1 files changed, 134 insertions, 0 deletions
diff --git a/src/jailtest/main.c b/src/jailtest/main.c
new file mode 100644
index 000000000..78f162706
--- /dev/null
+++ b/src/jailtest/main.c
@@ -0,0 +1,134 @@
+#include "jailtest.h"
+#include "../include/firejail_user.h"
+#include "../include/pid.h"
+#include <sys/wait.h>
+uid_t user_uid = 0;
+gid_t user_gid = 0;
+char *user_name = NULL;
+char *user_home_dir = NULL;
+int arg_debug = 0;
+static char *usage_str =
+        "Usage: jailtest [options] directory [directory]\n\n"
+        "Options:\n"
+        "   --debug - print debug messages.\n"
+        "   --help, -? - this help screen.\n"
+        "   --version - print program version and exit.\n";
+static void usage(void) {
+        printf("firetest - version %s\n\n", VERSION);
+        puts(usage_str);
+}
+static void cleanup(void) {
+        // running only as root
+        if (getuid() == 0) {
+                if (arg_debug)
+                        printf("cleaning up!\n");
+                access_destroy();
+                virtual_destroy();
+        }
+}
+int main(int argc, char **argv) {
+        int i;
+        int findex = 0;
+        for (i = 1; i < argc; i++) {
+                if (strcmp(argv[i], "-?") == 0 || strcmp(argv[i], "--help") == 0) {
+                        usage();
+                        return 0;
+                }
+                else if (strcmp(argv[i], "--version") == 0) {
+                        printf("firetest version %s\n\n", VERSION);
+                        return 0;
+                }
+                else if (strncmp(argv[i], "--hello=", 8) == 0) { // used by noexec test
+                        printf("   Warning: I can run programs in %s\n", argv[i] + 8);
+                        return 0;
+                }
+                else if (strcmp(argv[i], "--debug") == 0)
+                        arg_debug = 1;
+                else if (strncmp(argv[i], "--", 2) == 0) {
+                        fprintf(stderr, "Error: invalid option\n");
+                        return 1;
+                }
+                else {
+                        findex = i;
+                        break;
+                }
+        }
+        // user setup
+        if (getuid() != 0) {
+                fprintf(stderr, "Error: you need to be root (via sudo) to run this program\n");
+                exit(1);
+        }
+        user_name = get_sudo_user();
+        assert(user_name);
+        user_home_dir = get_homedir(user_name, &user_uid, &user_gid);
+        if (user_uid == 0) {
+                fprintf(stderr, "Error: root user not supported\n");
+                exit(1);
+        }
+        // test setup
+        atexit(cleanup);
+        if (findex > 0) {
+                for (i = findex; i < argc; i++)
+                        access_setup(argv[i]);
+        }
+        noexec_setup();
+        virtual_setup(user_home_dir);
+        virtual_setup("/tmp");
+        virtual_setup("/var/tmp");
+        virtual_setup("/dev");
+        virtual_setup("/etc");
+        virtual_setup("/bin");
+        // print processes
+        pid_read(0);
+        for (i = 0; i < max_pids; i++) {
+                if (pids[i].level == 1) {
+                        uid_t uid = pid_get_uid(i);
+                        if (uid != user_uid) // not interested in other user sandboxes
+                                continue;
+                        // in case the pid is that of a firejail process, use the pid of the first child process
+                        uid_t pid = switch_to_child(i);
+                        pid_print_list(i, 0); //  no wrapping
+                        pid_t child = fork();
+                        if (child == -1)
+                                errExit("fork");
+                        if (child == 0) {
+                                int rv = join_namespace(pid, "mnt");
+                                if (rv == 0) {
+                                        virtual_test();
+                                        noexec_test(user_home_dir);
+                                        noexec_test("/tmp");
+                                        noexec_test("/var/tmp");
+                                        access_test();
+                                }
+                                else {
+                                        printf("   Error: I cannot join the process mount space\n");
+                                        exit(1);
+                                }
+                                // drop privileges in order not to trigger cleanup()
+                                if (setgid(user_gid) != 0)
+                                        errExit("setgid");
+                                if (setuid(user_uid) != 0)
+                                        errExit("setuid");
+                                return 0;
+                        }
+                        int status;
+                        wait(&status);
+                }
+        }
+        return 0;
+}

diff --git a/src/jailtest/main.c b/src/jailtest/main.c new file mode 100644 index 000000000..78f162706 --- /dev/null +++ b/src/jailtest/main.c
@@ -0,0 +1,134 @@
	1	#include "jailtest.h"
	2	#include "../include/firejail_user.h"
	3	#include "../include/pid.h"
	4	#include <sys/wait.h>
	5
	6	uid_t user_uid = 0;
	7	gid_t user_gid = 0;
	8	char *user_name = NULL;
	9	char *user_home_dir = NULL;
	10	int arg_debug = 0;
	11
	12	static char *usage_str =
	13	"Usage: jailtest [options] directory [directory]\n\n"
	14	"Options:\n"
	15	" --debug - print debug messages.\n"
	16	" --help, -? - this help screen.\n"
	17	" --version - print program version and exit.\n";
	18
	19
	20	static void usage(void) {
	21	printf("firetest - version %s\n\n", VERSION);
	22	puts(usage_str);
	23	}
	24
	25	static void cleanup(void) {
	26	// running only as root
	27	if (getuid() == 0) {
	28	if (arg_debug)
	29	printf("cleaning up!\n");
	30	access_destroy();
	31	virtual_destroy();
	32	}
	33	}
	34
	35	int main(int argc, char **argv) {
	36	int i;
	37	int findex = 0;
	38
	39	for (i = 1; i < argc; i++) {
	40	if (strcmp(argv[i], "-?") == 0 \|\| strcmp(argv[i], "--help") == 0) {
	41	usage();
	42	return 0;
	43	}
	44	else if (strcmp(argv[i], "--version") == 0) {
	45	printf("firetest version %s\n\n", VERSION);
	46	return 0;
	47	}
	48	else if (strncmp(argv[i], "--hello=", 8) == 0) { // used by noexec test
	49	printf(" Warning: I can run programs in %s\n", argv[i] + 8);
	50	return 0;
	51	}
	52	else if (strcmp(argv[i], "--debug") == 0)
	53	arg_debug = 1;
	54	else if (strncmp(argv[i], "--", 2) == 0) {
	55	fprintf(stderr, "Error: invalid option\n");
	56	return 1;
	57	}
	58	else {
	59	findex = i;
	60	break;
	61	}
	62	}
	63
	64	// user setup
	65	if (getuid() != 0) {
	66	fprintf(stderr, "Error: you need to be root (via sudo) to run this program\n");
	67	exit(1);
	68	}
	69	user_name = get_sudo_user();
	70	assert(user_name);
	71	user_home_dir = get_homedir(user_name, &user_uid, &user_gid);
	72	if (user_uid == 0) {
	73	fprintf(stderr, "Error: root user not supported\n");
	74	exit(1);
	75	}
	76
	77	// test setup
	78	atexit(cleanup);
	79	if (findex > 0) {
	80	for (i = findex; i < argc; i++)
	81	access_setup(argv[i]);
	82	}
	83
	84	noexec_setup();
	85	virtual_setup(user_home_dir);
	86	virtual_setup("/tmp");
	87	virtual_setup("/var/tmp");
	88	virtual_setup("/dev");
	89	virtual_setup("/etc");
	90	virtual_setup("/bin");
	91
	92	// print processes
	93	pid_read(0);
	94	for (i = 0; i < max_pids; i++) {
	95	if (pids[i].level == 1) {
	96	uid_t uid = pid_get_uid(i);
	97	if (uid != user_uid) // not interested in other user sandboxes
	98	continue;
	99
	100	// in case the pid is that of a firejail process, use the pid of the first child process
	101	uid_t pid = switch_to_child(i);
	102	pid_print_list(i, 0); // no wrapping
	103
	104	pid_t child = fork();
	105	if (child == -1)
	106	errExit("fork");
	107	if (child == 0) {
	108	int rv = join_namespace(pid, "mnt");
	109	if (rv == 0) {
	110	virtual_test();
	111	noexec_test(user_home_dir);
	112	noexec_test("/tmp");
	113	noexec_test("/var/tmp");
	114	access_test();
	115	}
	116	else {
	117	printf(" Error: I cannot join the process mount space\n");
	118	exit(1);
	119	}
	120
	121	// drop privileges in order not to trigger cleanup()
	122	if (setgid(user_gid) != 0)
	123	errExit("setgid");
	124	if (setuid(user_uid) != 0)
	125	errExit("setuid");
	126	return 0;
	127	}
	128	int status;
	129	wait(&status);
	130	}
	131	}
	132
	133	return 0;
	134	}