From a5a02b708e871086854fc5da3d8d69beb4acf490 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 9 Apr 2019 16:56:58 -0400 Subject: fix previous commit, more seccomp testing --- src/firejail/Makefile.in | 2 +- src/include/rundefs.h | 102 ++++++++++++++++++++++++++++ src/libpostexecseccomp/libpostexecseccomp.h | 25 ------- src/libtracelog/Makefile.in | 2 +- src/libtracelog/libtracelog.c | 2 +- test/filters/seccomp-debug.exp | 46 ++++++------- test/filters/seccomp-join.exp | 44 ++++++------ 7 files changed, 150 insertions(+), 73 deletions(-) create mode 100644 src/include/rundefs.h delete mode 100644 src/libpostexecseccomp/libpostexecseccomp.h diff --git a/src/firejail/Makefile.in b/src/firejail/Makefile.in index d0f43041c..8cb994aca 100644 --- a/src/firejail/Makefile.in +++ b/src/firejail/Makefile.in @@ -2,7 +2,7 @@ all: firejail include ../common.mk -%.o : %.c $(H_FILE_LIST) ../include/common.h ../include/ldd_utils.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall.h ../include/firejail_user.h +%.o : %.c $(H_FILE_LIST) ../include/rundefs.h ../include/common.h ../include/ldd_utils.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall.h ../include/firejail_user.h $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o ../lib/ldd_utils.o ../lib/firejail_user.o diff --git a/src/include/rundefs.h b/src/include/rundefs.h new file mode 100644 index 000000000..67d7cfa4f --- /dev/null +++ b/src/include/rundefs.h @@ -0,0 +1,102 @@ +/* + * Copyright (C) 2014-2019 Firejail Authors + * + * This file is part of firejail project + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ + +#ifndef RUNDEFS_H +#define RUNDEFS_H +// filesystem +#define RUN_FIREJAIL_BASEDIR "/run" +#define RUN_FIREJAIL_DIR "/run/firejail" +#define RUN_FIREJAIL_APPIMAGE_DIR "/run/firejail/appimage" +#define RUN_FIREJAIL_NAME_DIR "/run/firejail/name" // also used in src/lib/pid.c - todo: move it in a common place +#define RUN_FIREJAIL_LIB_DIR "/run/firejail/lib" +#define RUN_FIREJAIL_X11_DIR "/run/firejail/x11" +#define RUN_FIREJAIL_NETWORK_DIR "/run/firejail/network" +#define RUN_FIREJAIL_BANDWIDTH_DIR "/run/firejail/bandwidth" +#define RUN_FIREJAIL_PROFILE_DIR "/run/firejail/profile" +#define RUN_NETWORK_LOCK_FILE "/run/firejail/firejail-network.lock" +#define RUN_DIRECTORY_LOCK_FILE "/run/firejail/firejail-run.lock" +#define RUN_RO_DIR "/run/firejail/firejail.ro.dir" +#define RUN_RO_FILE "/run/firejail/firejail.ro.file" +#define RUN_MNT_DIR "/run/firejail/mnt" // a tmpfs is mounted on this directory before any of the files below are created +#define RUN_CGROUP_CFG "/run/firejail/mnt/cgroup" +#define RUN_CPU_CFG "/run/firejail/mnt/cpu" +#define RUN_GROUPS_CFG "/run/firejail/mnt/groups" +#define RUN_PROTOCOL_CFG "/run/firejail/mnt/protocol" +#define RUN_NONEWPRIVS_CFG "/run/firejail/mnt/nonewprivs" +#define RUN_HOME_DIR "/run/firejail/mnt/home" +#define RUN_ETC_DIR "/run/firejail/mnt/etc" +#define RUN_OPT_DIR "/run/firejail/mnt/opt" +#define RUN_SRV_DIR "/run/firejail/mnt/srv" +#define RUN_BIN_DIR "/run/firejail/mnt/bin" +#define RUN_PULSE_DIR "/run/firejail/mnt/pulse" +#define RUN_LIB_DIR "/run/firejail/mnt/lib" +#define RUN_LIB_FILE "/run/firejail/mnt/libfiles" +#define RUN_DNS_ETC "/run/firejail/mnt/dns-etc" + +#define RUN_SECCOMP_DIR "/run/firejail/mnt/seccomp" +#define RUN_SECCOMP_LIST "/run/firejail/mnt/seccomp/seccomp.list" // list of seccomp files installed +#define RUN_SECCOMP_PROTOCOL "/run/firejail/mnt/seccomp/seccomp.protocol" // protocol filter +#define RUN_SECCOMP_CFG "/run/firejail/mnt/seccomp/seccomp" // configured filter +#define RUN_SECCOMP_32 "/run/firejail/mnt/seccomp/seccomp.32" // 32bit arch filter installed on 64bit architectures +#define RUN_SECCOMP_MDWX "/run/firejail/mnt/seccomp/seccomp.mdwx" // filter for memory-deny-write-execute +#define RUN_SECCOMP_BLOCK_SECONDARY "/run/firejail/mnt/seccomp/seccomp.block_secondary" // secondary arch blocking filter +#define RUN_SECCOMP_POSTEXEC "/run/firejail/mnt/seccomp/seccomp.postexec" // filter for post-exec library +#define PATH_SECCOMP_DEFAULT (LIBDIR "/firejail/seccomp") // default filter built during make +#define PATH_SECCOMP_DEFAULT_DEBUG (LIBDIR "/firejail/seccomp.debug") // default filter built during make +#define PATH_SECCOMP_32 (LIBDIR "/firejail/seccomp.32") // 32bit arch filter built during make +#define PATH_SECCOMP_MDWX (LIBDIR "/firejail/seccomp.mdwx") // filter for memory-deny-write-execute built during make +#define PATH_SECCOMP_BLOCK_SECONDARY (LIBDIR "/firejail/seccomp.block_secondary") // secondary arch blocking filter built during make + + +#define RUN_DEV_DIR "/run/firejail/mnt/dev" +#define RUN_DEVLOG_FILE "/run/firejail/mnt/devlog" + +#define RUN_WHITELIST_X11_DIR "/run/firejail/mnt/orig-x11" +#define RUN_WHITELIST_HOME_DIR "/run/firejail/mnt/orig-home" // default home directory masking +#define RUN_WHITELIST_RUN_DIR "/run/firejail/mnt/orig-run" // default run directory masking +#define RUN_WHITELIST_HOME_USER_DIR "/run/firejail/mnt/orig-home-user" // home directory whitelisting +#define RUN_WHITELIST_RUN_USER_DIR "/run/firejail/mnt/orig-run-user" // run directory whitelisting +#define RUN_WHITELIST_TMP_DIR "/run/firejail/mnt/orig-tmp" +#define RUN_WHITELIST_MEDIA_DIR "/run/firejail/mnt/orig-media" +#define RUN_WHITELIST_MNT_DIR "/run/firejail/mnt/orig-mnt" +#define RUN_WHITELIST_VAR_DIR "/run/firejail/mnt/orig-var" +#define RUN_WHITELIST_DEV_DIR "/run/firejail/mnt/orig-dev" +#define RUN_WHITELIST_OPT_DIR "/run/firejail/mnt/orig-opt" +#define RUN_WHITELIST_SRV_DIR "/run/firejail/mnt/orig-srv" +#define RUN_WHITELIST_ETC_DIR "/run/firejail/mnt/orig-etc" +#define RUN_WHITELIST_SHARE_DIR "/run/firejail/mnt/orig-share" +#define RUN_WHITELIST_MODULE_DIR "/run/firejail/mnt/orig-module" + +#define RUN_XAUTHORITY_FILE "/run/firejail/mnt/.Xauthority" +#define RUN_XAUTHORITY_SEC_FILE "/run/firejail/mnt/sec.Xauthority" +#define RUN_ASOUNDRC_FILE "/run/firejail/mnt/.asoundrc" +#define RUN_HOSTNAME_FILE "/run/firejail/mnt/hostname" +#define RUN_HOSTS_FILE "/run/firejail/mnt/hosts" +#define RUN_MACHINEID "/run/firejail/mnt/machine-id" +#define RUN_LDPRELOAD_FILE "/run/firejail/mnt/ld.so.preload" +#define RUN_UTMP_FILE "/run/firejail/mnt/utmp" +#define RUN_PASSWD_FILE "/run/firejail/mnt/passwd" +#define RUN_GROUP_FILE "/run/firejail/mnt/group" +#define RUN_FSLOGGER_FILE "/run/firejail/mnt/fslogger" +#define RUN_UMASK_FILE "/run/firejail/mnt/umask" +#define RUN_OVERLAY_ROOT "/run/firejail/mnt/oroot" +#define RUN_READY_FOR_JOIN "/run/firejail/mnt/ready-for-join" + +#endif diff --git a/src/libpostexecseccomp/libpostexecseccomp.h b/src/libpostexecseccomp/libpostexecseccomp.h deleted file mode 100644 index 908364d43..000000000 --- a/src/libpostexecseccomp/libpostexecseccomp.h +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright (C) 2014-2019 Firejail Authors - * - * This file is part of firejail project - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -*/ -#ifndef LIBPOSTEXECSECCOMP_H -#define LIBPOSTEXECSECCOMP_H - -#define RUN_SECCOMP_POSTEXEC "/run/firejail/mnt/seccomp.postexec" - -#endif diff --git a/src/libtracelog/Makefile.in b/src/libtracelog/Makefile.in index 3927c762a..5c27f3cb3 100644 --- a/src/libtracelog/Makefile.in +++ b/src/libtracelog/Makefile.in @@ -13,7 +13,7 @@ LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now all: libtracelog.so -%.o : %.c $(H_FILE_LIST) +%.o : %.c $(H_FILE_LIST) ../include/rundefs.h $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ libtracelog.so: $(OBJS) diff --git a/src/libtracelog/libtracelog.c b/src/libtracelog/libtracelog.c index 420c9370c..3641a81af 100644 --- a/src/libtracelog/libtracelog.c +++ b/src/libtracelog/libtracelog.c @@ -32,6 +32,7 @@ #include #include #include +#include "../include/rundefs.h" //#define DEBUG @@ -163,7 +164,6 @@ static char *storage_find(const char *str) { // // load blacklist form /run/firejail/mnt/fslogger // -#define RUN_FSLOGGER_FILE "/run/firejail/mnt/fslogger" #define MAXBUF 4096 static int blacklist_loaded = 0; static char *sandbox_pid_str = NULL; diff --git a/test/filters/seccomp-debug.exp b/test/filters/seccomp-debug.exp index 39f836ed0..dc4bf34f2 100755 --- a/test/filters/seccomp-debug.exp +++ b/test/filters/seccomp-debug.exp @@ -13,7 +13,7 @@ after 100 send -- "firejail --debug sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 0\n";exit} - "seccomp entries in /run/firejail/mnt/seccomp" + "seccomp entries in /run/firejail/mnt/seccomp/seccomp" } expect { timeout {puts "TESTING ERROR 2\n";exit} @@ -38,15 +38,15 @@ expect { } expect { timeout {puts "TESTING ERROR 6\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 7\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" } expect { timeout {puts "TESTING ERROR 8\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } expect { timeout {puts "TESTING ERROR 9\n";exit} @@ -58,15 +58,15 @@ after 100 send -- "firejail --debug --ignore=seccomp sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 10\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 11\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 12\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" {puts "TESTING ERROR 11\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 12\n";exit} "Child process initialized" } expect { timeout {puts "TESTING ERROR 13\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 14\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 15\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" {puts "TESTING ERROR 14\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 15\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } expect { timeout {puts "TESTING ERROR 16\n";exit} @@ -78,18 +78,18 @@ after 100 send -- "firejail --debug --ignore=protocol sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 17\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 18\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" {puts "TESTING ERROR 18\n";exit} "Child process initialized" } expect { timeout {puts "TESTING ERROR 19\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 20\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" {puts "TESTING ERROR 20\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 21\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 22\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" {puts "TESTING ERROR 22\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" } expect { timeout {puts "TESTING ERROR 23\n";exit} @@ -105,7 +105,7 @@ expect { } expect { timeout {puts "TESTING ERROR 25\n";exit} - "Installing /run/firejail/mnt/seccomp.mdwx seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter" } expect { timeout {puts "TESTING ERROR 26\n";exit} @@ -117,18 +117,18 @@ expect { send -- "firejail --debug --seccomp.block-secondary sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 27\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 28\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 28\n";exit} "Child process initialized" } expect { timeout {puts "TESTING ERROR 29\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 30\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 30\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 31\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 32\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 32\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } expect { timeout {puts "TESTING ERROR 33\n";exit} @@ -140,13 +140,13 @@ after 100 send -- "firejail --debug --profile=block-secondary.profile sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 33\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 34\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 34\n";exit} "Child process initialized" } expect { timeout {puts "TESTING ERROR 35\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 37\n";exit} diff --git a/test/filters/seccomp-join.exp b/test/filters/seccomp-join.exp index f9201f926..f1d57238b 100755 --- a/test/filters/seccomp-join.exp +++ b/test/filters/seccomp-join.exp @@ -20,15 +20,15 @@ set spawn_id $id1 send -- "firejail --name=jointesting --debug\r" expect { timeout {puts "TESTING ERROR 0\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 1\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" } expect { timeout {puts "TESTING ERROR 2\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } sleep 1 @@ -37,15 +37,15 @@ set spawn_id $id2 send -- "firejail --debug --join=jointesting\r" expect { timeout {puts "TESTING ERROR 3\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 4\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" } expect { timeout {puts "TESTING ERROR 5\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } sleep 1 @@ -64,16 +64,16 @@ set spawn_id $id1 send -- "firejail --name=jointesting --seccomp.block-secondary --debug\r" expect { timeout {puts "TESTING ERROR 10\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 11\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 12\n";exit} - "Installing /run/firejail/mnt/seccomp.block_secondary seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 12\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.block_secondary seccomp filter" } expect { timeout {puts "TESTING ERROR 13\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } sleep 1 @@ -81,15 +81,15 @@ set spawn_id $id2 send -- "firejail --debug --join=jointesting\r" expect { timeout {puts "TESTING ERROR 14\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 15\n";exit} - "Installing /run/firejail/mnt/seccomp.block_secondary seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.block_secondary seccomp filter" } expect { timeout {puts "TESTING ERROR 16\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } sleep 1 @@ -106,7 +106,7 @@ set spawn_id $id1 send -- "firejail --name=jointesting --noprofile --protocol=inet --debug\r" expect { timeout {puts "TESTING ERROR 22\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } sleep 1 @@ -115,9 +115,9 @@ set spawn_id $id2 send -- "firejail --debug --join=jointesting\r" expect { timeout {puts "TESTING ERROR 23\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 24\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 25\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" {puts "TESTING ERROR 24\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 25\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } sleep 1 @@ -134,7 +134,7 @@ set spawn_id $id1 send -- "firejail --name=jointesting --noprofile --memory-deny-write-execute --debug\r" expect { timeout {puts "TESTING ERROR 32\n";exit} - "Installing /run/firejail/mnt/seccomp.mdwx seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter" } sleep 1 @@ -143,10 +143,10 @@ set spawn_id $id2 send -- "firejail --debug --join=jointesting\r" expect { timeout {puts "TESTING ERROR 33\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 34\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 36\n";exit} - "Installing /run/firejail/mnt/seccomp.mdwx seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" {puts "TESTING ERROR 34\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" {puts "TESTING ERROR 36\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter" } sleep 1 -- cgit v1.2.3-54-g00ecf