From b88cef5db1132c1e6e94ae282f94d980a959bb15 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Thu, 13 Oct 2016 16:45:28 -0400 Subject: testing --- Makefile.in | 5 +- src/include/common.h | 2 +- src/lib/common.c | 9 ++-- src/lib/pid.c | 2 +- test/apps-x11-xorg/apps-x11-xorg.sh | 35 +++++++++++++ test/apps-x11-xorg/firefox.exp | 90 +++++++++++++++++++++++++++++++++ test/apps-x11-xorg/icedove.exp | 85 +++++++++++++++++++++++++++++++ test/apps-x11-xorg/transmission-gtk.exp | 85 +++++++++++++++++++++++++++++++ 8 files changed, 307 insertions(+), 6 deletions(-) create mode 100755 test/apps-x11-xorg/apps-x11-xorg.sh create mode 100755 test/apps-x11-xorg/firefox.exp create mode 100755 test/apps-x11-xorg/icedove.exp create mode 100755 test/apps-x11-xorg/transmission-gtk.exp diff --git a/Makefile.in b/Makefile.in index 3f08c5952..ad81c8851 100644 --- a/Makefile.in +++ b/Makefile.in @@ -195,6 +195,9 @@ test-apps: test-apps-x11: cd test/apps-x11; ./apps-x11.sh | grep TESTING +test-apps-x11-xorg: + cd test/apps-x11-xorg; ./apps-x11-xorg.sh | grep TESTING + test-sysutils: cd test/sysutils; ./sysutils.sh | grep TESTING @@ -213,5 +216,5 @@ test-network: test-fs: cd test/fs; ./fs.sh | grep TESTING -test: test-profiles test-fs test-utils test-environment test-apps test-apps-x11 test-filters +test: test-profiles test-fs test-utils test-environment test-apps test-apps-x11 test-apps-xorg-x11 test-filters echo "TEST COMPLETE" diff --git a/src/include/common.h b/src/include/common.h index e28870807..f7c8ea725 100644 --- a/src/include/common.h +++ b/src/include/common.h @@ -113,5 +113,5 @@ int join_namespace(pid_t pid, char *type); int name2pid(const char *name, pid_t *pid); char *pid_proc_comm(const pid_t pid); char *pid_proc_cmdline(const pid_t pid); -int pid_proc_cmdline_x11(const pid_t pid); +int pid_proc_cmdline_x11_xpra_xephyr(const pid_t pid); #endif diff --git a/src/lib/common.c b/src/lib/common.c index acb6bd3b4..fc4c167ba 100644 --- a/src/lib/common.c +++ b/src/lib/common.c @@ -201,7 +201,7 @@ char *pid_proc_cmdline(const pid_t pid) { } // return 1 if firejail --x11 on command line -int pid_proc_cmdline_x11(const pid_t pid) { +int pid_proc_cmdline_x11_xpra_xephyr(const pid_t pid) { // if comm is not firejail return 0 char *comm = pid_proc_comm(pid); if (strcmp(comm, "firejail") != 0) { @@ -248,8 +248,11 @@ int pid_proc_cmdline_x11(const pid_t pid) { break; if (strncmp(arg, "--", 2) != 0) break; - - // check x11 + + if (strcmp(arg, "--x11=xorg") == 0) + return 0; + + // check x11 xpra or xephyr if (strncmp(arg, "--x11", 5) == 0) return 1; i += strlen(arg); diff --git a/src/lib/pid.c b/src/lib/pid.c index bbb123b81..ef1a428fb 100644 --- a/src/lib/pid.c +++ b/src/lib/pid.c @@ -341,7 +341,7 @@ void pid_read(pid_t mon_pid) { } if ((strncmp(ptr, "firejail", 8) == 0) && (mon_pid == 0 || mon_pid == pid)) { - if (pid_proc_cmdline_x11(pid)) + if (pid_proc_cmdline_x11_xpra_xephyr(pid)) pids[pid].level = -1; else pids[pid].level = 1; diff --git a/test/apps-x11-xorg/apps-x11-xorg.sh b/test/apps-x11-xorg/apps-x11-xorg.sh new file mode 100755 index 000000000..b05914b52 --- /dev/null +++ b/test/apps-x11-xorg/apps-x11-xorg.sh @@ -0,0 +1,35 @@ +#!/bin/bash +# This file is part of Firejail project +# Copyright (C) 2014-2016 Firejail Authors +# License GPL v2 + +export MALLOC_CHECK_=3 +export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) + +which firefox +if [ "$?" -eq 0 ]; +then + echo "TESTING: firefox x11 xorg" + ./firefox.exp +else + echo "TESTING SKIP: firefox not found" +fi + +which transmission-gtk +if [ "$?" -eq 0 ]; +then + echo "TESTING: transmission-gtk x11 xorg" + ./transmission-gtk.exp +else + echo "TESTING SKIP: transmission-gtk not found" +fi + +which icedove +if [ "$?" -eq 0 ]; +then + echo "TESTING: icedove x11 xorg" + ./icedove.exp +else + echo "TESTING SKIP: icedove not found" +fi + diff --git a/test/apps-x11-xorg/firefox.exp b/test/apps-x11-xorg/firefox.exp new file mode 100755 index 000000000..5231bf8ed --- /dev/null +++ b/test/apps-x11-xorg/firefox.exp @@ -0,0 +1,90 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2016 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --name=test --x11=xorg firefox -no-remote www.gentoo.org\r" +sleep 10 + +spawn $env(SHELL) +send -- "firejail --list\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + ":firejail" +} +expect { + timeout {puts "TESTING ERROR 3.1\n";exit} + "firefox" {puts "firefox detected\n";} + "iceweasel" {puts "iceweasel detected\n";} +} +expect { + timeout {puts "TESTING ERROR 3.2\n";exit} + "no-remote" +} +sleep 1 +# grsecurity exit +send -- "file /proc/sys/kernel/grsecurity\r" +expect { + timeout {puts "TESTING ERROR - grsecurity detection\n";exit} + "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} + "cannot open" {puts "grsecurity not present\n"} +} +send -- "firejail --name=blablabla\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 2 + +spawn $env(SHELL) +send -- "firemon --seccomp\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + " firefox" {puts "firefox detected\n";} + " iceweasel" {puts "iceweasel detected\n";} +} +expect { + timeout {puts "TESTING ERROR 5.0\n";exit} + "no-remote" +} +expect { + timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} + "Seccomp: 2" +} +expect { + timeout {puts "TESTING ERROR 5.1\n";exit} + "name=blablabla" +} +sleep 1 +send -- "firemon --caps\r" +expect { + timeout {puts "TESTING ERROR 6\n";exit} + " firefox" {puts "firefox detected\n";} + " iceweasel" {puts "iceweasel detected\n";} +} +expect { + timeout {puts "TESTING ERROR 6.0\n";exit} + "no-remote" +} +expect { + timeout {puts "TESTING ERROR 6.1\n";exit} + "CapBnd:" +} +expect { + timeout {puts "TESTING ERROR 6.2\n";exit} + "0000000000000000" +} +expect { + timeout {puts "TESTING ERROR 6.3\n";exit} + "name=blablabla" +} +sleep 1 +send -- "firejail --shutdown=test\r" +sleep 3 + +puts "\nall done\n" + diff --git a/test/apps-x11-xorg/icedove.exp b/test/apps-x11-xorg/icedove.exp new file mode 100755 index 000000000..f676264ed --- /dev/null +++ b/test/apps-x11-xorg/icedove.exp @@ -0,0 +1,85 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2016 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --name=test --x11=xorg icedove\r" +sleep 10 + +spawn $env(SHELL) +send -- "firejail --list\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + ":firejail" +} +expect { + timeout {puts "TESTING ERROR 3.1\n";exit} + "icedove" +} +sleep 1 + +# grsecurity exit +send -- "file /proc/sys/kernel/grsecurity\r" +expect { + timeout {puts "TESTING ERROR - grsecurity detection\n";exit} + "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} + "cannot open" {puts "grsecurity not present\n"} +} + +send -- "firejail --name=blablabla\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 2 + +spawn $env(SHELL) +send -- "firemon --seccomp\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + ":firejail" +} +expect { + timeout {puts "TESTING ERROR 5.0\n";exit} + "icedove" +} +expect { + timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} + "Seccomp: 2" +} +expect { + timeout {puts "TESTING ERROR 5.1\n";exit} + "name=blablabla" +} +sleep 2 +send -- "firemon --caps\r" +expect { + timeout {puts "TESTING ERROR 6\n";exit} + ":firejail" +} +expect { + timeout {puts "TESTING ERROR 6.0\n";exit} + "icedove" +} +expect { + timeout {puts "TESTING ERROR 6.1\n";exit} + "CapBnd" +} +expect { + timeout {puts "TESTING ERROR 6.2\n";exit} + "0000000000000000" +} +expect { + timeout {puts "TESTING ERROR 6.3\n";exit} + "name=blablabla" +} +sleep 1 +send -- "firejail --shutdown=test\r" +sleep 3 + +puts "\nall done\n" + diff --git a/test/apps-x11-xorg/transmission-gtk.exp b/test/apps-x11-xorg/transmission-gtk.exp new file mode 100755 index 000000000..a91a1be08 --- /dev/null +++ b/test/apps-x11-xorg/transmission-gtk.exp @@ -0,0 +1,85 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2016 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --name=test --x11=xorg transmission-gtk\r" +sleep 10 + +spawn $env(SHELL) +send -- "firejail --list\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + ":firejail" +} +expect { + timeout {puts "TESTING ERROR 3.1\n";exit} + "transmission-gtk" +} +sleep 1 + +# grsecurity exit +send -- "file /proc/sys/kernel/grsecurity\r" +expect { + timeout {puts "TESTING ERROR - grsecurity detection\n";exit} + "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} + "cannot open" {puts "grsecurity not present\n"} +} + +send -- "firejail --name=blablabla\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 2 + +spawn $env(SHELL) +send -- "firemon --seccomp\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + ":firejail" +} +expect { + timeout {puts "TESTING ERROR 5.0\n";exit} + "transmission-gtk" +} +expect { + timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} + "Seccomp: 2" +} +expect { + timeout {puts "TESTING ERROR 5.1\n";exit} + "name=blablabla" +} +sleep 1 +send -- "firemon --caps\r" +expect { + timeout {puts "TESTING ERROR 6\n";exit} + ":firejail" +} +expect { + timeout {puts "TESTING ERROR 6.0\n";exit} + "transmission-gtk" +} +expect { + timeout {puts "TESTING ERROR 6.1\n";exit} + "CapBnd" +} +expect { + timeout {puts "TESTING ERROR 6.2\n";exit} + "0000000000000000" +} +expect { + timeout {puts "TESTING ERROR 6.3\n";exit} + "name=blablabla" +} +sleep 1 +send -- "firejail --shutdown=test\r" +sleep 3 + +puts "\nall done\n" + -- cgit v1.2.3-54-g00ecf