From 63e16bfcd9f79c63f3801f51df4840f74fa6f41b Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 13 Nov 2016 10:47:20 -0500 Subject: major cleanup and testing --- test/root/firejail.config | 20 ++++++++++++++++++++ test/root/root.sh | 6 ++++++ test/root/seccomp-umount.exp | 2 +- 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 test/root/firejail.config (limited to 'test/root') diff --git a/test/root/firejail.config b/test/root/firejail.config new file mode 100644 index 000000000..71ff2f4e9 --- /dev/null +++ b/test/root/firejail.config @@ -0,0 +1,20 @@ +bind yes +chroot yes +chroot-desktop yes +file-transfer yes +force-nonewprivs no +network yes +overlayfs yes +private-bin-no-local no +private-home yes +quiet-by-default no +remount-proc-sys yes +restricted-network no +# netfilter-default /etc/iptables.iptables.rules +seccomp yes +userns yes +whitelist yes +x11 yes +xephyr-screen 800x600 +xephyr-window-title yes +xephyr-extra-params -grayscale diff --git a/test/root/root.sh b/test/root/root.sh index 8c7437e49..471b7d535 100755 --- a/test/root/root.sh +++ b/test/root/root.sh @@ -1,5 +1,8 @@ #!/bin/bash +# set a new firejail config file +cp firejail.config /etc/firejail/firejail.config + #******************************** # servers #******************************** @@ -91,3 +94,6 @@ else echo "TESTING SKIP: firecfg, firefox not found" fi +# restore the default config file +cp ../../etc/firejail.config /etc/firejail/firejail.config + diff --git a/test/root/seccomp-umount.exp b/test/root/seccomp-umount.exp index 04a9b7a3d..c441c5fc4 100755 --- a/test/root/seccomp-umount.exp +++ b/test/root/seccomp-umount.exp @@ -7,7 +7,7 @@ set timeout 10 spawn $env(SHELL) match_max 100000 -send -- "firejail --net=br0 --ip=10.10.20.5 --seccomp --noprofile\r" +send -- "firejail --seccomp --noprofile\r" expect { timeout {puts "TESTING ERROR 0\n";exit} "Child process initialized" -- cgit v1.2.3-54-g00ecf