diff options
-rw-r--r-- | README | 9 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 10 | ||||
-rwxr-xr-x | configure | 18 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | etc/chromium.profile | 3 | ||||
-rw-r--r-- | etc/disable-devel.inc | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 4 | ||||
-rw-r--r-- | etc/flowblade.profile | 13 | ||||
-rw-r--r-- | etc/openshot.profile | 13 | ||||
-rw-r--r-- | etc/virtualbox.profile | 12 | ||||
-rw-r--r-- | platform/debian/conffiles | 3 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 3 | ||||
-rw-r--r-- | src/firejail/fs.c | 6 | ||||
-rw-r--r-- | src/firejail/fs_whitelist.c | 1 | ||||
-rwxr-xr-x | test/fs/fs.sh | 3 | ||||
-rwxr-xr-x | test/fs/sys_fs.exp | 44 |
17 files changed, 129 insertions, 19 deletions
@@ -77,6 +77,12 @@ Fred-Barclay (https://github.com/Fred-Barclay) | |||
77 | - added gnome-chess profile | 77 | - added gnome-chess profile |
78 | - added DOSBox profile | 78 | - added DOSBox profile |
79 | - evince profile enhancement | 79 | - evince profile enhancement |
80 | valoq (https://github.com/valoq) | ||
81 | - LibreOffice profile fixes | ||
82 | - cherrytree profile fixes | ||
83 | - added support for /srv in --whitelist feature | ||
84 | Rafael Cavalcanti (https://github.com/rccavalcanti) | ||
85 | - chromium profile fixes for Arch Linux | ||
80 | Deelvesh Bunjun (https://github.com/DeelveshBunjun) | 86 | Deelvesh Bunjun (https://github.com/DeelveshBunjun) |
81 | - added xpdf profile | 87 | - added xpdf profile |
82 | vismir2 (https://github.com/vismir2) | 88 | vismir2 (https://github.com/vismir2) |
@@ -84,9 +90,6 @@ vismir2 (https://github.com/vismir2) | |||
84 | Dara Adib (https://github.com/daradib) | 90 | Dara Adib (https://github.com/daradib) |
85 | - ssh profile fix | 91 | - ssh profile fix |
86 | - evince profile fix | 92 | - evince profile fix |
87 | valoq (https://github.com/valoq) | ||
88 | - LibreOffice profile fixes | ||
89 | - cherrytree profile fixes | ||
90 | vismir2 (https://github.com/vismir2) | 93 | vismir2 (https://github.com/vismir2) |
91 | - feh, ranger, 7z, keepass, keepassx and zathura profiles | 94 | - feh, ranger, 7z, keepass, keepassx and zathura profiles |
92 | - lots of profile fixes | 95 | - lots of profile fixes |
@@ -113,5 +113,5 @@ x11 xpra, x11 xephyr, x11 none, x11 xorg, allusers, join-or-start | |||
113 | ## New profiles | 113 | ## New profiles |
114 | 114 | ||
115 | qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape, feh, ranger, zathura, 7z, keepass, keepassx, | 115 | qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape, feh, ranger, zathura, 7z, keepass, keepassx, |
116 | claws-mail, mutt, git, emacs, vim, xpdf | 116 | claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot, Flowblade |
117 | 117 | ||
@@ -1,9 +1,11 @@ | |||
1 | firejail (0.9.43) baseline; urgency=low | 1 | firejail (0.9.44~rc1) baseline; urgency=low |
2 | * CVE-2016-7545 submitted by Aleksey Manevich | 2 | * CVE-2016-7545 submitted by Aleksey Manevich |
3 | * development version | 3 | * development version |
4 | * modifs: removed man firejail-config | 4 | * modifs: removed man firejail-config |
5 | * modifs: --private-tmp whitelists /tmp/.X11-unix directory | 5 | * modifs: --private-tmp whitelists /tmp/.X11-unix directory |
6 | * modifs: Nvidia drivers added to --private-dev | 6 | * modifs: Nvidia drivers added to --private-dev |
7 | * modifs: /srv supported by --whitelist | ||
8 | * feature: allow user access to /sys/fs (--noblacklist=/sys/fs) | ||
7 | * feature: support starting/joining sandbox is a single command | 9 | * feature: support starting/joining sandbox is a single command |
8 | (--join-or-start) | 10 | (--join-or-start) |
9 | * feature: X11 detection support for --audit | 11 | * feature: X11 detection support for --audit |
@@ -15,11 +17,13 @@ firejail (0.9.43) baseline; urgency=low | |||
15 | * feature: X11 security extension (--x11=xorg) | 17 | * feature: X11 security extension (--x11=xorg) |
16 | * feature: disable 3D hardware acceleration (--no3d) | 18 | * feature: disable 3D hardware acceleration (--no3d) |
17 | * feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands | 19 | * feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands |
20 | * feature: move files in sandbox (--put) | ||
18 | * new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape | 21 | * new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape |
19 | * new profiles: feh, ranger, zathura, 7z, keepass, keepassx, | 22 | * new profiles: feh, ranger, zathura, 7z, keepass, keepassx, |
20 | * new profiles: claws-mail, mutt, git, emacs, vim, xpdf | 23 | * new profiles: claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot |
24 | * new profiles: Flowblade | ||
21 | * bugfixes | 25 | * bugfixes |
22 | -- netblue30 <netblue30@yahoo.com> Fri, 9 Sept 2016 08:00:00 -0500 | 26 | -- netblue30 <netblue30@yahoo.com> Sat, 15 Sept 2016 08:00:00 -0500 |
23 | 27 | ||
24 | firejail (0.9.42) baseline; urgency=low | 28 | firejail (0.9.42) baseline; urgency=low |
25 | * security: --whitelist deleted files, submitted by Vasya Novikov | 29 | * security: --whitelist deleted files, submitted by Vasya Novikov |
@@ -1,6 +1,6 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # Guess values for system-dependent variables and create Makefiles. | 2 | # Guess values for system-dependent variables and create Makefiles. |
3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.44~rc1. | 3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.44~rc2. |
4 | # | 4 | # |
5 | # Report bugs to <netblue30@yahoo.com>. | 5 | # Report bugs to <netblue30@yahoo.com>. |
6 | # | 6 | # |
@@ -580,8 +580,8 @@ MAKEFLAGS= | |||
580 | # Identity of this package. | 580 | # Identity of this package. |
581 | PACKAGE_NAME='firejail' | 581 | PACKAGE_NAME='firejail' |
582 | PACKAGE_TARNAME='firejail' | 582 | PACKAGE_TARNAME='firejail' |
583 | PACKAGE_VERSION='0.9.44~rc1' | 583 | PACKAGE_VERSION='0.9.44~rc2' |
584 | PACKAGE_STRING='firejail 0.9.44~rc1' | 584 | PACKAGE_STRING='firejail 0.9.44~rc2' |
585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' | 585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' |
586 | PACKAGE_URL='http://firejail.wordpress.com' | 586 | PACKAGE_URL='http://firejail.wordpress.com' |
587 | 587 | ||
@@ -1259,7 +1259,7 @@ if test "$ac_init_help" = "long"; then | |||
1259 | # Omit some internal or obsolete options to make the list less imposing. | 1259 | # Omit some internal or obsolete options to make the list less imposing. |
1260 | # This message is too long to be a string in the A/UX 3.1 sh. | 1260 | # This message is too long to be a string in the A/UX 3.1 sh. |
1261 | cat <<_ACEOF | 1261 | cat <<_ACEOF |
1262 | \`configure' configures firejail 0.9.44~rc1 to adapt to many kinds of systems. | 1262 | \`configure' configures firejail 0.9.44~rc2 to adapt to many kinds of systems. |
1263 | 1263 | ||
1264 | Usage: $0 [OPTION]... [VAR=VALUE]... | 1264 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1265 | 1265 | ||
@@ -1320,7 +1320,7 @@ fi | |||
1320 | 1320 | ||
1321 | if test -n "$ac_init_help"; then | 1321 | if test -n "$ac_init_help"; then |
1322 | case $ac_init_help in | 1322 | case $ac_init_help in |
1323 | short | recursive ) echo "Configuration of firejail 0.9.44~rc1:";; | 1323 | short | recursive ) echo "Configuration of firejail 0.9.44~rc2:";; |
1324 | esac | 1324 | esac |
1325 | cat <<\_ACEOF | 1325 | cat <<\_ACEOF |
1326 | 1326 | ||
@@ -1424,7 +1424,7 @@ fi | |||
1424 | test -n "$ac_init_help" && exit $ac_status | 1424 | test -n "$ac_init_help" && exit $ac_status |
1425 | if $ac_init_version; then | 1425 | if $ac_init_version; then |
1426 | cat <<\_ACEOF | 1426 | cat <<\_ACEOF |
1427 | firejail configure 0.9.44~rc1 | 1427 | firejail configure 0.9.44~rc2 |
1428 | generated by GNU Autoconf 2.69 | 1428 | generated by GNU Autoconf 2.69 |
1429 | 1429 | ||
1430 | Copyright (C) 2012 Free Software Foundation, Inc. | 1430 | Copyright (C) 2012 Free Software Foundation, Inc. |
@@ -1726,7 +1726,7 @@ cat >config.log <<_ACEOF | |||
1726 | This file contains any messages produced by compilers while | 1726 | This file contains any messages produced by compilers while |
1727 | running configure, to aid debugging if configure makes a mistake. | 1727 | running configure, to aid debugging if configure makes a mistake. |
1728 | 1728 | ||
1729 | It was created by firejail $as_me 0.9.44~rc1, which was | 1729 | It was created by firejail $as_me 0.9.44~rc2, which was |
1730 | generated by GNU Autoconf 2.69. Invocation command line was | 1730 | generated by GNU Autoconf 2.69. Invocation command line was |
1731 | 1731 | ||
1732 | $ $0 $@ | 1732 | $ $0 $@ |
@@ -4303,7 +4303,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | |||
4303 | # report actual input values of CONFIG_FILES etc. instead of their | 4303 | # report actual input values of CONFIG_FILES etc. instead of their |
4304 | # values after options handling. | 4304 | # values after options handling. |
4305 | ac_log=" | 4305 | ac_log=" |
4306 | This file was extended by firejail $as_me 0.9.44~rc1, which was | 4306 | This file was extended by firejail $as_me 0.9.44~rc2, which was |
4307 | generated by GNU Autoconf 2.69. Invocation command line was | 4307 | generated by GNU Autoconf 2.69. Invocation command line was |
4308 | 4308 | ||
4309 | CONFIG_FILES = $CONFIG_FILES | 4309 | CONFIG_FILES = $CONFIG_FILES |
@@ -4357,7 +4357,7 @@ _ACEOF | |||
4357 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | 4357 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
4358 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | 4358 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
4359 | ac_cs_version="\\ | 4359 | ac_cs_version="\\ |
4360 | firejail config.status 0.9.44~rc1 | 4360 | firejail config.status 0.9.44~rc2 |
4361 | configured by $0, generated by GNU Autoconf 2.69, | 4361 | configured by $0, generated by GNU Autoconf 2.69, |
4362 | with options \\"\$ac_cs_config\\" | 4362 | with options \\"\$ac_cs_config\\" |
4363 | 4363 | ||
diff --git a/configure.ac b/configure.ac index 108b558d4..4496550fd 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,5 +1,5 @@ | |||
1 | AC_PREREQ([2.68]) | 1 | AC_PREREQ([2.68]) |
2 | AC_INIT(firejail, 0.9.44~rc1, netblue30@yahoo.com, , http://firejail.wordpress.com) | 2 | AC_INIT(firejail, 0.9.44~rc2, netblue30@yahoo.com, , http://firejail.wordpress.com) |
3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
4 | #AC_CONFIG_HEADERS([config.h]) | 4 | #AC_CONFIG_HEADERS([config.h]) |
5 | 5 | ||
diff --git a/etc/chromium.profile b/etc/chromium.profile index 0d383aebf..4109af9a4 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
@@ -25,4 +25,7 @@ whitelist ~/keepassx.kdbx | |||
25 | whitelist ~/.lastpass | 25 | whitelist ~/.lastpass |
26 | whitelist ~/.config/lastpass | 26 | whitelist ~/.config/lastpass |
27 | 27 | ||
28 | # specific to Arch | ||
29 | whitelist ~/.config/chromium-flags.conf | ||
30 | |||
28 | include /etc/firejail/whitelist-common.inc | 31 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc index 971857710..2ac367f37 100644 --- a/etc/disable-devel.inc +++ b/etc/disable-devel.inc | |||
@@ -20,7 +20,7 @@ blacklist /usr/bin/x86_64-unknown-linux-gnu-gcc* | |||
20 | # clang/llvm | 20 | # clang/llvm |
21 | blacklist /usr/bin/clang* | 21 | blacklist /usr/bin/clang* |
22 | blacklist /usr/bin/llvm* | 22 | blacklist /usr/bin/llvm* |
23 | blacklist /usb/bin/lldb* | 23 | blacklist /usr/bin/lldb* |
24 | blacklist /usr/lib/llvm* | 24 | blacklist /usr/lib/llvm* |
25 | 25 | ||
26 | # tcc - Tiny C Compiler | 26 | # tcc - Tiny C Compiler |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 369e4813c..1ff486509 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -35,6 +35,10 @@ blacklist ${HOME}/.gimp* | |||
35 | blacklist ${HOME}/.config/zathura | 35 | blacklist ${HOME}/.config/zathura |
36 | blacklist ${HOME}/.config/cherrytree | 36 | blacklist ${HOME}/.config/cherrytree |
37 | blacklist ${HOME}/.xpdfrc | 37 | blacklist ${HOME}/.xpdfrc |
38 | blacklist ${HOME}/.openshot | ||
39 | blacklist ${HOME}/.openshot_qt | ||
40 | blacklist ${HOME}/.flowblade | ||
41 | blacklist ${HOME}/.config/flowblade | ||
38 | 42 | ||
39 | 43 | ||
40 | # Media players | 44 | # Media players |
diff --git a/etc/flowblade.profile b/etc/flowblade.profile new file mode 100644 index 000000000..e1ec291bd --- /dev/null +++ b/etc/flowblade.profile | |||
@@ -0,0 +1,13 @@ | |||
1 | # OpenShot profile | ||
2 | noblacklist ${HOME}/.flowblade | ||
3 | noblacklist ${HOME}/.config/flowblade | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-passwdmgr.inc | ||
7 | |||
8 | caps.drop all | ||
9 | netfilter | ||
10 | nonewprivs | ||
11 | noroot | ||
12 | protocol unix,inet,inet6,netlink | ||
13 | seccomp | ||
diff --git a/etc/openshot.profile b/etc/openshot.profile new file mode 100644 index 000000000..f12bd7d11 --- /dev/null +++ b/etc/openshot.profile | |||
@@ -0,0 +1,13 @@ | |||
1 | # OpenShot profile | ||
2 | noblacklist ${HOME}/.openshot | ||
3 | noblacklist ${HOME}/.openshot_qt | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-passwdmgr.inc | ||
7 | |||
8 | caps.drop all | ||
9 | netfilter | ||
10 | nonewprivs | ||
11 | noroot | ||
12 | protocol unix,inet,inet6,netlink | ||
13 | seccomp | ||
diff --git a/etc/virtualbox.profile b/etc/virtualbox.profile new file mode 100644 index 000000000..148b7efc8 --- /dev/null +++ b/etc/virtualbox.profile | |||
@@ -0,0 +1,12 @@ | |||
1 | # VirtualBox profile | ||
2 | |||
3 | noblacklist ${HOME}/.VirtualBox | ||
4 | noblacklist ${HOME}/VirtualBox VMs | ||
5 | noblacklist ${HOME}/.config/VirtualBox | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | |||
12 | |||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index a8ed6f691..2ffa6d035 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -161,3 +161,6 @@ | |||
161 | /etc/firejail/emacs.profile | 161 | /etc/firejail/emacs.profile |
162 | /etc/firejail/vim.profile | 162 | /etc/firejail/vim.profile |
163 | /etc/firejail/xpdf.profile | 163 | /etc/firejail/xpdf.profile |
164 | /etc/firejail/virtualbox.profile | ||
165 | /etc/firejail/openshot.profile | ||
166 | /etc/firejail/flowblade.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 31f6b2fd5..0c46f2dfa 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -76,6 +76,7 @@ unbound | |||
76 | mupen64plus | 76 | mupen64plus |
77 | wine | 77 | wine |
78 | dosbox | 78 | dosbox |
79 | virtualbox | ||
79 | 80 | ||
80 | # games | 81 | # games |
81 | 0ad | 82 | 0ad |
@@ -137,6 +138,8 @@ pix | |||
137 | xpdf | 138 | xpdf |
138 | xreader | 139 | xreader |
139 | zathura | 140 | zathura |
141 | openshot | ||
142 | flowblade | ||
140 | 143 | ||
141 | # other | 144 | # other |
142 | ssh | 145 | ssh |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index a5f12c7df..6c566bd90 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -649,7 +649,11 @@ void fs_proc_sys_dev_boot(void) { | |||
649 | 649 | ||
650 | disable_file(BLACKLIST_FILE, "/sys/firmware"); | 650 | disable_file(BLACKLIST_FILE, "/sys/firmware"); |
651 | disable_file(BLACKLIST_FILE, "/sys/hypervisor"); | 651 | disable_file(BLACKLIST_FILE, "/sys/hypervisor"); |
652 | disable_file(BLACKLIST_FILE, "/sys/fs"); | 652 | { // allow user access to /sys/fs if "--noblacklist=/sys/fs" is present on the command line |
653 | EUID_USER(); | ||
654 | profile_add("blacklist /sys/fs"); | ||
655 | EUID_ROOT(); | ||
656 | } | ||
653 | disable_file(BLACKLIST_FILE, "/sys/module"); | 657 | disable_file(BLACKLIST_FILE, "/sys/module"); |
654 | disable_file(BLACKLIST_FILE, "/sys/power"); | 658 | disable_file(BLACKLIST_FILE, "/sys/power"); |
655 | disable_file(BLACKLIST_FILE, "/sys/kernel/debug"); | 659 | disable_file(BLACKLIST_FILE, "/sys/kernel/debug"); |
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index b1c2774e2..8bbdbe5d3 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -822,6 +822,7 @@ void fs_whitelist(void) { | |||
822 | if (mount("tmpfs", RUN_WHITELIST_SRV_DIR, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) | 822 | if (mount("tmpfs", RUN_WHITELIST_SRV_DIR, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) |
823 | errExit("mount tmpfs"); | 823 | errExit("mount tmpfs"); |
824 | fs_logger2("tmpfs", RUN_WHITELIST_SRV_DIR); | 824 | fs_logger2("tmpfs", RUN_WHITELIST_SRV_DIR); |
825 | } | ||
825 | 826 | ||
826 | if (new_name) | 827 | if (new_name) |
827 | free(new_name); | 828 | free(new_name); |
diff --git a/test/fs/fs.sh b/test/fs/fs.sh index d45ef48bd..3139b8eae 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh | |||
@@ -6,6 +6,9 @@ | |||
6 | export MALLOC_CHECK_=3 | 6 | export MALLOC_CHECK_=3 |
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | 7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) |
8 | 8 | ||
9 | echo "TESTING: /sys/fs access (test/fs/sys_fs.exp)" | ||
10 | ./sys_fs.exp | ||
11 | |||
9 | echo "TESTING: kmsg access (test/fs/kmsg.exp)" | 12 | echo "TESTING: kmsg access (test/fs/kmsg.exp)" |
10 | ./kmsg.exp | 13 | ./kmsg.exp |
11 | 14 | ||
diff --git a/test/fs/sys_fs.exp b/test/fs/sys_fs.exp new file mode 100755 index 000000000..f512776d9 --- /dev/null +++ b/test/fs/sys_fs.exp | |||
@@ -0,0 +1,44 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "ls /sys/fs\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 2\n";exit} | ||
20 | "Permission denied" | ||
21 | } | ||
22 | after 100 | ||
23 | |||
24 | send -- "exit\r" | ||
25 | sleep 1 | ||
26 | |||
27 | send -- "firejail --noblacklist=/sys/fs\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 1\n";exit} | ||
30 | "Child process initialized" | ||
31 | } | ||
32 | sleep 1 | ||
33 | |||
34 | send -- "ls /sys/fs\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 2\n";exit} | ||
37 | "cgroup" | ||
38 | } | ||
39 | after 100 | ||
40 | send -- "exit\r" | ||
41 | after 100 | ||
42 | |||
43 | puts "\nall done\n" | ||
44 | |||