update make test-appimage - the test script doesn't work anymore on Debian version 13; I had to replace the program packaged, and generate a new appimage

test/appimage/appimage-trace.exp

@@ -15,15 +15,11 @@ expect {
 }
 expect {
 	timeout {puts "TESTING ERROR 2\n";exit}
-	"AppRun:exec"
+	"/proc/self/status"
 }
 expect {
-	timeout {puts "TESTING ERROR 3\n";exit}
-	"AppRun:opendir"
-}
-expect {
-	timeout {puts "TESTING ERROR 4\n";exit}
-	"Hello, World!"
+	timeout {puts "TESTING ERROR 2\n";exit}
+	"Seccomp 2"
 }
 
 after 500

test/appimage/appimage-v2.exp

@@ -15,81 +15,16 @@ expect {
 }
 expect {
 	timeout {puts "TESTING ERROR 1.1\n";exit}
-	"Hello, World!"
+	"container firejail"
 }
 expect {
 	timeout {puts "TESTING ERROR 1.2\n";exit}
-	"Operation not permitted" {puts "1"}
-	"Permission denied" {puts "2"}
+	"NoNewPrivs 1"
 }
 expect {
 	timeout {puts "TESTING ERROR 1.3\n";exit}
-	"Hello, again!"
+	"Seccomp 2"
 }
-sleep 5
-
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-	timeout {puts "TESTING ERROR 3\n";exit}
-	":firejail"
-}
-expect {
-	timeout {puts "TESTING ERROR 3.1\n";exit}
-	"appimage hello-x86_64"
-}
-after 100
-
-send -- "firejail --name=blablabla\r"
-expect {
-	timeout {puts "TESTING ERROR 4\n";exit}
-	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firemon --seccomp\r"
-expect {
-	timeout {puts "TESTING ERROR 5\n";exit}
-	"need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-	"appimage hello-x86_64"
-}
-expect {
-	timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-	"Seccomp:	2"
-}
-expect {
-	timeout {puts "TESTING ERROR 5.1\n";exit}
-	"name=blablabla"
-}
-after 100
-send -- "firemon --caps\r"
-expect {
-	timeout {puts "TESTING ERROR 6\n";exit}
-	"appimage hello-x86_64"
-}
-expect {
-	timeout {puts "TESTING ERROR 6.1\n";exit}
-	"CapBnd:"
-}
-expect {
-	timeout {puts "TESTING ERROR 6.2\n";exit}
-	"0000000000000000"
-}
-expect {
-	timeout {puts "TESTING ERROR 6.3\n";exit}
-	"name=blablabla"
-}
-after 100
-
-spawn $env(SHELL)
-send -- "firejail --shutdown=test\r"
-set spawn_id $appimage_id
-expect {
-	timeout {puts "shutdown\n"}
-	"AppImage detached"
-}
-
-after 100
+after 500
 
 puts "\nall done\n"

test/appimage/filename.exp

@@ -26,7 +26,7 @@ expect {
 	timeout {puts "TESTING ERROR 2\n";exit}
 	-re "Error: .*mounting appimage"
 }
-after 100
+after 500
 
 
 

test/appimage/main.c

@@ -1,31 +1,54 @@
-// This is a simple hello program compiled on Debian 11 (glibc 2.31)
-// and packaged as an appimage using appimagetool from
-// https://github.com/AppImage/AppImageKit. The tool in installed
-// in the current directory.
-//
-// Building the appimage:
-//	mkdir -p AppDir/usr/bin
-//	gcc -o AppDir/usr/bin/hello main.c && strip AppDir/usr/bin/hello
-//	./appimagetool AppDir
-
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <string.h>
+
+#define MAXBUF 1024
 
 int main(int argc, char **argv) {
+	printf("Hello, Firejail!\n");
+	
 	// test args
 	int i;
 	for (i = 1; i < argc; i++)
 		printf("%d - %s\n", i, argv[i]);
 
-	printf("Hello, World!\n");
 
-	// elevate privileges - firejail should block it
-	system("ping -c 3 127.0.0.1\n");
-
-	printf("Hello, again!\n");
-	sleep(30);
+    
+	char *cont = getenv("container");
+	if (cont)
+		printf("\n*** container %s ***\n", cont);
+	else
+		printf("\n*** container none ***\n");
+	sleep(1);
 
+	FILE *fp = fopen("/proc/self/status", "r");
+	if (!fp)
+		printf("Cannot open proc self status\n");
+	else {
+		char buf[MAXBUF];
+		while (fgets(buf, MAXBUF, fp)) {
+			char *ptr = strchr(buf, '\n');
+			if (ptr)
+				*ptr = '\0';
+		    
+			if (strncmp(buf, "NoNewPrivs:", 11) == 0) {
+				ptr = buf + 11;
+				while (*ptr == ' ' || *ptr == '\t')
+					ptr++;
+				printf("*** NoNewPrivs %s ***\n", ptr);
+				sleep(1);
+			}
+			
+			if (strncmp(buf, "Seccomp:", 8) == 0) {
+				ptr = buf + 8;
+				while (*ptr == ' ' || *ptr == '\t')
+					ptr++;
+				printf("*** Seccomp %s ***\n", ptr);
+			}
+		}
+		fclose(fp);
+	}
+	    
 	return 0;
 }