From 745742f17378cde52591c1aa8e112445022abb2d Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 14 Nov 2016 07:53:22 -0500 Subject: [PATCH] cleanup --- gcov.sh | 71 +++++++++++++++++++++++++++++++++++++ src/firejail/caps.c | 13 +------ src/firejail/fs_whitelist.c | 55 +++++----------------------- test/rlimit/rlimit.sh | 14 ++++++++ test/root/private.exp | 33 +++++++++++++++++ 5 files changed, 127 insertions(+), 59 deletions(-) create mode 100755 gcov.sh create mode 100755 test/rlimit/rlimit.sh create mode 100755 test/root/private.exp diff --git a/gcov.sh b/gcov.sh new file mode 100755 index 0000000000..ffacce6b5a --- /dev/null +++ b/gcov.sh @@ -0,0 +1,71 @@ +#!/bin/bash + +generate() { + lcov --capture -d src/firejail -d src/firemon -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg --output-file gcov-file + rm -fr gcov-dir + genhtml gcov-file --output-directory gcov-dir +} + +# init +USER=`whoami` +firejail --help +firemon --help +/usr/lib/firejail/fnet --help +/usr/lib/firejail/fseccomp --help +/usr/lib/firejail/ftee --help +firecfg --help +sudo chown $USER:$USER `find .` +generate + +# running tests +make test-root +generate +sleep 2 + +make test-network +generate +sleep 2 + +make test-appimage +generate +sleep 2 + +make test-overlay +generate +sleep 2 + +make test-profiles +generate +sleep 2 + +make test-fs +generate +sleep 2 + +make test-utils +generate +sleep 2 + +make test-environment +generate +sleep 2 + +make test-apps +generate +sleep 2 + +make test-apps-x11 +generate +sleep 2 + +make test-apps-x11-xorg +generate +sleep 2 + +make test-filters +generate +sleep 2 + +make test-arguments +generate +sleep 2 diff --git a/src/firejail/caps.c b/src/firejail/caps.c index 3fd8b576e2..ba811cada5 100644 --- a/src/firejail/caps.c +++ b/src/firejail/caps.c @@ -168,17 +168,6 @@ static CapsEntry capslist[] = { // }; // end of capslist -const char *caps_find_nr(int nr) { - int i; - int elems = sizeof(capslist) / sizeof(capslist[0]); - for (i = 0; i < elems; i++) { - if (nr == capslist[i].nr) - return capslist[i].name; - } - - return "unknown"; -} - // return -1 if error, or syscall number static int caps_find_name(const char *name) { int i; @@ -397,7 +386,7 @@ static uint64_t extract_caps(int pid) { } fclose(fp); free(file); - printf("Error: cannot read caps configuration\n"); + fprintf(stderr, "Error: cannot read caps configuration\n"); exit(1); } diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 9d8021219a..564dc8290c 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c @@ -530,11 +530,7 @@ void fs_whitelist(void) { // /home/user if (home_dir) { // keep a copy of real home dir in RUN_WHITELIST_HOME_USER_DIR - int rv = mkdir(RUN_WHITELIST_HOME_USER_DIR, 0755); - if (rv == -1) - errExit("mkdir"); - if (set_perms(RUN_WHITELIST_HOME_USER_DIR, getuid(), getgid(), 0755)) - errExit("set_perms"); + mkdir_attr(RUN_WHITELIST_HOME_USER_DIR, 0755, getuid(), getgid()); if (mount(cfg.homedir, RUN_WHITELIST_HOME_USER_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) errExit("mount bind"); @@ -545,12 +541,7 @@ void fs_whitelist(void) { // /tmp mountpoint if (tmp_dir) { // keep a copy of real /tmp directory in - int rv = mkdir(RUN_WHITELIST_TMP_DIR, 1777); - if (rv == -1) - errExit("mkdir"); - if (set_perms(RUN_WHITELIST_TMP_DIR, 0, 0, 1777)) - errExit("set_perms"); - + mkdir_attr(RUN_WHITELIST_TMP_DIR, 1777, 0, 0); if (mount("/tmp", RUN_WHITELIST_TMP_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) errExit("mount bind"); @@ -568,12 +559,7 @@ void fs_whitelist(void) { struct stat s; if (stat("/media", &s) == 0) { // keep a copy of real /media directory in RUN_WHITELIST_MEDIA_DIR - int rv = mkdir(RUN_WHITELIST_MEDIA_DIR, 0755); - if (rv == -1) - errExit("mkdir"); - if (set_perms(RUN_WHITELIST_MEDIA_DIR, 0, 0, 0755)) - errExit("set_perms"); - + mkdir_attr(RUN_WHITELIST_MEDIA_DIR, 0755, 0, 0); if (mount("/media", RUN_WHITELIST_MEDIA_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) errExit("mount bind"); @@ -594,12 +580,7 @@ void fs_whitelist(void) { struct stat s; if (stat("/mnt", &s) == 0) { // keep a copy of real /mnt directory in RUN_WHITELIST_MNT_DIR - int rv = mkdir(RUN_WHITELIST_MNT_DIR, 0755); - if (rv == -1) - errExit("mkdir"); - if (set_perms(RUN_WHITELIST_MNT_DIR, 0, 0, 0755)) - errExit("set_perms"); - + mkdir_attr(RUN_WHITELIST_MNT_DIR, 0755, 0, 0); if (mount("/mnt", RUN_WHITELIST_MNT_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) errExit("mount bind"); @@ -618,12 +599,7 @@ void fs_whitelist(void) { // /var mountpoint if (var_dir) { // keep a copy of real /var directory in RUN_WHITELIST_VAR_DIR - int rv = mkdir(RUN_WHITELIST_VAR_DIR, 0755); - if (rv == -1) - errExit("mkdir"); - if (set_perms(RUN_WHITELIST_VAR_DIR, 0, 0, 0755)) - errExit("set_perms"); - + mkdir_attr(RUN_WHITELIST_VAR_DIR, 0755, 0, 0); if (mount("/var", RUN_WHITELIST_VAR_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) errExit("mount bind"); @@ -638,12 +614,7 @@ void fs_whitelist(void) { // /dev mountpoint if (dev_dir) { // keep a copy of real /dev directory in RUN_WHITELIST_DEV_DIR - int rv = mkdir(RUN_WHITELIST_DEV_DIR, 0755); - if (rv == -1) - errExit("mkdir"); - if (set_perms(RUN_WHITELIST_DEV_DIR, 0, 0, 0755)) - errExit("set_perms"); - + mkdir_attr(RUN_WHITELIST_DEV_DIR, 0755, 0, 0); if (mount("/dev", RUN_WHITELIST_DEV_DIR, NULL, MS_BIND|MS_REC, "mode=755,gid=0") < 0) errExit("mount bind"); @@ -658,12 +629,7 @@ void fs_whitelist(void) { // /opt mountpoint if (opt_dir) { // keep a copy of real /opt directory in RUN_WHITELIST_OPT_DIR - int rv = mkdir(RUN_WHITELIST_OPT_DIR, 0755); - if (rv == -1) - errExit("mkdir"); - if (set_perms(RUN_WHITELIST_OPT_DIR, 0, 0, 0755)) - errExit("set_perms"); - + mkdir_attr(RUN_WHITELIST_OPT_DIR, 0755, 0, 0); if (mount("/opt", RUN_WHITELIST_OPT_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) errExit("mount bind"); @@ -681,12 +647,7 @@ void fs_whitelist(void) { struct stat s; if (stat("/srv", &s) == 0) { // keep a copy of real /srv directory in RUN_WHITELIST_SRV_DIR - int rv = mkdir(RUN_WHITELIST_SRV_DIR, 0755); - if (rv == -1) - errExit("mkdir"); - if (set_perms(RUN_WHITELIST_SRV_DIR, 0, 0, 0755)) - errExit("set_perms"); - + mkdir_attr(RUN_WHITELIST_SRV_DIR, 0755, 0, 0); if (mount("/srv", RUN_WHITELIST_SRV_DIR, NULL, MS_BIND|MS_REC, NULL) < 0) errExit("mount bind"); diff --git a/test/rlimit/rlimit.sh b/test/rlimit/rlimit.sh new file mode 100755 index 0000000000..d854971760 --- /dev/null +++ b/test/rlimit/rlimit.sh @@ -0,0 +1,14 @@ +#!/bin/bash +# This file is part of Firejail project +# Copyright (C) 2014-2016 Firejail Authors +# License GPL v2 + +export MALLOC_CHECK_=3 +export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) + +echo "TESTING: rlimit (test/rlimit/rlimit.exp)" +./rlimit.exp + +echo "TESTING: rlimit profile (test/rlimit/rlimit-profile.exp)" +./rlimit-profile.exp + diff --git a/test/root/private.exp b/test/root/private.exp new file mode 100755 index 0000000000..4040081ee0 --- /dev/null +++ b/test/root/private.exp @@ -0,0 +1,33 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2016 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --private\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 2 + +send -- "ls -l /home\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "total 0" +} +after 100 + +send -- "ls -l /root\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "total 0" +} +after 100 + +send -- "exit\r" +after 100 +puts "\nall done\n"