testing

2026-05-15 14:16:14 -06:00 · 2023-03-07 08:30:53 -05:00 · 2023-03-07 08:30:53 -05:00 · a12601f02a
commit a12601f02a
parent 1f5f84f959
9 changed files with 167 additions and 47 deletions
--- a/gcov.sh
+++ b/gcov.sh
@ -13,7 +13,7 @@ gcov_generate() {
 	USER="$(whoami)"
 	find . -exec sudo chown "$USER:$USER" '{}' +
 	lcov -q --capture -d src/firejail -d src/lib -d src/firecfg -d src/firemon \
-		-d src/fnet -d src/fnetfilter --output-file gcov-file
+		-d src/fnet -d src/fnetfilter -d src/fcopy --output-file gcov-file
 	genhtml -q gcov-file --output-directory gcov-dir
 }

@ -21,29 +21,29 @@ rm -fr gcov-dir gcov-file
 firejail --version
 gcov_generate

-#make test-firecfg | grep TESTING
-#gcov_generate
-#make test-apparmor | grep TESTING
-#gcov_generate
+make test-firecfg | grep TESTING
+gcov_generate
+make test-apparmor | grep TESTING
+gcov_generate
 make test-network | grep TESTING
 gcov_generate
-#make test-appimage | grep TESTING
-#gcov_generate
-#make test-chroot | grep TESTING
-#gcov_generate
-#make test-sysutils | grep TESTING
-#gcov_generate
-#make test-private-etc | grep TESTING
-#gcov_generate
-#make test-profiles | grep TESTING
-#gcov_generate
-#make test-fcopy | grep TESTING
-#gcov_generate
+make test-appimage | grep TESTING
+gcov_generate
+make test-chroot | grep TESTING
+gcov_generate
+make test-sysutils | grep TESTING
+gcov_generate
+make test-private-etc | grep TESTING
+gcov_generate
+make test-profiles | grep TESTING
+gcov_generate
+make test-fcopy | grep TESTING
+gcov_generate
 make test-fnetfilter | grep TESTING
 gcov_generate
-#make test-fs | grep TESTING
-#gcov_generate
-#make test-utils | grep TESTING
-#gcov_generate
-#make test-environment | grep TESTING
-#gcov_generate
+make test-fs | grep TESTING
+gcov_generate
+make test-utils | grep TESTING
+gcov_generate
+make test-environment | grep TESTING
+gcov_generate
--- a/src/firejail/network.c
+++ b/src/firejail/network.c
@ -89,30 +89,6 @@ int net_get_mtu(const char *ifname) {
 	return mtu;
 }

-//void net_set_mtu(const char *ifname, int mtu) {
-//	if (strlen(ifname) > IFNAMSIZ) {
-//		fprintf(stderr, "Error: invalid network device name %s\n", ifname);
-//		exit(1);
-//	}
-//
-//	if (arg_debug)
-//		printf("set interface %s MTU %d.\n", ifname, mtu);
-//
-//	int s;
-//	struct ifreq ifr;
-//
-//	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
-//		errExit("socket");
-//
-//	memset(&ifr, 0, sizeof(ifr));
-//	ifr.ifr_addr.sa_family = AF_INET;
-//	strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
-//	ifr.ifr_mtu = mtu;
-//	if (ioctl(s, SIOCSIFMTU, (caddr_t)&ifr) != 0)
-//		fwarning("cannot set mtu for interface %s\n", ifname);
-//	close(s);
-//}
-
 // return -1 if the interface was not found; if the interface was found return 0 and fill in IP address and mask
 int net_get_if_addr(const char *bridge, uint32_t *ip, uint32_t *mask, uint8_t mac[6], int *mtu) {
 	assert(bridge);
--- a/src/firejail/sbox.c
+++ b/src/firejail/sbox.c
@ -26,6 +26,7 @@
 #include <sys/resource.h>
 #include <sys/wait.h>
 #include "../include/seccomp.h"
+#include "../include/gcov_wrapper.h"

 #include <fcntl.h>
 #ifndef O_PATH
@ -238,6 +239,7 @@ static int __attribute__((noreturn)) sbox_do_exec_v(unsigned filtermask, char *
 			fprintf(stderr, "Error: %s is world writable, refusing to execute\n", arg[0]);
 			exit(1);
 		}
+		__gcov_dump();
 		fexecve(fd, arg, new_environment);
 	} else {
 		assert(0);
--- a/test/network/ip6_netfilter.exp
+++ b/test/network/ip6_netfilter.exp
@ -0,0 +1,31 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# check default netfilter on br0
+send -- "firejail --name=test --net=br0 --netfilter6=ip6_netfilter.profile\r"
+expect {
+	timeout {puts "TESTING ERROR 0\n";exit}
+	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+sleep 2
+spawn $env(SHELL)
+
+# check default netfilter no new network
+send -- "firejail --netfilter6.print=test\r"
+expect {
+	timeout {puts "TESTING ERROR 1\n";exit}
+	"DROP"
+}
+expect {
+	timeout {puts "TESTING ERROR 2\n";exit}
+	"2001:db8:1f0a:3ec::2"
+}
+
+after 500
+puts "all done\n"
--- a/test/network/ip6_netfilter.profile
+++ b/test/network/ip6_netfilter.profile
@ -0,0 +1,8 @@
+# Generated by ip6tables-save v1.4.14 on Wed Jan 13 10:53:40 2016
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -s 2001:db8:1f0a:3ec::2/128 -j DROP
+COMMIT
+# Completed on Wed Jan 13 10:53:40 2016
--- a/test/network/net_bandwidth.exp
+++ b/test/network/net_bandwidth.exp
@ -0,0 +1,51 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --name=test --net=br0\r"
+expect {
+	timeout {puts "TESTING ERROR 1\n";exit}
+	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+sleep 2
+
+spawn $env(SHELL)
+send -- "firejail --bandwidth=test set br0 10 20\r"
+expect {
+	timeout {puts "TESTING ERROR 2\n";exit}
+	"Download speed  80kbps"
+}
+expect {
+	timeout {puts "TESTING ERROR 3\n";exit}
+	"Upload speed  160kbps"
+}
+expect {
+	timeout {puts "TESTING ERROR 4\n";exit}
+	"configuring tc ingress"
+}
+expect {
+	timeout {puts "TESTING ERROR 5\n";exit}
+	"configuring tc egress"
+}
+after 500
+
+send -- "firejail --bandwidth=test status\r"
+expect {
+	timeout {puts "TESTING ERROR 6\n";exit}
+	"rate 160Kbit burst 10Kb"
+}
+after 500
+
+send -- "firejail --bandwidth=test clear br0\r"
+expect {
+	timeout {puts "TESTING ERROR 7\n";exit}
+	"Removing bandwidth limits"
+}
+sleep 1
+
+puts "\nall done\n"
--- a/test/network/net_ip.exp
+++ b/test/network/net_ip.exp
@ -130,4 +130,44 @@ expect {
 }

 after 500
+
+send -- "firejail --profile=net_ip.profile ip addr show\r"
+expect {
+	timeout {puts "TESTING ERROR 26\n";exit}
+	"eth0"
+}
+expect {
+	timeout {puts "TESTING ERROR 27\n";exit}
+	"00:11:22:33:44:55"
+}
+expect {
+	timeout {puts "TESTING ERROR 28\n";exit}
+	"10.10.20.55"
+}
+expect {
+	timeout {puts "TESTING ERROR 29\n";exit}
+	"Default gateway 10.10.20.9"
+}
+expect {
+	timeout {puts "TESTING ERROR 30\n";exit}
+	"00:11:22:33:44:55"
+}
+expect {
+	timeout {puts "TESTING ERROR 31\n";exit}
+	"10.10.20.55"
+}
+after 500
+
+send -- "firejail --profile=net_ip.profile ip route  show\r"
+expect {
+	timeout {puts "TESTING ERROR 32\n";exit}
+	"default via 10.10.20.9"
+}
+expect {
+	timeout {puts "TESTING ERROR 33\n";exit}
+	"10.10.20.0/24 dev eth0 proto kernel scope link src 10.10.20.55"
+}
+after 500
+
+
 puts "\nall done\n"
--- a/test/network/net_ip.profile
+++ b/test/network/net_ip.profile
@ -0,0 +1,6 @@
+net br0
+ip 10.10.20.55
+defaultgw 10.10.20.9
+mac 00:11:22:33:44:55
+mtu 1000
+
--- a/test/network/network.sh
+++ b/test/network/network.sh
@ -33,8 +33,14 @@ echo "TESTING: print network (net-print.exp)"
 echo "TESTING: print dns (dns-print.exp)"
 ./dns-print.exp

+echo "TESTING: bandwidth (net_bandwidth.exp)"
+./net_bandwidth.exp
+
 echo "TESTING: ipv6 (ip6.exp)"
 ./ip6.exp

+#echo "TESTING: ipv6 netfilter(ip6_netfilter.exp)"
+#./ip6_netfilter.exp
+
 sudo ip link set br0 down
 sudo brctl delbr br0