From 1acba91384ddc43ed7a3a98efab32e9b9804dded Mon Sep 17 00:00:00 2001 From: netblue30 Date: Thu, 12 Oct 2017 10:36:57 -0400 Subject: relnotes and testing --- RELNOTES | 7 ++++ test/private-lib/atril.exp | 83 +++++++++++++++++++++++++++++++++++++++++ test/private-lib/private-lib.sh | 2 +- 3 files changed, 91 insertions(+), 1 deletion(-) create mode 100755 test/private-lib/atril.exp diff --git a/RELNOTES b/RELNOTES index 0e685ec9b..aba2e7dee 100644 --- a/RELNOTES +++ b/RELNOTES @@ -2,7 +2,14 @@ firejail (0.9.51) baseline; urgency=low * work in progress! * enhancement: support Firejail user config directory in firecfg * enhancement: disable DBus activation in firecfg + * enhancement; enumerate root directories in apparmor profile + * feature: systemd-resolvd integration + * feature: whitelisting /var directory in most profiles * feature: GTK2, GTK3 and Qt4 private-lib support + * feature: test deployment of private-lib for the following + applications: evince, galculator, gnome-calculator, hexchat, + leafpad, mousepad, transmission-gtk, xcalc, xmr-stak-cpu, + atril, mate-color-select * feature: --writable-run-user * feature: profile build tool (--build) -- netblue30 Thu, 14 Sep 2017 20:00:00 -0500 diff --git a/test/private-lib/atril.exp b/test/private-lib/atril.exp new file mode 100755 index 000000000..0ddf41c50 --- /dev/null +++ b/test/private-lib/atril.exp @@ -0,0 +1,83 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2017 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail atril\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Reading profile /etc/firejail/atril.profile" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Child process initialized" +} +sleep 3 + +spawn $env(SHELL) +send -- "firejail --list\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + ":firejail" +} +expect { + timeout {puts "TESTING ERROR 3.1\n";exit} + "atril" +} +after 100 + +# grsecurity exit +send -- "file /proc/sys/kernel/grsecurity\r" +expect { + timeout {puts "TESTING ERROR - grsecurity detection\n";exit} + "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} + "cannot open" {puts "grsecurity not present\n"} +} + +send -- "firejail --name=blablabla\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 2 + +spawn $env(SHELL) +send -- "firemon --seccomp\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} + ":firejail atril" +} +expect { + timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} + "Seccomp: 2" +} +expect { + timeout {puts "TESTING ERROR 5.1\n";exit} + "name=blablabla" +} +after 100 +send -- "firemon --caps\r" +expect { + timeout {puts "TESTING ERROR 6\n";exit} + ":firejail atril" +} +expect { + timeout {puts "TESTING ERROR 6.1\n";exit} + "CapBnd:" +} +expect { + timeout {puts "TESTING ERROR 6.2\n";exit} + "0000000000000000" +} +expect { + timeout {puts "TESTING ERROR 6.3\n";exit} + "name=blablabla" +} +after 100 + +puts "\nall done\n" diff --git a/test/private-lib/private-lib.sh b/test/private-lib/private-lib.sh index 813c76b42..7e17f4eda 100755 --- a/test/private-lib/private-lib.sh +++ b/test/private-lib/private-lib.sh @@ -5,7 +5,7 @@ export MALLOC_CHECK_=3 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) -LIST="evince galculator gnome-calculator hexchat leafpad mousepad transmission-gtk xcalc" +LIST="evince galculator gnome-calculator hexchat leafpad mousepad transmission-gtk xcalc atril" for app in $LIST; do -- cgit v1.2.3-70-g09d2