testing

gcov.sh

@@ -34,7 +34,7 @@ generate() {
 gcov_init
 lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder -d src/fcopy -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-old
 
-#make test-environment
+#make test-utils
 #generate
 #sleep 2
 #exit

src/firecfg/desktop_files.c

@@ -136,15 +136,9 @@ void fix_desktop_files(char *homedir) {
 
  // source
  DIR *dir = opendir("/usr/share/applications");
- if (!dir) {
+ if (!dir || chdir("/usr/share/applications")) {
  perror("opendir");
- fprintf(stderr, "Warning: cannot open /usr/share/applications directory, desktop files fixing skipped...\n");
- free(user_apps_dir);
- return;
- }
- if (chdir("/usr/share/applications")) {
- perror("chdir");
- fprintf(stderr, "Warning: cannot chdir to /usr/share/applications, desktop files fixing skipped...\n");
+ fprintf(stderr, "Warning: cannot access /usr/share/applications directory, desktop files fixing skipped...\n");
  free(user_apps_dir);
  return;
  }

src/firecfg/main.c

@@ -21,38 +21,41 @@
 #include "firecfg.h"
 int arg_debug = 0;
 
+static char *usage_str =
+ "Firecfg is the desktop configuration utility for Firejail software. The utility\n"
+ "creates several symbolic links to firejail executable. This allows the user to\n"
+ "sandbox applications automatically, just by clicking on a regular desktop\n"
+ "menus and icons.\n\n"
+ "The symbolic links are placed in /usr/local/bin. For more information, see\n"
+ "DESKTOP INTEGRATION section in man 1 firejail.\n\n"
+ "Usage: firecfg [OPTIONS]\n\n"
+ " --clean - remove all firejail symbolic links.\n\n"
+ " --debug - print debug messages.\n\n"
+ " --fix - fix .desktop files.\n\n"
+ " --fix-sound - create ~/.config/pulse/client.conf file.\n\n"
+ " --help, -? - this help screen.\n\n"
+ " --list - list all firejail symbolic links.\n\n"
+ " --version - print program version and exit.\n\n"
+ "Example:\n\n"
+ " $ sudo firecfg\n"
+ " /usr/local/bin/firefox created\n"
+ " /usr/local/bin/vlc created\n"
+ " [...]\n"
+ " $ firecfg --list\n"
+ " /usr/local/bin/firefox\n"
+ " /usr/local/bin/vlc\n"
+ " [...]\n"
+ " $ sudo firecfg --clean\n"
+ " /usr/local/bin/firefox removed\n"
+ " /usr/local/bin/vlc removed\n"
+ " [...]\n"
+ "\n"
+ "License GPL version 2 or later\n"
+ "Homepage: http:https://firejail.wordpress.com\n\n";
+
 static void usage(void) {
  printf("firecfg - version %s\n\n", VERSION);
- printf("Firecfg is the desktop configuration utility for Firejail software. The utility\n");
- printf("creates several symbolic links to firejail executable. This allows the user to\n");
- printf("sandbox applications automatically, just by clicking on a regular desktop\n");
- printf("menus and icons.\n\n");
- printf("The symbolic links are placed in /usr/local/bin. For more information, see\n");
- printf("DESKTOP INTEGRATION section in man 1 firejail.\n\n");
- printf("Usage: firecfg [OPTIONS]\n\n");
- printf(" --clean - remove all firejail symbolic links.\n\n");
- printf(" --debug - print debug messages.\n\n");
- printf(" --fix - fix .desktop files.\n\n");
- printf(" --fix-sound - create ~/.config/pulse/client.conf file.\n\n");
- printf(" --help, -? - this help screen.\n\n");
- printf(" --list - list all firejail symbolic links.\n\n");
- printf(" --version - print program version and exit.\n\n");
- printf("Example:\n\n");
- printf(" $ sudo firecfg\n");
- printf(" /usr/local/bin/firefox created\n");
- printf(" /usr/local/bin/vlc created\n");
- printf(" [...]\n");
- printf(" $ firecfg --list\n");
- printf(" /usr/local/bin/firefox\n");
- printf(" /usr/local/bin/vlc\n");
- printf(" [...]\n");
- printf(" $ sudo firecfg --clean\n");
- printf(" /usr/local/bin/firefox removed\n");
- printf(" /usr/local/bin/vlc removed\n");
- printf(" [...]\n");
- printf("\n");
- printf("License GPL version 2 or later\n");
- printf("Homepage: http:https://firejail.wordpress.com\n\n");
+ puts(usage_str);
 }
 
 

src/firemon/usage.c

@@ -19,62 +19,65 @@
 */
 #include "firemon.h"
 
-void usage(void) {
- printf("firemon - version %s\n", VERSION);
- printf("Usage: firemon [OPTIONS] [PID]\n\n");
- printf("Monitor processes started in a Firejail sandbox. Without any PID specified,\n");
- printf("all processes started by Firejail are monitored. Descendants of these processes\n");
- printf("are also being monitored. On Grsecurity systems only root user\n");
- printf("can run this program.\n\n");
- printf("Options:\n");
- printf("\t--apparmor - print AppArmor confinement status for each sandbox.\n\n");
- printf("\t--arp - print ARP table for each sandbox.\n\n");
- printf("\t--caps - print capabilities configuration for each sandbox.\n\n");
- printf("\t--cgroup - print control group information for each sandbox.\n\n");
- printf("\t--cpu - print CPU affinity for each sandbox.\n\n");
- printf("\t--help, -? - this help screen.\n\n");
- printf("\t--interface - print network interface information for each sandbox.\n\n");
- printf("\t--list - list all sandboxes.\n\n");
- printf("\t--name=name - print information only about named sandbox.\n\n");
- printf("\t--netstats - monitor network statistics for sandboxes creating a new\n");
- printf("\t\tnetwork namespace.\n\n");
- printf("\t--nowrap - enable line wrapping in terminals.\n\n");
- printf("\t--route - print route table for each sandbox.\n\n");
- printf("\t--seccomp - print seccomp configuration for each sandbox.\n\n");
- printf("\t--tree - print a tree of all sandboxed processes.\n\n");
- printf("\t--top - monitor the most CPU-intensive sandboxes.\n\n");
- printf("\t--version - print program version and exit.\n\n");
+static char *help_str =
+ "Usage: firemon [OPTIONS] [PID]\n\n"
+ "Monitor processes started in a Firejail sandbox. Without any PID specified,\n"
+ "all processes started by Firejail are monitored. Descendants of these processes\n"
+ "are also being monitored. On Grsecurity systems only root user\n"
+ "can run this program.\n\n"
+ "Options:\n"
+ "\t--apparmor - print AppArmor confinement status for each sandbox.\n\n"
+ "\t--arp - print ARP table for each sandbox.\n\n"
+ "\t--caps - print capabilities configuration for each sandbox.\n\n"
+ "\t--cgroup - print control group information for each sandbox.\n\n"
+ "\t--cpu - print CPU affinity for each sandbox.\n\n"
+ "\t--help, -? - this help screen.\n\n"
+ "\t--interface - print network interface information for each sandbox.\n\n"
+ "\t--list - list all sandboxes.\n\n"
+ "\t--name=name - print information only about named sandbox.\n\n"
+ "\t--netstats - monitor network statistics for sandboxes creating a new\n"
+ "\t\tnetwork namespace.\n\n"
+ "\t--nowrap - enable line wrapping in terminals.\n\n"
+ "\t--route - print route table for each sandbox.\n\n"
+ "\t--seccomp - print seccomp configuration for each sandbox.\n\n"
+ "\t--tree - print a tree of all sandboxed processes.\n\n"
+ "\t--top - monitor the most CPU-intensive sandboxes.\n\n"
+ "\t--version - print program version and exit.\n\n"
+
+ "Without any options, firemon monitors all fork, exec, id change, and exit\n"
+ "events in the sandbox. Monitoring a specific PID is also supported.\n\n"
 
- printf("Without any options, firemon monitors all fork, exec, id change, and exit events\n");
- printf("in the sandbox. Monitoring a specific PID is also supported.\n\n");
+ "Option --list prints a list of all sandboxes. The format for each entry is as\n"
+ "follows:\n\n"
+ "\tPID:USER:Command\n\n"
 
- printf("Option --list prints a list of all sandboxes. The format for each entry is as\n");
- printf("follows:\n\n");
- printf("\tPID:USER:Command\n\n");
+ "Option --tree prints the tree of processes running in the sandbox. The format\n"
+ "for each process entry is as follows:\n\n"
+ "\tPID:USER:Command\n\n"
 
- printf("Option --tree prints the tree of processes running in the sandbox. The format\n");
- printf("for each process entry is as follows:\n\n");
- printf("\tPID:USER:Command\n\n");
+ "Option --top is similar to the UNIX top command, however it applies only to\n"
+ "sandboxes. Listed below are the available fields (columns) in alphabetical\n"
+ "order:\n\n"
+ "\tCommand - command used to start the sandbox.\n"
+ "\tCPU%% - CPU usage, the sandbox share of the elapsed CPU time since the\n"
+ "\t last screen update\n"
+ "\tPID - Unique process ID for the task controlling the sandbox.\n"
+ "\tPrcs - number of processes running in sandbox, including the\n"
+ "\t controlling process.\n"
+ "\tRES - Resident Memory Size (KiB), sandbox non-swapped physical memory.\n"
+ "\t It is a sum of the RES values for all processes running in the\n"
+ "\t sandbox.\n"
+ "\tSHR - Shared Memory Size (KiB), it reflects memory shared with other\n"
+ "\t processes. It is a sum of the SHR values for all processes\n"
+ "\t running in the sandbox, including the controlling process.\n"
+ "\tUptime - sandbox running time in hours:minutes:seconds format.\n"
+ "\tUser - The owner of the sandbox.\n"
+ "\n"
+ "License GPL version 2 or later\n"
+ "Homepage: http:https://firejail.wordpress.com\n"
+ "\n";
 
- printf("Option --top is similar to the UNIX top command, however it applies only to\n");
- printf("sandboxes. Listed below are the available fields (columns) in alphabetical\n");
- printf("order:\n\n");
- printf("\tCommand - command used to start the sandbox.\n");
- printf("\tCPU%% - CPU usage, the sandbox share of the elapsed CPU time since the\n");
- printf("\t last screen update\n");
- printf("\tPID - Unique process ID for the task controlling the sandbox.\n");
- printf("\tPrcs - number of processes running in sandbox, including the controlling\n");
- printf("\t process.\n");
- printf("\tRES - Resident Memory Size (KiB), sandbox non-swapped physical memory.\n");
- printf("\t It is a sum of the RES values for all processes running in the\n");
- printf("\t sandbox.\n");
- printf("\tSHR - Shared Memory Size (KiB), it reflects memory shared with other\n");
- printf("\t processes. It is a sum of the SHR values for all processes running\n");
- printf("\t in the sandbox, including the controlling process.\n");
- printf("\tUptime - sandbox running time in hours:minutes:seconds format.\n");
- printf("\tUser - The owner of the sandbox.\n");
- printf("\n");
- printf("License GPL version 2 or later\n");
- printf("Homepage: http:https://firejail.wordpress.com\n");
- printf("\n");
+void usage(void) {
+ printf("firemon - version %s\n", VERSION);
+ puts(help_str);
 }

test/root/firecfg.exp

@@ -7,10 +7,10 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
 
-send -- "firecfg\r"
+send -- "firecfg --debug\r"
 sleep 1
 
-send -- "firecfg --clean\r"
+send -- "firecfg --debug --clean\r"
 expect {
  timeout {puts "TESTING ERROR 0\n";exit}
  "less removed"
@@ -27,7 +27,7 @@ expect {
 }
 sleep 1
 
-send -- "firecfg\r"
+send -- "firecfg --debug\r"
 expect {
  timeout {puts "TESTING ERROR 3\n";exit}
  "less created"

test/root/root.sh

@@ -3,6 +3,23 @@
 # set a new firejail config file
 #cp firejail.config /etc/firejail/firejail.config
 
+
+#********************************
+# firecfg
+#********************************
+which less
+if [ "$?" -eq 0 ];
+then
+ echo "TESTING: firecfg (test/root/firecfg.exp)"
+ rm -fr /home/netblue/.local/share/applications-store
+ mv /home/netblue/.local/share/applications /home/netblue/.local/share/applications-store
+ ./firecfg.exp
+ rm -fr /home/netblue/.local/share/applications
+ mv /home/netblue/.local/share/applications-store /home/netblue/.local/share/applications
+else
+ echo "TESTING SKIP: firecfg, less not found"
+fi
+
 #********************************
 # servers
 #********************************
@@ -107,17 +124,6 @@ rm -f tmpfile
 echo "TESTING: firemon events (test/root/firemon-events.exp)"
 ./firemon-events.exp
 
-#********************************
-# firecfg
-#********************************
-which less
-if [ "$?" -eq 0 ];
-then
- echo "TESTING: firecfg (test/root/firecfg.exp)"
- ./firecfg.exp
-else
- echo "TESTING SKIP: firecfg, less not found"
-fi
 
 # restore the default config file
 #cp ../../etc/firejail.config /etc/firejail/firejail.config

test/utils/build.exp

@@ -54,5 +54,38 @@ expect {
 }
 after 100
 
+send -- "firejail --build cat /etc/passwd\r"
+expect {
+ timeout {puts "TESTING ERROR 10\n";exit}
+ "private-etc passwd,"
+}
+after 100
+
+send -- "firejail --build cat /var/tmp/firejail-test-file-7699\r"
+expect {
+ timeout {puts "TESTING ERROR 11\n";exit}
+ "whitelist /var/tmp/firejail-test-file-7699"
+}
+after 100
+
+send -- "firejail --build man firejail\r"
+expect {
+ timeout {puts "TESTING ERROR 12\n";exit}
+ "whitelist /usr/share/man"
+}
+after 100
+
+send -- "firejail --build wget blablabla\r"
+expect {
+ timeout {puts "TESTING ERROR 13\n";exit}
+ "protocol inet"
+}
+after 100
+
+
+send -- "firejail --build cat /tmp/firejail-test-file-7699\r"
+#todo - bug: it comes back with private-tmp
+sleep 1
+
 
 puts "all done\n"

test/utils/utils.sh

@@ -13,9 +13,13 @@ fi
 export PATH="$PATH:/usr/lib/firejail"
 
 echo "testing" > ~/firejail-test-file-7699
+echo "testing" > /tmp/firejail-test-file-7699
+echo "testing" > /var/tmp/firejail-test-file-7699
 echo "TESTING: build (test/utils/build.exp)"
 ./build.exp
 rm -f ~/firejail-test-file-7699
+rm -f /tmp/firejail-test-file-7699
+rm -f /var/tmp/firejail-test-file-7699
 
 echo "TESTING: audit (test/utils/audit.exp)"
 ./audit.exp