From 11418a46c1c1c51a1270bb585bf8152f9298bc74 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Thu, 31 Oct 2019 17:37:36 -0400 Subject: [PATCH] dns fixes --- src/firejail/main.c | 3 +- src/firejail/profile.c | 4 +-- test/environment/dns.exp | 74 ++++++++++++++++++++++++++++++++-------- 3 files changed, 63 insertions(+), 18 deletions(-) diff --git a/src/firejail/main.c b/src/firejail/main.c index 7dc1b449b63..5b39dd491f2 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -2209,9 +2209,8 @@ int main(int argc, char **argv) { else if (cfg.dns4 == NULL) cfg.dns4 = dns; else { - fprintf(stderr, "Error: up to 4 DNS servers can be specified\n"); + fwarning("Warning: up to 4 DNS servers can be specified, %s ignored\n", dns); free(dns); - return 1; } } diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 80a4bed5a92..03cd9dadb6a 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -874,8 +874,8 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { else if (cfg.dns4 == NULL) cfg.dns4 = dns; else { - fprintf(stderr, "Error: up to 4 DNS servers can be specified\n"); - exit(1); + fwarning("Warning: up to 4 DNS servers can be specified, %s ignored\n", dns); + free(dns); } return 0; } diff --git a/test/environment/dns.exp b/test/environment/dns.exp index 6ddc0ccea3a..d1f3f650fe1 100755 --- a/test/environment/dns.exp +++ b/test/environment/dns.exp @@ -1,31 +1,77 @@ #!/usr/bin/expect -f -set timeout 30 +set timeout 10 spawn $env(SHELL) match_max 100000 +send -- "firejail --dns=8.8.4.4 --dns=8.8.8.8 --dns=4.2.2.1 --dns=::2 --dns=1.2.3.4 sleep 1\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Warning: up to 4 DNS servers can be specified, 1.2.3.4 ignored" +} +expect { + timeout {puts "TESTING ERROR 1.1\n";exit} + "DNS server 8.8.4.4" +} +expect { + timeout {puts "TESTING ERROR 1.2\n";exit} + "DNS server 8.8.8.8" +} +expect { + timeout {puts "TESTING ERROR 1.3\n";exit} + "DNS server 4.2.2.1" +} +expect { + timeout {puts "TESTING ERROR 1.4\n";exit} + "DNS server ::2" +} +expect { + timeout {puts "TESTING ERROR 1.5\n";exit} + "Child process initialized" +} +expect { + timeout {puts "TESTING ERROR 1.6\n";exit} + "Parent is shutting down, bye..." +} +after 100 + + +send -- "firejail --quiet --dns=8.8.4.4 --dns=8.8.8.8 --dns=4.2.2.1 --dns=::2 --dns=1.2.3.4 cat /etc/passwd\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Warning: up to 4 DNS servers can be specified, 1.2.3.4 ignored" {puts "TESTING ERROR 2.1\n";exit} + "DNS server 8.8.4.4" {puts "TESTING ERROR 2.2\n";exit} + "DNS server 8.8.8.8" {puts "TESTING ERROR 2.3\n";exit} + "DNS server 4.2.2.1" {puts "TESTING ERROR 2.4\n";exit} + "DNS server ::2" {puts "TESTING ERROR 2.5\n";exit} + "Child process initialized" {puts "TESTING ERROR 2.6\n";exit} + "Parent is shutting down, bye..." {puts "TESTING ERROR 2.7\n";exit} + "root" +} +after 100 + send -- "firejail --dns=8.8.4.4 --dns=8.8.8.8 --dns=4.2.2.1 --dns=::2\r" expect { - timeout {puts "TESTING ERROR 2.1\n";exit} + timeout {puts "TESTING ERROR 3\n";exit} "Child process initialized" } sleep 1 send -- "cat /etc/resolv.conf\r" expect { - timeout {puts "TESTING ERROR 2.2\n";exit} + timeout {puts "TESTING ERROR 4.1\n";exit} "nameserver 8.8.4.4" } expect { - timeout {puts "TESTING ERROR 2.3\n";exit} + timeout {puts "TESTING ERROR 4.2\n";exit} "nameserver 8.8.8.8" } expect { - timeout {puts "TESTING ERROR 2.4\n";exit} + timeout {puts "TESTING ERROR 4.3\n";exit} "nameserver 4.2.2.1" } expect { - timeout {puts "TESTING ERROR 2.5\n";exit} + timeout {puts "TESTING ERROR 4.4\n";exit} "nameserver ::2" } after 100 @@ -35,27 +81,27 @@ sleep 1 send -- "firejail --profile=dns.profile\r" expect { - timeout {puts "TESTING ERROR 12.1\n";exit} + timeout {puts "TESTING ERROR 5.1\n";exit} "Child process initialized" } sleep 1 send -- "cat /etc/resolv.conf\r" expect { - timeout {puts "TESTING ERROR 12.2\n";exit} + timeout {puts "TESTING ERROR 5.2\n";exit} "nameserver 8.8.4.4" } expect { - timeout {puts "TESTING ERROR 12.3\n";exit} + timeout {puts "TESTING ERROR 5.3\n";exit} "nameserver 8.8.8.8" } expect { - timeout {puts "TESTING ERROR 12.4\n";exit} + timeout {puts "TESTING ERROR 5.4\n";exit} "nameserver 4.2.2.1" } after 100 expect { - timeout {puts "TESTING ERROR 12.5\n";exit} + timeout {puts "TESTING ERROR 5.5\n";exit} "nameserver ::2" } send -- "exit\r" @@ -63,15 +109,15 @@ sleep 1 send -- "firejail --trace --dns=208.67.222.222 wget -q debian.org\r" expect { - timeout {puts "TESTING ERROR 1.2\n";exit} + timeout {puts "TESTING ERROR 6.1\n";exit} "connect" } expect { - timeout {puts "TESTING ERROR 1.2\n";exit} + timeout {puts "TESTING ERROR 6.2\n";exit} "208.67.222.222" } expect { - timeout {puts "TESTING ERROR 1.2\n";exit} + timeout {puts "TESTING ERROR 6.3\n";exit} "53" } after 100