From f9d50521f736fb9e8de2312fd778700c8ad551c0 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 31 Jan 2022 09:43:22 -0500 Subject: small fixes --- README | 2 +- README.md | 4 +-- test/filters/filters.sh | 16 ++++++--- test/filters/seccomp-debug-32.exp | 73 ++++++++++++--------------------------- test/fs/fs.sh | 8 +++-- 5 files changed, 43 insertions(+), 60 deletions(-) diff --git a/README b/README index 0a0213bff..08ccefc3b 100644 --- a/README +++ b/README @@ -12,7 +12,7 @@ Linux namespace support. It supports sandboxing specific users upon login. Download: https://sourceforge.net/projects/firejail/files/ Build and install: ./configure && make && sudo make install Documentation and support: https://firejail.wordpress.com/ -Video Channel: https://www.youtube.com/channel/UCi5u-syndQYyOeV4NZ04hNA +Video Channel: https://www.brighteon.com/channels/netblue30 Backup Video Channel: https://www.bitchute.com/profile/JSBsA1aoQVfW/ Development: https://github.com/netblue30/firejail License: GPL v2 diff --git a/README.md b/README.md index d6dd9b832..5512c0658 100644 --- a/README.md +++ b/README.md @@ -132,9 +132,7 @@ See the following discussions for details: ### Other -Try installing Firejail from your distribution. - -Firejail is included in Alpine, ALT Linux, Arch, Artix, Chakra, Debian, Deepin, Devuan, Fedora, Gentoo, Manjaro, Mint, NixOS, Parabola, Parrot, PCLinuxOS, ROSA, Solus, Slackware/SlackBuilds, Trisquel, Ubuntu, Void and possibly others. +Firejail is included in a large numbre of Linux distributions. Note: The firejail 0.9.52-LTS version is deprecated. diff --git a/test/filters/filters.sh b/test/filters/filters.sh index 885c5a000..04d7080d6 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh @@ -33,8 +33,12 @@ fi echo "TESTING: debug options (test/filters/debug.exp)" ./debug.exp -echo "TESTING: seccomp run files (test/filters/seccomp-run-files.exp)" -./seccomp-run-files.exp +if [ "$(uname -m)" = "x86_64" ]; then + echo "TESTING: seccomp run files (test/filters/seccomp-run-files.exp)" + ./seccomp-run-files.exp +else + echo "TESTING SKIP: seccomp-run-files test implemented only for x86_64." +fi echo "TESTING: seccomp postexec (test/filters/seccomp-postexec.exp)" ./seccomp-postexec.exp @@ -111,8 +115,12 @@ echo "TESTING: seccomp chmod profile - seccomp lists (test/filters/seccomp-chmod echo "TESTING: seccomp empty (test/filters/seccomp-empty.exp)" ./seccomp-empty.exp -echo "TESTING: seccomp numeric (test/filters/seccomp-numeric.exp)" -./seccomp-numeric.exp +if [ "$(uname -m)" = "x86_64" ]; then + echo "TESTING: seccomp numeric (test/filters/seccomp-numeric.exp)" + ./seccomp-numeric.exp +else + echo "TESTING SKIP: seccomp numeric test implemented only for x86_64" +fi if [ "$(uname -m)" = "x86_64" ]; then echo "TESTING: seccomp join (test/filters/seccomp-join.exp)" diff --git a/test/filters/seccomp-debug-32.exp b/test/filters/seccomp-debug-32.exp index b232a7df3..a2f99c1ca 100755 --- a/test/filters/seccomp-debug-32.exp +++ b/test/filters/seccomp-debug-32.exp @@ -13,15 +13,11 @@ after 100 send -- "firejail --debug sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 0\n";exit} - "SECCOMP Filter" -} -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "BLACKLIST" + "seccomp entries in /run/firejail/mnt/seccomp/seccomp" } expect { timeout {puts "TESTING ERROR 2\n";exit} - "open_by_handle_at" + "jeq open_by_handle_at" } expect { timeout {puts "TESTING ERROR 3\n";exit} @@ -34,58 +30,30 @@ expect { after 100 -# i686 architecture -send -- "firejail --debug sleep 1; echo done\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "Child process initialized" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" -} -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "Installing /run/firejail/mnt/seccomp.64 seccomp filter" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "done" -} -after 100 - -# i686 architecture - ignore seccomp +# 64 bit architecture - ignore seccomp send -- "firejail --debug --ignore=seccomp sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 10\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 11\n";exit} - "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 12\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" {puts "TESTING ERROR 11\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 12\n";exit} "Child process initialized" } expect { - timeout {puts "TESTING ERROR 13\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 14\n";exit} - "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 15\n";exit} + timeout {puts "TESTING ERROR 16\n";exit} "done" } after 100 -# i686 architecture - ignore protocol +# 64 bit architecture - ignore protocol send -- "firejail --debug --ignore=protocol sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 17\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 18\n";exit} "Child process initialized" } expect { timeout {puts "TESTING ERROR 19\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 20\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" -} -expect { - timeout {puts "TESTING ERROR 21\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 22\n";exit} - "Installing /run/firejail/mnt/seccomp.64 seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" {puts "TESTING ERROR 20\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 23\n";exit} @@ -101,7 +69,7 @@ expect { } expect { timeout {puts "TESTING ERROR 25\n";exit} - "Installing /run/firejail/mnt/seccomp.mdwx seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter" } expect { timeout {puts "TESTING ERROR 26\n";exit} @@ -109,17 +77,22 @@ expect { } -# i686 architecture - seccomp.block-secondary +# 64 bit architecture - seccomp.block-secondary send -- "firejail --debug --seccomp.block-secondary sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 27\n";exit} - "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 28\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 28\n";exit} "Child process initialized" } expect { timeout {puts "TESTING ERROR 29\n";exit} - "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 30\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 30\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" +} +expect { + timeout {puts "TESTING ERROR 31\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 32\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } expect { timeout {puts "TESTING ERROR 33\n";exit} @@ -127,17 +100,17 @@ expect { } after 100 -# i686 architecture - seccomp.block-secondary, profile +# 64 bit architecture - seccomp.block-secondary, profile send -- "firejail --debug --profile=block-secondary.profile sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 33\n";exit} - "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 34\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 34\n";exit} "Child process initialized" } expect { timeout {puts "TESTING ERROR 35\n";exit} - "Installing /run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 35\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 37\n";exit} diff --git a/test/fs/fs.sh b/test/fs/fs.sh index e06aacee0..0ec714ffa 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh @@ -42,8 +42,12 @@ echo "TESTING: read/write /var/tmp (test/fs/fs_var_tmp.exp)" ./fs_var_tmp.exp rm -f /var/tmp/_firejail_test_file -echo "TESTING: private-lib (test/fs/private-lib.exp)" -./private-lib.exp +if [ "$(uname -m)" = "x86_64" ]; then + echo "TESTING: private-lib (test/fs/private-lib.exp)" + ./private-lib.exp +else + echo "TESTING SKIP: private-lib test implemented only for x86_64." +fi echo "TESTING: read/write /var/lock (test/fs/fs_var_lock.exp)" ./fs_var_lock.exp -- cgit v1.2.3-54-g00ecf