feature testing

2026-05-17 22:01:50 -06:00 · 2015-11-22 15:12:47 -05:00 · 2015-11-22 15:12:47 -05:00 · d8bcb4583c
commit d8bcb4583c
parent 744a315970
5 changed files with 22 additions and 15 deletions
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@ -533,17 +533,15 @@ void fs_proc_sys_dev_boot(void) {
 	// disable /boot
 	if (stat("/boot", &s) == 0) {
 		if (arg_debug)
-			printf("Mounting a new /boot directory\n");
-		if (mount("tmpfs", "/boot", "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC,  "mode=777,gid=0") < 0)
-			errExit("mounting /boot directory");
+			printf("Disable /boot directory\n");
+		disable_file(BLACKLIST_FILE, "/boot");
 	}
 	
 	// disable /selinux
 	if (stat("/selinux", &s) == 0) {
 		if (arg_debug)
-			printf("Mounting a new /selinux directory\n");
-		if (mount("tmpfs", "/selinux", "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC,  "mode=777,gid=0") < 0)
-			errExit("mounting /selinux directory");
+			printf("Disable /selinux directory\n");
+		disable_file(BLACKLIST_FILE, "/selinux");
 	}
 	
 	// disable /dev/port
--- a/test/configure
+++ b/test/configure
@ -29,6 +29,8 @@ mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,v
 mkdir -p $ROOTDIR/etc/firejail
 mkdir -p $ROOTDIR/home/netblue/.config/firejail
 mkdir $ROOTDIR/home/someotheruser
+mkdir $ROOTDIR/boot
+mkdir $ROOTDIR/selinux
 cp /etc/passwd $ROOTDIR/etc/.
 cp /etc/group $ROOTDIR/etc/.
 touch $ROOTDIR/var/log/syslog
--- a/test/features/1.1.exp
+++ b/test/features/1.1.exp
@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 #
-# new /boot
+# disable /boot
 #

 set timeout 10
@ -17,10 +17,10 @@ expect {
 }
 sleep 1

-send -- "ls -l /boot | wc -l\r"
+send -- "ls -l /boot\r"
 expect {
 	timeout {puts "TESTING ERROR 1\n";exit}
-	"1"
+	"Permission denied"
 }
 after 100
 send -- "exit\r"
@ -37,10 +37,10 @@ expect {
 }
 sleep 1

-send -- "ls -l /boot | wc -l\r"
+send -- "ls -l /boot\r"
 expect {
 	timeout {puts "TESTING ERROR 3\n";exit}
-	"1"
+	"Permission denied"
 }
 after 100
 send -- "exit\r"
@ -56,10 +56,10 @@ expect {
 }
 sleep 1

-send -- "ls -l /boot | wc -l\r"
+send -- "ls -l /boot\r"
 expect {
 	timeout {puts "TESTING ERROR 5\n";exit}
-	"1"
+	"Permission denied"
 }
 after 100
 send -- "exit\r"
--- a/test/features/features.txt
+++ b/test/features/features.txt
@ -8,7 +8,7 @@ C - chroot filesystem

 1. Default features (tesing with --noprofile)

-1.1 new /boot
+1.1 disable /boot
 	- N, O, C

 1.2 new /proc
@ -36,6 +36,10 @@ C - chroot filesystem

 1.9 mount namespace

+1.10 disable /selinux
+	- N, O, C
+
+

 2. Networking features

--- a/test/features/test.sh
+++ b/test/features/test.sh
@ -4,7 +4,7 @@
 # Feature testing
 #

-echo "TESTING: 1.1 new /boot"
+echo "TESTING: 1.1 disable /boot"
 ./1.1.exp

 echo "TESTING: 1.2 new /proc"
@ -25,3 +25,6 @@ echo "TESTING: 1.7 new /var/tmp"
 echo "TESTING: 1.8 disable /etc/firejail and ~/.config/firejail"
 ./1.8.exp

+echo "TESTING: 1.10 disable /selinux"
+./1.10.exp
+