From 845bd06665539af002b1bf74d2b7cb9e6cf11e0e Mon Sep 17 00:00:00 2001 From: The Fox in the Shell Date: Wed, 25 May 2016 02:46:09 +0200 Subject: profiles: Add nonewprivs where sensible --- etc/vivaldi.profile | 1 + 1 file changed, 1 insertion(+) (limited to 'etc/vivaldi.profile') diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index 449d9a168..2049d2bd9 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile @@ -6,6 +6,7 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc netfilter +nonewprivs whitelist ${DOWNLOADS} mkdir ~/.config -- cgit v1.2.3-70-g09d2 From 0657c20377d6f8d80f143e9c6a336601c8bbd2e2 Mon Sep 17 00:00:00 2001 From: Reiner Herrmann Date: Sat, 30 Jul 2016 17:58:25 +0200 Subject: Allow recursive mkdir (Closes #305) --- etc/0ad.profile | 4 ---- etc/abrowser.profile | 2 -- etc/aweather.profile | 1 - etc/brave.profile | 1 - etc/cherrytree.profile | 2 -- etc/chromium.profile | 2 -- etc/cyberfox.profile | 1 - etc/dropbox.profile | 1 - etc/epiphany.profile | 4 ---- etc/firefox.profile | 2 -- etc/flashpeak-slimjet.profile | 2 -- etc/franz.profile | 2 -- etc/google-chrome-beta.profile | 2 -- etc/google-chrome-unstable.profile | 2 -- etc/google-chrome.profile | 2 -- etc/gpredict.profile | 1 - etc/hexchat.profile | 1 - etc/icedove.profile | 1 - etc/mupen64plus.profile | 3 --- etc/netsurf.profile | 2 -- etc/opera-beta.profile | 2 -- etc/opera.profile | 2 -- etc/palemoon.profile | 2 -- etc/polari.profile | 4 ---- etc/psi-plus.profile | 4 ---- etc/quiterss.profile | 3 --- etc/qutebrowser.profile | 1 - etc/seamonkey.profile | 3 --- etc/spotify.profile | 4 ---- etc/stellarium.profile | 1 - etc/thunderbird.profile | 1 - etc/uget-gtk.profile | 1 - etc/vivaldi.profile | 2 -- etc/wesnoth.profile | 4 ---- etc/whitelist-common.inc | 1 - src/firejail/fs_mkdir.c | 39 +++++++++++++++++++++++++++++++++----- src/man/firejail-profile.txt | 8 ++------ test/fs/fs.sh | 3 ++- test/fs/mkdir.exp | 20 +++++++++++++++++++ test/fs/mkdir.profile | 2 ++ 40 files changed, 60 insertions(+), 85 deletions(-) create mode 100755 test/fs/mkdir.exp create mode 100644 test/fs/mkdir.profile (limited to 'etc/vivaldi.profile') diff --git a/etc/0ad.profile b/etc/0ad.profile index 11fb45463..217cdeee0 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile @@ -8,16 +8,12 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc # Whitelists -mkdir ~/.cache mkdir ~/.cache/0ad whitelist ~/.cache/0ad -mkdir ~/.config mkdir ~/.config/0ad whitelist ~/.config/0ad -mkdir ~/.local -mkdir ~/.local/share mkdir ~/.local/share/0ad whitelist ~/.local/share/0ad diff --git a/etc/abrowser.profile b/etc/abrowser.profile index 65247e7d3..4aa18aa90 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile @@ -17,8 +17,6 @@ tracelog whitelist ${DOWNLOADS} mkdir ~/.mozilla whitelist ~/.mozilla -mkdir ~/.cache -mkdir ~/.cache/mozilla mkdir ~/.cache/mozilla/abrowser whitelist ~/.cache/mozilla/abrowser whitelist ~/dwhelper diff --git a/etc/aweather.profile b/etc/aweather.profile index d617fb701..da93e8ba3 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile @@ -6,7 +6,6 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc # Whitelist -mkdir ~/.config mkdir ~/.config/aweather whitelist ~/.config/aweather diff --git a/etc/brave.profile b/etc/brave.profile index 4c42e9faa..4fc3a5bb0 100644 --- a/etc/brave.profile +++ b/etc/brave.profile @@ -14,6 +14,5 @@ seccomp whitelist ${DOWNLOADS} -mkdir ~/.config mkdir ~/.config/brave whitelist ~/.config/brave diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 7b6238d98..76ee70679 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile @@ -7,10 +7,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc whitelist ${HOME}/cherrytree -mkdir ~/.config mkdir ~/.config/cherrytree whitelist ${HOME}/.config/cherrytree/ -mkdir ~/.local mkdir ~/.local/share whitelist ${HOME}/.local/share/ diff --git a/etc/chromium.profile b/etc/chromium.profile index 7cf2853ca..0d383aebf 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile @@ -11,10 +11,8 @@ include /etc/firejail/disable-programs.inc netfilter whitelist ${DOWNLOADS} -mkdir ~/.config mkdir ~/.config/chromium whitelist ~/.config/chromium -mkdir ~/.cache mkdir ~/.cache/chromium whitelist ~/.cache/chromium mkdir ~/.pki diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index afa77d1d4..ae487fa3c 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile @@ -17,7 +17,6 @@ tracelog whitelist ${DOWNLOADS} mkdir ~/.8pecxstudios whitelist ~/.8pecxstudios -mkdir ~/.cache mkdir ~/.cache/8pecxstudios whitelist ~/.cache/8pecxstudios whitelist ~/dwhelper diff --git a/etc/dropbox.profile b/etc/dropbox.profile index 71e019f8c..40efd62b2 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile @@ -17,6 +17,5 @@ whitelist ~/.dropbox mkdir ~/.dropbox-dist whitelist ~/.dropbox-dist -mkdir ~/.config/autostart mkfile ~/.config/autostart/dropbox.desktop whitelist ~/.config/autostart/dropbox.desktop diff --git a/etc/epiphany.profile b/etc/epiphany.profile index 57191429a..0e898f02b 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile @@ -8,14 +8,10 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc whitelist ${DOWNLOADS} -mkdir ${HOME}/.local -mkdir ${HOME}/.local/share mkdir ${HOME}/.local/share/epiphany whitelist ${HOME}/.local/share/epiphany -mkdir ${HOME}/.config mkdir ${HOME}/.config/epiphany whitelist ${HOME}/.config/epiphany -mkdir ${HOME}/.cache mkdir ${HOME}/.cache/epiphany whitelist ${HOME}/.cache/epiphany include /etc/firejail/whitelist-common.inc diff --git a/etc/firefox.profile b/etc/firefox.profile index 2cc4d3cd8..170d0fe10 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile @@ -17,8 +17,6 @@ tracelog whitelist ${DOWNLOADS} mkdir ~/.mozilla whitelist ~/.mozilla -mkdir ~/.cache -mkdir ~/.cache/mozilla mkdir ~/.cache/mozilla/firefox whitelist ~/.cache/mozilla/firefox whitelist ~/dwhelper diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index f248c385a..7e0eb486b 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile @@ -22,10 +22,8 @@ protocol unix,inet,inet6,netlink seccomp whitelist ${DOWNLOADS} -mkdir ~/.config mkdir ~/.config/slimjet whitelist ~/.config/slimjet -mkdir ~/.cache mkdir ~/.cache/slimjet whitelist ~/.cache/slimjet mkdir ~/.pki diff --git a/etc/franz.profile b/etc/franz.profile index fc4a665de..3cb7942ab 100644 --- a/etc/franz.profile +++ b/etc/franz.profile @@ -14,10 +14,8 @@ nonewprivs noroot whitelist ${DOWNLOADS} -mkdir ~/.config mkdir ~/.config/Franz whitelist ~/.config/Franz -mkdir ~/.cache mkdir ~/.cache/Franz whitelist ~/.cache/Franz mkdir ~/.pki diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index 11f9f9e33..fe870274f 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile @@ -11,10 +11,8 @@ include /etc/firejail/disable-programs.inc netfilter whitelist ${DOWNLOADS} -mkdir ~/.config mkdir ~/.config/google-chrome-beta whitelist ~/.config/google-chrome-beta -mkdir ~/.cache mkdir ~/.cache/google-chrome-beta whitelist ~/.cache/google-chrome-beta mkdir ~/.pki diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index f253e5a90..f6680ac2d 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile @@ -11,10 +11,8 @@ include /etc/firejail/disable-programs.inc netfilter whitelist ${DOWNLOADS} -mkdir ~/.config mkdir ~/.config/google-chrome-unstable whitelist ~/.config/google-chrome-unstable -mkdir ~/.cache mkdir ~/.cache/google-chrome-unstable whitelist ~/.cache/google-chrome-unstable mkdir ~/.pki diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 5e168aae5..a9fcebe73 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile @@ -11,10 +11,8 @@ include /etc/firejail/disable-programs.inc netfilter whitelist ${DOWNLOADS} -mkdir ~/.config mkdir ~/.config/google-chrome whitelist ~/.config/google-chrome -mkdir ~/.cache mkdir ~/.cache/google-chrome whitelist ~/.cache/google-chrome mkdir ~/.pki diff --git a/etc/gpredict.profile b/etc/gpredict.profile index 02bb4d24d..a8378a66e 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile @@ -6,7 +6,6 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc # Whitelist -mkdir ~/.config mkdir ~/.config/Gpredict whitelist ~/.config/Gpredict diff --git a/etc/hexchat.profile b/etc/hexchat.profile index 4e829c379..0d7ee6594 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile @@ -13,7 +13,6 @@ netfilter protocol unix,inet,inet6 seccomp -mkdir ~/.config mkdir ~/.config/hexchat whitelist ~/.config/hexchat include /etc/firejail/whitelist-common.inc diff --git a/etc/icedove.profile b/etc/icedove.profile index e9a63c8dd..23254751b 100644 --- a/etc/icedove.profile +++ b/etc/icedove.profile @@ -11,7 +11,6 @@ mkdir ~/.icedove whitelist ~/.icedove noblacklist ~/.cache/icedove -mkdir ~/.cache mkdir ~/.cache/icedove whitelist ~/.cache/icedove diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index d4b442df8..acb13e6b9 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile @@ -8,11 +8,8 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc -mkdir ${HOME}/.local -mkdir ${HOME}/.local/share mkdir ${HOME}/.local/share/mupen64plus whitelist ${HOME}/.local/share/mupen64plus/ -mkdir ${HOME}/.config mkdir ${HOME}/.config/mupen64plus whitelist ${HOME}/.config/mupen64plus/ diff --git a/etc/netsurf.profile b/etc/netsurf.profile index 3de6be238..1ed2163c2 100644 --- a/etc/netsurf.profile +++ b/etc/netsurf.profile @@ -15,10 +15,8 @@ seccomp tracelog whitelist ${DOWNLOADS} -mkdir ~/.config mkdir ~/.config/netsurf whitelist ~/.config/netsurf -mkdir ~/.cache mkdir ~/.cache/netsurf whitelist ~/.cache/netsurf diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile index 3d6edb286..12c91c744 100644 --- a/etc/opera-beta.profile +++ b/etc/opera-beta.profile @@ -8,10 +8,8 @@ include /etc/firejail/disable-devel.inc netfilter whitelist ${DOWNLOADS} -mkdir ~/.config mkdir ~/.config/opera-beta whitelist ~/.config/opera-beta -mkdir ~/.cache mkdir ~/.cache/opera-beta whitelist ~/.cache/opera-beta mkdir ~/.pki diff --git a/etc/opera.profile b/etc/opera.profile index ff00eb349..e0c89a195 100644 --- a/etc/opera.profile +++ b/etc/opera.profile @@ -9,10 +9,8 @@ include /etc/firejail/disable-devel.inc netfilter whitelist ${DOWNLOADS} -mkdir ~/.config mkdir ~/.config/opera whitelist ~/.config/opera -mkdir ~/.cache mkdir ~/.cache/opera whitelist ~/.cache/opera mkdir ~/.opera diff --git a/etc/palemoon.profile b/etc/palemoon.profile index 302c20d7d..acedaebb7 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile @@ -9,8 +9,6 @@ include /etc/firejail/whitelist-common.inc whitelist ${DOWNLOADS} mkdir ~/.moonchild productions whitelist ~/.moonchild productions -mkdir ~/.cache -mkdir ~/.cache/moonchild productions mkdir ~/.cache/moonchild productions/pale moon whitelist ~/.cache/moonchild productions/pale moon diff --git a/etc/polari.profile b/etc/polari.profile index 366883c83..ac9530c40 100644 --- a/etc/polari.profile +++ b/etc/polari.profile @@ -3,18 +3,14 @@ include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc -mkdir ${HOME}/.local -mkdir ${HOME}/.local/share/ mkdir ${HOME}/.local/share/Empathy whitelist ${HOME}/.local/share/Empathy mkdir ${HOME}/.local/share/telepathy whitelist ${HOME}/.local/share/telepathy mkdir ${HOME}/.local/share/TpLogger whitelist ${HOME}/.local/share/TpLogger -mkdir ${HOME}/.config mkdir ${HOME}/.config/telepathy-account-widgets whitelist ${HOME}/.config/telepathy-account-widgets -mkdir ${HOME}/.cache mkdir ${HOME}/.cache/telepathy whitelist ${HOME}/.cache/telepathy mkdir ${HOME}/.purple diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index 9380237be..22c5bafc5 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile @@ -7,14 +7,10 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc whitelist ${DOWNLOADS} -mkdir ~/.config mkdir ~/.config/psi+ whitelist ~/.config/psi+ -mkdir ~/.local -mkdir ~/.local/share mkdir ~/.local/share/psi+ whitelist ~/.local/share/psi+ -mkdir ~/.cache mkdir ~/.cache/psi+ whitelist ~/.cache/psi+ diff --git a/etc/quiterss.profile b/etc/quiterss.profile index f2b9959f6..2ab5d8a8e 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile @@ -4,14 +4,11 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-devel.inc whitelist ${HOME}/quiterssfeeds.opml -mkdir ~/.config mkdir ~/.config/QuiteRss whitelist ${HOME}/.config/QuiteRss/ whitelist ${HOME}/.config/QuiteRssrc -mkdir ~/.local mkdir ~/.local/share whitelist ${HOME}/.local/share/ -mkdir ~/.cache mkdir ~/.cache/QuiteRss whitelist ${HOME}/.cache/QuiteRss diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index b590f0ef1..0efb7b629 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile @@ -17,7 +17,6 @@ tracelog whitelist ${DOWNLOADS} mkdir ~/.config/qutebrowser whitelist ~/.config/qutebrowser -mkdir ~/.cache mkdir ~/.cache/qutebrowser whitelist ~/.cache/qutebrowser include /etc/firejail/whitelist-common.inc diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index 9ce4164c1..b981d9516 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile @@ -14,11 +14,8 @@ seccomp tracelog whitelist ${DOWNLOADS} -mkdir ~/.mozilla mkdir ~/.mozilla/seamonkey whitelist ~/.mozilla/seamonkey -mkdir ~/.cache -mkdir ~/.cache/mozilla mkdir ~/.cache/mozilla/seamonkey whitelist ~/.cache/mozilla/seamonkey whitelist ~/dwhelper diff --git a/etc/spotify.profile b/etc/spotify.profile index ca575970b..6bcb99e0f 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile @@ -10,14 +10,10 @@ include /etc/firejail/disable-passwdmgr.inc # Whitelist the folders needed by Spotify - This is more restrictive # than a blacklist though, but this is all spotify requires for # streaming audio -mkdir ${HOME}/.config mkdir ${HOME}/.config/spotify whitelist ${HOME}/.config/spotify -mkdir ${HOME}/.local -mkdir ${HOME}/.local/share mkdir ${HOME}/.local/share/spotify whitelist ${HOME}/.local/share/spotify -mkdir ${HOME}/.cache mkdir ${HOME}/.cache/spotify whitelist ${HOME}/.cache/spotify include /etc/firejail/whitelist-common.inc diff --git a/etc/stellarium.profile b/etc/stellarium.profile index d0c1326b3..adefa75ff 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile @@ -9,7 +9,6 @@ include /etc/firejail/disable-programs.inc # Whitelist mkdir ~/.stellarium whitelist ~/.stellarium -mkdir ~/.config mkdir ~/.config/stellarium whitelist ~/.config/stellarium diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index 7882367b9..5db50da4d 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile @@ -11,7 +11,6 @@ mkdir ~/.thunderbird whitelist ~/.thunderbird noblacklist ~/.cache/thunderbird -mkdir ~/.cache mkdir ~/.cache/thunderbird whitelist ~/.cache/thunderbird diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index 269f8f0fd..522b4bd1e 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile @@ -13,7 +13,6 @@ protocol unix,inet,inet6 seccomp whitelist ${DOWNLOADS} -mkdir ~/.config mkdir ~/.config/uGet whitelist ~/.config/uGet include /etc/firejail/whitelist-common.inc diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index 2049d2bd9..3c608dccb 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile @@ -9,10 +9,8 @@ netfilter nonewprivs whitelist ${DOWNLOADS} -mkdir ~/.config mkdir ~/.config/vivaldi whitelist ~/.config/vivaldi -mkdir ~/.cache mkdir ~/.cache/vivaldi whitelist ~/.cache/vivaldi include /etc/firejail/whitelist-common.inc diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index cd0c6406f..2ddb59d11 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile @@ -18,12 +18,8 @@ private-dev whitelist /tmp/.X11-unix -mkdir ${HOME}/.local -mkdir ${HOME}/.local/share mkdir ${HOME}/.local/share/wesnoth -mkdir ${HOME}/.config mkdir ${HOME}/.config/wesnoth -mkdir ${HOME}/.cache mkdir ${HOME}/.cache/wesnoth whitelist ${HOME}/.local/share/wesnoth whitelist ${HOME}/.config/wesnoth diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index b3a1a1d30..2317133c5 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc @@ -24,6 +24,5 @@ whitelist ~/.config/gtk-3.0 whitelist ~/.themes # dconf -mkdir ~/.config mkdir ~/.config/dconf whitelist ~/.config/dconf diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c index 50bcc613b..5bc2df2cc 100644 --- a/src/firejail/fs_mkdir.c +++ b/src/firejail/fs_mkdir.c @@ -22,8 +22,38 @@ #include #include #include - #include - +#include +#include + +static void mkdir_recursive(char *path) { + char *subdir = NULL; + struct stat s; + + if (chdir("/")) { + fprintf(stderr, "Error: can't chdir to /"); + return; + } + + subdir = strtok(path, "/"); + while(subdir) { + if (stat(subdir, &s) == -1) { + if (mkdir(subdir, 0700) == -1) { + fprintf(stderr, "Warning: cannot create %s directory\n", subdir); + return; + } + } else if (!S_ISDIR(s.st_mode)) { + fprintf(stderr, "Warning: '%s' exists, but is no directory\n", subdir); + return; + } + if (chdir(subdir)) { + fprintf(stderr, "Error: can't chdir to %s", subdir); + return; + } + + subdir = strtok(NULL, "/"); + } +} + void fs_mkdir(const char *name) { EUID_ASSERT(); @@ -50,8 +80,7 @@ void fs_mkdir(const char *name) { drop_privs(0); // create directory - if (mkdir(expanded, 0700) == -1) - fprintf(stderr, "Warning: cannot create %s directory\n", expanded); + mkdir_recursive(expanded); exit(0); } // wait for the child to finish @@ -101,4 +130,4 @@ void fs_mkfile(const char *name) { doexit: free(expanded); -} \ No newline at end of file +} diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 504842a9e..7e33a6b45 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -136,7 +136,7 @@ The directory is created if it doesn't already exist. .br Use this command for whitelisted directories you need to preserve when the sandbox is closed. Without it, the application will create the directory, and the directory -will be deleted when the sandbox is closed. Subdirectories also need to be created using mkdir. Example from +will be deleted when the sandbox is closed. Subdirectories are recursively created. Example from firefox profile: .br @@ -145,17 +145,13 @@ mkdir ~/.mozilla .br whitelist ~/.mozilla .br -mkdir ~/.cache -.br -mkdir ~/.cache/mozilla -.br mkdir ~/.cache/mozilla/firefox .br whitelist ~/.cache/mozilla/firefox .TP \fBmkfile file Similar to mkdir, this command creates a file in user home before the sandbox is started. -The file is created if it doesn't already exist. +The file is created if it doesn't already exist, but it's target directory has to exist. .TP \fBnoexec file_or_directory Remount the file or the directory noexec, nodev and nosuid. diff --git a/test/fs/fs.sh b/test/fs/fs.sh index 08888020c..00e6e29c2 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh @@ -51,5 +51,6 @@ echo "TESTING: blacklist glob (test/fs/option_blacklist_glob.exp)" echo "TESTING: bind as user (test/fs/option_bind_user.exp)" ./option_bind_user.exp - +echo "TESTING: recursive mkdir (test/fs/mkdir.exp)" +./mkdir.exp diff --git a/test/fs/mkdir.exp b/test/fs/mkdir.exp new file mode 100755 index 000000000..111db06db --- /dev/null +++ b/test/fs/mkdir.exp @@ -0,0 +1,20 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2016 Firejail Authors +# License GPL v2 + +set timeout 3 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --profile=mkdir.profile find ~/.firejail_test\r" +expect { + timeout {puts "TESTING ERROR 1.1\n";exit} + "Warning: cannot create" { puts "TESTING ERROR 1.2\n";exit} + "No such file or directory" { puts "TESTING ERROR 1.3\n";exit} + ".firejail_test/a/b/c/d.txt" +} +send -- "rm -rf ~/.firejail_test\r" +after 100 + +puts "\nall done\n" diff --git a/test/fs/mkdir.profile b/test/fs/mkdir.profile new file mode 100644 index 000000000..61b44c9ac --- /dev/null +++ b/test/fs/mkdir.profile @@ -0,0 +1,2 @@ +mkdir ~/.firejail_test/a/b/c +mkfile ~/.firejail_test/a/b/c/d.txt -- cgit v1.2.3-70-g09d2 From fe8ed9b3abb32ec8b6dff8a0ae36038504ebc0e8 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sat, 19 Nov 2016 11:12:38 -0500 Subject: fix vivaldi profile, more testing --- etc/vivaldi.profile | 1 - test/fcopy/dircopy.exp | 30 +++++++++++++++++++++++++----- test/fcopy/fcopy.sh | 2 +- 3 files changed, 26 insertions(+), 7 deletions(-) (limited to 'etc/vivaldi.profile') diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index 3c608dccb..08b046847 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile @@ -6,7 +6,6 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc netfilter -nonewprivs whitelist ${DOWNLOADS} mkdir ~/.config/vivaldi diff --git a/test/fcopy/dircopy.exp b/test/fcopy/dircopy.exp index b87f24a59..00b0204ae 100755 --- a/test/fcopy/dircopy.exp +++ b/test/fcopy/dircopy.exp @@ -55,28 +55,48 @@ after 100 send -- "ls -al dest\r" expect { timeout {puts "TESTING ERROR 8\n";exit} - "drwx--x--x" + "drwxr-xr-x" } expect { timeout {puts "TESTING ERROR 9\n";exit} - "rwxrwxrwx" + "a" } expect { timeout {puts "TESTING ERROR 10\n";exit} + "lrwxrwxrwx" +} +expect { + timeout {puts "TESTING ERROR 11\n";exit} + "dircopy.exp" +} +expect { + timeout {puts "TESTING ERROR 12\n";exit} + "rwxr-xr-x" +} +expect { + timeout {puts "TESTING ERROR 13\n";exit} + "file1" +} +expect { + timeout {puts "TESTING ERROR 14\n";exit} "rw-r--r--" } +expect { + timeout {puts "TESTING ERROR 15\n";exit} + "file2" +} after 100 send -- "diff -q src/a/b/file4 dest/a/b/file4; echo done\r" expect { - timeout {puts "TESTING ERROR 11\n";exit} - "differ" {puts "TESTING ERROR 12\n";exit} + timeout {puts "TESTING ERROR 16\n";exit} + "differ" {puts "TESTING ERROR 17\n";exit} "done" } send -- "file dest/dircopy.exp\r" expect { - timeout {puts "TESTING ERROR 13\n";exit} + timeout {puts "TESTING ERROR 18\n";exit} "symbolic link" } diff --git a/test/fcopy/fcopy.sh b/test/fcopy/fcopy.sh index 9961d6317..dcda5ca31 100755 --- a/test/fcopy/fcopy.sh +++ b/test/fcopy/fcopy.sh @@ -6,7 +6,7 @@ export MALLOC_CHECK_=3 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) -rm -fr dest/* +mkdir dest echo "TESTING: fcopy cmdline (test/fcopy/cmdline.exp)" ./cmdline.exp -- cgit v1.2.3-70-g09d2