From d8bcb4583cdffeefb052dbacb2441cd545ccf9eb Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 22 Nov 2015 15:12:47 -0500 Subject: [PATCH] feature testing --- src/firejail/fs.c | 10 ++++------ test/configure | 2 ++ test/features/1.1.exp | 14 +++++++------- test/features/features.txt | 6 +++++- test/features/test.sh | 5 ++++- 5 files changed, 22 insertions(+), 15 deletions(-) diff --git a/src/firejail/fs.c b/src/firejail/fs.c index a0a7d9342..5ddbcec34 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c @@ -533,17 +533,15 @@ void fs_proc_sys_dev_boot(void) { // disable /boot if (stat("/boot", &s) == 0) { if (arg_debug) - printf("Mounting a new /boot directory\n"); - if (mount("tmpfs", "/boot", "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) - errExit("mounting /boot directory"); + printf("Disable /boot directory\n"); + disable_file(BLACKLIST_FILE, "/boot"); } // disable /selinux if (stat("/selinux", &s) == 0) { if (arg_debug) - printf("Mounting a new /selinux directory\n"); - if (mount("tmpfs", "/selinux", "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) - errExit("mounting /selinux directory"); + printf("Disable /selinux directory\n"); + disable_file(BLACKLIST_FILE, "/selinux"); } // disable /dev/port diff --git a/test/configure b/test/configure index 95a6e664a..ae6a49eeb 100755 --- a/test/configure +++ b/test/configure @@ -29,6 +29,8 @@ mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,v mkdir -p $ROOTDIR/etc/firejail mkdir -p $ROOTDIR/home/netblue/.config/firejail mkdir $ROOTDIR/home/someotheruser +mkdir $ROOTDIR/boot +mkdir $ROOTDIR/selinux cp /etc/passwd $ROOTDIR/etc/. cp /etc/group $ROOTDIR/etc/. touch $ROOTDIR/var/log/syslog diff --git a/test/features/1.1.exp b/test/features/1.1.exp index 5ba123107..06c42c815 100755 --- a/test/features/1.1.exp +++ b/test/features/1.1.exp @@ -1,6 +1,6 @@ #!/usr/bin/expect -f # -# new /boot +# disable /boot # set timeout 10 @@ -17,10 +17,10 @@ expect { } sleep 1 -send -- "ls -l /boot | wc -l\r" +send -- "ls -l /boot\r" expect { timeout {puts "TESTING ERROR 1\n";exit} - "1" + "Permission denied" } after 100 send -- "exit\r" @@ -37,10 +37,10 @@ expect { } sleep 1 -send -- "ls -l /boot | wc -l\r" +send -- "ls -l /boot\r" expect { timeout {puts "TESTING ERROR 3\n";exit} - "1" + "Permission denied" } after 100 send -- "exit\r" @@ -56,10 +56,10 @@ expect { } sleep 1 -send -- "ls -l /boot | wc -l\r" +send -- "ls -l /boot\r" expect { timeout {puts "TESTING ERROR 5\n";exit} - "1" + "Permission denied" } after 100 send -- "exit\r" diff --git a/test/features/features.txt b/test/features/features.txt index 01941e8f8..3342a1635 100644 --- a/test/features/features.txt +++ b/test/features/features.txt @@ -8,7 +8,7 @@ C - chroot filesystem 1. Default features (tesing with --noprofile) -1.1 new /boot +1.1 disable /boot - N, O, C 1.2 new /proc @@ -36,6 +36,10 @@ C - chroot filesystem 1.9 mount namespace +1.10 disable /selinux + - N, O, C + + 2. Networking features diff --git a/test/features/test.sh b/test/features/test.sh index ab00f7f29..341126a09 100755 --- a/test/features/test.sh +++ b/test/features/test.sh @@ -4,7 +4,7 @@ # Feature testing # -echo "TESTING: 1.1 new /boot" +echo "TESTING: 1.1 disable /boot" ./1.1.exp echo "TESTING: 1.2 new /proc" @@ -25,3 +25,6 @@ echo "TESTING: 1.7 new /var/tmp" echo "TESTING: 1.8 disable /etc/firejail and ~/.config/firejail" ./1.8.exp +echo "TESTING: 1.10 disable /selinux" +./1.10.exp +