From 94ad4edd5e41a26161fdf0c44f8a0dea77e3d120 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Thu, 17 Nov 2016 13:12:15 -0500 Subject: testing appimage --- src/firejail/appimage.c | 23 ++++++++++++++--------- test/appimage/appimage-v1.exp | 2 +- test/appimage/appimage.sh | 4 +++- test/appimage/filename.exp | 35 +++++++++++++++++++++++++++++++++++ 4 files changed, 53 insertions(+), 11 deletions(-) create mode 100755 test/appimage/filename.exp diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c index 01a78c324..6a9ca1679 100644 --- a/src/firejail/appimage.c +++ b/src/firejail/appimage.c @@ -31,34 +31,39 @@ static char *devloop = NULL; // device file static char *mntdir = NULL; // mount point in /tmp directory -void appimage_set(const char *appimage_path) { - assert(appimage_path); +void appimage_set(const char *appimage) { + assert(appimage); assert(devloop == NULL); // don't call this twice! EUID_ASSERT(); #ifdef LOOP_CTL_GET_FREE // test for older kernels; this definition is found in /usr/include/linux/loop.h - // check appimage_path - if (access(appimage_path, R_OK) == -1) { + // check appimage file + invalid_filename(appimage); + if (access(appimage, R_OK) == -1) { fprintf(stderr, "Error: cannot access AppImage file\n"); exit(1); } // get appimage type and ELF size // a value of 0 means we are dealing with a type1 appimage - long unsigned int size = appimage2_size(appimage_path); + long unsigned int size = appimage2_size(appimage); if (arg_debug) printf("AppImage ELF size %lu\n", size); - // open as user to prevent race condition - int ffd = open(appimage_path, O_RDONLY|O_CLOEXEC); + // open appimage file + int ffd = open(appimage, O_RDONLY|O_CLOEXEC); if (ffd == -1) { - fprintf(stderr, "Error: /dev/loop-control interface is not supported by your kernel\n"); + fprintf(stderr, "Error: cannot open AppImage file\n"); exit(1); } // find or allocate a free loop device to use EUID_ROOT(); int cfd = open("/dev/loop-control", O_RDWR); + if (cfd == -1) { + fprintf(stderr, "Error: /dev/loop-control interface is not supported by your kernel\n"); + exit(1); + } int devnr = ioctl(cfd, LOOP_CTL_GET_FREE); if (devnr == -1) { fprintf(stderr, "Error: cannot allocate a new loopback device\n"); @@ -113,7 +118,7 @@ void appimage_set(const char *appimage_path) { EUID_USER(); // set environment - if (appimage_path && setenv("APPIMAGE", appimage_path, 1) < 0) + if (appimage && setenv("APPIMAGE", appimage, 1) < 0) errExit("setenv"); if (mntdir && setenv("APPDIR", mntdir, 1) < 0) errExit("setenv"); diff --git a/test/appimage/appimage-v1.exp b/test/appimage/appimage-v1.exp index 503da2b9b..f1c1c10f5 100755 --- a/test/appimage/appimage-v1.exp +++ b/test/appimage/appimage-v1.exp @@ -7,7 +7,7 @@ set timeout 10 spawn $env(SHELL) match_max 100000 -send -- "firejail --name=appimage-test --appimage Leafpad-0.8.17-x86_64.AppImage\r" +send -- "firejail --name=appimage-test --debug --appimage Leafpad-0.8.17-x86_64.AppImage\r" expect { timeout {puts "TESTING ERROR 1\n";exit} "Child process initialized" diff --git a/test/appimage/appimage.sh b/test/appimage/appimage.sh index 6a73d0a7e..db221ec8a 100755 --- a/test/appimage/appimage.sh +++ b/test/appimage/appimage.sh @@ -10,5 +10,7 @@ echo "TESTING: AppImage v1 (test/appimage/appimage-v1.exp)" ./appimage-v1.exp echo "TESTING: AppImage v2 (test/appimage/appimage-v2.exp)" -./appimage-v1.exp +./appimage-v2.exp +echo "TESTING: AppImage file name (test/appimage/filename.exp)"; +./filename.exp \ No newline at end of file diff --git a/test/appimage/filename.exp b/test/appimage/filename.exp new file mode 100755 index 000000000..ce8d70464 --- /dev/null +++ b/test/appimage/filename.exp @@ -0,0 +1,35 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2016 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --appimage \"bla;bla\"\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "is an invalid filename" +} +after 100 + +send -- "firejail --appimage /etc/shadow\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "cannot access" +} +after 100 + +send -- "firejail --appimage appimage.sh\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Error mounting appimage" +} +after 100 + + + + +puts "\nall done\n" + -- cgit v1.2.3-70-g09d2