From 0d9a9327d5da08813e45e98d47c8d9b35f996b4e Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Wed, 22 Apr 2026 09:07:56 -0300 Subject: [PATCH 1/7] test/fs: sort entries in xdg macro profiles This amends commit 2155203b3 ("xdg macro testing", 2018-08-07). --- test/fs/macro-blacklist.profile | 10 +++++----- test/fs/macro-readonly.profile | 10 +++++----- test/fs/macro-whitelist.profile | 10 +++++----- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/test/fs/macro-blacklist.profile b/test/fs/macro-blacklist.profile index 2421d1b7c..04fb1dd3d 100644 --- a/test/fs/macro-blacklist.profile +++ b/test/fs/macro-blacklist.profile @@ -1,6 +1,6 @@ -blacklist ${VIDEOS} -blacklist ${DOCUMENTS} -blacklist ${MUSIC} -blacklist ${DOWNLOADS} -blacklist ${PICTURES} blacklist ${DESKTOP} +blacklist ${DOCUMENTS} +blacklist ${DOWNLOADS} +blacklist ${MUSIC} +blacklist ${PICTURES} +blacklist ${VIDEOS} diff --git a/test/fs/macro-readonly.profile b/test/fs/macro-readonly.profile index 2f3d5bd78..c7fd213a3 100644 --- a/test/fs/macro-readonly.profile +++ b/test/fs/macro-readonly.profile @@ -1,6 +1,6 @@ -read-only ${VIDEOS} -read-only ${DOCUMENTS} -read-only ${MUSIC} -read-only ${DOWNLOADS} -read-only ${PICTURES} read-only ${DESKTOP} +read-only ${DOCUMENTS} +read-only ${DOWNLOADS} +read-only ${MUSIC} +read-only ${PICTURES} +read-only ${VIDEOS} diff --git a/test/fs/macro-whitelist.profile b/test/fs/macro-whitelist.profile index fed7f76fc..cee2bc8bf 100644 --- a/test/fs/macro-whitelist.profile +++ b/test/fs/macro-whitelist.profile @@ -1,6 +1,6 @@ -whitelist ${VIDEOS} -whitelist ${DOCUMENTS} -whitelist ${MUSIC} -whitelist ${DOWNLOADS} -whitelist ${PICTURES} whitelist ${DESKTOP} +whitelist ${DOCUMENTS} +whitelist ${DOWNLOADS} +whitelist ${MUSIC} +whitelist ${PICTURES} +whitelist ${VIDEOS} From 07fe21516a08de5d2294485c7e0b99267c203f4c Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Wed, 22 Apr 2026 09:03:08 -0300 Subject: [PATCH 2/7] test/fs/fs.sh: fix typo of `_firejail_test_file` This amends commit 2155203b3 ("xdg macro testing", 2018-08-07). --- test/fs/fs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/fs/fs.sh b/test/fs/fs.sh index 02df5fbb1..a4fd7e454 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh @@ -101,7 +101,7 @@ echo "TESTING: macros (test/fs/macro.exp)" echo "TESTING: whitelist empty (test/fs/whitelist-empty.exp)" ./whitelist-empty.exp -rm -f ~/Videos/_firejail_test_fil +rm -f ~/Videos/_firejail_test_file rm -f ~/Pictures/_firejail_test_file rm -f ~/Music/_firejail_test_file rm -f ~/Downloads/_firejail_test_file From af26a06dd9ac183c61956836458a13ffa6dc11b0 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Fri, 24 Apr 2026 00:47:19 -0300 Subject: [PATCH 3/7] test/fs/fs.sh: sort rm commands for xdg paths This amends commit 2155203b3 ("xdg macro testing", 2018-08-07). --- test/fs/fs.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/test/fs/fs.sh b/test/fs/fs.sh index a4fd7e454..6750e7e60 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh @@ -101,12 +101,12 @@ echo "TESTING: macros (test/fs/macro.exp)" echo "TESTING: whitelist empty (test/fs/whitelist-empty.exp)" ./whitelist-empty.exp -rm -f ~/Videos/_firejail_test_file -rm -f ~/Pictures/_firejail_test_file -rm -f ~/Music/_firejail_test_file -rm -f ~/Downloads/_firejail_test_file -rm -f ~/Documents/_firejail_test_file rm -f ~/Desktop/_firejail_test_file +rm -f ~/Documents/_firejail_test_file +rm -f ~/Downloads/_firejail_test_file +rm -f ~/Music/_firejail_test_file +rm -f ~/Pictures/_firejail_test_file +rm -f ~/Videos/_firejail_test_file echo "TESTING: private whitelist (test/fs/private-whitelist.exp)" ./private-whitelist.exp From 217c96fab4999d6cc57563a929fa26fcef07f7c6 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Fri, 24 Apr 2026 04:03:13 -0300 Subject: [PATCH 4/7] test/fs/fs.sh: move rm of xdg macro files after macro.exp They are unrelated to private-whitelist.exp. This amends commit 2155203b3 ("xdg macro testing", 2018-08-07). --- test/fs/fs.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/fs/fs.sh b/test/fs/fs.sh index 6750e7e60..1f32529e7 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh @@ -98,9 +98,6 @@ echo "TESTING: private-cwd (test/fs/private-cwd.exp)" echo "TESTING: macros (test/fs/macro.exp)" ./macro.exp - -echo "TESTING: whitelist empty (test/fs/whitelist-empty.exp)" -./whitelist-empty.exp rm -f ~/Desktop/_firejail_test_file rm -f ~/Documents/_firejail_test_file rm -f ~/Downloads/_firejail_test_file @@ -108,6 +105,9 @@ rm -f ~/Music/_firejail_test_file rm -f ~/Pictures/_firejail_test_file rm -f ~/Videos/_firejail_test_file +echo "TESTING: whitelist empty (test/fs/whitelist-empty.exp)" +./whitelist-empty.exp + echo "TESTING: private whitelist (test/fs/private-whitelist.exp)" ./private-whitelist.exp From 096aa0337fd20d98afd539de9bab0438c7b305ae Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Fri, 24 Apr 2026 04:39:57 -0300 Subject: [PATCH 5/7] test/fs/macro.exp: use `_firejail_test_file` Use `_firejail_test_file` instead of `blablabla`, as the former is a more common filename in tests and is what is actually removed in test/fs/fs.sh. Related commits: * 2155203b3 ("xdg macro testing", 2018-08-07) * 188d5f16d ("--profile=FILE rework (#6896)", 2026-01-05) --- test/fs/macro.exp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/test/fs/macro.exp b/test/fs/macro.exp index 8fa425ff7..66fdc9c03 100755 --- a/test/fs/macro.exp +++ b/test/fs/macro.exp @@ -105,7 +105,7 @@ expect { } sleep 1 -send -- "firejail --profile=./macro-readonly.profile touch ~/Desktop/blablabla\r" +send -- "firejail --profile=./macro-readonly.profile touch ~/Desktop/_firejail_test_file\r" expect { timeout {puts "TESTING ERROR 19\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" @@ -116,7 +116,7 @@ expect { } sleep 1 -send -- "firejail --profile=./macro-readonly.profile touch ~/Documents/blablabla\r" +send -- "firejail --profile=./macro-readonly.profile touch ~/Documents/_firejail_test_file\r" expect { timeout {puts "TESTING ERROR 21\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" @@ -127,7 +127,7 @@ expect { } sleep 1 -send -- "firejail --profile=./macro-readonly.profile touch ~/Downloads/blablabla\r" +send -- "firejail --profile=./macro-readonly.profile touch ~/Downloads/_firejail_test_file\r" expect { timeout {puts "TESTING ERROR 23\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" @@ -138,7 +138,7 @@ expect { } sleep 1 -send -- "firejail --profile=./macro-readonly.profile touch ~/Music/blablabla\r" +send -- "firejail --profile=./macro-readonly.profile touch ~/Music/_firejail_test_file\r" expect { timeout {puts "TESTING ERROR 25\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" @@ -149,7 +149,7 @@ expect { } sleep 1 -send -- "firejail --profile=./macro-readonly.profile touch ~/Pictures/blablabla\r" +send -- "firejail --profile=./macro-readonly.profile touch ~/Pictures/_firejail_test_file\r" expect { timeout {puts "TESTING ERROR 27\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" @@ -160,7 +160,7 @@ expect { } sleep 1 -send -- "firejail --profile=./macro-readonly.profile touch ~/Videos/blablabla\r" +send -- "firejail --profile=./macro-readonly.profile touch ~/Videos/_firejail_test_file\r" expect { timeout {puts "TESTING ERROR 29\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" From 574885778aad079c42e7cc99bc5fa4b78fe11767 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Fri, 24 Apr 2026 04:59:59 -0300 Subject: [PATCH 6/7] test/fs/macro.exp: reduce timeout and sleep * timeout: 10s -> 1s * sleep: 1000ms -> 100ms --- test/fs/macro.exp | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/test/fs/macro.exp b/test/fs/macro.exp index 66fdc9c03..e2f886794 100755 --- a/test/fs/macro.exp +++ b/test/fs/macro.exp @@ -3,7 +3,7 @@ # Copyright (C) 2014-2026 Firejail Authors # License GPL v2 -set timeout 10 +set timeout 1 spawn $env(SHELL) match_max 100000 @@ -37,7 +37,7 @@ expect { timeout {puts "TESTING ERROR 6\n";exit} "Videos" } -sleep 1 +after 100 send -- "firejail --profile=./macro-blacklist.profile ls ~/Desktop\r" expect { @@ -48,7 +48,7 @@ expect { timeout {puts "TESTING ERROR 8\n";exit} "Permission denied" } -sleep 1 +after 100 send -- "firejail --profile=./macro-blacklist.profile ls ~/Documents\r" expect { @@ -59,7 +59,7 @@ expect { timeout {puts "TESTING ERROR 10\n";exit} "Permission denied" } -sleep 1 +after 100 send -- "firejail --profile=./macro-blacklist.profile ls ~/Downloads\r" expect { @@ -70,7 +70,7 @@ expect { timeout {puts "TESTING ERROR 12\n";exit} "Permission denied" } -sleep 1 +after 100 send -- "firejail --profile=./macro-blacklist.profile ls ~/Music\r" expect { @@ -81,7 +81,7 @@ expect { timeout {puts "TESTING ERROR 14\n";exit} "Permission denied" } -sleep 1 +after 100 send -- "firejail --profile=./macro-blacklist.profile ls ~/Pictures\r" expect { @@ -92,7 +92,7 @@ expect { timeout {puts "TESTING ERROR 16\n";exit} "Permission denied" } -sleep 1 +after 100 send -- "firejail --profile=./macro-blacklist.profile ls ~/Videos\r" expect { @@ -103,7 +103,7 @@ expect { timeout {puts "TESTING ERROR 18\n";exit} "Permission denied" } -sleep 1 +after 100 send -- "firejail --profile=./macro-readonly.profile touch ~/Desktop/_firejail_test_file\r" expect { @@ -114,7 +114,7 @@ expect { timeout {puts "TESTING ERROR 20\n";exit} "Read-only file system" } -sleep 1 +after 100 send -- "firejail --profile=./macro-readonly.profile touch ~/Documents/_firejail_test_file\r" expect { @@ -125,7 +125,7 @@ expect { timeout {puts "TESTING ERROR 22\n";exit} "Read-only file system" } -sleep 1 +after 100 send -- "firejail --profile=./macro-readonly.profile touch ~/Downloads/_firejail_test_file\r" expect { @@ -136,7 +136,7 @@ expect { timeout {puts "TESTING ERROR 24\n";exit} "Read-only file system" } -sleep 1 +after 100 send -- "firejail --profile=./macro-readonly.profile touch ~/Music/_firejail_test_file\r" expect { @@ -147,7 +147,7 @@ expect { timeout {puts "TESTING ERROR 26\n";exit} "Read-only file system" } -sleep 1 +after 100 send -- "firejail --profile=./macro-readonly.profile touch ~/Pictures/_firejail_test_file\r" expect { @@ -158,7 +158,7 @@ expect { timeout {puts "TESTING ERROR 28\n";exit} "Read-only file system" } -sleep 1 +after 100 send -- "firejail --profile=./macro-readonly.profile touch ~/Videos/_firejail_test_file\r" expect { @@ -169,6 +169,6 @@ expect { timeout {puts "TESTING ERROR 30\n";exit} "Read-only file system" } -sleep 1 +after 100 puts "\nall done\n" From 96e66e1020d4059b764256ca0f30a4ef4569d7b8 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Fri, 24 Apr 2026 05:03:32 -0300 Subject: [PATCH 7/7] test/fs/macro.exp: check return value Fail faster instead of waiting for the timeout. See also commit a4e6495fd ("modif: do not follow symlinks to /dev/null on disable (#7129)", 2026-04-17). --- test/fs/macro.exp | 60 ++++++++++++++++++++++++++++------------------- 1 file changed, 36 insertions(+), 24 deletions(-) diff --git a/test/fs/macro.exp b/test/fs/macro.exp index e2f886794..5030a8bdf 100755 --- a/test/fs/macro.exp +++ b/test/fs/macro.exp @@ -39,135 +39,147 @@ expect { } after 100 -send -- "firejail --profile=./macro-blacklist.profile ls ~/Desktop\r" +send -- "firejail --profile=./macro-blacklist.profile ls ~/Desktop; echo ret \$?\r" expect { timeout {puts "TESTING ERROR 7\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 8\n";exit} - "Permission denied" + "Permission denied" {} + -re {ret 0} {puts "TESTING ERROR 8.1\n";exit} } after 100 -send -- "firejail --profile=./macro-blacklist.profile ls ~/Documents\r" +send -- "firejail --profile=./macro-blacklist.profile ls ~/Documents; echo ret \$?\r" expect { timeout {puts "TESTING ERROR 9\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 10\n";exit} - "Permission denied" + "Permission denied" {} + -re {ret 0} {puts "TESTING ERROR 10.1\n";exit} } after 100 -send -- "firejail --profile=./macro-blacklist.profile ls ~/Downloads\r" +send -- "firejail --profile=./macro-blacklist.profile ls ~/Downloads; echo ret \$?\r" expect { timeout {puts "TESTING ERROR 11\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 12\n";exit} - "Permission denied" + "Permission denied" {} + -re {ret 0} {puts "TESTING ERROR 12.1\n";exit} } after 100 -send -- "firejail --profile=./macro-blacklist.profile ls ~/Music\r" +send -- "firejail --profile=./macro-blacklist.profile ls ~/Music; echo ret \$?\r" expect { timeout {puts "TESTING ERROR 13\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 14\n";exit} - "Permission denied" + "Permission denied" {} + -re {ret 0} {puts "TESTING ERROR 14.1\n";exit} } after 100 -send -- "firejail --profile=./macro-blacklist.profile ls ~/Pictures\r" +send -- "firejail --profile=./macro-blacklist.profile ls ~/Pictures; echo ret \$?\r" expect { timeout {puts "TESTING ERROR 15\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 16\n";exit} - "Permission denied" + "Permission denied" {} + -re {ret 0} {puts "TESTING ERROR 16.1\n";exit} } after 100 -send -- "firejail --profile=./macro-blacklist.profile ls ~/Videos\r" +send -- "firejail --profile=./macro-blacklist.profile ls ~/Videos; echo ret \$?\r" expect { timeout {puts "TESTING ERROR 17\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 18\n";exit} - "Permission denied" + "Permission denied" {} + -re {ret 0} {puts "TESTING ERROR 18.1\n";exit} } after 100 -send -- "firejail --profile=./macro-readonly.profile touch ~/Desktop/_firejail_test_file\r" +send -- "firejail --profile=./macro-readonly.profile touch ~/Desktop/_firejail_test_file; echo ret \$?\r" expect { timeout {puts "TESTING ERROR 19\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 20\n";exit} - "Read-only file system" + "Read-only file system" {} + -re {ret 0} {puts "TESTING ERROR 20.1\n";exit} } after 100 -send -- "firejail --profile=./macro-readonly.profile touch ~/Documents/_firejail_test_file\r" +send -- "firejail --profile=./macro-readonly.profile touch ~/Documents/_firejail_test_file; echo ret \$?\r" expect { timeout {puts "TESTING ERROR 21\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 22\n";exit} - "Read-only file system" + "Read-only file system" {} + -re {ret 0} {puts "TESTING ERROR 22.1\n";exit} } after 100 -send -- "firejail --profile=./macro-readonly.profile touch ~/Downloads/_firejail_test_file\r" +send -- "firejail --profile=./macro-readonly.profile touch ~/Downloads/_firejail_test_file; echo ret \$?\r" expect { timeout {puts "TESTING ERROR 23\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 24\n";exit} - "Read-only file system" + "Read-only file system" {} + -re {ret 0} {puts "TESTING ERROR 24.1\n";exit} } after 100 -send -- "firejail --profile=./macro-readonly.profile touch ~/Music/_firejail_test_file\r" +send -- "firejail --profile=./macro-readonly.profile touch ~/Music/_firejail_test_file; echo ret \$?\r" expect { timeout {puts "TESTING ERROR 25\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 26\n";exit} - "Read-only file system" + "Read-only file system" {} + -re {ret 0} {puts "TESTING ERROR 26.1\n";exit} } after 100 -send -- "firejail --profile=./macro-readonly.profile touch ~/Pictures/_firejail_test_file\r" +send -- "firejail --profile=./macro-readonly.profile touch ~/Pictures/_firejail_test_file; echo ret \$?\r" expect { timeout {puts "TESTING ERROR 27\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 28\n";exit} - "Read-only file system" + "Read-only file system" {} + -re {ret 0} {puts "TESTING ERROR 28.1\n";exit} } after 100 -send -- "firejail --profile=./macro-readonly.profile touch ~/Videos/_firejail_test_file\r" +send -- "firejail --profile=./macro-readonly.profile touch ~/Videos/_firejail_test_file; echo ret \$?\r" expect { timeout {puts "TESTING ERROR 29\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 30\n";exit} - "Read-only file system" + "Read-only file system" {} + -re {ret 0} {puts "TESTING ERROR 30.1\n";exit} } after 100