aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/firejail/sandbox.c7
-rw-r--r--src/firejail/sbox.c14
-rw-r--r--src/firejail/x11.c18
-rwxr-xr-xtest/environment/allow-debuggers.exp25
-rwxr-xr-xtest/environment/environment.sh3
-rwxr-xr-xtest/environment/firejail-in-firejail2.exp51
-rwxr-xr-xtest/filters/filters.sh3
-rwxr-xr-xtest/filters/seccomp-postexec.exp33
-rwxr-xr-xtest/fnetfilter/default.exp2
-rwxr-xr-xtest/fnetfilter/template.exp2
10 files changed, 46 insertions, 112 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 5c7f73fc1..e0cecda1b 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -1035,13 +1035,6 @@ int sandbox(void* sandbox_arg) {
1035 int rv = unlink(RUN_SECCOMP_MDWX); 1035 int rv = unlink(RUN_SECCOMP_MDWX);
1036 (void) rv; 1036 (void) rv;
1037 } 1037 }
1038
1039 if (arg_debug) {
1040 printf("\nSeccomp files:\n");
1041 int rv = system("ls -l /run/firejail/mnt/seccomp*\n");
1042 (void) rv;
1043 printf("\n");
1044 }
1045#endif 1038#endif
1046 1039
1047 //**************************************** 1040 //****************************************
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c
index cc2b08542..53df20a54 100644
--- a/src/firejail/sbox.c
+++ b/src/firejail/sbox.c
@@ -153,13 +153,6 @@ int sbox_run(unsigned filter, int num, ...) {
153 for (i = 3; i < max; i++) 153 for (i = 3; i < max; i++)
154 close(i); // close open files 154 close(i); // close open files
155 155
156#if 0
157 if (arg_debug) {
158 printf("sbox file descriptors:\n");
159 int rv = system("ls -l /proc/self/fd");
160 (void) rv;
161 }
162#endif
163 umask(027); 156 umask(027);
164 157
165 // apply filters 158 // apply filters
@@ -216,12 +209,5 @@ int sbox_run(unsigned filter, int num, ...) {
216 exit(1); 209 exit(1);
217 } 210 }
218 211
219#if 0
220printf("** sbox run out *********************************\n");
221system("ls -l /run/firejail/mnt\n");
222system("ls -l /proc/self/fd");
223printf("** sbox run out *********************************\n");
224#endif
225
226 return status; 212 return status;
227} 213}
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
index 3903b4709..7040dea18 100644
--- a/src/firejail/x11.c
+++ b/src/firejail/x11.c
@@ -347,12 +347,6 @@ void x11_start_xvfb(int argc, char **argv) {
347 } 347 }
348 free(fname); 348 free(fname);
349 349
350 if (arg_debug) {
351 printf("X11 sockets: "); fflush(0);
352 int rv = system("ls /tmp/.X11-unix");
353 (void) rv;
354 }
355
356 assert(display_str); 350 assert(display_str);
357 setenv("DISPLAY", display_str, 1); 351 setenv("DISPLAY", display_str, 1);
358 // run attach command 352 // run attach command
@@ -582,12 +576,6 @@ void x11_start_xephyr(int argc, char **argv) {
582 } 576 }
583 free(fname); 577 free(fname);
584 578
585 if (arg_debug) {
586 printf("X11 sockets: "); fflush(0);
587 int rv = system("ls /tmp/.X11-unix");
588 (void) rv;
589 }
590
591 assert(display_str); 579 assert(display_str);
592 setenv("DISPLAY", display_str, 1); 580 setenv("DISPLAY", display_str, 1);
593 // run attach command 581 // run attach command
@@ -755,12 +743,6 @@ void x11_start_xpra_old(int argc, char **argv, int display, char *display_str) {
755 } 743 }
756 free(fname); 744 free(fname);
757 745
758 if (arg_debug) {
759 printf("X11 sockets: "); fflush(0);
760 int rv = system("ls /tmp/.X11-unix");
761 (void) rv;
762 }
763
764 // build attach command 746 // build attach command
765 char *attach_argv[] = { "xpra", "--title=\"firejail x11 sandbox\"", "attach", display_str, NULL }; 747 char *attach_argv[] = { "xpra", "--title=\"firejail x11 sandbox\"", "attach", display_str, NULL };
766 748
diff --git a/test/environment/allow-debuggers.exp b/test/environment/allow-debuggers.exp
index 359f94db1..f92ec5ddf 100755
--- a/test/environment/allow-debuggers.exp
+++ b/test/environment/allow-debuggers.exp
@@ -5,36 +5,27 @@ cd /home
5spawn $env(SHELL) 5spawn $env(SHELL)
6match_max 100000 6match_max 100000
7 7
8send -- "firejail --profile=/etc/firejail/firefox.profile --allow-debuggers strace ls\r" 8send -- "firejail --allow-debuggers\r"
9expect { 9expect {
10 timeout {puts "TESTING ERROR 0\n";exit} 10 timeout {puts "TESTING ERROR 0\n";exit}
11 "Child process initialized" { puts "\n"} 11 "Child process initialized" { puts "\n"}
12 "is disabled on Linux kernels prior to 4.8" { puts "TESTING SKIP: kernel too old\n"; exit } 12 "is disabled on Linux kernels prior to 4.8" { puts "TESTING SKIP: kernel too old\n"; exit }
13} 13}
14expect {
15 timeout {puts "TESTING ERROR 1\n";exit}
16 "ioctl"
17}
18expect {
19 timeout {puts "TESTING ERROR 2\n";exit}
20 "exit_group"
21}
22after 100 14after 100
23 15
24send -- "firejail --allow-debuggers --profile=/etc/firejail/firefox.profile strace ls\r" 16send -- "strace ls\r"
25expect {
26 timeout {puts "TESTING ERROR 3\n";exit}
27 "Child process initialized"
28}
29expect { 17expect {
30 timeout {puts "TESTING ERROR 4\n";exit} 18 timeout {puts "TESTING ERROR 1\n";exit}
31 "ioctl" 19 "open"
32} 20}
33expect { 21expect {
34 timeout {puts "TESTING ERROR 5\n";exit} 22 timeout {puts "TESTING ERROR 2\n";exit}
35 "exit_group" 23 "exit_group"
36} 24}
37after 100 25after 100
26send -- "exit\r"
27sleep 1
28
38 29
39 30
40puts "\nall done\n" 31puts "\nall done\n"
diff --git a/test/environment/environment.sh b/test/environment/environment.sh
index b6688d484..364a4b65b 100755
--- a/test/environment/environment.sh
+++ b/test/environment/environment.sh
@@ -68,9 +68,6 @@ fi
68echo "TESTING: firejail in firejail - single sandbox (test/environment/firejail-in-firejail.exp)" 68echo "TESTING: firejail in firejail - single sandbox (test/environment/firejail-in-firejail.exp)"
69./firejail-in-firejail.exp 69./firejail-in-firejail.exp
70 70
71echo "TESTING: firejail in firejail - force new sandbox (test/environment/firejail-in-firejail2.exp)"
72./firejail-in-firejail2.exp
73
74which aplay 71which aplay
75if [ "$?" -eq 0 ]; 72if [ "$?" -eq 0 ];
76then 73then
diff --git a/test/environment/firejail-in-firejail2.exp b/test/environment/firejail-in-firejail2.exp
deleted file mode 100755
index 6528e45cd..000000000
--- a/test/environment/firejail-in-firejail2.exp
+++ /dev/null
@@ -1,51 +0,0 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2018 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail --noprofile\r"
11expect {
12 timeout {puts "TESTING ERROR 1\n";exit}
13 "Child process initialized"
14}
15sleep 1
16
17send -- "firejail\r"
18expect {
19 timeout {puts "TESTING ERROR 2\n";exit}
20 "Warning: an existing sandbox was detected"
21}
22after 100
23
24send -- "exit\r"
25after 100
26
27send -- "firejail --force\r"
28expect {
29 timeout {puts "TESTING ERROR 3\n";exit}
30 "Child process initialized"
31}
32after 100
33
34send -- "exit\r"
35after 100
36
37send -- "firejail --version\r"
38expect {
39 timeout {puts "TESTING ERROR 4\n";exit}
40 "firejail version"
41}
42after 100
43
44send -- "firejail --version --force\r"
45expect {
46 timeout {puts "TESTING ERROR 5\n";exit}
47 "firejail version"
48}
49after 100
50
51puts "\nall done\n"
diff --git a/test/filters/filters.sh b/test/filters/filters.sh
index 12f13606b..97ecc8be0 100755
--- a/test/filters/filters.sh
+++ b/test/filters/filters.sh
@@ -31,6 +31,9 @@ echo "TESTING: debug options (test/filters/debug.exp)"
31echo "TESTING: seccomp run files (test/filters/seccomp-run-files.exp)" 31echo "TESTING: seccomp run files (test/filters/seccomp-run-files.exp)"
32./seccomp-run-files.exp 32./seccomp-run-files.exp
33 33
34echo "TESTING: seccomp postexec (test/filters/seccomp-postexec.exp)"
35./seccomp-postexec.exp
36
34echo "TESTING: noroot (test/filters/noroot.exp)" 37echo "TESTING: noroot (test/filters/noroot.exp)"
35./noroot.exp 38./noroot.exp
36 39
diff --git a/test/filters/seccomp-postexec.exp b/test/filters/seccomp-postexec.exp
new file mode 100755
index 000000000..4302aec5e
--- /dev/null
+++ b/test/filters/seccomp-postexec.exp
@@ -0,0 +1,33 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2018 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail --debug --seccomp=execve\r"
11expect {
12 timeout {puts "TESTING ERROR 0\n";exit}
13 "configuring postexec seccomp filter in"
14}
15expect {
16 timeout {puts "TESTING ERROR 1\n";exit}
17 "data.architecture"
18}
19expect {
20 timeout {puts "TESTING ERROR 2\n";exit}
21 "monitoring pid"
22}
23expect {
24 timeout {puts "TESTING ERROR 3\n";exit}
25 "Sandbox monitor: waitpid"
26}
27expect {
28 timeout {puts "TESTING ERROR 4\n";exit}
29 "Parent is shutting down"
30}
31sleep 1
32
33puts "all done\n"
diff --git a/test/fnetfilter/default.exp b/test/fnetfilter/default.exp
index 4c24b370f..8406160e3 100755
--- a/test/fnetfilter/default.exp
+++ b/test/fnetfilter/default.exp
@@ -31,7 +31,7 @@ after 100
31send -- "fnetfilter test1.net,33\r" 31send -- "fnetfilter test1.net,33\r"
32expect { 32expect {
33 timeout {puts "TESTING ERROR 4\n";exit} 33 timeout {puts "TESTING ERROR 4\n";exit}
34 "invalid destination file in netfilter command" 34 "cannot open test1.net,33"
35} 35}
36after 100 36after 100
37send -- "rm outfile\r" 37send -- "rm outfile\r"
diff --git a/test/fnetfilter/template.exp b/test/fnetfilter/template.exp
index b63a2d4c9..5b84166d8 100755
--- a/test/fnetfilter/template.exp
+++ b/test/fnetfilter/template.exp
@@ -66,7 +66,7 @@ after 100
66send -- "fnetfilter test2.net,icmp-type,destination-unreachable,time-exceeded,echo-request\r" 66send -- "fnetfilter test2.net,icmp-type,destination-unreachable,time-exceeded,echo-request\r"
67expect { 67expect {
68 timeout {puts "TESTING ERROR 12\n";exit} 68 timeout {puts "TESTING ERROR 12\n";exit}
69 "invalid destination file in netfilter command" 69 "cannot open test2.net,"
70} 70}
71after 100 71after 100
72 72
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-20 06:31:16 +0000