diff --git a/src/libpostexecseccomp/libpostexecseccomp.h b/src/libpostexecseccomp/libpostexecseccomp.h index 52d3128c9..f32040135 100644 --- a/src/libpostexecseccomp/libpostexecseccomp.h +++ b/src/libpostexecseccomp/libpostexecseccomp.h @@ -20,6 +20,6 @@ #ifndef LIBPOSTEXECSECCOMP_H #define LIBPOSTEXECSECCOMP_H -#define RUN_SECCOMP_POSTEXEC "/run/firejail/mnt/seccomp.postexec" +#define RUN_SECCOMP_POSTEXEC "/run/firejail/mnt/seccomp/seccomp.postexec" #endif diff --git a/test/filters/seccomp-debug.exp b/test/filters/seccomp-debug.exp index cceeb7041..dc4bf34f2 100755 --- a/test/filters/seccomp-debug.exp +++ b/test/filters/seccomp-debug.exp @@ -1,6 +1,6 @@ #!/usr/bin/expect -f # This file is part of Firejail project -# Copyright (C) 2014-2018 Firejail Authors +# Copyright (C) 2014-2019 Firejail Authors # License GPL v2 set timeout 10 @@ -13,7 +13,7 @@ after 100 send -- "firejail --debug sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 0\n";exit} - "seccomp entries in /run/firejail/mnt/seccomp" + "seccomp entries in /run/firejail/mnt/seccomp/seccomp" } expect { timeout {puts "TESTING ERROR 2\n";exit} @@ -38,15 +38,15 @@ expect { } expect { timeout {puts "TESTING ERROR 6\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 7\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" } expect { timeout {puts "TESTING ERROR 8\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } expect { timeout {puts "TESTING ERROR 9\n";exit} @@ -58,15 +58,15 @@ after 100 send -- "firejail --debug --ignore=seccomp sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 10\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 11\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 12\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" {puts "TESTING ERROR 11\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 12\n";exit} "Child process initialized" } expect { timeout {puts "TESTING ERROR 13\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 14\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 15\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" {puts "TESTING ERROR 14\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 15\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } expect { timeout {puts "TESTING ERROR 16\n";exit} @@ -78,18 +78,18 @@ after 100 send -- "firejail --debug --ignore=protocol sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 17\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 18\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" {puts "TESTING ERROR 18\n";exit} "Child process initialized" } expect { timeout {puts "TESTING ERROR 19\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 20\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" {puts "TESTING ERROR 20\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 21\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 22\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" {puts "TESTING ERROR 22\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" } expect { timeout {puts "TESTING ERROR 23\n";exit} @@ -105,7 +105,7 @@ expect { } expect { timeout {puts "TESTING ERROR 25\n";exit} - "Installing /run/firejail/mnt/seccomp.mdwx seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter" } expect { timeout {puts "TESTING ERROR 26\n";exit} @@ -117,18 +117,18 @@ expect { send -- "firejail --debug --seccomp.block-secondary sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 27\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 28\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 28\n";exit} "Child process initialized" } expect { timeout {puts "TESTING ERROR 29\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 30\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 30\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 31\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 32\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 32\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } expect { timeout {puts "TESTING ERROR 33\n";exit} @@ -140,13 +140,13 @@ after 100 send -- "firejail --debug --profile=block-secondary.profile sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 33\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 34\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 34\n";exit} "Child process initialized" } expect { timeout {puts "TESTING ERROR 35\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 37\n";exit} diff --git a/test/filters/seccomp-join.exp b/test/filters/seccomp-join.exp index 7a869b85f..f1d57238b 100755 --- a/test/filters/seccomp-join.exp +++ b/test/filters/seccomp-join.exp @@ -1,6 +1,6 @@ #!/usr/bin/expect -f # This file is part of Firejail project -# Copyright (C) 2014-2018 Firejail Authors +# Copyright (C) 2014-2019 Firejail Authors # License GPL v2 set timeout 10 @@ -20,15 +20,15 @@ set spawn_id $id1 send -- "firejail --name=jointesting --debug\r" expect { timeout {puts "TESTING ERROR 0\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 1\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" } expect { timeout {puts "TESTING ERROR 2\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } sleep 1 @@ -37,15 +37,15 @@ set spawn_id $id2 send -- "firejail --debug --join=jointesting\r" expect { timeout {puts "TESTING ERROR 3\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 4\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" } expect { timeout {puts "TESTING ERROR 5\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } sleep 1 @@ -64,16 +64,16 @@ set spawn_id $id1 send -- "firejail --name=jointesting --seccomp.block-secondary --debug\r" expect { timeout {puts "TESTING ERROR 10\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 11\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 12\n";exit} - "Installing /run/firejail/mnt/seccomp.block_secondary seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 12\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.block_secondary seccomp filter" } expect { timeout {puts "TESTING ERROR 13\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } sleep 1 @@ -81,15 +81,15 @@ set spawn_id $id2 send -- "firejail --debug --join=jointesting\r" expect { timeout {puts "TESTING ERROR 14\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 15\n";exit} - "Installing /run/firejail/mnt/seccomp.block_secondary seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.block_secondary seccomp filter" } expect { timeout {puts "TESTING ERROR 16\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } sleep 1 @@ -106,7 +106,7 @@ set spawn_id $id1 send -- "firejail --name=jointesting --noprofile --protocol=inet --debug\r" expect { timeout {puts "TESTING ERROR 22\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } sleep 1 @@ -115,9 +115,9 @@ set spawn_id $id2 send -- "firejail --debug --join=jointesting\r" expect { timeout {puts "TESTING ERROR 23\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 24\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 25\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" {puts "TESTING ERROR 24\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 25\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } sleep 1 @@ -134,7 +134,7 @@ set spawn_id $id1 send -- "firejail --name=jointesting --noprofile --memory-deny-write-execute --debug\r" expect { timeout {puts "TESTING ERROR 32\n";exit} - "Installing /run/firejail/mnt/seccomp.mdwx seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter" } sleep 1 @@ -143,10 +143,10 @@ set spawn_id $id2 send -- "firejail --debug --join=jointesting\r" expect { timeout {puts "TESTING ERROR 33\n";exit} - "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 34\n";exit} - "Installing /run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 36\n";exit} - "Installing /run/firejail/mnt/seccomp.mdwx seccomp filter" + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" {puts "TESTING ERROR 34\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" {puts "TESTING ERROR 36\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter" } sleep 1 diff --git a/test/filters/seccomp-run-files.exp b/test/filters/seccomp-run-files.exp index 7a1345902..3f4e506af 100755 --- a/test/filters/seccomp-run-files.exp +++ b/test/filters/seccomp-run-files.exp @@ -1,6 +1,6 @@ #!/usr/bin/expect -f # This file is part of Firejail project -# Copyright (C) 2014-2018 Firejail Authors +# Copyright (C) 2014-2019 Firejail Authors # License GPL v2 set timeout 10 @@ -10,18 +10,18 @@ match_max 100000 send -- "firejail --debug\r" expect { timeout {puts "TESTING ERROR 0\n";exit} - "/run/firejail/mnt/seccomp seccomp filter" + "/run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 1\n";exit} - "/run/firejail/mnt/seccomp.32 seccomp filter" + "/run/firejail/mnt/seccomp/seccomp.32 seccomp filter" } expect { timeout {puts "TESTING ERROR 2\n";exit} - "/run/firejail/mnt/seccomp.protocol seccomp filter" + "/run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } after 100 -send -- "ls -l /run/firejail/mnt | grep -c seccomp\r" +send -- "ls -l /run/firejail/mnt/seccomp | grep -c seccomp\r" expect { timeout {puts "TESTING ERROR 3\n";exit} "5" @@ -32,16 +32,16 @@ sleep 1 send -- "firejail --ignore=seccomp --debug\r" expect { timeout {puts "TESTING ERROR 4\n";exit} - "/run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 5\n";exit} - "/run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 6\n";exit} - "/run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 7\n";exit} - "/run/firejail/mnt/seccomp.protocol seccomp filter" + "/run/firejail/mnt/seccomp/seccomp seccomp filter" {puts "TESTING ERROR 5\n";exit} + "/run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 6\n";exit} + "/run/firejail/mnt/seccomp/seccomp.64 seccomp filter" {puts "TESTING ERROR 7\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } after 100 -send -- "ls -l /run/firejail/mnt | grep -c seccomp\r" +send -- "ls -l /run/firejail/mnt/seccomp | grep -c seccomp\r" expect { timeout {puts "TESTING ERROR 8\n";exit} - "2" + "3" } send -- "exit\r" sleep 1 @@ -49,22 +49,22 @@ sleep 1 send -- "firejail --ignore=protocol --debug\r" expect { timeout {puts "TESTING ERROR 9\n";exit} - "/run/firejail/mnt/seccomp seccomp filter" + "/run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 10\n";exit} - "/run/firejail/mnt/seccomp.32 seccomp filter" + "/run/firejail/mnt/seccomp/seccomp.32 seccomp filter" } expect { timeout {puts "TESTING ERROR 11\n";exit} - "/run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 12\n";exit} + "/run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" {puts "TESTING ERROR 12\n";exit} "monitoring" } after 100 send -- "ls -l /run/firejail/mnt | grep -c seccomp\r" expect { timeout {puts "TESTING ERROR 13\n";exit} - "3" + "4" } send -- "exit\r" sleep 1 @@ -72,22 +72,22 @@ sleep 1 send -- "firejail --memory-deny-write-execute --debug\r" expect { timeout {puts "TESTING ERROR 14\n";exit} - "/run/firejail/mnt/seccomp.mdwx seccomp filter" + "/run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter" } expect { timeout {puts "TESTING ERROR 15\n";exit} - "/run/firejail/mnt/seccomp seccomp filter" + "/run/firejail/mnt/seccomp/seccomp seccomp filter" } expect { timeout {puts "TESTING ERROR 16\n";exit} - "/run/firejail/mnt/seccomp.32 seccomp filter" + "/run/firejail/mnt/seccomp/seccomp.32 seccomp filter" } expect { timeout {puts "TESTING ERROR 17\n";exit} - "/run/firejail/mnt/seccomp.protocol seccomp filter" + "/run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" } after 100 -send -- "ls -l /run/firejail/mnt | grep -c seccomp\r" +send -- "ls -l /run/firejail/mnt/seccomp | grep -c seccomp\r" expect { timeout {puts "TESTING ERROR 18\n";exit} "6"