diff --git a/src/lib/syscall.c b/src/lib/syscall.c index a1c886ac4..0cf11b044 100644 --- a/src/lib/syscall.c +++ b/src/lib/syscall.c @@ -6,7 +6,7 @@ * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. + * (at your option) any later version.1 * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -256,36 +256,36 @@ static const SyscallGroupList sysgroups[] = { #ifdef SYS_clock_getres "clock_getres," #endif -#ifdef SYS_clock_getres_time64 - "clock_getres_time64," -#endif -#ifdef SYS_clock_gettime - "clock_gettime," -#endif -#ifdef SYS_clock_gettime64 - "clock_gettime64," -#endif -#ifdef SYS_clock_nanosleep - "clock_nanosleep," -#endif -#ifdef SYS_clock_nanosleep_time64 - "clock_nanosleep_time64," -#endif + //groupfix: #ifdef SYS_clock_getres_time64 + //groupfix: "clock_getres_time64," + //groupfix: #endif + //groupfix: #ifdef SYS_clock_gettime + //groupfix: "clock_gettime," + //groupfix: #endif + //groupfix: #ifdef SYS_clock_gettime64 + //groupfix: "clock_gettime64," + //groupfix: #endif + //groupfix: #ifdef SYS_clock_nanosleep + //groupfix: "clock_nanosleep," + //groupfix: #endif + //groupfix: #ifdef SYS_clock_nanosleep_time64 + //groupfix: "clock_nanosleep_time64," + //groupfix: #endif #ifdef SYS_clock_settime "clock_settime," #endif #ifdef SYS_clock_settime64 "clock_settime64," #endif -#ifdef SYS_gettimeofday - "gettimeofday," -#endif + //groupfix: #ifdef SYS_gettimeofday + //groupfix: "gettimeofday," + //groupfix: #endif #ifdef SYS_old_adjtimex "old_adjtimex," #endif -#ifdef SYS_osf_gettimeofday - "osf_gettimeofday," -#endif + //groupfix: #ifdef SYS_osf_gettimeofday + //groupfix: "osf_gettimeofday," + //groupfix: #endif #ifdef SYS_osf_settimeofday "osf_settimeofday," #endif @@ -295,9 +295,9 @@ static const SyscallGroupList sysgroups[] = { #ifdef SYS_stime "stime," #endif -#ifdef SYS_time - "time" -#endif + //groupfix: #ifdef SYS_time + //groupfix: "time" + //groupfix: #endif }, { .name = "@cpu-emulation", .list = #ifdef SYS_modify_ldt diff --git a/test/apps/apps.sh b/test/apps/apps.sh index 20c9c9b33..a7ee8bbe3 100755 --- a/test/apps/apps.sh +++ b/test/apps/apps.sh @@ -2,15 +2,42 @@ # This file is part of Firejail project # Copyright (C) 2014-2026 Firejail Authors # License GPL v2 - +# +# quic test for several applications +# export MALLOC_CHECK_=3 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) export LC_ALL=C -apps=(firefox qbittorrent firefox-xephyr galculator libreoffice firefox-xorg lowriter \ - xterm x11-none xterm-xorg xterm-xephyr xterm-xpra firefox-xpra) +# keeping sudo avaliable +sudo ls +# console apps +apps=(ping dig wget) for app in "${apps[@]}"; do + if command -v "$app" + then + echo "TESTING: $app" + ./$app.exp + else + echo "TESTING SKIP: $app not found" + fi +done +rm -f index.html +rm wget-log* +sudo ls + +# testing seccomp @clock group +echo "TESTING: seccomp @clock group (test/apps/seccomp-clock.exp)" +./seccomp-clock.exp + +# X11 apps +x11apps=(firefox qbittorrent firefox-xephyr galculator libreoffice firefox-xorg \ + lowriter gimp inkscape \ + xterm x11-none xterm-xorg xterm-xephyr xterm-xpra firefox-xpra) + +for app in "${x11apps[@]}"; do + sudo ls if file -v "$app".exp then echo "TESTING: $app (test/apps/$app.exp)" diff --git a/test/apps/dig.exp b/test/apps/dig.exp new file mode 100755 index 000000000..3756764c4 --- /dev/null +++ b/test/apps/dig.exp @@ -0,0 +1,24 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2026 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --ignore=quiet dig cloudflare.com\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Reading profile /etc/firejail/dig.profile" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + -re "ANSWER SECTION" +} +after 100 +puts "\nall done\n" diff --git a/test/apps/gimp.exp b/test/apps/gimp.exp new file mode 100755 index 000000000..7c4f21fd1 --- /dev/null +++ b/test/apps/gimp.exp @@ -0,0 +1,45 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2026 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail gimp\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Reading profile /etc/firejail/gimp.profile" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +} +sleep 5 + +spawn $env(SHELL) +send -- "firejail --list\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "firejail" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "gimp" +} +after 100 + +spawn $env(SHELL) +send -- "firemon --seccomp\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "gimp" +} +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "Seccomp: 2" +} +after 100 + +puts "\nall done\n" diff --git a/test/apps/inkscape.exp b/test/apps/inkscape.exp new file mode 100755 index 000000000..b12dc64b0 --- /dev/null +++ b/test/apps/inkscape.exp @@ -0,0 +1,45 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2026 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --ignore=quiet inkscape\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Reading profile /etc/firejail/inkscape.profile" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +} +sleep 5 + +spawn $env(SHELL) +send -- "firejail --list\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "firejail" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "inkscape" +} +after 100 + +spawn $env(SHELL) +send -- "firemon --seccomp\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "inkscape" +} +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "Seccomp: 2" +} +after 100 + +puts "\nall done\n" diff --git a/test/apps/ping.exp b/test/apps/ping.exp new file mode 100755 index 000000000..ce0aa52ca --- /dev/null +++ b/test/apps/ping.exp @@ -0,0 +1,24 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2026 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --ignore=quiet ping -c 5 1.1.1.1\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Reading profile /etc/firejail/ping.profile" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + -re "64 bytes from" +} +sleep 5 +puts "\nall done\n" diff --git a/test/apps/seccomp-clock.exp b/test/apps/seccomp-clock.exp new file mode 100755 index 000000000..74c717ea7 --- /dev/null +++ b/test/apps/seccomp-clock.exp @@ -0,0 +1,25 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2026 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --ignore=quiet sleep 5\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Reading profile /etc/firejail/default.profile" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Operation not permitted" {puts "TESTING ERROR 3\n";exit} + "Parent is shutting down" +} +after 100 +puts "\nall done\n" diff --git a/test/apps/wget.exp b/test/apps/wget.exp new file mode 100755 index 000000000..a28c014d3 --- /dev/null +++ b/test/apps/wget.exp @@ -0,0 +1,24 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2026 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --ignore=quiet wget cloudflare.com\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Reading profile /etc/firejail/wget.profile" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + -re "Saving to" +} +after 100 +puts "\nall done\n"