diff --git a/.gitignore b/.gitignore index db523da59..459119b14 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,8 @@ *~ *.swp *.rpm +*.gcda +*.gcno Makefile config.log config.status diff --git a/Makefile.in b/Makefile.in index d93eee502..41885ddcf 100644 --- a/Makefile.in +++ b/Makefile.in @@ -39,7 +39,7 @@ clean: for dir in $(APPS) $(MYLIBS); do \ $(MAKE) -C $$dir clean; \ done - rm -fr gcov-file gcov-dir + rm -fr gcov-file gcov-dir gcov-test-initialized rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm rm -f test/utils/index.html* rm -f test/utils/wget-log @@ -146,7 +146,7 @@ uninstall: rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firecfg DISTFILES = "src etc platform configure configure.ac Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh mkuid.sh COPYING README RELNOTES" -DISTFILES_TEST = "test/apps test/apps-x11 test/apps-x11-xorg test/environment test/profiles test/utils test/compile test/filters test/network test/fs test/sysutils" +DISTFILES_TEST = "test/apps test/apps-x11 test/apps-x11-xorg test/root test/environment test/profiles test/utils test/compile test/filters test/network test/arguments test/fs test/sysutils" dist: mv config.status config.status.old @@ -219,7 +219,7 @@ test-arguments: cd test/arguments; ./arguments.sh | grep TESTING test-network: - echo "Please read test/network/README file and run the test manually" + cd test/network; ./network.sh | grep TESTING test-fs: cd test/fs; ./fs.sh | grep TESTING @@ -227,7 +227,10 @@ test-fs: test: test-profiles test-fs test-utils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters test-arguments echo "TEST COMPLETE" -gcov:; +gcov-test-initialized: + ./gcov-test-init.sh + +gcov: gcov-test-initialized lcov --capture -d src/firejail -d src/firemon -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg --output-file gcov-file rm -fr gcov-dir genhtml gcov-file --output-directory gcov-dir diff --git a/gcov-test-init.sh b/gcov-test-init.sh new file mode 100755 index 000000000..e98d9fa79 --- /dev/null +++ b/gcov-test-init.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +USER=`whoami` +firejail --help +firemon --help +/usr/lib/firejail/fnet --help +/usr/lib/firejail/fseccomp --help +/usr/lib/firejail/ftee --help +firecfg --help +sudo chown $USER:$USER `find .` +touch gcov-test-initialized diff --git a/src/ftee/main.c b/src/ftee/main.c index 8daea8487..e6aa5f567 100644 --- a/src/ftee/main.c +++ b/src/ftee/main.c @@ -193,6 +193,10 @@ int main(int argc, char **argv) { usage(); exit(1); } + if (strcmp(argv[1], "--help") == 0) { + usage(); + return 0; + } char *fname = argv[1]; diff --git a/test/network/4bridges_arp.exp b/test/network/4bridges_arp.exp index 4ffa715cc..6383aad5e 100755 --- a/test/network/4bridges_arp.exp +++ b/test/network/4bridges_arp.exp @@ -29,9 +29,9 @@ expect { timeout {puts "TESTING ERROR 0.4\n";exit} "Child process initialized" } -sleep 2 +sleep 1 send -- "exit\r" -sleep 2 +sleep 1 # check eth1 send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" @@ -55,9 +55,9 @@ expect { timeout {puts "TESTING ERROR 1.4\n";exit} "Child process initialized" } -sleep 2 +sleep 1 send -- "exit\r" -sleep 2 +sleep 1 # check eth2 @@ -82,9 +82,9 @@ expect { timeout {puts "TESTING ERROR 2.4\n";exit} "Child process initialized" } -sleep 2 +sleep 1 send -- "exit\r" -sleep 2 +sleep 1 @@ -110,9 +110,9 @@ expect { timeout {puts "TESTING ERROR 4\n";exit} "Child process initialized" } -sleep 2 +sleep 1 send -- "exit\r" -sleep 2 +sleep 1 diff --git a/test/network/4bridges_ip.exp b/test/network/4bridges_ip.exp index 3cfd71be0..e762ac285 100755 --- a/test/network/4bridges_ip.exp +++ b/test/network/4bridges_ip.exp @@ -29,9 +29,9 @@ expect { timeout {puts "TESTING ERROR 0.4\n";exit} "Child process initialized" } -sleep 2 +sleep 1 send -- "exit\r" -sleep 2 +sleep 1 # check eth1 send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" @@ -55,9 +55,9 @@ expect { timeout {puts "TESTING ERROR 1.4\n";exit} "Child process initialized" } -sleep 2 +sleep 1 send -- "exit\r" -sleep 2 +sleep 1 # check eth2 @@ -82,9 +82,9 @@ expect { timeout {puts "TESTING ERROR 2.4\n";exit} "Child process initialized" } -sleep 2 +sleep 1 send -- "exit\r" -sleep 2 +sleep 1 @@ -110,9 +110,9 @@ expect { timeout {puts "TESTING ERROR 4\n";exit} "Child process initialized" } -sleep 2 +sleep 1 send -- "exit\r" -sleep 2 +sleep 1 diff --git a/test/network/README b/test/network/README index a715d8edf..4404c53b0 100644 --- a/test/network/README +++ b/test/network/README @@ -11,5 +11,4 @@ Limitations - to be investigated and fixed: - macvlan interfaces don't seem to work correctly under VirtualBox Run the test: - $ sudo ./configure $ ./network.sh | grep TESTING diff --git a/test/network/bandwidth.exp b/test/network/bandwidth.exp index 8f3a706a8..8a2e46e04 100755 --- a/test/network/bandwidth.exp +++ b/test/network/bandwidth.exp @@ -12,7 +12,7 @@ expect { timeout {puts "TESTING ERROR 0\n";exit} "Child process initialized" } -sleep 2 +sleep 1 spawn $env(SHELL) send -- "firejail --bandwidth=test status\r" diff --git a/test/firemon-arp.exp b/test/network/firemon-arp.exp similarity index 63% rename from test/firemon-arp.exp rename to test/network/firemon-arp.exp index 3fc8c2aee..0a543c3b4 100755 --- a/test/firemon-arp.exp +++ b/test/network/firemon-arp.exp @@ -11,7 +11,7 @@ expect { } sleep 1 -send -- "firejail\r" +send -- "firejail --name=test1\r" expect { timeout {puts "TESTING ERROR 1\n";exit} "Child process initialized" @@ -19,16 +19,32 @@ expect { sleep 1 spawn $env(SHELL) -send -- "firemon --arp\r" +send -- "firejail --name=test2\r" expect { timeout {puts "TESTING ERROR 2\n";exit} + "Child process initialized" +} +sleep 1 + +spawn $env(SHELL) +send -- "firemon --arp\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "name=test1" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} "192.168.1.1 dev eth0 lladdr" {puts "Debian testing\n";} "192.168.1.1 dev enp0s3 lladdr" {puts "Centos 7 testing\n";} } expect { - timeout {puts "TESTING ERROR 3\n";exit} + timeout {puts "TESTING ERROR 5\n";exit} "REACHABLE" } -sleep 1 +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "name=test2" +} +after 100 -puts "\n" +puts "\nall done\n"" diff --git a/test/firemon-route.exp b/test/network/firemon-route.exp similarity index 63% rename from test/firemon-route.exp rename to test/network/firemon-route.exp index a48116675..19a705778 100755 --- a/test/firemon-route.exp +++ b/test/network/firemon-route.exp @@ -4,7 +4,7 @@ set timeout 10 spawn $env(SHELL) match_max 100000 -send -- "firejail\r" +send -- "firejail --name=test1\r" expect { timeout {puts "TESTING ERROR 0\n";exit} "Child process initialized" @@ -12,22 +12,38 @@ expect { sleep 1 spawn $env(SHELL) -send -- "firemon --route\r" +send -- "firejail --name=test2\r" expect { timeout {puts "TESTING ERROR 1\n";exit} - "0.0.0.0/0 via 192.168.1.1, dev eth0, metric 0" {puts "Debian testing\n";} - "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 1024" {puts "Centos 7 testing\n";} - "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 0" {puts "OpenSUSE testing\n";} - "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 100" {puts "Arch testing\n";} -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "10.10.30.0/24, dev br1, scope link src 10.10.30.1" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "10.10.50.0/24, dev br3, scope link src 10.10.50.1" + "Child process initialized" } sleep 1 -puts "\n" +spawn $env(SHELL) +send -- "firemon --route\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "name=test1" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "0.0.0.0/0 via 192.168.1.1, dev eth0, metric 0" {puts "Debian testing\n";} + "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 1024" {puts "Centos 7 testing\n";} + "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 0" {puts "OpenSUSE testing\n";} + "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 100" {puts "Arch testing\n";} +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "10.10.30.0/24, dev br1, scope link src 10.10.30.1" +} +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "10.10.50.0/24, dev br3, scope link src 10.10.50.1" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "name=test2" +} +after 100 + +puts "\nalldone\n" diff --git a/test/network/interface.exp b/test/network/interface.exp index b15563eec..bd8777c33 100755 --- a/test/network/interface.exp +++ b/test/network/interface.exp @@ -14,7 +14,7 @@ set chroot [lindex $argv 1] # # todo: seems to be unable to find interface eth0.7 #send -- "firejail --noprofile --interface=eth0.5 --interface=eth0.6 --interface=eth0.7\r" -send -- "firejail --noprofile --interface=eth0.7 --interface=eth0.6\r" +send -- "firejail --noprofile --interface=eth0.5 --interface=eth0.6\r" expect { timeout {puts "TESTING ERROR 0\n";exit} "Child process initialized" diff --git a/test/network/net_ip.exp b/test/network/net_ip.exp index 32103050d..0fa84243a 100755 --- a/test/network/net_ip.exp +++ b/test/network/net_ip.exp @@ -29,9 +29,9 @@ expect { timeout {puts "TESTING ERROR 4\n";exit} "Child process initialized" } -sleep 2 +sleep 1 send -- "exit\r" -sleep 2 +sleep 1 # check loopback send -- "firejail --net=br0 --ip=10.10.20.5 --protocol=unix,inet,netlink\r" diff --git a/test/network/net_local.exp b/test/network/net_local.exp index b72b9adaf..d58135785 100755 --- a/test/network/net_local.exp +++ b/test/network/net_local.exp @@ -17,9 +17,9 @@ expect { timeout {puts "TESTING ERROR 4\n";exit} "Child process initialized" } -sleep 2 +sleep 1 send -- "exit\r" -sleep 2 +sleep 1 # check loopback send -- "firejail --noprofile\r" diff --git a/test/network/net_netfilter.exp b/test/network/net_netfilter.exp index f011f3746..737485d07 100755 --- a/test/network/net_netfilter.exp +++ b/test/network/net_netfilter.exp @@ -29,7 +29,7 @@ expect { timeout {puts "TESTING ERROR 4\n";exit} "Child process initialized" } -sleep 2 +sleep 1 send -- "exit\r" sleep 1 @@ -43,7 +43,7 @@ expect { "ACCEPT icmp -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} "Child process initialized" } -sleep 2 +sleep 1 send -- "exit\r" sleep 1 @@ -57,7 +57,7 @@ expect { timeout {puts "TESTING ERROR 6.1\n";exit} "Child process initialized" } -sleep 2 +sleep 1 send -- "ping -c 1 -w 3 10.10.20.1\r" expect { timeout {puts "TESTING ERROR 6.2\n";exit} diff --git a/test/network/net_profile.exp b/test/network/net_profile.exp index dee0b2793..29008d811 100755 --- a/test/network/net_profile.exp +++ b/test/network/net_profile.exp @@ -33,7 +33,7 @@ expect { timeout {puts "TESTING ERROR 0.4\n";exit} "Child process initialized" } -sleep 2 +sleep 1 send -- "ip route show\r" expect { diff --git a/test/network/net_veth.exp b/test/network/net_veth.exp new file mode 100755 index 000000000..89dedcb24 --- /dev/null +++ b/test/network/net_veth.exp @@ -0,0 +1,130 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2016 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --net=eth0\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "lo" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "127.0.0.1" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "255.0.0.0" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "eth0-" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "255.255.255.0" +} +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "Default gateway" +} +expect { + timeout {puts "TESTING ERROR 9\n";exit} + "Child process initialized" +} +sleep 1 +send -- "exit\r" +sleep 1 + +send -- "firejail --net=eth0 --net=eth0 --net=eth0 --net=eth0\r" +expect { + timeout {puts "TESTING ERROR 11\n";exit} + "lo" +} +expect { + timeout {puts "TESTING ERROR 12\n";exit} + "127.0.0.1" +} +expect { + timeout {puts "TESTING ERROR 13\n";exit} + "255.0.0.0" +} +expect { + timeout {puts "TESTING ERROR 14\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 15\n";exit} + "eth0-" +} +expect { + timeout {puts "TESTING ERROR 16\n";exit} + "255.255.255.0" +} +expect { + timeout {puts "TESTING ERROR 17\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 18\n";exit} + "eth1-" +} +expect { + timeout {puts "TESTING ERROR 19\n";exit} + "255.255.255.0" +} +expect { + timeout {puts "TESTING ERROR 20\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "eth2-" +} +expect { + timeout {puts "TESTING ERROR 21\n";exit} + "255.255.255.0" +} +expect { + timeout {puts "TESTING ERROR 22\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 23\n";exit} + "eth3-" +} +expect { + timeout {puts "TESTING ERROR 24\n";exit} + "255.255.255.0" +} +expect { + timeout {puts "TESTING ERROR 25\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 26\n";exit} + "Default gateway" +} +expect { + timeout {puts "TESTING ERROR 27\n";exit} + "Child process initialized" +} +sleep 1 +send -- "exit\r" + +after 100 + +puts "\n" + diff --git a/test/network/network.sh b/test/network/network.sh index e0087411d..28f707952 100755 --- a/test/network/network.sh +++ b/test/network/network.sh @@ -6,6 +6,14 @@ export MALLOC_CHECK_=3 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) +sudo ./configure + +echo "TESTING: firemon arp (firemon-arp.exp)" +./firemon-arp.exp + +echo "TESTING: firemon route (firemon-route.exp)" +./firemon-route.exp + echo "TESTING: network profile (net_profile.exp)" ./net_profile.exp @@ -58,6 +66,9 @@ echo "TESTING: scan (net_scan.exp)" echo "TESTING: interface (interface.exp)" ./interface.exp +echo "TESTING: veth (net_veth.exp)" +./net_veth.exp + echo "TESTING: netfilter (net_netfilter.exp)" ./net_netfilter.exp