-
Notifications
You must be signed in to change notification settings - Fork 554
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
jaitest - simple sandbox testing utility program
- Loading branch information
Showing
14 changed files
with
794 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -198,7 +198,84 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |
Milestone page: https://github.com/netblue30/firejail/milestone/1 | ||
Release discussion: https://github.com/netblue30/firejail/issues/3696 | ||
|
||
### jailtest | ||
````` | ||
JAILTEST(1) JAILTEST man page JAILTEST(1) | ||
NAME | ||
jailtest - Simple utility program to test running sandboxes | ||
SYNOPSIS | ||
sudo jailtest [OPTIONS] [directory] | ||
DESCRIPTION | ||
WORK IN PROGRESS! jailtest attaches itself to all sandboxes started by | ||
the user and performs some basic tests on the sandbox filesystem: | ||
1. Virtual directories | ||
jailtest extracts a list with the main virtual directories in‐ | ||
stalled by the sandbox. These directories are build by firejail | ||
at startup using --private* and --whitelist commands. | ||
2. Noexec test | ||
jailtest inserts executable programs in /home/username, /tmp, | ||
and /var/tmp directories and tries to run them form inside the | ||
sandbox, thus testing if the directory is executable or not. | ||
3. Read access test | ||
jailtest creates test files in the directories specified by the | ||
user and tries to read them from inside the sandbox. | ||
The program is running as root exclusively under sudo. | ||
OPTIONS | ||
--debug | ||
Print debug messages | ||
-?, --help | ||
Print options end exit. | ||
--version | ||
Print program version and exit. | ||
[directory] | ||
One or more directories in user home to test for read access. | ||
OUTPUT | ||
For each sandbox detected we print the following line: | ||
PID:USER:Sandbox Name:Command | ||
It is followed by relevant sandbox information, such as the virtual di‐ | ||
rectories and various warnings. | ||
EXAMPLE | ||
$ sudo jailtest ~/.ssh ~/.gnupg | ||
1429:netblue::/usr/bin/firejail /opt/firefox/firefox | ||
Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, | ||
5602:netblue::/usr/bin/firejail /usr/bin/ssh [email protected] | ||
Virtual dirs: /var/tmp, /dev, | ||
Warning: I can read ~/.ssh | ||
5926:netblue::/usr/bin/firejail /usr/bin/gimp-2.10 | ||
Virtual dirs: /tmp, /var/tmp, /dev, | ||
Warning: I can run programs in /home/netblue | ||
6394:netblue:libreoffice:/usr/bin/firejail libreoffice | ||
Virtual dirs: /tmp, /var/tmp, /dev, | ||
LICENSE | ||
This program is free software; you can redistribute it and/or modify it | ||
under the terms of the GNU General Public License as published by the | ||
Free Software Foundation; either version 2 of the License, or (at your | ||
option) any later version. | ||
Homepage: https://firejail.wordpress.com | ||
SEE ALSO | ||
firejail(1), firecfg(1), firejail-profile(5), firejail-login(5) fire‐ | ||
jail-users(5) | ||
0.9.65 Feb 2021 JAILTEST(1) | ||
````` | ||
|
||
### Profile Statistics | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
all: jailtest | ||
|
||
include ../common.mk | ||
|
||
%.o : %.c $(H_FILE_LIST) ../include/common.h ../include/pid.h | ||
$(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | ||
|
||
jailtest: $(OBJS) | ||
$(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/pid.o $(LIBS) $(EXTRA_LDFLAGS) | ||
|
||
clean:; rm -fr *.o jailtest *.gcov *.gcda *.gcno *.plist | ||
|
||
distclean: clean | ||
rm -fr Makefile |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,124 @@ | ||
#include "jailtest.h" | ||
#include <dirent.h> | ||
#include <sys/wait.h> | ||
|
||
typedef struct { | ||
char *tfile; | ||
char *tdir; | ||
} TestDir; | ||
|
||
#define MAX_TEST_FILES 16 | ||
TestDir td[MAX_TEST_FILES]; | ||
static int files_cnt = 0; | ||
|
||
void access_setup(const char *directory) { | ||
// I am root! | ||
assert(directory); | ||
assert(user_home_dir); | ||
|
||
if (files_cnt >= MAX_TEST_FILES) { | ||
fprintf(stderr, "Error: maximum number of test directories exceded\n"); | ||
exit(1); | ||
} | ||
|
||
char *fname = strdup(directory); | ||
if (!fname) | ||
errExit("strdup"); | ||
if (strncmp(fname, "~/", 2) == 0) { | ||
free(fname); | ||
if (asprintf(&fname, "%s/%s", user_home_dir, directory + 2) == -1) | ||
errExit("asprintf"); | ||
} | ||
|
||
char *path = realpath(fname, NULL); | ||
free(fname); | ||
if (path == NULL) { | ||
fprintf(stderr, "Warning: invalid directory %s, skipping...\n", directory); | ||
return; | ||
} | ||
|
||
// file in home directory | ||
if (strncmp(path, user_home_dir, strlen(user_home_dir)) != 0) { | ||
fprintf(stderr, "Warning: file %s is not in user home directory, skipping...\n", directory); | ||
free(path); | ||
return; | ||
} | ||
|
||
// try to open the dir as root | ||
DIR *dir = opendir(path); | ||
if (!dir) { | ||
fprintf(stderr, "Warning: directory %s not found, skipping\n", directory); | ||
free(path); | ||
return; | ||
} | ||
closedir(dir); | ||
|
||
// create a test file | ||
char *test_file; | ||
if (asprintf(&test_file, "%s/jailtest-access-%d", path, getpid()) == -1) | ||
errExit("asprintf"); | ||
|
||
FILE *fp = fopen(test_file, "w"); | ||
if (!fp) { | ||
printf("Warning: I cannot create test file in directory %s, skipping...\n", directory); | ||
return; | ||
} | ||
fprintf(fp, "this file was created by firetest utility, you can safely delete it\n"); | ||
fclose(fp); | ||
int rv = chown(test_file, user_uid, user_gid); | ||
if (rv) | ||
errExit("chown"); | ||
|
||
char *dname = strdup(directory); | ||
if (!dname) | ||
errExit("strdup"); | ||
td[files_cnt].tdir = dname; | ||
td[files_cnt].tfile = test_file; | ||
files_cnt++; | ||
} | ||
|
||
void access_destroy(void) { | ||
// remove test files | ||
int i; | ||
|
||
for (i = 0; i < files_cnt; i++) { | ||
int rv = unlink(td[i].tfile); | ||
(void) rv; | ||
} | ||
files_cnt = 0; | ||
} | ||
|
||
void access_test(void) { | ||
// I am root in sandbox mount namespace | ||
assert(user_uid); | ||
int i; | ||
|
||
pid_t child = fork(); | ||
if (child == -1) | ||
errExit("fork"); | ||
|
||
if (child == 0) { // child | ||
// drop privileges | ||
if (setgid(user_gid) != 0) | ||
errExit("setgid"); | ||
if (setuid(user_uid) != 0) | ||
errExit("setuid"); | ||
|
||
for (i = 0; i < files_cnt; i++) { | ||
assert(td[i].tfile); | ||
|
||
// try to open the file for reading | ||
FILE *fp = fopen(td[i].tfile, "r"); | ||
if (fp) { | ||
|
||
printf(" Warning: I can read %s\n", td[i].tdir); | ||
fclose(fp); | ||
} | ||
} | ||
exit(0); | ||
} | ||
|
||
// wait for the child to finish | ||
int status; | ||
wait(&status); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
#ifndef JAILTEST_H | ||
#define JAILTEST_H | ||
|
||
#include "../include/common.h" | ||
|
||
// main.c | ||
extern uid_t user_uid; | ||
extern gid_t user_gid; | ||
extern char *user_name; | ||
extern char *user_home_dir; | ||
|
||
// access.c | ||
void access_setup(const char *directory); | ||
void access_test(void); | ||
void access_destroy(void); | ||
|
||
// noexec.c | ||
void noexec_setup(void); | ||
void noexec_test(const char *msg); | ||
|
||
// virtual.c | ||
void virtual_setup(const char *directory); | ||
void virtual_destroy(void); | ||
void virtual_test(void); | ||
|
||
// utils.c | ||
char *get_sudo_user(void); | ||
char *get_homedir(const char *user, uid_t *uid, gid_t *gid); | ||
int find_child(pid_t parent, pid_t *child); | ||
pid_t switch_to_child(pid_t pid); | ||
|
||
#endif |
Oops, something went wrong.