9 files changed, 105 insertions, 29 deletions
diff --git a/etc/slack.profile b/etc/slack.profile
index 9025e4f75..faf875cf1 100644
--- a/etc/slack.profile
+++ b/etc/slack.profile
@@ -36,5 +36,5 @@ shell none
 disable-mnt
 private-bin slack
 private-dev
-private-etc fonts,resolv.conf,ld.so.conf,ld.so.cache,localtime
+private-etc asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime
 private-tmp
diff --git a/gcov.sh b/gcov.sh
index 092b755af..df1fcb51b 100755
--- a/gcov.sh
+++ b/gcov.sh
@@ -8,12 +8,13 @@ gcov_init() {
        /usr/lib/firejail/fseccomp --help > /dev/null
        /usr/lib/firejail/ftee --help > /dev/null
        /usr/lib/firejail/fcopy --help > /dev/null
+        /usr/lib/firejail/fldd --help > /dev/null
        firecfg --help > /dev/null
        sudo chown $USER:$USER `find .`
 }
 generate() {
-        lcov -q --capture -d src/firejail -d src/firemon -d  src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg --output-file gcov-file-new
+        lcov -q --capture -d src/firejail -d src/firemon -d  src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-new
        lcov --add-tracefile gcov-file-old --add-tracefile gcov-file-new  --output-file gcov-file
        rm -fr gcov-dir
        genhtml -q gcov-file --output-directory gcov-dir
@@ -24,7 +25,7 @@ generate() {
 gcov_init
-lcov -q --capture -d src/firejail -d src/firemon -d  src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg --output-file gcov-file-old
+lcov -q --capture -d src/firejail -d src/firemon -d  src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd  --output-file gcov-file-old
 #make test-environment
 #generate
diff --git a/src/fldd/main.c b/src/fldd/main.c
index 947c6b4ae..5fda45266 100644
--- a/src/fldd/main.c
+++ b/src/fldd/main.c
@@ -265,6 +265,11 @@ printf("\n");
        }
+        if (strcmp(argv[1], "--help") == 0) {
+                usage();
+                return 0;
+        }
        // check program access
        if (access(argv[1], R_OK)) {
                fprintf(stderr, "Error fldd: cannot access %s\n", argv[1]);
diff --git a/test/fs/fs.sh b/test/fs/fs.sh
index 9e7ead3c9..e67ccc476 100755
--- a/test/fs/fs.sh
+++ b/test/fs/fs.sh
@@ -28,6 +28,9 @@ echo "TESTING: kmsg access (test/fs/kmsg.exp)"
 echo "TESTING: read/write /var/tmp (test/fs/fs_var_tmp.exp)"
 ./fs_var_tmp.exp
+echo "TESTING: private-lib (test/fs/private-lib.exp)"
+./private-lib.exp
 echo "TESTING: read/write /var/lock (test/fs/fs_var_lock.exp)"
 ./fs_var_lock.exp
diff --git a/test/fs/private-lib.exp b/test/fs/private-lib.exp
new file mode 100755
index 000000000..dd418da0f
--- /dev/null
+++ b/test/fs/private-lib.exp
@@ -0,0 +1,44 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2017 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --private-lib --private-bin=sh,bash,dash,ps,grep,ls,find,echo \r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+after 100
+send -- "find /bin; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "rm" {puts "TESTING ERROR 3\n";exit}
+        "cp" {puts "TESTING ERROR 4\n";exit}
+        "done"
+}
+after 100
+send -- "find /lib; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "modules" {puts "TESTING ERROR 6\n";exit}
+        "firmware" {puts "TESTING ERROR 7\n";exit}
+        "libc.so"
+}
+after 100
+send -- "find /usr/lib; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "grub" {puts "TESTING ERROR 9\n";exit}
+        "mozilla" {puts "TESTING ERROR 10\n";exit}
+        "libdl.so"
+}
+after 100
+puts "\nall done\n"
diff --git a/test/root/checkcfg.exp b/test/root/checkcfg.exp
index 205ef1e0c..e17e9cda2 100755
--- a/test/root/checkcfg.exp
+++ b/test/root/checkcfg.exp
@@ -88,6 +88,7 @@ expect {
        timeout {puts "TESTING ERROR 9\n";exit}
        "noroot feature is disabled in Firejail configuration file\r"
 }
+sleep 1
 # netfilter-default
 send --  "echo \"netfilter-default blablabla\" > /etc/firejail/firejail.config\r"
@@ -97,6 +98,7 @@ expect {
        timeout {puts "TESTING ERROR 10\n";exit}
        "netfilter-default file blablabla not available\r"
 }
+after 100
 # strings
 send --  "echo \"xephyr-screen 800x600\" > /etc/firejail/firejail.config\r"
@@ -104,17 +106,15 @@ after 100
 send --  "echo \"xvfb-screen 800x600x24\" >> /etc/firejail/firejail.config\r"
 after 100
 send --  "echo \"xvfb-extra-params blablabla\" >> /etc/firejail/firejail.config\r"
-after 100
+sleep 1
-send --  "firejail --noprofile\r"
+send --  "firejail --noprofile echo done\r"
 expect {
        timeout {puts "TESTING ERROR 11\n";exit}
-        "Child process initialized\r"
+        "done\r"
 }
-after 100
+sleep 1
-send -- "exit\r"
-after 100
-# error exit
+after 100
 send --  "echo \"join no\" > /etc/firejail/firejail.config\r"
 after 100
 send --  "echo \"cache-tmpfs no\" >> /etc/firejail/firejail.config\r"
diff --git a/test/root/firecfg.exp b/test/root/firecfg.exp
index 8961aed60..8210496bb 100755
--- a/test/root/firecfg.exp
+++ b/test/root/firecfg.exp
@@ -15,40 +15,64 @@ expect {
        timeout {puts "TESTING ERROR 0\n";exit}
        "/usr/local/bin/firefox removed"
 }
-after 100
+sleep 1
 send -- "file /usr/local/bin/firefox; echo done\r"
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
        "symbolic link to /usr/bin/firejail"  {puts "TESTING ERROR 2\n";exit}
        "done"
 }
-after 100
+sleep 1
 send --  "firecfg\r"
 expect {
        timeout {puts "TESTING ERROR 3\n";exit}
-        "/usr/local/bin/firefox created"
+        "firefox created"
 }
-after 100
+sleep 1
 send -- "file /usr/local/bin/firefox\r"
 expect {
        timeout {puts "TESTING ERROR 4\n";exit}
        "symbolic link to /usr/bin/firejail"
 }
-after 100
+sleep 1
 send -- "firecfg --list\r"
 expect {
        timeout {puts "TESTING ERROR 5\n";exit}
        "/usr/local/bin/firefox"
 }
-after 100
+sleep 1
 send -- "firecfg --fix\r"
 expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
+        timeout {puts "TESTING ERROR 6\n";exit}
        "this option is not supported for root user"
 }
+sleep 1
+send -- "firecfg --fix-sound\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "PulseAudio configured, please logout and login back again"
+}
+sleep 1
+send -- "firecfg --version\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "firecfg version"
+}
+sleep 1
+send -- "firecfg --blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "invalid command line option"
+}
+sleep 1
-after 100
 puts "\nall done\n"
diff --git a/test/root/seccomp-chown.exp b/test/root/seccomp-chown.exp
index 7d9da5e5a..174a35ffe 100755
--- a/test/root/seccomp-chown.exp
+++ b/test/root/seccomp-chown.exp
@@ -14,33 +14,32 @@ expect {
 }
 sleep 2
-send -- "touch testfile;pwd\r"
+send -- "touch testfile; echo done\r"
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
-        "/root" {puts "running as root"}
+        "done"
-        "/home"
 }
+after 100
-send -- "ls -l testfile;pwd\r"
+send -- "ls -l testfile; echo done\r"
 expect {
        timeout {puts "TESTING ERROR 2\n";exit}
        "testfile"
 }
 expect {
        timeout {puts "TESTING ERROR 3\n";exit}
-        "/root" {puts "running as root"}
+        "done"
-        "/home"
 }
+after 100
-send -- "chown netblue:netblue testfile;pwd\r"
+send -- "chown netblue:netblue testfile; echo done\r"
 expect {
        timeout {puts "TESTING ERROR 2\n";exit}
        "Bad system call"
 }
 expect {
        timeout {puts "TESTING ERROR 3\n";exit}
-        "/root" {puts "running as root"}
+        "done"
-        "/home"
 }
diff --git a/test/utils/seccomp-print.exp b/test/utils/seccomp-print.exp
index 5a76d7fcc..b3ab5e13c 100755
--- a/test/utils/seccomp-print.exp
+++ b/test/utils/seccomp-print.exp
@@ -22,11 +22,11 @@ expect {
 }
 expect {
        timeout {puts "TESTING ERROR 2\n";exit}
-        "init_module"
+        "delete_module"
 }
 expect {
        timeout {puts "TESTING ERROR 3\n";exit}
-        "delete_module"
+        "init_module"
 }
 expect {
        timeout {puts "TESTING ERROR 4\n";exit}