mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 14:16:14 -06:00
aff7cb630c
Currently it is not possible to use XDG-related macros (such as
`${DOCUMENTS}`) with subpaths (such as `${DOCUMENTS}/foo`) and so
profiles just use `${HOME}` with a hardcoded path using the English
directory name and the subpath (such as `${HOME}/Documents/foo`).
Allow using subpaths after XDG macros, so that they automatically use
the auto-detected XDG path, just as when currently using the XDG macros
without subpaths.
Before:
${HOME}/Documents/foo
After:
${DOCUMENTS}/foo
This is a follow-up to #7147.
Closes #2359.
Relates to #4229.
200 lines
5.9 KiB
Text
200 lines
5.9 KiB
Text
#!/usr/bin/expect -f
|
|
# This file is part of Firejail project
|
|
# Copyright (C) 2014-2026 Firejail Authors
|
|
# License GPL v2
|
|
|
|
set timeout 3
|
|
spawn $env(SHELL)
|
|
match_max 100000
|
|
|
|
# Test that macros work with subpaths (see #2359).
|
|
send -- "firejail --profile=./macro-subpath-whitelist.profile ls \
|
|
~/Desktop/_firejail_test_dir \
|
|
~/Documents/_firejail_test_dir \
|
|
~/Downloads/_firejail_test_dir \
|
|
~/Music/_firejail_test_dir \
|
|
~/Pictures/_firejail_test_dir \
|
|
~/Videos/_firejail_test_dir \
|
|
\r"
|
|
|
|
expect {
|
|
timeout {puts "TESTING ERROR 0\n";exit}
|
|
-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
|
|
}
|
|
expect {
|
|
timeout {puts "TESTING ERROR 1\n";exit}
|
|
"Desktop/_firejail_test_dir/a" {}
|
|
"Desktop/_firejail_test_dir/b" {puts "TESTING ERROR 1.1\n";exit}
|
|
}
|
|
expect {
|
|
timeout {puts "TESTING ERROR 2\n";exit}
|
|
"Documents/_firejail_test_dir/a" {}
|
|
"Documents/_firejail_test_dir/b" {puts "TESTING ERROR 2.1\n";exit}
|
|
}
|
|
expect {
|
|
timeout {puts "TESTING ERROR 3\n";exit}
|
|
"Downloads/_firejail_test_dir/a" {}
|
|
"Downloads/_firejail_test_dir/b" {puts "TESTING ERROR 3.1\n";exit}
|
|
}
|
|
expect {
|
|
timeout {puts "TESTING ERROR 4\n";exit}
|
|
"Music/_firejail_test_dir/a" {}
|
|
"Music/_firejail_test_dir/b" {puts "TESTING ERROR 4.1\n";exit}
|
|
}
|
|
expect {
|
|
timeout {puts "TESTING ERROR 5\n";exit}
|
|
"Pictures/_firejail_test_dir/a" {}
|
|
"Pictures/_firejail_test_dir/b" {puts "TESTING ERROR 5.1\n";exit}
|
|
}
|
|
expect {
|
|
timeout {puts "TESTING ERROR 6\n";exit}
|
|
"Videos/_firejail_test_dir/a" {}
|
|
"Videos/_firejail_test_dir/b" {puts "TESTING ERROR 6.1\n";exit}
|
|
}
|
|
after 100
|
|
|
|
send -- "firejail --profile=./macro-subpath-blacklist.profile ls ~/Desktop/_firejail_test_dir; echo ret \$?\r"
|
|
expect {
|
|
timeout {puts "TESTING ERROR 7\n";exit}
|
|
-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
|
|
}
|
|
expect {
|
|
timeout {puts "TESTING ERROR 8\n";exit}
|
|
"Permission denied" {}
|
|
-re {ret 0} {puts "TESTING ERROR 8.1\n";exit}
|
|
}
|
|
after 100
|
|
|
|
send -- "firejail --profile=./macro-subpath-blacklist.profile ls ~/Documents/_firejail_test_dir; echo ret \$?\r"
|
|
expect {
|
|
timeout {puts "TESTING ERROR 9\n";exit}
|
|
-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
|
|
}
|
|
expect {
|
|
timeout {puts "TESTING ERROR 10\n";exit}
|
|
"Permission denied" {}
|
|
-re {ret 0} {puts "TESTING ERROR 10.1\n";exit}
|
|
}
|
|
after 100
|
|
|
|
send -- "firejail --profile=./macro-subpath-blacklist.profile ls ~/Downloads/_firejail_test_dir; echo ret \$?\r"
|
|
expect {
|
|
timeout {puts "TESTING ERROR 11\n";exit}
|
|
-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
|
|
}
|
|
expect {
|
|
timeout {puts "TESTING ERROR 12\n";exit}
|
|
"Permission denied" {}
|
|
-re {ret 0} {puts "TESTING ERROR 12.1\n";exit}
|
|
}
|
|
after 100
|
|
|
|
send -- "firejail --profile=./macro-subpath-blacklist.profile ls ~/Music/_firejail_test_dir; echo ret \$?\r"
|
|
expect {
|
|
timeout {puts "TESTING ERROR 13\n";exit}
|
|
-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
|
|
}
|
|
expect {
|
|
timeout {puts "TESTING ERROR 14\n";exit}
|
|
"Permission denied" {}
|
|
-re {ret 0} {puts "TESTING ERROR 14.1\n";exit}
|
|
}
|
|
after 100
|
|
|
|
send -- "firejail --profile=./macro-subpath-blacklist.profile ls ~/Pictures/_firejail_test_dir; echo ret \$?\r"
|
|
expect {
|
|
timeout {puts "TESTING ERROR 15\n";exit}
|
|
-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
|
|
}
|
|
expect {
|
|
timeout {puts "TESTING ERROR 16\n";exit}
|
|
"Permission denied" {}
|
|
-re {ret 0} {puts "TESTING ERROR 16.1\n";exit}
|
|
}
|
|
after 100
|
|
|
|
send -- "firejail --profile=./macro-subpath-blacklist.profile ls ~/Videos/_firejail_test_dir; echo ret \$?\r"
|
|
expect {
|
|
timeout {puts "TESTING ERROR 17\n";exit}
|
|
-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
|
|
}
|
|
expect {
|
|
timeout {puts "TESTING ERROR 18\n";exit}
|
|
"Permission denied" {}
|
|
-re {ret 0} {puts "TESTING ERROR 18.1\n";exit}
|
|
}
|
|
after 100
|
|
|
|
send -- "firejail --profile=./macro-subpath-readonly.profile touch ~/Desktop/_firejail_test_dir/_firejail_test_file; echo ret \$?\r"
|
|
expect {
|
|
timeout {puts "TESTING ERROR 19\n";exit}
|
|
-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
|
|
}
|
|
expect {
|
|
timeout {puts "TESTING ERROR 20\n";exit}
|
|
"Read-only file system" {}
|
|
-re {ret 0} {puts "TESTING ERROR 20.1\n";exit}
|
|
}
|
|
after 100
|
|
|
|
send -- "firejail --profile=./macro-subpath-readonly.profile touch ~/Documents/_firejail_test_dir/_firejail_test_file; echo ret \$?\r"
|
|
expect {
|
|
timeout {puts "TESTING ERROR 21\n";exit}
|
|
-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
|
|
}
|
|
expect {
|
|
timeout {puts "TESTING ERROR 22\n";exit}
|
|
"Read-only file system" {}
|
|
-re {ret 0} {puts "TESTING ERROR 22.1\n";exit}
|
|
}
|
|
after 100
|
|
|
|
send -- "firejail --profile=./macro-subpath-readonly.profile touch ~/Downloads/_firejail_test_dir/_firejail_test_file; echo ret \$?\r"
|
|
expect {
|
|
timeout {puts "TESTING ERROR 23\n";exit}
|
|
-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
|
|
}
|
|
expect {
|
|
timeout {puts "TESTING ERROR 24\n";exit}
|
|
"Read-only file system" {}
|
|
-re {ret 0} {puts "TESTING ERROR 24.1\n";exit}
|
|
}
|
|
after 100
|
|
|
|
send -- "firejail --profile=./macro-subpath-readonly.profile touch ~/Music/_firejail_test_dir/_firejail_test_file; echo ret \$?\r"
|
|
expect {
|
|
timeout {puts "TESTING ERROR 25\n";exit}
|
|
-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
|
|
}
|
|
expect {
|
|
timeout {puts "TESTING ERROR 26\n";exit}
|
|
"Read-only file system" {}
|
|
-re {ret 0} {puts "TESTING ERROR 26.1\n";exit}
|
|
}
|
|
after 100
|
|
|
|
send -- "firejail --profile=./macro-subpath-readonly.profile touch ~/Pictures/_firejail_test_dir/_firejail_test_file; echo ret \$?\r"
|
|
expect {
|
|
timeout {puts "TESTING ERROR 27\n";exit}
|
|
-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
|
|
}
|
|
expect {
|
|
timeout {puts "TESTING ERROR 28\n";exit}
|
|
"Read-only file system" {}
|
|
-re {ret 0} {puts "TESTING ERROR 28.1\n";exit}
|
|
}
|
|
after 100
|
|
|
|
send -- "firejail --profile=./macro-subpath-readonly.profile touch ~/Videos/_firejail_test_dir/_firejail_test_file; echo ret \$?\r"
|
|
expect {
|
|
timeout {puts "TESTING ERROR 29\n";exit}
|
|
-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
|
|
}
|
|
expect {
|
|
timeout {puts "TESTING ERROR 30\n";exit}
|
|
"Read-only file system" {}
|
|
-re {ret 0} {puts "TESTING ERROR 30.1\n";exit}
|
|
}
|
|
after 100
|
|
|
|
puts "\nall done\n"
|