apparmor test

author: netblue30 <netblue30@yahoo.com> 2018-10-20 09:32:45 -0400
committer: netblue30 <netblue30@yahoo.com> 2018-10-20 09:32:45 -0400
commit: 5dda80c434c4d5895a8c765e75b87164c7181a03 (patch)
tree: d80ccc8a34281704abbe2ee5a360224df8cf6f48
parent: cleanup (diff)
download: firejail-5dda80c434c4d5895a8c765e75b87164c7181a03.tar.gz
firejail-5dda80c434c4d5895a8c765e75b87164c7181a03.tar.zst
firejail-5dda80c434c4d5895a8c765e75b87164c7181a03.zip
3 files changed, 66 insertions, 2 deletions
diff --git a/test/filters/apparmor.exp b/test/filters/apparmor.exp
new file mode 100755
index 000000000..acc42a117
--- /dev/null
+++ b/test/filters/apparmor.exp
@@ -0,0 +1,59 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2018 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send --  "firejail --name=test1 --apparmor\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+spawn $env(SHELL)
+send --  "firejail --name=test2 --apparmor\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+spawn $env(SHELL)
+send --  "firemon --apparmor\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "test1:firejail --name=test1 --apparmor"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "AppArmor: firejail-default enforce"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "test2:firejail --name=test2 --apparmor"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "AppArmor: firejail-default enforce"
+}
+after 100
+send -- "firejail --apparmor.print=test1\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "AppArmor: firejail-default enforce"
+}
+after 100
+send -- "firejail --apparmor.print=test2\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "AppArmor: firejail-default enforce"
+}
+after 100
+puts "\nall done\n"
diff --git a/test/filters/filters.sh b/test/filters/filters.sh
index febc53ac7..3d1211b8e 100755
--- a/test/filters/filters.sh
+++ b/test/filters/filters.sh
@@ -13,6 +13,13 @@ fi
 export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail"
+if [ -f /sys/kernel/security/apparmor/profiles ]; then
+        echo "TESTING: apparmor (test/filters/apparmor.exp)"
+        ./apparmor.exp
+else
+        echo "TESTING SKIP: no apparmor support in Linux kernel (test/filters/apparmor.exp)"
+fi
 if [ "$(uname -m)" = "x86_64" ]; then
    echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)"
    ./memwrexe.exp
diff --git a/test/utils/utils.sh b/test/utils/utils.sh
index 18873dc65..1b59c535a 100755
--- a/test/utils/utils.sh
+++ b/test/utils/utils.sh
@@ -95,7 +95,6 @@ echo "TESTING: join profile (test/utils/join-profile.exp)"
 echo "TESTING: top (test/utils/top.exp)"
 ./top.exp
-echo "TESTING: firemon seccomp (test/utils/firemon-seccomp.exp)"
 if grep -q "^Seccomp.*0" /proc/self/status; then
        echo "TESTING: firemon seccomp (test/utils/firemon-seccomp.exp)"
        ./firemon-seccomp.exp
@@ -103,7 +102,6 @@ else
        echo "TESTING SKIP: seccomp already active (test/utils/firemon-seccomp.exp)"
 fi
-echo "TESTING: firemon caps (test/utils/firemon-caps.exp)"
 if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then
        echo "TESTING: firemon caps (test/utils/firemon-caps.exp)"
        ./firemon-caps.exp
author	netblue30 <netblue30@yahoo.com>	2018-10-20 09:32:45 -0400
committer	netblue30 <netblue30@yahoo.com>	2018-10-20 09:32:45 -0400
commit	5dda80c434c4d5895a8c765e75b87164c7181a03 (patch)
tree	d80ccc8a34281704abbe2ee5a360224df8cf6f48
parent	cleanup (diff)
download	firejail-5dda80c434c4d5895a8c765e75b87164c7181a03.tar.gz firejail-5dda80c434c4d5895a8c765e75b87164c7181a03.tar.zst firejail-5dda80c434c4d5895a8c765e75b87164c7181a03.zip

diff --git a/test/filters/apparmor.exp b/test/filters/apparmor.exp new file mode 100755 index 000000000..acc42a117 --- /dev/null +++ b/test/filters/apparmor.exp
@@ -0,0 +1,59 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2018 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --name=test1 --apparmor\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	"Child process initialized"
		14	}
		15	sleep 1
		16
		17	spawn $env(SHELL)
		18	send -- "firejail --name=test2 --apparmor\r"
		19	expect {
		20	timeout {puts "TESTING ERROR 1\n";exit}
		21	"Child process initialized"
		22	}
		23	sleep 1
		24
		25	spawn $env(SHELL)
		26	send -- "firemon --apparmor\r"
		27	expect {
		28	timeout {puts "TESTING ERROR 2\n";exit}
		29	"test1:firejail --name=test1 --apparmor"
		30	}
		31	expect {
		32	timeout {puts "TESTING ERROR 3\n";exit}
		33	"AppArmor: firejail-default enforce"
		34	}
		35	expect {
		36	timeout {puts "TESTING ERROR 4\n";exit}
		37	"test2:firejail --name=test2 --apparmor"
		38	}
		39	expect {
		40	timeout {puts "TESTING ERROR 5\n";exit}
		41	"AppArmor: firejail-default enforce"
		42	}
		43	after 100
		44
		45	send -- "firejail --apparmor.print=test1\r"
		46	expect {
		47	timeout {puts "TESTING ERROR 6\n";exit}
		48	"AppArmor: firejail-default enforce"
		49	}
		50	after 100
		51
		52	send -- "firejail --apparmor.print=test2\r"
		53	expect {
		54	timeout {puts "TESTING ERROR 7\n";exit}
		55	"AppArmor: firejail-default enforce"
		56	}
		57	after 100
		58
		59	puts "\nall done\n"


diff --git a/test/filters/filters.sh b/test/filters/filters.sh index febc53ac7..3d1211b8e 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh
@@ -13,6 +13,13 @@ fi
13	export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail"	13	export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail"
14		14
15		15
		16	if [ -f /sys/kernel/security/apparmor/profiles ]; then
		17	echo "TESTING: apparmor (test/filters/apparmor.exp)"
		18	./apparmor.exp
		19	else
		20	echo "TESTING SKIP: no apparmor support in Linux kernel (test/filters/apparmor.exp)"
		21	fi
		22
16	if [ "$(uname -m)" = "x86_64" ]; then	23	if [ "$(uname -m)" = "x86_64" ]; then
17	echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)"	24	echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)"
18	./memwrexe.exp	25	./memwrexe.exp


diff --git a/test/utils/utils.sh b/test/utils/utils.sh index 18873dc65..1b59c535a 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh
@@ -95,7 +95,6 @@ echo "TESTING: join profile (test/utils/join-profile.exp)"
95	echo "TESTING: top (test/utils/top.exp)"	95	echo "TESTING: top (test/utils/top.exp)"
96	./top.exp	96	./top.exp
97		97
98	echo "TESTING: firemon seccomp (test/utils/firemon-seccomp.exp)"
99	if grep -q "^Seccomp.*0" /proc/self/status; then	98	if grep -q "^Seccomp.*0" /proc/self/status; then
100	echo "TESTING: firemon seccomp (test/utils/firemon-seccomp.exp)"	99	echo "TESTING: firemon seccomp (test/utils/firemon-seccomp.exp)"
101	./firemon-seccomp.exp	100	./firemon-seccomp.exp
@@ -103,7 +102,6 @@ else
103	echo "TESTING SKIP: seccomp already active (test/utils/firemon-seccomp.exp)"	102	echo "TESTING SKIP: seccomp already active (test/utils/firemon-seccomp.exp)"
104	fi	103	fi
105		104
106	echo "TESTING: firemon caps (test/utils/firemon-caps.exp)"
107	if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then	105	if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then
108	echo "TESTING: firemon caps (test/utils/firemon-caps.exp)"	106	echo "TESTING: firemon caps (test/utils/firemon-caps.exp)"
109	./firemon-caps.exp	107	./firemon-caps.exp