added make test-filters

author: netblue30 <netblue30@yahoo.com> 2016-04-30 07:27:31 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-04-30 07:27:31 -0400
commit: a1272742cfbdbfe999a701f804b58ceb4605713d (patch)
tree: 16d6013c8d99d9e4370d1672b4018f958081f416
parent: Merge pull request #490 from reinerh/master (diff)
download: firejail-a1272742cfbdbfe999a701f804b58ceb4605713d.tar.gz
firejail-a1272742cfbdbfe999a701f804b58ceb4605713d.tar.zst
firejail-a1272742cfbdbfe999a701f804b58ceb4605713d.zip
25 files changed, 240 insertions, 647 deletions
diff --git a/Makefile.in b/Makefile.in
index 44b5cec83..6c70e5360 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -252,6 +252,7 @@ dist:
        cd $(NAME)-$(VERSION); mkdir -p test; cp -a ../test/environment test/.; cd ..
        cd $(NAME)-$(VERSION); mkdir -p test; cp -a ../test/compile test/.; cd ..
        cd $(NAME)-$(VERSION); mkdir -p test; cp -a ../test/dist-compile test/.; cd ..
+        cd $(NAME)-$(VERSION); mkdir -p test; cp -a ../test/filters test/.; cd ..
        cd $(NAME)-$(VERSION); rm -fr `find . -name .svn`; rm -fr $(NAME)-$(VERSION); cd ..
        tar -cjvf $(NAME)-$(VERSION).tar.bz2 $(NAME)-$(VERSION)
        rm -fr $(NAME)-$(VERSION)
@@ -295,5 +296,8 @@ test-utils:
 test-environment:
        cd test/environment; ./environment.sh | grep TESTING
+test-filters:
+        cd test/filters; ./filters.sh | grep TESTING
 test: test-profiles test-utils  test-environment test-apps test-apps-x11
        echo "TEST COMPLETE"
diff --git a/test/filters/caps.exp b/test/filters/caps.exp
new file mode 100755
index 000000000..034d6a733
--- /dev/null
+++ b/test/filters/caps.exp
@@ -0,0 +1,72 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --caps.keep=chown,fowner --noprofile\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "cat /proc/self/status\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "CapBnd:        0000000000000009"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Seccomp:"
+}
+send -- "exit\r"
+sleep 1
+send -- "firejail --caps.drop=all --noprofile\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "cat /proc/self/status\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "CapBnd:        0000000000000000"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "Seccomp:"
+}
+send -- "exit\r"
+sleep 1
+send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "cat /proc/self/status\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "fffffff0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "Seccomp:"
+}
+send -- "exit\r"
+sleep 1
+puts "\nall done\n"
diff --git a/test/filters/noroot.exp b/test/filters/noroot.exp
new file mode 100755
index 000000000..a1f6ce88d
--- /dev/null
+++ b/test/filters/noroot.exp
@@ -0,0 +1,156 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --noprofile --noroot --caps.drop=all --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "cat /proc/self/status\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "CapBnd:        0000000000000000"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Seccomp:"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "2"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Cpus_allowed:"
+}
+puts "\n"
+send -- "ping 0\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "Operation not permitted"
+}
+send -- "whoami\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        $env(USER)
+}
+send -- "sudo -s\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
+        "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
+}
+send -- "cat /proc/self/uid_map | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "1"
+}
+send -- "cat /proc/self/gid_map | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "3"
+}
+puts "\n"
+send -- "exit\r"
+sleep 2
+send -- "firejail --name=test --noroot --noprofile\r"
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "cat /proc/self/status\r"
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "ffffffff"
+}
+expect {
+        timeout {puts "TESTING ERROR 12\n";exit}
+        "Seccomp:"
+}
+expect {
+        timeout {puts "TESTING ERROR 13\n";exit}
+        "0"
+}
+expect {
+        timeout {puts "TESTING ERROR 14\n";exit}
+        "Cpus_allowed:"
+}
+puts "\n"
+send -- "whoami\r"
+expect {
+        timeout {puts "TESTING ERROR 15\n";exit}
+        $env(USER)
+}
+send -- "sudo -s\r"
+expect {
+        timeout {puts "TESTING ERROR 16\n";exit}
+        "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
+        "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
+}
+send -- "ping 0\r"
+expect {
+        timeout {puts "TESTING ERROR 17\n";exit}
+        "Operation not permitted"
+}
+send -- "cat /proc/self/uid_map | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 18\n";exit}
+        "1"
+}
+send -- "cat /proc/self/gid_map | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 19\n";exit}
+        "3"
+}
+spawn $env(SHELL)
+send -- "firejail --debug --join=test\r"
+expect {
+        timeout {puts "TESTING ERROR 20\n";exit}
+        "User namespace detected"
+}
+expect {
+        timeout {puts "TESTING ERROR 21\n";exit}
+        "Joining user namespace"
+}
+sleep 1
+send -- "sudo -s\r"
+expect {
+        timeout {puts "TESTING ERROR 22\n";exit}
+        "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
+        "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
+}
+send -- "cat /proc/self/uid_map | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 23\n";exit}
+        "1"
+}
+send -- "cat /proc/self/gid_map | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 24\n";exit}
+        "3"
+}
+puts "\nall done\n"
diff --git a/test/protocol.exp b/test/filters/protocol.exp
index 018f4cd9b..cf552da56 100755
--- a/test/protocol.exp
+++ b/test/filters/protocol.exp
@@ -4,7 +4,7 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
-send -- "firejail --noprofile --protocol=unix ../src/tools/syscall_test socket\r"
+send -- "firejail --noprofile --protocol=unix ./syscall_test socket\r"
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
        "Child process initialized"
@@ -47,7 +47,7 @@ expect {
 }
 sleep 1
-send -- "firejail --noprofile --protocol=inet6,packet ../src/tools/syscall_test socket\r"
+send -- "firejail --noprofile --protocol=inet6,packet ./syscall_test socket\r"
 expect {
        timeout {puts "TESTING ERROR 2\n";exit}
        "Child process initialized"
@@ -91,7 +91,7 @@ expect {
 sleep 1
 # profile testing
-send -- "firejail --profile=protocol1.profile ../src/tools/syscall_test socket\r"
+send -- "firejail --profile=protocol1.profile ./syscall_test socket\r"
 expect {
        timeout {puts "TESTING ERROR 3\n";exit}
        "Child process initialized"
@@ -134,7 +134,7 @@ expect {
 }
 sleep 1
-send -- "firejail --profile=protocol2.profile ../src/tools/syscall_test socket\r"
+send -- "firejail --profile=protocol2.profile ./syscall_test socket\r"
 expect {
        timeout {puts "TESTING ERROR 4\n";exit}
        "Child process initialized"
@@ -177,8 +177,4 @@ expect {
 }
 sleep 1
 puts "\nall done\n"
diff --git a/test/protocol1.profile b/test/filters/protocol1.profile
index 3e1ea2a29..3e1ea2a29 100644
--- a/test/protocol1.profile
+++ b/test/filters/protocol1.profile
diff --git a/test/protocol2.profile b/test/filters/protocol2.profile
index b7eb4ab91..b7eb4ab91 100644
--- a/test/protocol2.profile
+++ b/test/filters/protocol2.profile
diff --git a/test/seccomp-bad-empty.exp b/test/filters/seccomp-bad-empty.exp
index 631d67743..631d67743 100755
--- a/test/seccomp-bad-empty.exp
+++ b/test/filters/seccomp-bad-empty.exp
diff --git a/test/seccomp-bad-empty.profile b/test/filters/seccomp-bad-empty.profile
index 2d4fcde7c..2d4fcde7c 100644
--- a/test/seccomp-bad-empty.profile
+++ b/test/filters/seccomp-bad-empty.profile
diff --git a/test/seccomp-bad-empty2.profile b/test/filters/seccomp-bad-empty2.profile
index c4e6c9f74..c4e6c9f74 100644
--- a/test/seccomp-bad-empty2.profile
+++ b/test/filters/seccomp-bad-empty2.profile
diff --git a/test/seccomp.profile b/test/filters/seccomp.profile
index cb0b15aee..cb0b15aee 100644
--- a/test/seccomp.profile
+++ b/test/filters/seccomp.profile
diff --git a/src/tools/syscall_test b/test/filters/syscall_test
index bf29c5b99..bf29c5b99 100755
--- a/src/tools/syscall_test
+++ b/test/filters/syscall_test
Binary files differ
diff --git a/src/tools/syscall_test.c b/test/filters/syscall_test.c
index b3f43c755..422af619d 100644
--- a/src/tools/syscall_test.c
+++ b/test/filters/syscall_test.c
@@ -1,3 +1,7 @@
+// This file is part of Firejail project
+// Copyright (C) 2014-2016 Firejail Authors
+// License GPL v2
 #include <stdlib.h>
 #include <stdio.h>
 #include <unistd.h>
diff --git a/src/tools/syscall_test32 b/test/filters/syscall_test32
index 8d72f58c4..8d72f58c4 100755
--- a/src/tools/syscall_test32
+++ b/test/filters/syscall_test32
Binary files differ
diff --git a/test/noroot.exp b/test/noroot.exp
deleted file mode 100755
index 37d55fe78..000000000
--- a/test/noroot.exp
+++ /dev/null
@@ -1,117 +0,0 @@
-#!/usr/bin/expect -f
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send -- "firejail --debug --noprofile --noroot --caps.drop=all --seccomp --cpu=0,1 --name=noroot-sandbox\r"
-expect {
-        timeout {puts "TESTING ERROR 0.1\n";exit}
-        "Child process initialized"
-}
-sleep 1
-send -- "cat /proc/self/status\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.1\n";exit}
-        "0000000000000000"
-}
-send -- "cat /proc/self/status\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "Cpus_allowed:"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.1\n";exit}
-        "3"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.2\n";exit}
-        "Cpus_allowed_list:"
-}
-puts "\n"
-send -- "cat /proc/self/status\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "Seccomp:"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.1\n";exit}
-        "2"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.2\n";exit}
-        "Cpus_allowed:"
-}
-puts "\n"
-send -- "ping 0\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Operation not permitted"
-}
-puts "\n"
-send -- "whoami\r"
-expect {
-        timeout {puts "TESTING ERROR 55\\n";exit}
-        "netblue"
-}
-puts "\n"
-send -- "exit\r"
-sleep 2
-send -- "firejail --noroot --noprofile\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        "Child process initialized"
-}
-sleep 1
-send -- "whoami\r"
-expect {
-        timeout {puts "TESTING ERROR 7\n";exit}
-        "netblue"
-}
-send -- "sudo -s\r"
-expect {
-        timeout {puts "TESTING ERROR 8\n";exit}
-        "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
-        "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
-}
-puts "\n"
-send -- "exit\r"
-sleep 2
-send -- "firejail --name=test --noroot --noprofile\r"
-expect {
-        timeout {puts "TESTING ERROR 9\n";exit}
-        "Child process initialized"
-}
-sleep 1
-spawn $env(SHELL)
-send -- "firejail --debug --join=test\r"
-expect {
-        timeout {puts "TESTING ERROR 9\n";exit}
-        "User namespace detected"
-}
-expect {
-        timeout {puts "TESTING ERROR 9\n";exit}
-        "Joining user namespace"
-}
-sleep 1
-send -- "sudo -s\r"
-expect {
-        timeout {puts "TESTING ERROR 8\n";exit}
-        "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
-        "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
-}
-puts "all done\n"
diff --git a/test/seccomp-chmod-profile.exp b/test/seccomp-chmod-profile.exp
deleted file mode 100755
index 098328cea..000000000
--- a/test/seccomp-chmod-profile.exp
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/usr/bin/expect -f
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send --  "firejail --profile=seccomp.profile --private\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Child process initialized"
-}
-sleep 2
-send -- "touch testfile;pwd\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "/root" {puts "running as root"}
-        "/home"
-}
-send -- "ls -l testfile;pwd\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "testfile"
-}
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "/root" {puts "running as root"}
-        "/home"
-}
-send -- "chmod +x testfile;pwd\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "Bad system call"
-}
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "/root" {puts "running as root"}
-        "/home"
-}
-send -- "exit\r"
-sleep 1
-puts "\n"
diff --git a/test/seccomp-chmod.exp b/test/seccomp-chmod.exp
deleted file mode 100755
index b4a213206..000000000
--- a/test/seccomp-chmod.exp
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/usr/bin/expect -f
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send --  "firejail --seccomp=chmod,fchmod,fchmodat --private\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Child process initialized"
-}
-sleep 2
-send -- "touch testfile;pwd\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "/root" {puts "running as root"}
-        "/home"
-}
-send -- "ls -l testfile;pwd\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "testfile"
-}
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "/root" {puts "running as root"}
-        "/home"
-}
-send -- "chmod +x testfile;pwd\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "Bad system call"
-}
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "/root" {puts "running as root"}
-        "/home"
-}
-send -- "exit\r"
-sleep 1
-puts "\n"
diff --git a/test/seccomp-chown.exp b/test/seccomp-chown.exp
deleted file mode 100755
index 69b896700..000000000
--- a/test/seccomp-chown.exp
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/usr/bin/expect -f
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send --  "firejail --seccomp=chown,fchown,fchownat,lchown --private\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Child process initialized"
-}
-sleep 2
-send -- "touch testfile;pwd\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "/root" {puts "running as root"}
-        "/home"
-}
-send -- "ls -l testfile;pwd\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "testfile"
-}
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "/root" {puts "running as root"}
-        "/home"
-}
-send -- "chown netblue:netblue testfile;pwd\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "Bad system call"
-}
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "/root" {puts "running as root"}
-        "/home"
-}
-send -- "exit\r"
-sleep 1
-puts "\n"
diff --git a/test/seccomp-debug.exp b/test/seccomp-debug.exp
deleted file mode 100755
index 1034f040e..000000000
--- a/test/seccomp-debug.exp
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/usr/bin/expect -f
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send --  "firejail --seccomp --debug\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "SECCOMP Filter"
-}
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "BLACKLIST"
-}
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "open_by_handle_at"
-}
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-sleep 2
-send -- "exit\r"
-after 100
-puts "all done\n"
diff --git a/test/seccomp-dualfilter.exp b/test/seccomp-dualfilter.exp
deleted file mode 100755
index afdf8a53a..000000000
--- a/test/seccomp-dualfilter.exp
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/usr/bin/expect -f
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send -- "firejail ../src/tools/syscall_test mount\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Child process initialized"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "before mount"
-}
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "after mount" {puts "TESTING ERROR 2.1\n";exit}
-        "Parent is shutting down"
-}
-sleep 1
-send -- "firejail ../src/tools/syscall_test32 mount\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "Child process initialized"
-}
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "before mount"
-}
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "after mount" {puts "TESTING ERROR 5.1\n";exit}
-        "Parent is shutting down"
-}
-puts "\nall done\n"
diff --git a/test/seccomp-empty.exp b/test/seccomp-empty.exp
deleted file mode 100755
index 11abf2e00..000000000
--- a/test/seccomp-empty.exp
+++ /dev/null
@@ -1,145 +0,0 @@
-#!/usr/bin/expect -f
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send --  "firejail --debug --seccomp=chmod,fchmod,fchmodat --private\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "VALIDATE_ARCHITECTURE"
-}
-expect {
-        timeout {puts "TESTING ERROR 0.1\n";exit}
-        "mount"
-}
-expect {
-        timeout {puts "TESTING ERROR 0.2\n";exit}
-        "ptrace"
-}
-expect {
-        timeout {puts "TESTING ERROR 0.3\n";exit}
-        "chmod"
-}
-expect {
-        timeout {puts "TESTING ERROR 0.4\n";exit}
-        "fchmod"
-}
-expect {
-        timeout {puts "TESTING ERROR 0.5\n";exit}
-        "fchmodat"
-}
-expect {
-        timeout {puts "TESTING ERROR 0.6\n";exit}
-        "RETURN_ALLOW"
-}
-expect {
-        timeout {puts "TESTING ERROR 0.7\n";exit}
-        "Child process initialized"
-}
-sleep 2
-send -- "exit\r"
-sleep 3
-puts "\n"
-send --  "firejail --debug --seccomp.drop=chmod,fchmod,fchmodat --private\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "VALIDATE_ARCHITECTURE"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.1\n";exit}
-        "mount" {puts "TESTING ERROR 1.2\n";exit}
-        "ptrace" {puts "TESTING ERROR 1.3\n";exit}
-        "chmod"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.4\n";exit}
-        "fchmod"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.5\n";exit}
-        "fchmodat"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.6\n";exit}
-        "RETURN_ALLOW"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.7\n";exit}
-        "Child process initialized"
-}
-sleep 2
-send -- "exit\r"
-puts "\n"
-sleep 2
-send --  "firejail --debug --profile=seccomp.profile --private\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "VALIDATE_ARCHITECTURE"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.1\n";exit}
-        "mount"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.2\n";exit}
-        "ptrace"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.3\n";exit}
-        "chmod"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.4\n";exit}
-        "fchmod"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.5\n";exit}
-        "fchmodat"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.6\n";exit}
-        "RETURN_ALLOW"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.7\n";exit}
-        "Child process initialized"
-}
-sleep 2
-send -- "exit\r"
-sleep 3
-puts "\n"
-send --  "firejail --debug --profile=seccomp-empty.profile --private\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "VALIDATE_ARCHITECTURE"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "mount" {puts "TESTING ERROR 3.2\n";exit}
-        "ptrace" {puts "TESTING ERROR 3.3\n";exit}
-        "chmod"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.4\n";exit}
-        "fchmod"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.5\n";exit}
-        "fchmodat"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.6\n";exit}
-        "RETURN_ALLOW"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.7\n";exit}
-        "Child process initialized"
-}
-sleep 2
-send -- "exit\r"
-puts "\n"
diff --git a/test/seccomp-empty.profile b/test/seccomp-empty.profile
deleted file mode 100644
index 8f71f55a5..000000000
--- a/test/seccomp-empty.profile
+++ /dev/null
@@ -1 +0,0 @@
-seccomp.drop chmod,fchmod,fchmodat
diff --git a/test/seccomp-errno.exp b/test/seccomp-errno.exp
deleted file mode 100755
index e6678ab8f..000000000
--- a/test/seccomp-errno.exp
+++ /dev/null
@@ -1,87 +0,0 @@
-#!/usr/bin/expect -f
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send -- "touch seccomp-test-file\r"
-sleep 1
-send --  "firejail --seccomp.enoent=unlinkat rm seccomp-test-file\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "No such file or directory"
-}
-sleep 1
-send --  "firejail --seccomp.enoent=unlinkat --debug rm seccomp-test-file\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "unlinkat 2 ENOENT"
-}
-sleep 1
-send --  "firejail --seccomp.enoent=unlinkat,mkdir\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "Child process initialized"
-}
-sleep 1
-send -- "rm seccomp-test-file\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "No such file or directory"
-}
-after 100
-puts "\n"
-send -- "mkdir seccomp-test-dir\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "No such file or directory"
-}
-after 100
-puts "\n"
-send -- "exit\r"
-sleep 1
-send --  "firejail --seccomp.enoent=unlinkat --seccomp.enoent=mkdir\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "errno enoent already configured"
-}
-sleep 1
-send --  "firejail --seccomp.enoent=unlinkat --seccomp.eperm=mkdir\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        "Child process initialized"
-}
-sleep 1
-send -- "rm seccomp-test-file\r"
-expect {
-        timeout {puts "TESTING ERROR 7\n";exit}
-        "No such file or directory"
-}
-after 100
-puts "\n"
-send -- "mkdir seccomp-test-dir\r"
-expect {
-        timeout {puts "TESTING ERROR 8\n";exit}
-        "Operation not permitted"
-}
-after 100
-puts "\n"
-send -- "exit\r"
-sleep 1
-send -- "rm seccomp-test-file\r"
-sleep 1
-puts "all done\n"
diff --git a/test/seccomp-ptrace.exp b/test/seccomp-ptrace.exp
deleted file mode 100755
index 9a9b7430e..000000000
--- a/test/seccomp-ptrace.exp
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/usr/bin/expect -f
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send --  "firejail --noprofile --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Child process initialized"
-}
-sleep 2
-send -- "strace ls\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Bad system call" {puts "version 1\n";}
-        " unexpected signal 31" {puts "version 2\n"}
-}
-send -- "exit\r"
-sleep 1
-puts "all done\n"
diff --git a/test/seccomp-su.exp b/test/seccomp-su.exp
deleted file mode 100755
index dcae6f869..000000000
--- a/test/seccomp-su.exp
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/usr/bin/expect -f
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send --  "firejail --noprofile --seccomp\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Child process initialized"
-}
-sleep 2
-send -- "sudo su -\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "effective uid is not 0"
-}
-send -- "sudo ls\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "effective uid is not 0"
-}
-send -- "ping google.com\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "Operation not permitted"
-}
-send -- "exit\r"
-sleep 1
-puts "all done\n"
diff --git a/test/seccomp-umount.exp b/test/seccomp-umount.exp
deleted file mode 100755
index c0107a084..000000000
--- a/test/seccomp-umount.exp
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/usr/bin/expect -f
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send -- "sudo ls; sudo whoami; sudo pwd\r"
-expect {
-        timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit}
-        "root"
-}
-send --  "firejail --net=br0 --ip=10.10.20.5 --seccomp --noprofile\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Child process initialized"
-}
-sleep 2
-send -- "umount /proc\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "Bad system call"
-}
-send -- "exit\r"
-sleep 1
-puts "\n"
author	netblue30 <netblue30@yahoo.com>	2016-04-30 07:27:31 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-04-30 07:27:31 -0400
commit	a1272742cfbdbfe999a701f804b58ceb4605713d (patch)
tree	16d6013c8d99d9e4370d1672b4018f958081f416
parent	Merge pull request #490 from reinerh/master (diff)
download	firejail-a1272742cfbdbfe999a701f804b58ceb4605713d.tar.gz firejail-a1272742cfbdbfe999a701f804b58ceb4605713d.tar.zst firejail-a1272742cfbdbfe999a701f804b58ceb4605713d.zip