0.9.38 testing

author: netblue30 <netblue30@yahoo.com> 2016-02-02 09:10:55 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-02-02 09:10:55 -0500
commit: 09e3fdc601c6db7a3d14ce1ec107abf91ef39ed9 (patch)
tree: 4fdc051676edbb4e48327fa5e4b260cf6d402fe6
parent: 0.9.38 testing (diff)
download: firejail-09e3fdc601c6db7a3d14ce1ec107abf91ef39ed9.tar.gz
firejail-09e3fdc601c6db7a3d14ce1ec107abf91ef39ed9.tar.zst
firejail-09e3fdc601c6db7a3d14ce1ec107abf91ef39ed9.zip
5 files changed, 167 insertions, 31 deletions
diff --git a/test/features/3.1.exp b/test/features/3.1.exp
index 52a929651..a66fbdae1 100755
--- a/test/features/3.1.exp
+++ b/test/features/3.1.exp
@@ -1,6 +1,6 @@
 #!/usr/bin/expect -f
 #
-# tmpfs
+# private
 #
 set timeout 10
diff --git a/test/features/3.5.exp b/test/features/3.5.exp
new file mode 100755
index 000000000..d190ef36f
--- /dev/null
+++ b/test/features/3.5.exp
@@ -0,0 +1,77 @@
+#!/usr/bin/expect -f
+#
+# private-dev
+#
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+set overlay [lindex $argv 0]
+set chroot [lindex $argv 1]
+#
+# N
+#
+send -- "firejail --noprofile --private-dev\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "ls -al /dev | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "14"
+}
+after 100
+send -- "exit\r"
+sleep 1
+#
+# O
+#
+if { $overlay == "overlay" } {
+        send -- "firejail --noprofile --overlay --private-dev\r"
+        expect {
+                timeout {puts "TESTING ERROR 2\n";exit}
+                "Child process initialized"
+        }
+        sleep 1
+        
+        send -- "ls -al /dev | wc -l\r"
+        expect {
+                timeout {puts "TESTING ERROR 3.1\n";exit}
+                "13"
+        }
+        
+        after 100
+        send -- "exit\r"
+        sleep 1
+}
+#
+# C
+#
+if { $chroot == "chroot" } {
+        send -- "firejail --noprofile --chroot=/tmp/chroot --private-dev\r"
+        expect {
+                timeout {puts "TESTING ERROR 4\n";exit}
+                "Child process initialized"
+        }
+        sleep 1
+        
+        send -- "ls -al /dev | wc -l\r"
+        expect {
+                timeout {puts "TESTING ERROR 5.1\n";exit}
+                "13"
+        }
+        
+        after 100
+        send -- "exit\r"
+        sleep 1
+}
+puts "\nall done\n"
diff --git a/test/features/3.6.exp b/test/features/3.6.exp
new file mode 100755
index 000000000..6117485da
--- /dev/null
+++ b/test/features/3.6.exp
@@ -0,0 +1,77 @@
+#!/usr/bin/expect -f
+#
+# private-etc
+#
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+set overlay [lindex $argv 0]
+set chroot [lindex $argv 1]
+#
+# N
+#
+send -- "firejail --noprofile --private-etc=group,hostname,hosts,nsswitch.conf,passwd,resolv.conf,skel\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "ls -al /etc | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "10"
+}
+after 100
+send -- "exit\r"
+sleep 1
+#
+# O
+#
+if { $overlay == "overlay" } {
+        send -- "firejail --noprofile --overlay --private-etc=group,hostname,hosts,nsswitch.conf,passwd,resolv.conf,skel\r"
+        expect {
+                timeout {puts "TESTING ERROR 2\n";exit}
+                "Child process initialized"
+        }
+        sleep 1
+        
+        send -- "ls -al /etc | wc -l\r"
+        expect {
+                timeout {puts "TESTING ERROR 3.1\n";exit}
+                "10"
+        }
+        
+        after 100
+        send -- "exit\r"
+        sleep 1
+}
+#
+# C
+#
+if { $chroot == "chroot" } {
+        send -- "firejail --noprofile --chroot=/tmp/chroot --private-etc=group,hostname,hosts,nsswitch.conf,passwd,resolv.conf,skel\r"
+        expect {
+                timeout {puts "TESTING ERROR 4\n";exit}
+                "Child process initialized"
+        }
+        sleep 1
+        
+        send -- "ls -al /etc | wc -l\r"
+        expect {
+                timeout {puts "TESTING ERROR 5.1\n";exit}
+                "10"
+        }
+        
+        after 100
+        send -- "exit\r"
+        sleep 1
+}
+puts "\nall done\n"
diff --git a/test/features/features.txt b/test/features/features.txt
index 1dedff357..0c41090aa 100644
--- a/test/features/features.txt
+++ b/test/features/features.txt
@@ -9,11 +9,7 @@ C - chroot filesystem
 1. Default features (tesing with --noprofile)
 1.1 disable /boot
-        - N, O, C
 1.2 new /proc
-        - N, O, C
 1.3 new /sys
        - N, O fails remount, C fails remount
@@ -23,49 +19,23 @@ C - chroot filesystem
        - /etc/group: N, O, C to test
 1.5 PID namespace
-        - N, O, C
 1.6 new /var/log
-        - N, O, C
 1.7 new /var/tmp
-        -N, O, C
 1.8 disable /etc/firejail and ~/.config/firejail
-        -N, O, C
 1.9 mount namespace
 1.10 disable /selinux
-        - N, O, C
 2. Networking features
 2.1 Hostname (use --hostname=newhostname, do a ping and cat /etc/hostname)
-        - N, O, C
        - ping disabled for C by default seccomp filter, use "getent hosts bingo"
 2.2 DNS (use --dns=4.2.2.1, use "dig google.com")
-        - N, O, C
 2.3 mac-vlan (use --net=eth0 and --noprofile; run ifconfig and dig google.com)
-        - N, O, C
-        - test --ip: N, O, C
 2.4 bridge (use --net=br0 and --noprofile; run ifconfig, netstat -rn, ping default gw)
-        - N, O, C
        - ping disabled for C by default seccomp filter - transfer test not implemented for C
-        - test --ip: N, O, C
 2.5 interface
-        - N, O, C
 2.6 Default gw (--noprofile --net=eth0 --defaultgw=192.168.1.10, run netstat -rn)
-        - N, O, C
 3. Filesystem features (use --noprofile)
@@ -73,3 +43,9 @@ C - chroot filesystem
 3.2 read-only
 3.3 blacklist
 3.4 whitelist home
+3.5 private-dev
+        - O, C - somehow /dev/log is missing
+3.6 private-etc
+        - O not working
+        
+\ No newline at end of file
diff --git a/test/features/test.sh b/test/features/test.sh
index 56b6289b4..a162fc9ca 100755
--- a/test/features/test.sh
+++ b/test/features/test.sh
@@ -95,3 +95,9 @@ echo "TESTING: 3.3 blacklist"
 echo "TESTING: 3.4 whitelist"
 ./3.4.exp $OVERLAY $CHROOT
+echo "TESTING: 3.5 private-dev"
+./3.5.exp $OVERLAY $CHROOT
+echo "TESTING: 3.6 private-etc"
+./3.6.exp notworking-todo $CHROOT
author	netblue30 <netblue30@yahoo.com>	2016-02-02 09:10:55 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-02-02 09:10:55 -0500
commit	09e3fdc601c6db7a3d14ce1ec107abf91ef39ed9 (patch)
tree	4fdc051676edbb4e48327fa5e4b260cf6d402fe6
parent	0.9.38 testing (diff)
download	firejail-09e3fdc601c6db7a3d14ce1ec107abf91ef39ed9.tar.gz firejail-09e3fdc601c6db7a3d14ce1ec107abf91ef39ed9.tar.zst firejail-09e3fdc601c6db7a3d14ce1ec107abf91ef39ed9.zip

diff --git a/test/features/3.1.exp b/test/features/3.1.exp index 52a929651..a66fbdae1 100755 --- a/test/features/3.1.exp +++ b/test/features/3.1.exp
@@ -1,6 +1,6 @@
1	#!/usr/bin/expect -f	1	#!/usr/bin/expect -f
2	#	2	#
3	# tmpfs	3	# private
4	#	4	#
5		5
6	set timeout 10	6	set timeout 10


diff --git a/test/features/3.5.exp b/test/features/3.5.exp new file mode 100755 index 000000000..d190ef36f --- /dev/null +++ b/test/features/3.5.exp
@@ -0,0 +1,77 @@
		1	#!/usr/bin/expect -f
		2	#
		3	# private-dev
		4	#
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9	set overlay [lindex $argv 0]
		10	set chroot [lindex $argv 1]
		11
		12	#
		13	# N
		14	#
		15	send -- "firejail --noprofile --private-dev\r"
		16	expect {
		17	timeout {puts "TESTING ERROR 0\n";exit}
		18	"Child process initialized"
		19	}
		20	sleep 1
		21
		22	send -- "ls -al /dev \| wc -l\r"
		23	expect {
		24	timeout {puts "TESTING ERROR 1.1\n";exit}
		25	"14"
		26	}
		27
		28	after 100
		29	send -- "exit\r"
		30	sleep 1
		31
		32	#
		33	# O
		34	#
		35	if { $overlay == "overlay" } {
		36	send -- "firejail --noprofile --overlay --private-dev\r"
		37	expect {
		38	timeout {puts "TESTING ERROR 2\n";exit}
		39	"Child process initialized"
		40	}
		41	sleep 1
		42
		43	send -- "ls -al /dev \| wc -l\r"
		44	expect {
		45	timeout {puts "TESTING ERROR 3.1\n";exit}
		46	"13"
		47	}
		48
		49	after 100
		50	send -- "exit\r"
		51	sleep 1
		52	}
		53
		54	#
		55	# C
		56	#
		57	if { $chroot == "chroot" } {
		58	send -- "firejail --noprofile --chroot=/tmp/chroot --private-dev\r"
		59	expect {
		60	timeout {puts "TESTING ERROR 4\n";exit}
		61	"Child process initialized"
		62	}
		63	sleep 1
		64
		65	send -- "ls -al /dev \| wc -l\r"
		66	expect {
		67	timeout {puts "TESTING ERROR 5.1\n";exit}
		68	"13"
		69	}
		70
		71	after 100
		72	send -- "exit\r"
		73	sleep 1
		74	}
		75
		76
		77	puts "\nall done\n"


diff --git a/test/features/3.6.exp b/test/features/3.6.exp new file mode 100755 index 000000000..6117485da --- /dev/null +++ b/test/features/3.6.exp
@@ -0,0 +1,77 @@
		1	#!/usr/bin/expect -f
		2	#
		3	# private-etc
		4	#
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9	set overlay [lindex $argv 0]
		10	set chroot [lindex $argv 1]
		11
		12	#
		13	# N
		14	#
		15	send -- "firejail --noprofile --private-etc=group,hostname,hosts,nsswitch.conf,passwd,resolv.conf,skel\r"
		16	expect {
		17	timeout {puts "TESTING ERROR 0\n";exit}
		18	"Child process initialized"
		19	}
		20	sleep 1
		21
		22	send -- "ls -al /etc \| wc -l\r"
		23	expect {
		24	timeout {puts "TESTING ERROR 1.1\n";exit}
		25	"10"
		26	}
		27
		28	after 100
		29	send -- "exit\r"
		30	sleep 1
		31
		32	#
		33	# O
		34	#
		35	if { $overlay == "overlay" } {
		36	send -- "firejail --noprofile --overlay --private-etc=group,hostname,hosts,nsswitch.conf,passwd,resolv.conf,skel\r"
		37	expect {
		38	timeout {puts "TESTING ERROR 2\n";exit}
		39	"Child process initialized"
		40	}
		41	sleep 1
		42
		43	send -- "ls -al /etc \| wc -l\r"
		44	expect {
		45	timeout {puts "TESTING ERROR 3.1\n";exit}
		46	"10"
		47	}
		48
		49	after 100
		50	send -- "exit\r"
		51	sleep 1
		52	}
		53
		54	#
		55	# C
		56	#
		57	if { $chroot == "chroot" } {
		58	send -- "firejail --noprofile --chroot=/tmp/chroot --private-etc=group,hostname,hosts,nsswitch.conf,passwd,resolv.conf,skel\r"
		59	expect {
		60	timeout {puts "TESTING ERROR 4\n";exit}
		61	"Child process initialized"
		62	}
		63	sleep 1
		64
		65	send -- "ls -al /etc \| wc -l\r"
		66	expect {
		67	timeout {puts "TESTING ERROR 5.1\n";exit}
		68	"10"
		69	}
		70
		71	after 100
		72	send -- "exit\r"
		73	sleep 1
		74	}
		75
		76
		77	puts "\nall done\n"


diff --git a/test/features/features.txt b/test/features/features.txt index 1dedff357..0c41090aa 100644 --- a/test/features/features.txt +++ b/test/features/features.txt
@@ -9,11 +9,7 @@ C - chroot filesystem
9	1. Default features (tesing with --noprofile)	9	1. Default features (tesing with --noprofile)
10		10
11	1.1 disable /boot	11	1.1 disable /boot
12	- N, O, C
13
14	1.2 new /proc	12	1.2 new /proc
15	- N, O, C
16
17	1.3 new /sys	13	1.3 new /sys
18	- N, O fails remount, C fails remount	14	- N, O fails remount, C fails remount
19		15
@@ -23,49 +19,23 @@ C - chroot filesystem
23	- /etc/group: N, O, C to test	19	- /etc/group: N, O, C to test
24		20
25	1.5 PID namespace	21	1.5 PID namespace
26	- N, O, C
27
28	1.6 new /var/log	22	1.6 new /var/log
29	- N, O, C
30
31	1.7 new /var/tmp	23	1.7 new /var/tmp
32	-N, O, C
33
34	1.8 disable /etc/firejail and ~/.config/firejail	24	1.8 disable /etc/firejail and ~/.config/firejail
35	-N, O, C
36
37	1.9 mount namespace	25	1.9 mount namespace
38
39	1.10 disable /selinux	26	1.10 disable /selinux
40	- N, O, C
41
42
43		27
44	2. Networking features	28	2. Networking features
45		29
46	2.1 Hostname (use --hostname=newhostname, do a ping and cat /etc/hostname)	30	2.1 Hostname (use --hostname=newhostname, do a ping and cat /etc/hostname)
47	- N, O, C
48	- ping disabled for C by default seccomp filter, use "getent hosts bingo"	31	- ping disabled for C by default seccomp filter, use "getent hosts bingo"
49		32
50	2.2 DNS (use --dns=4.2.2.1, use "dig google.com")	33	2.2 DNS (use --dns=4.2.2.1, use "dig google.com")
51	- N, O, C
52
53	2.3 mac-vlan (use --net=eth0 and --noprofile; run ifconfig and dig google.com)	34	2.3 mac-vlan (use --net=eth0 and --noprofile; run ifconfig and dig google.com)
54	- N, O, C
55	- test --ip: N, O, C
56
57	2.4 bridge (use --net=br0 and --noprofile; run ifconfig, netstat -rn, ping default gw)	35	2.4 bridge (use --net=br0 and --noprofile; run ifconfig, netstat -rn, ping default gw)
58	- N, O, C
59	- ping disabled for C by default seccomp filter - transfer test not implemented for C	36	- ping disabled for C by default seccomp filter - transfer test not implemented for C
60	- test --ip: N, O, C
61
62	2.5 interface	37	2.5 interface
63	- N, O, C
64
65	2.6 Default gw (--noprofile --net=eth0 --defaultgw=192.168.1.10, run netstat -rn)	38	2.6 Default gw (--noprofile --net=eth0 --defaultgw=192.168.1.10, run netstat -rn)
66	- N, O, C
67
68
69		39
70	3. Filesystem features (use --noprofile)	40	3. Filesystem features (use --noprofile)
71		41
@@ -73,3 +43,9 @@ C - chroot filesystem
73	3.2 read-only	43	3.2 read-only
74	3.3 blacklist	44	3.3 blacklist
75	3.4 whitelist home	45	3.4 whitelist home
		46	3.5 private-dev
		47	- O, C - somehow /dev/log is missing
		48	3.6 private-etc
		49	- O not working
		50
		51	\ No newline at end of file


diff --git a/test/features/test.sh b/test/features/test.sh index 56b6289b4..a162fc9ca 100755 --- a/test/features/test.sh +++ b/test/features/test.sh
@@ -95,3 +95,9 @@ echo "TESTING: 3.3 blacklist"
95	echo "TESTING: 3.4 whitelist"	95	echo "TESTING: 3.4 whitelist"
96	./3.4.exp $OVERLAY $CHROOT	96	./3.4.exp $OVERLAY $CHROOT
97		97
		98	echo "TESTING: 3.5 private-dev"
		99	./3.5.exp $OVERLAY $CHROOT
		100
		101	echo "TESTING: 3.6 private-etc"
		102	./3.6.exp notworking-todo $CHROOT
		103