From 98c11500d43555196490fd8fc5f063174d118cf8 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 6 Apr 2016 10:41:11 -0400 Subject: grsecurity: --ls, --get --- src/firejail/ls.c | 2 ++ test/ls.exp | 41 +++++++++++++++++++++++++++++++++++++++++ test/test.sh | 3 +++ 3 files changed, 46 insertions(+) create mode 100755 test/ls.exp diff --git a/src/firejail/ls.c b/src/firejail/ls.c index 6bfa51afc..444b5b69e 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c @@ -205,7 +205,9 @@ void sandboxfs(int op, pid_t pid, const char *path) { EUID_ASSERT(); // if the pid is that of a firejail process, use the pid of the first child process + EUID_ROOT(); char *comm = pid_proc_comm(pid); + EUID_USER(); if (comm) { if (strcmp(comm, "firejail") == 0) { pid_t child; diff --git a/test/ls.exp b/test/ls.exp new file mode 100755 index 000000000..5fe6d79c6 --- /dev/null +++ b/test/ls.exp @@ -0,0 +1,41 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "rm -f lstesting\r" +sleep 1 +send -- "firejail --private --name=test\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 2 +send -- "echo my_testing > lstesting\r" +sleep 2 + + +spawn $env(SHELL) +send -- "firejail --ls=test ~/.\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "lstesting" +} +sleep 1 +send -- "firejail --get=test ~/lstesting\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "lstesting" +} +sleep 1 +send -- "cat lstesting\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "my_testing" +} +sleep 1 +send -- "rm -f lstesting\r" + +sleep 1 +puts "\nall done\n" diff --git a/test/test.sh b/test/test.sh index d36fbcb75..5e2bde52d 100755 --- a/test/test.sh +++ b/test/test.sh @@ -6,6 +6,9 @@ ./fscheck.sh +echo "TESTING: file transfer (ls.exp)" +./ls.exp + echo "TESTING: fs.print (fs-print.exp)" ./fs-print.exp -- cgit v1.2.3-54-g00ecf