diff options
author | netblue30 <netblue30@yahoo.com> | 2018-10-20 09:32:45 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-10-20 09:32:45 -0400 |
commit | 5dda80c434c4d5895a8c765e75b87164c7181a03 (patch) | |
tree | d80ccc8a34281704abbe2ee5a360224df8cf6f48 | |
parent | cleanup (diff) | |
download | firejail-5dda80c434c4d5895a8c765e75b87164c7181a03.tar.gz firejail-5dda80c434c4d5895a8c765e75b87164c7181a03.tar.zst firejail-5dda80c434c4d5895a8c765e75b87164c7181a03.zip |
apparmor test
-rwxr-xr-x | test/filters/apparmor.exp | 59 | ||||
-rwxr-xr-x | test/filters/filters.sh | 7 | ||||
-rwxr-xr-x | test/utils/utils.sh | 2 |
3 files changed, 66 insertions, 2 deletions
diff --git a/test/filters/apparmor.exp b/test/filters/apparmor.exp new file mode 100755 index 000000000..acc42a117 --- /dev/null +++ b/test/filters/apparmor.exp | |||
@@ -0,0 +1,59 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test1 --apparmor\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | spawn $env(SHELL) | ||
18 | send -- "firejail --name=test2 --apparmor\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1\n";exit} | ||
21 | "Child process initialized" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | spawn $env(SHELL) | ||
26 | send -- "firemon --apparmor\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 2\n";exit} | ||
29 | "test1:firejail --name=test1 --apparmor" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 3\n";exit} | ||
33 | "AppArmor: firejail-default enforce" | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 4\n";exit} | ||
37 | "test2:firejail --name=test2 --apparmor" | ||
38 | } | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 5\n";exit} | ||
41 | "AppArmor: firejail-default enforce" | ||
42 | } | ||
43 | after 100 | ||
44 | |||
45 | send -- "firejail --apparmor.print=test1\r" | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 6\n";exit} | ||
48 | "AppArmor: firejail-default enforce" | ||
49 | } | ||
50 | after 100 | ||
51 | |||
52 | send -- "firejail --apparmor.print=test2\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 7\n";exit} | ||
55 | "AppArmor: firejail-default enforce" | ||
56 | } | ||
57 | after 100 | ||
58 | |||
59 | puts "\nall done\n" | ||
diff --git a/test/filters/filters.sh b/test/filters/filters.sh index febc53ac7..3d1211b8e 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh | |||
@@ -13,6 +13,13 @@ fi | |||
13 | export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail" | 13 | export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail" |
14 | 14 | ||
15 | 15 | ||
16 | if [ -f /sys/kernel/security/apparmor/profiles ]; then | ||
17 | echo "TESTING: apparmor (test/filters/apparmor.exp)" | ||
18 | ./apparmor.exp | ||
19 | else | ||
20 | echo "TESTING SKIP: no apparmor support in Linux kernel (test/filters/apparmor.exp)" | ||
21 | fi | ||
22 | |||
16 | if [ "$(uname -m)" = "x86_64" ]; then | 23 | if [ "$(uname -m)" = "x86_64" ]; then |
17 | echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)" | 24 | echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)" |
18 | ./memwrexe.exp | 25 | ./memwrexe.exp |
diff --git a/test/utils/utils.sh b/test/utils/utils.sh index 18873dc65..1b59c535a 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh | |||
@@ -95,7 +95,6 @@ echo "TESTING: join profile (test/utils/join-profile.exp)" | |||
95 | echo "TESTING: top (test/utils/top.exp)" | 95 | echo "TESTING: top (test/utils/top.exp)" |
96 | ./top.exp | 96 | ./top.exp |
97 | 97 | ||
98 | echo "TESTING: firemon seccomp (test/utils/firemon-seccomp.exp)" | ||
99 | if grep -q "^Seccomp.*0" /proc/self/status; then | 98 | if grep -q "^Seccomp.*0" /proc/self/status; then |
100 | echo "TESTING: firemon seccomp (test/utils/firemon-seccomp.exp)" | 99 | echo "TESTING: firemon seccomp (test/utils/firemon-seccomp.exp)" |
101 | ./firemon-seccomp.exp | 100 | ./firemon-seccomp.exp |
@@ -103,7 +102,6 @@ else | |||
103 | echo "TESTING SKIP: seccomp already active (test/utils/firemon-seccomp.exp)" | 102 | echo "TESTING SKIP: seccomp already active (test/utils/firemon-seccomp.exp)" |
104 | fi | 103 | fi |
105 | 104 | ||
106 | echo "TESTING: firemon caps (test/utils/firemon-caps.exp)" | ||
107 | if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then | 105 | if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then |
108 | echo "TESTING: firemon caps (test/utils/firemon-caps.exp)" | 106 | echo "TESTING: firemon caps (test/utils/firemon-caps.exp)" |
109 | ./firemon-caps.exp | 107 | ./firemon-caps.exp |