diff --git a/Makefile.in b/Makefile.in index 41885ddcfa..64970d4a59 100644 --- a/Makefile.in +++ b/Makefile.in @@ -174,7 +174,7 @@ test-compile: dist cd test/compile; ./compile.sh $(NAME)-$(VERSION) test-root: - cd test/root; su -c ./start.sh + cd test/root; su -c ./root.sh | grep TESTING .PHONY: rpms rpms: diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index a3576e7c48..c906e32c0b 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c @@ -247,6 +247,9 @@ void fs_private_bin_list(void) { duplicate(ptr); free(dlist); fs_logger_print(); +#ifdef HAVE_GCOV + __gcov_flush(); +#endif _exit(0); } // wait for the child to finish diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index 830de7c9f9..ebcde29a36 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c @@ -171,6 +171,9 @@ void fs_private_etc_list(void) { duplicate(ptr); free(dlist); fs_logger_print(); +#ifdef HAVE_GCOV + __gcov_flush(); +#endif _exit(0); } // wait for the child to finish diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c index cffe32a7a0..6bcb3f33eb 100644 --- a/src/firejail/fs_mkdir.c +++ b/src/firejail/fs_mkdir.c @@ -81,6 +81,9 @@ void fs_mkdir(const char *name) { // create directory mkdir_recursive(expanded); +#ifdef HAVE_GCOV + __gcov_flush(); +#endif _exit(0); } // wait for the child to finish @@ -126,6 +129,9 @@ void fs_mkfile(const char *name) { (void) rv; fclose(fp); } +#ifdef HAVE_GCOV + __gcov_flush(); +#endif _exit(0); } // wait for the child to finish diff --git a/src/firejail/ls.c b/src/firejail/ls.c index 7c55853245..1b759d7a15 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c @@ -358,6 +358,9 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { // copy the file if (copy_file(src_fname, tmp_fname, getuid(), getgid(), 0600)) _exit(1); +#ifdef HAVE_GCOV + __gcov_flush(); +#endif _exit(0); } @@ -381,6 +384,9 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { // copy the file if (copy_file(tmp_fname, dest_fname, getuid(), getgid(), 0600)) _exit(1); +#ifdef HAVE_GCOV + __gcov_flush(); +#endif _exit(0); } @@ -423,6 +429,9 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { // copy the file if (copy_file(src_fname, tmp_fname, getuid(), getgid(), 0600)) _exit(1); +#ifdef HAVE_GCOV + __gcov_flush(); +#endif _exit(0); } @@ -452,6 +461,9 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { // copy the file if (copy_file(tmp_fname, dest_fname, getuid(), getgid(), 0600)) _exit(1); +#ifdef HAVE_GCOV + __gcov_flush(); +#endif _exit(0); } diff --git a/src/firejail/main.c b/src/firejail/main.c index 4759e6a5ff..3f005b5474 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -2461,6 +2461,9 @@ int main(int argc, char **argv) { network_main(child); if (arg_debug) printf("Host network configured\n"); +#ifdef HAVE_GCOV + __gcov_flush(); +#endif _exit(0); } diff --git a/src/firejail/x11.c b/src/firejail/x11.c index ecab8880a9..54f947c459 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c @@ -692,6 +692,9 @@ void x11_xorg(void) { execlp("/usr/bin/xauth", "/usr/bin/xauth", "-f", tmpfname, "generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL); +#ifdef HAVE_GCOV + __gcov_flush(); +#endif _exit(0); } diff --git a/src/firemon/interface.c b/src/firemon/interface.c index bceed93d31..58990e6e51 100644 --- a/src/firemon/interface.c +++ b/src/firemon/interface.c @@ -146,6 +146,9 @@ static void print_sandbox(pid_t pid) { return; net_ifprint(); printf("\n"); +#ifdef HAVE_GCOV + __gcov_flush(); +#endif _exit(0); } diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index 78a3a4fb2c..1940f4a34c 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c @@ -192,6 +192,10 @@ static int procevent_monitor(const int sock, pid_t mypid) { tv.tv_usec = 0; while (1) { +#ifdef HAVE_GCOV + __gcov_flush(); +#endif + #define BUFFSIZE 4096 char __attribute__ ((aligned(NLMSG_ALIGNTO)))buf[BUFFSIZE]; diff --git a/test/fs/fs.sh b/test/fs/fs.sh index 8ad67141a1..0b9cf977e5 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh @@ -8,6 +8,15 @@ export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) rm -fr ~/_firejail_test_* echo "TESTING: mkdir/mkfile (test/fs/mkdir_mkfile.exp)" +./mkdir_mkfile.exp +rm -fr ~/_firejail_test_* + +mkdir ~/_firejail_test_dir +touch ~/_firejail_test_dir/a +mkdir ~/_firejail_test_dir/test1 +touch ~/_firejail_test_dir/test1/b +echo "TESTING: read/write (test/fs/read-write.exp)" +./read-write.exp rm -fr ~/_firejail_test_* echo "TESTING: /sys/fs access (test/fs/sys_fs.exp)" diff --git a/test/fs/read-write.exp b/test/fs/read-write.exp new file mode 100755 index 0000000000..cfca156055 --- /dev/null +++ b/test/fs/read-write.exp @@ -0,0 +1,49 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2016 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + + +send -- "firejail --read-only=~/_firejail_test_dir --read-write=~/_firejail_test_dir/test1\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "echo mytest >~/_firejail_test_dir/a;echo done\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "done" +} + +send -- "echo mytest >~/_firejail_test_dir/test1/b;echo done\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "done" +} + +send -- "cat ~/_firejail_test_dir/a;echo done\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "mytest" {puts "TESTING ERROR 4\n";exit} + "done" +} + + +send -- "cat ~/_firejail_test_dir/test1/b;echo done\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "mytest" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "done" +} + +after 100 +puts "\nall done\n" diff --git a/test/root/configure b/test/root/configure deleted file mode 100755 index 35d938340b..0000000000 --- a/test/root/configure +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -# This file is part of Firejail project -# Copyright (C) 2014-2016 Firejail Authors -# License GPL v2 - -brctl addbr br0 -ifconfig br0 10.10.20.1/29 up -# NAT masquerade -iptables -t nat -A POSTROUTING -o eth0 -s 10.10.20.0/29 -j MASQUERADE -# port forwarding -# iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.10.20.2:80 - -brctl addbr br1 -ifconfig br1 10.10.30.1/24 up -brctl addbr br2 -ifconfig br2 10.10.40.1/24 up -brctl addbr br3 -ifconfig br3 10.10.50.1/24 up -brctl addbr br4 -ifconfig br4 10.10.60.1/24 up -ip link add link eth0 name eth0.5 type vlan id 5 -/sbin/ifconfig eth0.5 10.10.205.10/24 up -ip link add link eth0 name eth0.6 type vlan id 6 -/sbin/ifconfig eth0.6 10.10.206.10/24 up -ip link add link eth0 name eth0.7 type vlan id 7 -/sbin/ifconfig eth0.7 10.10.207.10/24 up - diff --git a/test/root/firemon-events.exp b/test/root/firemon-events.exp new file mode 100755 index 0000000000..4f305e51de --- /dev/null +++ b/test/root/firemon-events.exp @@ -0,0 +1,72 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# start firemon +set firemon_id $spawn_id +send -- "firemon\r" +sleep 1 + +# start firejail +spawn $env(SHELL) +set firejail_id $spawn_id +send -- "firejail\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} + +# get messages on firemon +set spawn_id $firemon_id +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "exec" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "/bin/bash -c /bin/bash" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "exec" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "/bin/bash" +} +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "fork" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "child" +} +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "/bin/bash" +} +after 100 + +# exit firejail +set spawn_id $firejail_id +send -- "exit\r" +sleep 1 + +# get messages on firemon +set spawn_id $firemon_id +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "exit" +} + +expect { + timeout {puts "TESTING ERROR 9\n";exit} + "EXIT SANDBOX" +} + + +puts "\nall done\n" + diff --git a/test/root/net_interface.exp b/test/root/net_interface.exp deleted file mode 100755 index 2f87024d86..0000000000 --- a/test/root/net_interface.exp +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2016 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "ip link add link eth0 name eth0.100 type vlan id 100\r" -sleep 1 -send -- "ip link add link eth0 name eth0.101 type vlan id 101\r" -sleep 1 -send -- "ip link add link eth0 name eth0.102 type vlan id 102\r" -sleep 1 -send -- "ip link add link eth0 name eth0.103 type vlan id 103\r" -sleep 1 -send -- "ip link add link eth0 name eth0.104 type vlan id 104\r" -sleep 1 -puts "\n" - -send -- "/sbin/ifconfig eth0.100 10.200.0.1/24\r" -sleep 1 -send -- "/sbin/ifconfig eth0.101 10.200.1.1/24\r" -sleep 1 -send -- "/sbin/ifconfig eth0.102 10.200.2.1/24\r" -sleep 1 -send -- "/sbin/ifconfig eth0.103 10.200.3.1/24\r" -sleep 1 -send -- "/sbin/ifconfig eth0.104 10.200.4.1/24\r" -sleep 1 -puts "\n" - - - -send -- "firejail --noprofile --interface=eth0.100 --interface=eth0.101 --interface=eth0.102 --interface=eth0.103 --interface=eth0.104\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "maximum 4 interfaces are allowed" -} -sleep 1 - -send -- "firejail --noprofile --interface=eth0.100 --interface=eth0.101 --interface=eth0.102 --interface=eth0.103\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "eth0.100" -} -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "eth0.101" -} -expect { - timeout {puts "TESTING ERROR 2.2\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "eth0.102" -} -expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "eth0.103" -} -expect { - timeout {puts "TESTING ERROR 4.1\n";exit} - "UP" -} -sleep 1 -send -- "exit\r" -sleep 1 - -send -- "firejail --noprofile --interface=eth0.104\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "eth0.104" -} -expect { - timeout {puts "TESTING ERROR 5.1\n";exit} - "UP" -} -send -- "exit\r" -after 100 - -puts "all done\n" - diff --git a/test/root/option_tmpfs.exp b/test/root/option_tmpfs.exp index 20e42a8589..3d492dfdb0 100755 --- a/test/root/option_tmpfs.exp +++ b/test/root/option_tmpfs.exp @@ -16,13 +16,9 @@ expect { timeout {puts "TESTING ERROR 1\n";exit} "total 0" } -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "/root" -} -sleep 1 +after 100 send -- "exit\r" -sleep 2 +sleep 1 send -- "firejail --debug-check-filename --tmpfs=\"bla&&bla\"\r" expect { diff --git a/test/root/profile_tmpfs.exp b/test/root/profile_tmpfs.exp index da7c084a2c..25f73b50bd 100755 --- a/test/root/profile_tmpfs.exp +++ b/test/root/profile_tmpfs.exp @@ -4,34 +4,37 @@ set timeout 10 spawn $env(SHELL) match_max 100000 -send -- "mkdir /tmp/firejailtestdir\r" -sleep 1 -send -- "ls > /tmp/firejailtestdir/tmpfile\r" -sleep 1 - send -- "firejail --profile=tmpfs.profile\r" expect { timeout {puts "TESTING ERROR 0\n";exit} "Child process initialized" } - -# testing private only -send -- "bash\r" sleep 1 -send -- "ls -l /tmp/firejailtestdir;pwd\r" +send -- "ls -l /var;pwd\r" expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "tmpfile" {puts "TESTING ERROR 1\n";exit} - "home" + timeout {puts "TESTING ERROR 1\n";exit} + "total 0" } -sleep 1 -send -- "exit\r" -sleep 1 +after 100 send -- "exit\r" sleep 1 -send -- "rm -fr /tmp/firejailtestdir\r" -sleep 1 +send -- "firejail --debug-check-filename --profile=tmpfs-bad.profile\r" +expect { + timeout {puts "TESTING ERROR 13.1\n";exit} + "Checking filename bla&&bla" +} +expect { + timeout {puts "TESTING ERROR 13.2\n";exit} + "Error:" +} +expect { + timeout {puts "TESTING ERROR 13.3\n";exit} + "is an invalid filename" +} +after 100 + puts "\nall done\n" + diff --git a/test/root/root.sh b/test/root/root.sh index 960071d45a..5576faad65 100755 --- a/test/root/root.sh +++ b/test/root/root.sh @@ -1,7 +1,5 @@ #!/bin/bash -./configure 2 > /dev/null - #******************************** # servers #******************************** @@ -76,30 +74,7 @@ echo hello > tmpfile rm -f tmpfile #******************************** -# networking +# firemon #******************************** -echo "TESTING: network interfaces (test/root/net_interface.exp)" -./net_interface.exp - -echo "TESTING: firemon --interface (test/root/firemon-interface.exp)" -./firemon-interface.exp - -#if [ -f /sys/fs/cgroup/g1/tasks ] -#then -# echo "TESTING: firemon --cgroup (firemon-cgroup.exp)" -# ./firemon-cgroup.exp -#fi -# -#echo "TESTING: chroot resolv.conf (chroot-resolvconf.exp)" -#rm -f tmpfile -#touch tmpfile -#rm -f /tmp/chroot/etc/resolv.conf -#ln -s tmp /tmp/chroot/etc/resolv.conf -#./chroot-resolvconf.exp -#rm -f tmpfile -#rm /tmp/chroot/etc/resolv.conf - -#echo "TESTING: chroot (fs_chroot_asroot.exp)" -#./fs_chroot_asroot.exp - - +echo "TESTING: firemon events (test/root/firemon-events.exp)" +./firemon-events.exp diff --git a/test/root/start.sh b/test/root/start.sh deleted file mode 100755 index 8e7a869cdf..0000000000 --- a/test/root/start.sh +++ /dev/null @@ -1,4 +0,0 @@ -#/bin/bash - -./configure -./root.sh | grep TESTING \ No newline at end of file diff --git a/test/root/tmpfs-bad.profile b/test/root/tmpfs-bad.profile new file mode 100644 index 0000000000..7264e18ff7 --- /dev/null +++ b/test/root/tmpfs-bad.profile @@ -0,0 +1 @@ +tmpfs bla&&bla diff --git a/test/root/tmpfs.profile b/test/root/tmpfs.profile index 0680f4d695..55a6f7ebce 100644 --- a/test/root/tmpfs.profile +++ b/test/root/tmpfs.profile @@ -1 +1 @@ -tmpfs /tmp/firejailtestdir \ No newline at end of file +tmpfs /var diff --git a/test/root/firemon-interface.exp b/test/utils/firemon-cgroup.exp similarity index 52% rename from test/root/firemon-interface.exp rename to test/utils/firemon-cgroup.exp index 6a82ae41ec..3cd4f5a03e 100755 --- a/test/root/firemon-interface.exp +++ b/test/utils/firemon-cgroup.exp @@ -1,10 +1,13 @@ #!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2016 Firejail Authors +# License GPL v2 set timeout 10 spawn $env(SHELL) match_max 100000 -send -- "firejail\r" +send -- "firejail --name=test1\r" expect { timeout {puts "TESTING ERROR 0\n";exit} "Child process initialized" @@ -12,23 +15,26 @@ expect { sleep 1 spawn $env(SHELL) -send -- "firemon --interface\r" +send -- "firejail --name=test2\r" expect { timeout {puts "TESTING ERROR 1\n";exit} - "lo UP" + "Child process initialized" } +sleep 1 + +spawn $env(SHELL) +send -- "firemon --cgroup\r" +sleep 4 expect { timeout {puts "TESTING ERROR 2\n";exit} - "10.10.20.1/29" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "10.10.50.1/24" + "name=test1" } expect { timeout {puts "TESTING ERROR 3\n";exit} - "br3" + "name=test2" } -sleep 1 -puts "\n" +after 100 + +puts "\nall done\n" +