diff options
author | netblue30 <netblue30@yahoo.com> | 2016-02-02 10:09:37 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-02-02 10:09:37 -0500 |
commit | 107318c44671cb366c9bb3d4c690b97d2d433f97 (patch) | |
tree | e955113636a50defe0c98397b83d53bee1152b8a | |
parent | 0.9.38 testing (diff) | |
download | firejail-107318c44671cb366c9bb3d4c690b97d2d433f97.tar.gz firejail-107318c44671cb366c9bb3d4c690b97d2d433f97.tar.zst firejail-107318c44671cb366c9bb3d4c690b97d2d433f97.zip |
0.9.38 testing
-rwxr-xr-x | test/configure | 1 | ||||
-rwxr-xr-x | test/features/3.10.exp | 183 | ||||
-rwxr-xr-x | test/features/3.9.exp | 80 | ||||
-rw-r--r-- | test/features/features.txt | 2 | ||||
-rwxr-xr-x | test/features/test.sh | 11 |
5 files changed, 275 insertions, 2 deletions
diff --git a/test/configure b/test/configure index c7fd66cfb..bdf36fcad 100755 --- a/test/configure +++ b/test/configure | |||
@@ -32,6 +32,7 @@ DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/i | |||
32 | 32 | ||
33 | rm -fr $ROOTDIR | 33 | rm -fr $ROOTDIR |
34 | mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc} | 34 | mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc} |
35 | chmod 777 $ROOTDIR/tmp | ||
35 | mkdir -p $ROOTDIR/etc/firejail | 36 | mkdir -p $ROOTDIR/etc/firejail |
36 | mkdir -p $ROOTDIR/home/netblue/.config/firejail | 37 | mkdir -p $ROOTDIR/home/netblue/.config/firejail |
37 | chown netblue:netblue $ROOTDIR/home/netblue | 38 | chown netblue:netblue $ROOTDIR/home/netblue |
diff --git a/test/features/3.10.exp b/test/features/3.10.exp new file mode 100755 index 000000000..47da7f1c2 --- /dev/null +++ b/test/features/3.10.exp | |||
@@ -0,0 +1,183 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # | ||
3 | # whitelist tmp | ||
4 | # | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | set overlay [lindex $argv 0] | ||
10 | set chroot [lindex $argv 1] | ||
11 | |||
12 | # | ||
13 | # N | ||
14 | # | ||
15 | send -- "mkdir /tmp/test1dir\r" | ||
16 | sleep 1 | ||
17 | send -- "touch /tmp/test1dir/test1\r" | ||
18 | sleep 1 | ||
19 | send -- "firejail --noprofile --whitelist=/tmp/test1dir\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 0\n";exit} | ||
22 | "Child process initialized" | ||
23 | } | ||
24 | sleep 1 | ||
25 | |||
26 | send -- "ls -l /tmp | wc -l\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
29 | "2" | ||
30 | } | ||
31 | send -- "ls -l /tmp\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
34 | "netblue" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 1.3\n";exit} | ||
38 | "netblue" | ||
39 | } | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 1.4\n";exit} | ||
42 | "test1dir" | ||
43 | } | ||
44 | |||
45 | send -- "ls -l /tmp/test1dir | wc -l\r" | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 1.5\n";exit} | ||
48 | "2" | ||
49 | } | ||
50 | send -- "ls -l /tmp/test1dir\r" | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 1.6\n";exit} | ||
53 | "netblue" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 1.7\n";exit} | ||
57 | "netblue" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 1.8\n";exit} | ||
61 | "test1" | ||
62 | } | ||
63 | |||
64 | |||
65 | after 100 | ||
66 | send -- "exit\r" | ||
67 | sleep 1 | ||
68 | |||
69 | |||
70 | # | ||
71 | # O | ||
72 | # | ||
73 | if { $overlay == "overlay" } { | ||
74 | send -- "firejail --noprofile --overlay --whitelist=/tmp/test1dir\r" | ||
75 | expect { | ||
76 | timeout {puts "TESTING ERROR 2\n";exit} | ||
77 | "Child process initialized" | ||
78 | } | ||
79 | sleep 1 | ||
80 | |||
81 | send -- "ls -l /tmp | wc -l\r" | ||
82 | expect { | ||
83 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
84 | "2" | ||
85 | } | ||
86 | send -- "ls -l /tmp\r" | ||
87 | expect { | ||
88 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
89 | "netblue" | ||
90 | } | ||
91 | expect { | ||
92 | timeout {puts "TESTING ERROR 3.3\n";exit} | ||
93 | "netblue" | ||
94 | } | ||
95 | expect { | ||
96 | timeout {puts "TESTING ERROR 3.4\n";exit} | ||
97 | "test1dir" | ||
98 | } | ||
99 | |||
100 | send -- "ls -l /tmp/test1dir | wc -l\r" | ||
101 | expect { | ||
102 | timeout {puts "TESTING ERROR 3.5\n";exit} | ||
103 | "2" | ||
104 | } | ||
105 | send -- "ls -l /tmp/test1dir\r" | ||
106 | expect { | ||
107 | timeout {puts "TESTING ERROR 3.6\n";exit} | ||
108 | "netblue" | ||
109 | } | ||
110 | expect { | ||
111 | timeout {puts "TESTING ERROR 3.7\n";exit} | ||
112 | "netblue" | ||
113 | } | ||
114 | expect { | ||
115 | timeout {puts "TESTING ERROR 3.8\n";exit} | ||
116 | "test1" | ||
117 | } | ||
118 | |||
119 | after 100 | ||
120 | send -- "exit\r" | ||
121 | sleep 1 | ||
122 | } | ||
123 | |||
124 | # | ||
125 | # C | ||
126 | # | ||
127 | if { $chroot == "chroot" } { | ||
128 | send -- "mkdir /tmp/chroot/tmp/test1dir\r" | ||
129 | sleep 1 | ||
130 | send -- "touch /tmp/chroot/tmp/test1dir/test1\r" | ||
131 | sleep 1 | ||
132 | send -- "firejail --noprofile --chroot=/tmp/chroot --whitelist=/tmp/test1dir\r" | ||
133 | expect { | ||
134 | timeout {puts "TESTING ERROR 4\n";exit} | ||
135 | "Child process initialized" | ||
136 | } | ||
137 | sleep 1 | ||
138 | |||
139 | send -- "ls -l /tmp | wc -l\r" | ||
140 | expect { | ||
141 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
142 | "2" | ||
143 | } | ||
144 | send -- "ls -l /tmp\r" | ||
145 | expect { | ||
146 | timeout {puts "TESTING ERROR 5.2\n";exit} | ||
147 | "netblue" | ||
148 | } | ||
149 | expect { | ||
150 | timeout {puts "TESTING ERROR 5.3\n";exit} | ||
151 | "netblue" | ||
152 | } | ||
153 | expect { | ||
154 | timeout {puts "TESTING ERROR 5.4\n";exit} | ||
155 | "test1dir" | ||
156 | } | ||
157 | |||
158 | send -- "ls -l /tmp/test1dir | wc -l\r" | ||
159 | expect { | ||
160 | timeout {puts "TESTING ERROR 5.5\n";exit} | ||
161 | "2" | ||
162 | } | ||
163 | send -- "ls -l /tmp/test1dir\r" | ||
164 | expect { | ||
165 | timeout {puts "TESTING ERROR 5.6\n";exit} | ||
166 | "netblue" | ||
167 | } | ||
168 | expect { | ||
169 | timeout {puts "TESTING ERROR 5.7\n";exit} | ||
170 | "netblue" | ||
171 | } | ||
172 | expect { | ||
173 | timeout {puts "TESTING ERROR 5.8\n";exit} | ||
174 | "test1" | ||
175 | } | ||
176 | |||
177 | after 100 | ||
178 | send -- "exit\r" | ||
179 | sleep 1 | ||
180 | } | ||
181 | |||
182 | |||
183 | puts "\nall done\n" | ||
diff --git a/test/features/3.9.exp b/test/features/3.9.exp new file mode 100755 index 000000000..1dc556d78 --- /dev/null +++ b/test/features/3.9.exp | |||
@@ -0,0 +1,80 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # | ||
3 | # whitelist dev | ||
4 | # | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | set overlay [lindex $argv 0] | ||
10 | set chroot [lindex $argv 1] | ||
11 | |||
12 | # | ||
13 | # N | ||
14 | # | ||
15 | send -- "firejail --noprofile --whitelist=/dev/tty --whitelist=/dev/shm --whitelist=/dev/null\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 0\n";exit} | ||
18 | "Child process initialized" | ||
19 | } | ||
20 | sleep 1 | ||
21 | |||
22 | send -- "ls -l /dev | wc -l\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
25 | "4" | ||
26 | } | ||
27 | |||
28 | |||
29 | after 100 | ||
30 | send -- "exit\r" | ||
31 | sleep 1 | ||
32 | |||
33 | |||
34 | # | ||
35 | # O | ||
36 | # | ||
37 | if { $overlay == "overlay" } { | ||
38 | send -- "firejail --noprofile --overlay --whitelist=/dev/tty --whitelist=/dev/shm --whitelist=/dev/null\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 2\n";exit} | ||
41 | "Child process initialized" | ||
42 | } | ||
43 | sleep 1 | ||
44 | |||
45 | send -- "ls -l /dev | wc -l\r" | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
48 | "4" | ||
49 | } | ||
50 | |||
51 | |||
52 | after 100 | ||
53 | send -- "exit\r" | ||
54 | sleep 1 | ||
55 | } | ||
56 | |||
57 | # | ||
58 | # C | ||
59 | # | ||
60 | if { $chroot == "chroot" } { | ||
61 | send -- "firejail --noprofile --chroot=/tmp/chroot --whitelist=/dev/tty --whitelist=/dev/shm --whitelist=/dev/null\r" | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 4\n";exit} | ||
64 | "Child process initialized" | ||
65 | } | ||
66 | sleep 1 | ||
67 | |||
68 | send -- "ls -l /dev | wc -l\r" | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
71 | "4" | ||
72 | } | ||
73 | |||
74 | after 100 | ||
75 | send -- "exit\r" | ||
76 | sleep 1 | ||
77 | } | ||
78 | |||
79 | |||
80 | puts "\nall done\n" | ||
diff --git a/test/features/features.txt b/test/features/features.txt index ac5390bc9..7f5e27ee4 100644 --- a/test/features/features.txt +++ b/test/features/features.txt | |||
@@ -50,6 +50,8 @@ C - chroot filesystem | |||
50 | 3.7 private-tmp | 50 | 3.7 private-tmp |
51 | 3.8 private-bin | 51 | 3.8 private-bin |
52 | - O, C not working - todo | 52 | - O, C not working - todo |
53 | 3.9 whitelist dev | ||
54 | 3.10 whitelist tmp | ||
53 | 55 | ||
54 | 56 | ||
55 | 57 | ||
diff --git a/test/features/test.sh b/test/features/test.sh index 4e84f1f9c..495996551 100755 --- a/test/features/test.sh +++ b/test/features/test.sh | |||
@@ -92,7 +92,7 @@ echo "TESTING: 3.2 read-only" | |||
92 | echo "TESTING: 3.3 blacklist" | 92 | echo "TESTING: 3.3 blacklist" |
93 | ./3.3.exp $OVERLAY $CHROOT | 93 | ./3.3.exp $OVERLAY $CHROOT |
94 | 94 | ||
95 | echo "TESTING: 3.4 whitelist" | 95 | echo "TESTING: 3.4 whitelist home" |
96 | ./3.4.exp $OVERLAY $CHROOT | 96 | ./3.4.exp $OVERLAY $CHROOT |
97 | 97 | ||
98 | echo "TESTING: 3.5 private-dev" | 98 | echo "TESTING: 3.5 private-dev" |
@@ -105,4 +105,11 @@ echo "TESTING: 3.7 private-tmp" | |||
105 | ./3.7.exp $OVERLAY $CHROOT | 105 | ./3.7.exp $OVERLAY $CHROOT |
106 | 106 | ||
107 | echo "TESTING: 3.8 private-bin" | 107 | echo "TESTING: 3.8 private-bin" |
108 | ./3.6.exp notworking notworking | 108 | ./3.8.exp notworking notworking |
109 | |||
110 | echo "TESTING: 3.9 whitelist dev" | ||
111 | ./3.9.exp $OVERLAY $CHROOT | ||
112 | |||
113 | echo "TESTING: 3.10 whitelist tmp" | ||
114 | ./3.10.exp $OVERLAY $CHROOT | ||
115 | |||