From ca79ff961cc303670f1ccb8841495ddd7f17a76b Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sat, 12 Nov 2016 07:36:41 -0500
Subject: testing

---
 src/firemon/arp.c         |  7 +++--
 src/firemon/caps.c        |  5 ++--
 src/firemon/cgroup.c      |  6 ++--
 src/firemon/cpu.c         |  6 ++--
 src/firemon/firemon.c     | 71 +++++++++++++++++++++++++++++++----------------
 src/firemon/firemon.h     | 18 ++++++------
 src/firemon/interface.c   | 12 +++-----
 src/firemon/route.c       |  7 +++--
 src/firemon/seccomp.c     |  5 ++--
 src/firemon/tree.c        |  4 +--
 src/firemon/x11.c         |  8 ++++--
 src/fseccomp/syscall.c    |  3 --
 test/overlay/fs-named.exp | 66 +++++++++++++++++++++++++++++++++++++++++++
 test/overlay/fs-tmpfs.exp | 62 +++++++++++++++++++++++++++++++++++++++++
 test/overlay/overlay.sh   | 12 +++++++-
 test/root/firecfg.exp     | 46 ++++++++++++++++++++++++++++++
 16 files changed, 274 insertions(+), 64 deletions(-)
 create mode 100755 test/overlay/fs-named.exp
 create mode 100755 test/overlay/fs-tmpfs.exp
 create mode 100755 test/root/firecfg.exp

diff --git a/src/firemon/arp.c b/src/firemon/arp.c
index d204a0c3a..014f6a904 100644
--- a/src/firemon/arp.c
+++ b/src/firemon/arp.c
@@ -72,14 +72,15 @@ static void print_arp(const char *fname) {
 
 }
 
-void arp(pid_t pid) {
+void arp(pid_t pid, int print_procs) {
 	pid_read(pid);
 	
 	// print processes
 	int i;
 	for (i = 0; i < max_pids; i++) {
 		if (pids[i].level == 1) {
-			pid_print_list(i, 0);
+			if (print_procs || pid == 0)
+				pid_print_list(i, 0);
 			int child = find_child(i);
 			if (child != -1) {
 				char *fname;
@@ -87,10 +88,10 @@ void arp(pid_t pid) {
 					errExit("asprintf");
 				print_arp(fname);
 				free(fname);
-				printf("\n");
 			}
 		}
 	}
+	printf("\n");
 }
 
 
diff --git a/src/firemon/caps.c b/src/firemon/caps.c
index 49c7b204b..81877ab87 100644
--- a/src/firemon/caps.c
+++ b/src/firemon/caps.c
@@ -48,14 +48,15 @@ static void print_caps(int pid) {
 	free(file);
 }
 			
-void caps(pid_t pid) {
+void caps(pid_t pid, int print_procs) {
 	pid_read(pid);	// include all processes
 	
 	// print processes
 	int i;
 	for (i = 0; i < max_pids; i++) {
 		if (pids[i].level == 1) {
-			pid_print_list(i, 0);
+			if (print_procs || pid == 0)
+				pid_print_list(i, 0);
 			int child = find_child(i);
 			if (child != -1)
 				print_caps(child);
diff --git a/src/firemon/cgroup.c b/src/firemon/cgroup.c
index ec2d350af..e20e1d449 100644
--- a/src/firemon/cgroup.c
+++ b/src/firemon/cgroup.c
@@ -44,18 +44,20 @@ static void print_cgroup(int pid) {
 	free(file);
 }
 			
-void cgroup(pid_t pid) {
+void cgroup(pid_t pid, int print_procs) {
 	pid_read(pid);
 	
 	// print processes
 	int i;
 	for (i = 0; i < max_pids; i++) {
 		if (pids[i].level == 1) {
-			pid_print_list(i, 0);
+			if (print_procs || pid == 0)
+				pid_print_list(i, 0);
 			int child = find_child(i);
 			if (child != -1)
 				print_cgroup(child);
 		}
 	}
+	printf("\n");
 }
 
diff --git a/src/firemon/cpu.c b/src/firemon/cpu.c
index 20fba33d6..47c935686 100644
--- a/src/firemon/cpu.c
+++ b/src/firemon/cpu.c
@@ -48,18 +48,20 @@ static void print_cpu(int pid) {
 	free(file);
 }
 			
-void cpu(pid_t pid) {
+void cpu(pid_t pid, int print_procs) {
 	pid_read(pid);
 	
 	// print processes
 	int i;
 	for (i = 0; i < max_pids; i++) {
 		if (pids[i].level == 1) {
-			pid_print_list(i, 0);
+			if (print_procs || pid == 0)
+				pid_print_list(i, 0);
 			int child = find_child(i);
 			if (child != -1)
 				print_cpu(child);
 		}
 	}
+	printf("\n");
 }
 
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c
index 1ec64bea8..b63e37444 100644
--- a/src/firemon/firemon.c
+++ b/src/firemon/firemon.c
@@ -25,7 +25,6 @@
 #include <grp.h>
 #include <sys/stat.h>
  
-
 static int arg_route = 0;
 static int arg_arp = 0;
 static int arg_tree = 0;
@@ -148,8 +147,13 @@ int main(int argc, char **argv) {
 			arg_seccomp = 1;
 		else if (strcmp(argv[i], "--caps") == 0)
 			arg_caps = 1;
-		else if (strcmp(argv[i], "--interface") == 0)
+		else if (strcmp(argv[i], "--interface") == 0) {
+			if (getuid() != 0) {
+				fprintf(stderr, "Error: you need to be root to run this command\n");
+				exit(1);
+			}
 			arg_interface = 1;
+		}
 		else if (strcmp(argv[i], "--route") == 0)
 			arg_route = 1;
 		else if (strcmp(argv[i], "--arp") == 0)
@@ -196,10 +200,8 @@ int main(int argc, char **argv) {
 		exit(1);
 	}
 	
-	if (arg_top)
-		top(); // never to return
-	if (arg_tree) {
-		tree();
+	if (arg_top) {
+		top(); 
 		return 0;
 	}
 	if (arg_list) {
@@ -212,25 +214,46 @@ int main(int argc, char **argv) {
 	}
 	
 	// cumulative options
-	if (arg_interface)
-		interface((pid_t) pid);
-	if (arg_route)
-		route((pid_t) pid);
-	if (arg_arp)
-		arp((pid_t) pid);
-	if (arg_seccomp)
-		seccomp((pid_t) pid);
-	if (arg_caps)
-		caps((pid_t) pid);
-	if (arg_cpu)
-		cpu((pid_t) pid);
-	if (arg_cgroup)
-		cgroup((pid_t) pid);
-	if (arg_x11)
-		x11((pid_t) pid);
+	int print_procs = 1;
+	if (arg_tree) {
+		tree((pid_t) pid);
+		print_procs = 0;
+	}
+	if (arg_cpu) {
+		cpu((pid_t) pid, print_procs);
+		print_procs = 0;
+	}
+	if (arg_seccomp) {
+		seccomp((pid_t) pid, print_procs);
+		print_procs = 0;
+	}
+	if (arg_caps) {
+		caps((pid_t) pid, print_procs);
+		print_procs = 0;
+	}
+	if (arg_cgroup) {
+		cgroup((pid_t) pid, print_procs);
+		print_procs = 0;
+	}
+	if (arg_x11) {
+		x11((pid_t) pid, print_procs);
+		print_procs = 0;
+	}
+	if (arg_interface) {
+		interface((pid_t) pid, print_procs);
+		print_procs = 0;
+	}
+	if (arg_route) {
+		route((pid_t) pid, print_procs);
+		print_procs = 0;
+	}
+	if (arg_arp) {
+		arp((pid_t) pid, print_procs);
+		print_procs = 0;
+	}
 	
-	if (!arg_interface && !arg_route && !arg_arp && !arg_seccomp && !arg_caps && !arg_cgroup && !arg_x11)
-		procevent((pid_t) pid); // never to return
+	if (print_procs)
+		procevent((pid_t) pid);
 		
 	return 0;
 }
diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h
index c5607a792..c78023888 100644
--- a/src/firemon/firemon.h
+++ b/src/firemon/firemon.h
@@ -54,33 +54,33 @@ void top(void);
 void list(void);
 
 // interface.c
-void interface(pid_t pid);
+void interface(pid_t pid, int print_procs);
 
 // arp.c
-void arp(pid_t pid);
+void arp(pid_t pid, int print_procs);
 
 // route.c
-void route(pid_t pid);
+void route(pid_t pid, int print_procs);
 
 // caps.c
-void caps(pid_t pid);
+void caps(pid_t pid, int print_procs);
 
 // seccomp.c
-void seccomp(pid_t pid);
+void seccomp(pid_t pid, int print_procs);
 
 // cpu.c
-void cpu(pid_t pid);
+void cpu(pid_t pid, int print_procs);
 
 // cgroup.c
-void cgroup(pid_t pid);
+void cgroup(pid_t pid, int print_procs);
 
 // tree.c
-void tree(void);
+void tree(pid_t pid);
 
 // netstats.c
 void netstats(void);
 
 // x11.c
-void x11(pid_t pid);
+void x11(pid_t pid, int print_procs);
 
 #endif
diff --git a/src/firemon/interface.c b/src/firemon/interface.c
index 58990e6e5..def9cd5ac 100644
--- a/src/firemon/interface.c
+++ b/src/firemon/interface.c
@@ -145,7 +145,6 @@ static void print_sandbox(pid_t pid) {
 		if (rv)
 			return;
 		net_ifprint();
-		printf("\n");
 #ifdef HAVE_GCOV
 		__gcov_flush();
 #endif
@@ -156,24 +155,21 @@ static void print_sandbox(pid_t pid) {
 	waitpid(child, NULL, 0);
 }
 
-void interface(pid_t pid) {
-	if (getuid() != 0) {
-		fprintf(stderr, "Error: you need to be root to run this command\n");
-		exit(1);
-	}
-	
+void interface(pid_t pid, int print_procs) {
 	pid_read(pid); // a pid of 0 will include all processes
 	
 	// print processes
 	int i;
 	for (i = 0; i < max_pids; i++) {
 		if (pids[i].level == 1) {
-			pid_print_list(i, 0);
+			if (print_procs || pid == 0)
+				pid_print_list(i, 0);
 			int child = find_child(i);
 			if (child != -1) {
 				print_sandbox(child);
 			}
 		}
 	}
+	printf("\n");
 }
 
diff --git a/src/firemon/route.c b/src/firemon/route.c
index ac8000b6a..fb58b169d 100644
--- a/src/firemon/route.c
+++ b/src/firemon/route.c
@@ -181,14 +181,15 @@ static void print_route(const char *fname) {
 
 }
 
-void route(pid_t pid) {
+void route(pid_t pid, int print_procs) {
 	pid_read(pid);
 	
 	// print processes
 	int i;
 	for (i = 0; i < max_pids; i++) {
 		if (pids[i].level == 1) {
-			pid_print_list(i, 0);
+			if (print_procs || pid == 0)
+				pid_print_list(i, 0);
 			int child = find_child(i);
 			if (child != -1) {
 				char *fname;
@@ -201,10 +202,10 @@ void route(pid_t pid) {
 					errExit("asprintf");
 				print_route(fname);
 				free(fname);
-				printf("\n");
 			}
 		}
 	}
+	printf("\n");
 }
 
 
diff --git a/src/firemon/seccomp.c b/src/firemon/seccomp.c
index d4c248f8b..abc698bb8 100644
--- a/src/firemon/seccomp.c
+++ b/src/firemon/seccomp.c
@@ -48,14 +48,15 @@ static void print_seccomp(int pid) {
 	free(file);
 }
 			
-void seccomp(pid_t pid) {
+void seccomp(pid_t pid, int print_procs) {
 	pid_read(pid);	// include all processes
 	
 	// print processes
 	int i;
 	for (i = 0; i < max_pids; i++) {
 		if (pids[i].level == 1) {
-			pid_print_list(i, 0);
+			if (print_procs || pid == 0)
+				pid_print_list(i, 0);
 			int child = find_child(i);
 			if (child != -1)
 				print_seccomp(child);
diff --git a/src/firemon/tree.c b/src/firemon/tree.c
index f6d22b517..6d8b37ecb 100644
--- a/src/firemon/tree.c
+++ b/src/firemon/tree.c
@@ -19,8 +19,8 @@
 */
 #include "firemon.h"
 
-void tree(void) {
-	pid_read(0);	// include all processes
+void tree(pid_t pid) {
+	pid_read(pid);
 	
 	// print processes
 	int i;
diff --git a/src/firemon/x11.c b/src/firemon/x11.c
index c7fe4c616..b0efb090a 100644
--- a/src/firemon/x11.c
+++ b/src/firemon/x11.c
@@ -22,14 +22,15 @@
 #include <sys/stat.h>
 #include <unistd.h>
 			
-void x11(pid_t pid) {
+void x11(pid_t pid, int print_procs) {
 	pid_read(pid);
 	
 	// print processes
 	int i;
 	for (i = 0; i < max_pids; i++) {
 		if (pids[i].level == 1) {
-			pid_print_list(i, 0);
+			if (print_procs || pid == 0)
+				pid_print_list(i, 0);
 			
 			char *x11file;
 			// todo: use macro from src/firejail/firejail.h for /run/firejail/x11 directory
@@ -46,12 +47,13 @@ void x11(pid_t pid) {
 				int display;
 				int rv = fscanf(fp, "%d", &display);
 				if (rv == 1)
-					printf("   DISPLAY :%d\n", display);
+					printf("  DISPLAY :%d\n", display);
 				fclose(fp);
 			}
 
 			free(x11file);
 		}
 	}
+	printf("\n");
 }
 
diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c
index 6696f2b11..7c2c4cbb2 100644
--- a/src/fseccomp/syscall.c
+++ b/src/fseccomp/syscall.c
@@ -127,12 +127,9 @@ int syscall_check_list(const char *slist, void (*callback)(int fd, int syscall,
 	}
 
 	while (ptr) {
-printf("ptr %s\n", ptr);
-		
 		int syscall_nr;
 		int error_nr;
 		syscall_process_name(ptr, &syscall_nr, &error_nr);
-printf("%d, %d\n", syscall_nr, error_nr);		
 		if (syscall_nr == -1)
 			fprintf(stderr, "Warning fseccomp: syscall %s not found\n", ptr);
 		else if (callback != NULL) {
diff --git a/test/overlay/fs-named.exp b/test/overlay/fs-named.exp
new file mode 100755
index 000000000..2ccb22bb1
--- /dev/null
+++ b/test/overlay/fs-named.exp
@@ -0,0 +1,66 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --overlay-named=firejail-test\r"
+expect {
+	timeout {puts "TESTING ERROR 2\n";exit}
+	"not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit}
+	"Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit}
+	"Child process initialized" {puts "found\n"}
+}
+sleep 1
+
+send -- "echo xyzxyzxyz > ~/_firejail_test_file; echo done\r"
+expect {
+	timeout {puts "TESTING ERROR 3\n";exit}
+	"done"
+}
+after 100
+
+send -- "cat  ~/_firejail_test_file; echo done\r"
+expect {
+	timeout {puts "TESTING ERROR 4\n";exit}
+	"xyzxyzxyz"
+}
+expect {
+	timeout {puts "TESTING ERROR 4.1\n";exit}
+	"done"
+}
+after 100
+
+send -- "exit\r"
+sleep 2
+
+send -- "cat  ~/_firejail_test_file; echo done\r"
+expect {
+	timeout {puts "TESTING ERROR 5\n";exit}
+	"xyzxyzxyz" {puts "TESTING ERROR 5.1\n";exit}
+	"done"
+}
+after 100
+
+send -- "firejail --overlay-named=firejail-test\r"
+expect {
+	timeout {puts "TESTING ERROR 2\n";exit}
+	"not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit}
+	"Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit}
+	"Child process initialized" {puts "found\n"}
+}
+sleep 1
+
+send -- "cat  ~/_firejail_test_file; echo done\r"
+expect {
+	timeout {puts "TESTING ERROR 4\n";exit}
+	"xyzxyzxyz"
+}
+expect {
+	timeout {puts "TESTING ERROR 4.1\n";exit}
+	"done"
+}
+after 100
+
+puts "\nall done\n"
+
diff --git a/test/overlay/fs-tmpfs.exp b/test/overlay/fs-tmpfs.exp
new file mode 100755
index 000000000..658d16779
--- /dev/null
+++ b/test/overlay/fs-tmpfs.exp
@@ -0,0 +1,62 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --overlay-clean\r"
+after 100
+send -- "file ~/.firejail\r"
+expect {
+	timeout {puts "TESTING ERROR 0\n";exit}
+	"cannot open"
+}
+after 100
+
+send -- "firejail --overlay-tmpfs\r"
+expect {
+	timeout {puts "TESTING ERROR 1\n";exit}
+	"not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit}
+	"Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit}
+	"Child process initialized" {puts "found\n"}
+}
+sleep 1
+
+send -- "echo xyzxyzxyz > ~/_firejail_test_file; echo done\r"
+expect {
+	timeout {puts "TESTING ERROR 2\n";exit}
+	"done"
+}
+after 100
+
+send -- "cat  ~/_firejail_test_file; echo done\r"
+expect {
+	timeout {puts "TESTING ERROR 3\n";exit}
+	"xyzxyzxyz"
+}
+expect {
+	timeout {puts "TESTING ERROR 4\n";exit}
+	"done"
+}
+after 100
+
+send -- "exit\r"
+sleep 1
+
+send -- "cat  ~/_firejail_test_file; echo done\r"
+expect {
+	timeout {puts "TESTING ERROR 5\n";exit}
+	"xyzxyzxyz" {puts "TESTING ERROR 6\n";exit}
+	"done"
+}
+after 100
+
+send -- "file ~/.firejail\r"
+expect {
+	timeout {puts "TESTING ERROR 7\n";exit}
+	"cannot open"
+}
+after 100
+
+puts "\nall done\n"
+
diff --git a/test/overlay/overlay.sh b/test/overlay/overlay.sh
index 971adddfe..4c9ebe5b0 100755
--- a/test/overlay/overlay.sh
+++ b/test/overlay/overlay.sh
@@ -11,6 +11,16 @@ rm -fr ~/_firejail_test_*
 ./fs.exp
 rm -fr ~/_firejail_test_*
 
+echo "TESTING: overlay named fs (test/overlay/fs-named.exp)"
+rm -fr ~/_firejail_test_*
+./fs-named.exp
+rm -fr ~/_firejail_test_*
+
+echo "TESTING: overlay tmpfs fs (test/overlay/fs-tmpfs.exp)"
+rm -fr ~/_firejail_test_*
+./fs-tmpfs.exp
+rm -fr ~/_firejail_test_*
+
 which firefox
 if [ "$?" -eq 0 ];
 then
@@ -51,7 +61,7 @@ which firefox
 if [ "$?" -eq 0 ];
 then
 	echo "TESTING: overlay firefox x11"
-	./firefox.exp
+	./firefox-x11.exp
 else
 	echo "TESTING SKIP: firefox not found"
 fi
diff --git a/test/root/firecfg.exp b/test/root/firecfg.exp
new file mode 100755
index 000000000..b4864988d
--- /dev/null
+++ b/test/root/firecfg.exp
@@ -0,0 +1,46 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firecfg\r"
+sleep 1
+
+send --  "firecfg --clean\r"
+expect {
+	timeout {puts "TESTING ERROR 0\n";exit}
+	"/usr/local/bin/firefox removed"
+}
+after 100
+send -- "file /usr/local/bin/firefox; echo done\r"
+expect {
+	timeout {puts "TESTING ERROR 1\n";exit}
+	"symbolic link to /usr/bin/firejail"  {puts "TESTING ERROR 2\n";exit}
+	"done"
+}
+after 100
+
+send --  "firecfg\r"
+expect {
+	timeout {puts "TESTING ERROR 3\n";exit}
+	"/usr/local/bin/firefox created"
+}
+after 100
+send -- "file /usr/local/bin/firefox\r"
+expect {
+	timeout {puts "TESTING ERROR 4\n";exit}
+	"symbolic link to /usr/bin/firejail"
+}
+after 100
+
+send -- "firecfg --list\r"
+expect {
+	timeout {puts "TESTING ERROR 5\n";exit}
+	"/usr/local/bin/firefox"
+}
+after 100
+puts "\nall done\n"
-- 
cgit v1.2.3-54-g00ecf