cleanup

onny · Nov 14, 2016 · 745742f · 745742f
1 parent 2f8688a
commit 745742f
Show file tree

Hide file tree

Showing 5 changed files with 127 additions and 59 deletions.
diff --git a/gcov.sh b/gcov.sh
@@ -0,0 +1,71 @@
+#!/bin/bash
+
+generate() {
+ lcov --capture -d src/firejail -d src/firemon -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg --output-file gcov-file
+ rm -fr gcov-dir
+ genhtml gcov-file --output-directory gcov-dir
+}
+
+# init
+USER=`whoami`
+firejail --help
+firemon --help
+/usr/lib/firejail/fnet --help
+/usr/lib/firejail/fseccomp --help
+/usr/lib/firejail/ftee --help
+firecfg --help
+sudo chown $USER:$USER `find .`
+generate
+
+# running tests
+make test-root
+generate
+sleep 2
+
+make test-network
+generate
+sleep 2
+
+make test-appimage
+generate
+sleep 2
+
+make test-overlay
+generate
+sleep 2
+
+make test-profiles
+generate
+sleep 2
+
+make test-fs
+generate
+sleep 2
+
+make test-utils
+generate
+sleep 2
+
+make test-environment
+generate
+sleep 2
+
+make test-apps
+generate
+sleep 2
+
+make test-apps-x11
+generate
+sleep 2
+
+make test-apps-x11-xorg 
+generate
+sleep 2
+
+make test-filters 
+generate
+sleep 2
+
+make test-arguments
+generate
+sleep 2
diff --git a/src/firejail/caps.c b/src/firejail/caps.c
@@ -168,17 +168,6 @@ static CapsEntry capslist[] = {
 //
 }; // end of capslist
 
-const char *caps_find_nr(int nr) {
- int i;
- int elems = sizeof(capslist) / sizeof(capslist[0]);
- for (i = 0; i < elems; i++) {
- if (nr == capslist[i].nr)
- return capslist[i].name;
- }
-
- return "unknown";
-}
-
 // return -1 if error, or syscall number
 static int caps_find_name(const char *name) {
  int i;
@@ -397,7 +386,7 @@ static uint64_t extract_caps(int pid) {
  }
  fclose(fp);
  free(file);
- printf("Error: cannot read caps configuration\n");
+ fprintf(stderr, "Error: cannot read caps configuration\n");
  exit(1);
 }
 

diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
@@ -530,11 +530,7 @@ void fs_whitelist(void) {
  // /home/user
  if (home_dir) {
  // keep a copy of real home dir in RUN_WHITELIST_HOME_USER_DIR
- int rv = mkdir(RUN_WHITELIST_HOME_USER_DIR, 0755);
- if (rv == -1)
- errExit("mkdir");
- if (set_perms(RUN_WHITELIST_HOME_USER_DIR, getuid(), getgid(), 0755))
- errExit("set_perms");
+ mkdir_attr(RUN_WHITELIST_HOME_USER_DIR, 0755, getuid(), getgid());
  if (mount(cfg.homedir, RUN_WHITELIST_HOME_USER_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
  errExit("mount bind");
 
@@ -545,12 +541,7 @@ void fs_whitelist(void) {
  // /tmp mountpoint
  if (tmp_dir) {
  // keep a copy of real /tmp directory in 
- int rv = mkdir(RUN_WHITELIST_TMP_DIR, 1777);
- if (rv == -1)
- errExit("mkdir");
- if (set_perms(RUN_WHITELIST_TMP_DIR, 0, 0, 1777))
- errExit("set_perms");
-
+ mkdir_attr(RUN_WHITELIST_TMP_DIR, 1777, 0, 0);
  if (mount("/tmp", RUN_WHITELIST_TMP_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
  errExit("mount bind");
 
@@ -568,12 +559,7 @@ void fs_whitelist(void) {
  struct stat s;
  if (stat("/media", &s) == 0) {
  // keep a copy of real /media directory in RUN_WHITELIST_MEDIA_DIR
- int rv = mkdir(RUN_WHITELIST_MEDIA_DIR, 0755);
- if (rv == -1)
- errExit("mkdir");
- if (set_perms(RUN_WHITELIST_MEDIA_DIR, 0, 0, 0755))
- errExit("set_perms");
-
+ mkdir_attr(RUN_WHITELIST_MEDIA_DIR, 0755, 0, 0);
  if (mount("/media", RUN_WHITELIST_MEDIA_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
  errExit("mount bind");
 
@@ -594,12 +580,7 @@ void fs_whitelist(void) {
  struct stat s;
  if (stat("/mnt", &s) == 0) {
  // keep a copy of real /mnt directory in RUN_WHITELIST_MNT_DIR
- int rv = mkdir(RUN_WHITELIST_MNT_DIR, 0755);
- if (rv == -1)
- errExit("mkdir");
- if (set_perms(RUN_WHITELIST_MNT_DIR, 0, 0, 0755))
- errExit("set_perms");
-
+ mkdir_attr(RUN_WHITELIST_MNT_DIR, 0755, 0, 0);
  if (mount("/mnt", RUN_WHITELIST_MNT_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
  errExit("mount bind");
 
@@ -618,12 +599,7 @@ void fs_whitelist(void) {
  // /var mountpoint
  if (var_dir) {
  // keep a copy of real /var directory in RUN_WHITELIST_VAR_DIR
- int rv = mkdir(RUN_WHITELIST_VAR_DIR, 0755);
- if (rv == -1)
- errExit("mkdir");
- if (set_perms(RUN_WHITELIST_VAR_DIR, 0, 0, 0755))
- errExit("set_perms");
-
+ mkdir_attr(RUN_WHITELIST_VAR_DIR, 0755, 0, 0);
  if (mount("/var", RUN_WHITELIST_VAR_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
  errExit("mount bind");
 
@@ -638,12 +614,7 @@ void fs_whitelist(void) {
  // /dev mountpoint
  if (dev_dir) {
  // keep a copy of real /dev directory in RUN_WHITELIST_DEV_DIR
- int rv = mkdir(RUN_WHITELIST_DEV_DIR, 0755);
- if (rv == -1)
- errExit("mkdir");
- if (set_perms(RUN_WHITELIST_DEV_DIR, 0, 0, 0755))
- errExit("set_perms");
-
+ mkdir_attr(RUN_WHITELIST_DEV_DIR, 0755, 0, 0);
  if (mount("/dev", RUN_WHITELIST_DEV_DIR, NULL, MS_BIND|MS_REC, "mode=755,gid=0") < 0)
  errExit("mount bind");
 
@@ -658,12 +629,7 @@ void fs_whitelist(void) {
  // /opt mountpoint
  if (opt_dir) {
  // keep a copy of real /opt directory in RUN_WHITELIST_OPT_DIR
- int rv = mkdir(RUN_WHITELIST_OPT_DIR, 0755);
- if (rv == -1)
- errExit("mkdir");
- if (set_perms(RUN_WHITELIST_OPT_DIR, 0, 0, 0755))
- errExit("set_perms");
-
+ mkdir_attr(RUN_WHITELIST_OPT_DIR, 0755, 0, 0);
  if (mount("/opt", RUN_WHITELIST_OPT_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
  errExit("mount bind");
 
@@ -681,12 +647,7 @@ void fs_whitelist(void) {
  struct stat s;
  if (stat("/srv", &s) == 0) {
  // keep a copy of real /srv directory in RUN_WHITELIST_SRV_DIR
- int rv = mkdir(RUN_WHITELIST_SRV_DIR, 0755);
- if (rv == -1)
- errExit("mkdir");
- if (set_perms(RUN_WHITELIST_SRV_DIR, 0, 0, 0755))
- errExit("set_perms");
-
+ mkdir_attr(RUN_WHITELIST_SRV_DIR, 0755, 0, 0);
  if (mount("/srv", RUN_WHITELIST_SRV_DIR, NULL, MS_BIND|MS_REC, NULL) < 0)
  errExit("mount bind");
 

diff --git a/test/rlimit/rlimit.sh b/test/rlimit/rlimit.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+
+export MALLOC_CHECK_=3
+export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
+
+echo "TESTING: rlimit (test/rlimit/rlimit.exp)"
+./rlimit.exp
+
+echo "TESTING: rlimit profile (test/rlimit/rlimit-profile.exp)"
+./rlimit-profile.exp
+
diff --git a/test/root/private.exp b/test/root/private.exp
@@ -0,0 +1,33 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --private\r"
+expect {
+ timeout {puts "TESTING ERROR 0\n";exit}
+ "Child process initialized"
+}
+sleep 2
+
+send -- "ls -l /home\r"
+expect {
+ timeout {puts "TESTING ERROR 1\n";exit}
+ "total 0"
+}
+after 100
+
+send -- "ls -l /root\r"
+expect {
+ timeout {puts "TESTING ERROR 2\n";exit}
+ "total 0"
+}
+after 100
+
+send -- "exit\r"
+after 100
+puts "\nall done\n"