.exp)"
+./mkdir_mkfile.exp
+rm -fr ~/_firejail_test_*
+mkdir ~/_firejail_test_dir
+touch ~/_firejail_test_dir/a
+mkdir ~/_firejail_test_dir/test1
+touch ~/_firejail_test_dir/test1/b
+echo "TESTING: read/write (test/fs/read-write.exp)"
+./read-write.exp
 rm -fr ~/_firejail_test_*
 echo "TESTING: /sys/fs access (test/fs/sys_fs.exp)"
diff --git a/test/fs/read-write.exp b/test/fs/read-write.exp
new file mode 100755
index 000000000..cfca15605
--- /dev/null
+++ b/test/fs/read-write.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --read-only=~/_firejail_test_dir --read-write=~/_firejail_test_dir/test1\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "echo mytest >~/_firejail_test_dir/a;echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "done"
+}
+send -- "echo mytest >~/_firejail_test_dir/test1/b;echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "done"
+}
+send -- "cat ~/_firejail_test_dir/a;echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "mytest" {puts "TESTING ERROR 4\n";exit}
+        "done"
+}
+send -- "cat ~/_firejail_test_dir/test1/b;echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "mytest"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "done"
+}
+after 100
+puts "\nall done\n"
diff --git a/test/root/configure b/test/root/configure
deleted file mode 100755
index 35d938340..000000000
--- a/test/root/configure
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/bash
-# This file is part of Firejail project
-# Copyright (C) 2014-2016 Firejail Authors
-# License GPL v2
-brctl addbr br0
-ifconfig br0 10.10.20.1/29 up
-# NAT masquerade
-iptables -t nat -A POSTROUTING -o eth0 -s 10.10.20.0/29 -j MASQUERADE
-# port forwarding
-# iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.10.20.2:80
-        
-brctl addbr br1
-ifconfig br1 10.10.30.1/24 up
-brctl addbr br2
-ifconfig br2 10.10.40.1/24 up
-brctl addbr br3
-ifconfig br3 10.10.50.1/24 up
-brctl addbr br4
-ifconfig br4 10.10.60.1/24 up
-ip link add link eth0 name eth0.5 type vlan id 5
-/sbin/ifconfig eth0.5 10.10.205.10/24 up
-ip link add link eth0 name eth0.6 type vlan id 6
-/sbin/ifconfig eth0.6 10.10.206.10/24 up
-ip link add link eth0 name eth0.7 type vlan id 7
-/sbin/ifconfig eth0.7 10.10.207.10/24 up
diff --git a/test/root/firemon-events.exp b/test/root/firemon-events.exp
new file mode 100755
index 000000000..4f305e51d
--- /dev/null
+++ b/test/root/firemon-events.exp
@@ -0,0 +1,72 @@
+#!/usr/bin/expect -f
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+# start firemon
+set firemon_id $spawn_id
+send -- "firemon\r"
+sleep 1
+# start firejail
+spawn $env(SHELL)
+set firejail_id $spawn_id
+send -- "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+# get messages on firemon
+set spawn_id $firemon_id
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "exec"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "/bin/bash -c /bin/bash"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "exec"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "/bin/bash"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "fork"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "child"
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "/bin/bash"
+}
+after 100
+# exit firejail
+set spawn_id $firejail_id
+send -- "exit\r"
+sleep 1
+# get messages on firemon
+set spawn_id $firemon_id
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "exit"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "EXIT SANDBOX"
+}
+puts "\nall done\n"
diff --git a/test/root/net_interface.exp b/test/root/net_interface.exp
deleted file mode 100755
index 2f87024d8..000000000
--- a/test/root/net_interface.exp
+++ /dev/null
@@ -1,93 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2016 Firejail Authors
-# License GPL v2
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send -- "ip link add link eth0 name eth0.100 type vlan id 100\r"
-sleep 1
-send -- "ip link add link eth0 name eth0.101 type vlan id 101\r"
-sleep 1
-send -- "ip link add link eth0 name eth0.102 type vlan id 102\r"
-sleep 1
-send -- "ip link add link eth0 name eth0.103 type vlan id 103\r"
-sleep 1
-send -- "ip link add link eth0 name eth0.104 type vlan id 104\r"
-sleep 1
-puts "\n"
-send -- "/sbin/ifconfig eth0.100 10.200.0.1/24\r"
-sleep 1
-send -- "/sbin/ifconfig eth0.101 10.200.1.1/24\r"
-sleep 1
-send -- "/sbin/ifconfig eth0.102 10.200.2.1/24\r"
-sleep 1
-send -- "/sbin/ifconfig eth0.103 10.200.3.1/24\r"
-sleep 1
-send -- "/sbin/ifconfig eth0.104 10.200.4.1/24\r"
-sleep 1
-puts "\n"
-send -- "firejail --noprofile --interface=eth0.100 --interface=eth0.101 --interface=eth0.102 --interface=eth0.103 --interface=eth0.104\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "maximum 4 interfaces are allowed"
-}
-sleep 1
-send -- "firejail --noprofile --interface=eth0.100 --interface=eth0.101 --interface=eth0.102 --interface=eth0.103\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "eth0.100"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.1\n";exit}
-        "UP"
-}
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "eth0.101"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.2\n";exit}
-        "UP"
-}
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "eth0.102"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "UP"
-}
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "eth0.103"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.1\n";exit}
-        "UP"
-}
-sleep 1
-send -- "exit\r"
-sleep 1
-send -- "firejail --noprofile --interface=eth0.104\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "eth0.104"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "UP"
-}
-send -- "exit\r"
-after 100
-puts "all done\n"
diff --git a/test/root/option_tmpfs.exp b/test/root/option_tmpfs.exp
index 20e42a858..3d492dfdb 100755
--- a/test/root/option_tmpfs.exp
+++ b/test/root/option_tmpfs.exp
@@ -16,13 +16,9 @@ expect {
        timeout {puts "TESTING ERROR 1\n";exit}
        "total 0"
 }
-expect {
+after 100
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "/root"
-}
-sleep 1
 send -- "exit\r"
-sleep 2
+sleep 1
 send -- "firejail --debug-check-filename --tmpfs=\"bla&&bla\"\r"
 expect {
diff --git a/test/root/profile_tmpfs.exp b/test/root/profile_tmpfs.exp
index da7c084a2..25f73b50b 100755
--- a/test/root/profile_tmpfs.exp
+++ b/test/root/profile_tmpfs.exp
@@ -4,34 +4,37 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
-send -- "mkdir /tmp/firejailtestdir\r"
-sleep 1
-send -- "ls > /tmp/firejailtestdir/tmpfile\r"
-sleep 1
 send -- "firejail --profile=tmpfs.profile\r"
 expect {
        timeout {puts "TESTING ERROR 0\n";exit}
        "Child process initialized"
 }
-# testing private only
-send -- "bash\r"
 sleep 1
-send -- "ls -l /tmp/firejailtestdir;pwd\r"
+send -- "ls -l /var;pwd\r"
 expect {
-        timeout {puts "TESTING ERROR 1.1\n";exit}
+        timeout {puts "TESTING ERROR 1\n";exit}
-        "tmpfile" {puts "TESTING ERROR 1\n";exit}
+        "total 0"
-        "home"
 }
-sleep 1
+after 100
-send -- "exit\r"
-sleep 1
 send -- "exit\r"
 sleep 1
-send -- "rm -fr  /tmp/firejailtestdir\r"
-sleep 1
+send -- "firejail --debug-check-filename --profile=tmpfs-bad.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 13.1\n";exit}
+        "Checking filename bla&&bla"
+}
+expect {
+        timeout {puts "TESTING ERROR 13.2\n";exit}
+        "Error:"
+}
+expect {
+        timeout {puts "TESTING ERROR 13.3\n";exit}
+        "is an invalid filename"
+}
+after 100
 puts "\nall done\n"
diff --git a/test/root/root.sh b/test/root/root.sh
index 960071d45..5576faad6 100755
--- a/test/root/root.sh
+++ b/test/root/root.sh
@@ -1,7 +1,5 @@
 #!/bin/bash
-./configure 2 > /dev/null
 #********************************
 # servers
 #********************************
@@ -76,30 +74,7 @@ echo hello > tmpfile
 rm -f tmpfile
 #********************************
-# networking
+# firemon
 #********************************
-echo "TESTING: network interfaces (test/root/net_interface.exp)"
+echo "TESTING: firemon events (test/root/firemon-events.exp)"
-./net_interface.exp
+./firemon-events.exp
-echo "TESTING: firemon --interface (test/root/firemon-interface.exp)"
-./firemon-interface.exp
-#if [ -f /sys/fs/cgroup/g1/tasks ]
-#then
-#       echo "TESTING: firemon --cgroup (firemon-cgroup.exp)"
-#       ./firemon-cgroup.exp
-#fi
-#
-#echo "TESTING: chroot resolv.conf (chroot-resolvconf.exp)"
-#rm -f tmpfile
-#touch tmpfile
-#rm -f /tmp/chroot/etc/resolv.conf
-#ln -s tmp /tmp/chroot/etc/resolv.conf
-#./chroot-resolvconf.exp
-#rm -f tmpfile
-#rm /tmp/chroot/etc/resolv.conf
-#echo "TESTING: chroot (fs_chroot_asroot.exp)"
-#./fs_chroot_asroot.exp
diff --git a/test/root/start.sh b/test/root/start.sh
deleted file mode 100755
index 8e7a869cd..000000000
--- a/test/root/start.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#/bin/bash
-./configure
-./root.sh | grep TESTING
-\ No newline at end of file
diff --git a/test/root/tmpfs-bad.profile b/test/root/tmpfs-bad.profile
new file mode 100644
index 000000000..7264e18ff
--- /dev/null
+++ b/test/root/tmpfs-bad.profile
@@ -0,0 +1 @@
+tmpfs bla&&bla
diff --git a/test/root/tmpfs.profile b/test/root/tmpfs.profile
index 0680f4d69..55a6f7ebc 100644
--- a/test/root/tmpfs.profile
+++ b/test/root/tmpfs.profile
@@ -1 +1 @@
-tmpfs /tmp/firejailtestdir
-\ No newline at end of file
+tmpfs /var
diff --git a/test/root/firemon-interface.exp b/test/utils/firemon-cgroup.exp
index 6a82ae41e..3cd4f5a03 100755
--- a/test/root/firemon-interface.exp
+++ b/test/utils/firemon-cgroup.exp
@@ -1,10 +1,13 @@
 #!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
 set timeout 10
 spawn $env(SHELL)
 match_max 100000
-send --  "firejail\r"
+send --  "firejail --name=test1\r"
 expect {
        timeout {puts "TESTING ERROR 0\n";exit}
        "Child process initialized"
@@ -12,23 +15,26 @@ expect {
 sleep 1
 spawn $env(SHELL)
-send -- "firemon --interface\r"
+send --  "firejail --name=test2\r"
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
-        "lo UP"
+        "Child process initialized"
 }
+sleep 1
+spawn $env(SHELL)
+send --  "firemon --cgroup\r"
+sleep 4
 expect {
        timeout {puts "TESTING ERROR 2\n";exit}
-        "10.10.20.1/29"
+        "name=test1"
-}
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "10.10.50.1/24"
 }
 expect {
        timeout {puts "TESTING ERROR 3\n";exit}
-        "br3"
+        "name=test2"
 }
-sleep 1
-puts "\n"
+after 100
+puts "\nall done\n"