github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6
firejail/test/private-etc/hostname.exp
Kelvin M. Klann 09329b990f modif: replace --keep-hostname with new --hostname-randomize 
Changes:

* Keep hostname by default (same as using `--keep-hostname`)
* Add  `--hostname-randomize` command to randomize the hostname
* Ignore `--keep-hostname` command and print a warning if it is used

Setting a different hostname inside of the sandbox may prevent X11
programs from authenticating to the X server and displaying windows at
all (see #7062).

To avoid breakage, keep the hostname as is by default and only set it to
a random value if a new `hostname-randomize` command is used.

This also avoids potentially surprising behavior, as the user might not
expect the hostname to be changed inside of the sandbox, considering
that usually the protections that are applied firejail involve
restricting access to resources (like file paths), rather than modifying
their values inside of the sandbox.

Fixes #7062

Relates to #7048 #7069.
2026-03-08 02:12:26 -03:00

140 lines
2.8 KiB
Text
Executable file
Raw Permalink Blame History

#!/usr/bin/expect -f
# This file is part of Firejail project
# Copyright (C) 2014-2026 Firejail Authors
# License GPL v2
set timeout 10
spawn $env(SHELL)
match_max 100000
send -- "firejail --hostname=foo cat /etc/hostname\r"
expect {
timeout {puts "TESTING ERROR 0\n";exit}
"Child process initialized"
}
expect {
timeout {puts "TESTING ERROR 0.1\n";exit}
"foo"
}
sleep 1
send -- "firejail --hostname=foo cat /proc/sys/kernel/hostname\r"
expect {
timeout {puts "TESTING ERROR 0\n";exit}
"Child process initialized"
}
expect {
timeout {puts "TESTING ERROR 0.1\n";exit}
"foo"
}
sleep 1
send -- "firejail --hostname=foo --private-etc cat /etc/hostname\r"
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"Child process initialized"
}
expect {
timeout {puts "TESTING ERROR 1.1\n";exit}
"foo"
}
sleep 1
send -- "firejail --hosts-file=hosts-file cat /etc/hosts\r"
expect {
timeout {puts "TESTING ERROR 2\n";exit}
"Child process initialized"
}
expect {
timeout {puts "TESTING ERROR 2.1\n";exit}
"blablabla"
}
sleep 1
send -- "firejail --hosts-file=hosts-file --private-etc cat /etc/hosts\r"
expect {
timeout {puts "TESTING ERROR 3\n";exit}
"Child process initialized"
}
expect {
timeout {puts "TESTING ERROR 3.1\n";exit}
"blablabla"
}
sleep 1
send -- "firejail --hosts-file=hosts-file --hostname=foo cat /etc/hosts\r"
expect {
timeout {puts "TESTING ERROR 4\n";exit}
"Child process initialized"
}
expect {
timeout {puts "TESTING ERROR 4.1\n";exit}
"foo"
}
expect {
timeout {puts "TESTING ERROR 4.2\n";exit}
"blablabla"
}
sleep 1
send -- "firejail --hosts-file=hosts-file --hostname=foo --private-etc cat /etc/hosts\r"
expect {
timeout {puts "TESTING ERROR 5\n";exit}
"Child process initialized"
}
expect {
timeout {puts "TESTING ERROR 5.1\n";exit}
"foo"
}
expect {
timeout {puts "TESTING ERROR 5.2\n";exit}
"blablabla"
}
sleep 1
# ping test
send -- "firejail --noprofile --hostname=foo --private-etc ping -c 3 foo\r"
expect {
timeout {puts "TESTING ERROR 6\n";exit}
"3 packets transmitted, 3 received"
}
sleep 1
send -- "firejail --noprofile --hosts-file=hosts-file --private-etc ping -c 3 blablabla\r"
expect {
timeout {puts "TESTING ERROR 7\n";exit}
"3 packets transmitted, 3 received"
}
sleep 1
# random hostname
send -- "firejail --hostname-randomize cat /etc/hostname\r"
expect {
timeout {puts "TESTING ERROR 8\n";exit}
"Child process initialized"
}
expect {
timeout {puts "TESTING ERROR 8.1\n";exit}
"hiko" {puts "1"}
"suke" {puts "2"}
"shi" {puts "3"}
"ro" {puts "4"}
"hito" {puts "5"}
"ka" {puts "6"}
}
sleep 1
# run /bin/hostname
send -- "firejail --noblacklist=/usr/bin/hostname --noblacklist=/bin/hostname --hostname=foo /usr/bin/hostname\r"
expect {
timeout {puts "TESTING ERROR 9\n";exit}
"Child process initialized"
}
expect {
timeout {puts "TESTING ERROR 9.1\n";exit}
"foo"
}
after 500
puts "all done\n"
Reference in a new issue View git blame Copy permalink