diff options
author | netblue30 <netblue30@protonmail.com> | 2023-03-08 16:23:30 -0500 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2023-03-08 16:23:30 -0500 |
commit | acf8efb878b84882a9df61eff51fdcaceb522a4c (patch) | |
tree | 88042e5d0723c36a10efc05774335bd0df52703a | |
parent | Merge pull request #5717 from glitsj16/aa-examples (diff) | |
download | firejail-acf8efb878b84882a9df61eff51fdcaceb522a4c.tar.gz firejail-acf8efb878b84882a9df61eff51fdcaceb522a4c.tar.zst firejail-acf8efb878b84882a9df61eff51fdcaceb522a4c.zip |
testing
-rw-r--r-- | .github/workflows/build.yml | 6 | ||||
-rw-r--r-- | Makefile | 4 | ||||
-rw-r--r-- | README | 1 | ||||
-rwxr-xr-x | gcov.sh | 4 | ||||
-rwxr-xr-x | test/capabilities/capabilities.sh | 23 | ||||
-rwxr-xr-x | test/capabilities/caps-join.exp (renamed from test/filters/caps-join.exp) | 0 | ||||
-rwxr-xr-x | test/capabilities/caps-print.exp (renamed from test/filters/caps-print.exp) | 0 | ||||
-rwxr-xr-x | test/capabilities/caps.exp (renamed from test/filters/caps.exp) | 0 | ||||
-rw-r--r-- | test/capabilities/caps1.profile (renamed from test/filters/caps1.profile) | 0 | ||||
-rw-r--r-- | test/capabilities/caps2.profile (renamed from test/filters/caps2.profile) | 0 | ||||
-rw-r--r-- | test/capabilities/caps3.profile (renamed from test/filters/caps3.profile) | 0 | ||||
-rwxr-xr-x | test/filters/filters.sh | 24 | ||||
-rwxr-xr-x | test/firecfg/firecfg.exp | 13 | ||||
-rwxr-xr-x | test/firecfg/firecfg.sh | 5 |
14 files changed, 63 insertions, 17 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9f2072c74..2e6a462f2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
@@ -73,10 +73,10 @@ jobs: | |||
73 | run: SHELL=/bin/bash make lab-setup | 73 | run: SHELL=/bin/bash make lab-setup |
74 | - name: run firecfg tests | 74 | - name: run firecfg tests |
75 | run: SHELL=/bin/bash make test-firecfg | 75 | run: SHELL=/bin/bash make test-firecfg |
76 | - name: run capabilities tests | ||
77 | run: SHELL=/bin/bash make test-capabilities | ||
76 | - name: run apparmor tests | 78 | - name: run apparmor tests |
77 | run: SHELL=/bin/bash make test-apparmor | 79 | run: SHELL=/bin/bash make test-apparmor |
78 | - name: run network tests | ||
79 | run: SHELL=/bin/bash make test-network | ||
80 | - name: run appimage tests | 80 | - name: run appimage tests |
81 | run: SHELL=/bin/bash make test-appimage | 81 | run: SHELL=/bin/bash make test-appimage |
82 | - name: run chroot tests | 82 | - name: run chroot tests |
@@ -97,3 +97,5 @@ jobs: | |||
97 | run: SHELL=/bin/bash make test-utils | 97 | run: SHELL=/bin/bash make test-utils |
98 | - name: run environment tests | 98 | - name: run environment tests |
99 | run: SHELL=/bin/bash make test-environment | 99 | run: SHELL=/bin/bash make test-environment |
100 | - name: run network tests | ||
101 | run: SHELL=/bin/bash make test-network | ||
@@ -314,7 +314,7 @@ mkman.sh \ | |||
314 | platform \ | 314 | platform \ |
315 | src | 315 | src |
316 | 316 | ||
317 | DISTFILES_TEST = test/Makefile test/apps test/apps-x11 test/apps-x11-xorg test/private-lib test/fnetfilter test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/fs test/sysutils | 317 | DISTFILES_TEST = test/Makefile test/apps test/apps-x11 test/apps-x11-xorg test/capabilities test/private-lib test/fnetfilter test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/fs test/sysutils |
318 | 318 | ||
319 | .PHONY: dist | 319 | .PHONY: dist |
320 | dist: config.mk | 320 | dist: config.mk |
@@ -368,7 +368,7 @@ codespell: clean | |||
368 | # make test | 368 | # make test |
369 | # | 369 | # |
370 | 370 | ||
371 | TESTS=profiles apps apps-x11 apps-x11-xorg sysutils utils environment filters fs fcopy fnetfilter private-etc | 371 | TESTS=profiles capabilities apps apps-x11 apps-x11-xorg sysutils utils environment filters fs fcopy fnetfilter private-etc |
372 | TEST_TARGETS=$(patsubst %,test-%,$(TESTS)) | 372 | TEST_TARGETS=$(patsubst %,test-%,$(TESTS)) |
373 | 373 | ||
374 | $(TEST_TARGETS): | 374 | $(TEST_TARGETS): |
@@ -720,6 +720,7 @@ Manuel Dipolt (https://github.com/xeniter) | |||
720 | - stack alignment for the ARM Architecture | 720 | - stack alignment for the ARM Architecture |
721 | Marek Küthe (https://github.com/marek22k) | 721 | Marek Küthe (https://github.com/marek22k) |
722 | - allow loading plugins in gajim | 722 | - allow loading plugins in gajim |
723 | - allow bsfilter in email-common.profile | ||
723 | Martin Carpenter (https://github.com/mcarpenter) | 724 | Martin Carpenter (https://github.com/mcarpenter) |
724 | - security audit and bug fixes | 725 | - security audit and bug fixes |
725 | - Centos 6.x support | 726 | - Centos 6.x support |
@@ -13,7 +13,7 @@ gcov_generate() { | |||
13 | USER="$(whoami)" | 13 | USER="$(whoami)" |
14 | find . -exec sudo chown "$USER:$USER" '{}' + | 14 | find . -exec sudo chown "$USER:$USER" '{}' + |
15 | lcov -q --capture -d src/firejail -d src/lib -d src/firecfg -d src/firemon \ | 15 | lcov -q --capture -d src/firejail -d src/lib -d src/firecfg -d src/firemon \ |
16 | -d src/fnet -d src/fnetfilter -d src/fcopy --output-file gcov-file | 16 | -d src/fnet -d src/fnetfilter -d src/fcopy -d src/fseccomp --output-file gcov-file |
17 | genhtml -q gcov-file --output-directory gcov-dir | 17 | genhtml -q gcov-file --output-directory gcov-dir |
18 | } | 18 | } |
19 | 19 | ||
@@ -23,6 +23,8 @@ gcov_generate | |||
23 | 23 | ||
24 | make test-firecfg | grep TESTING | 24 | make test-firecfg | grep TESTING |
25 | gcov_generate | 25 | gcov_generate |
26 | make test-capabilities | grep TESTING | ||
27 | gcov_generate | ||
26 | make test-apparmor | grep TESTING | 28 | make test-apparmor | grep TESTING |
27 | gcov_generate | 29 | gcov_generate |
28 | make test-network | grep TESTING | 30 | make test-network | grep TESTING |
diff --git a/test/capabilities/capabilities.sh b/test/capabilities/capabilities.sh new file mode 100755 index 000000000..50279cd4f --- /dev/null +++ b/test/capabilities/capabilities.sh | |||
@@ -0,0 +1,23 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2023 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | export LC_ALL=C | ||
9 | |||
10 | |||
11 | #if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then | ||
12 | echo "TESTING: capabilities (test/filters/caps.exp)" | ||
13 | ./caps.exp | ||
14 | #else | ||
15 | # echo "TESTING SKIP: other capabilities than expected (test/filters/caps.exp)" | ||
16 | #fi | ||
17 | |||
18 | echo "TESTING: capabilities print (test/filters/caps-print.exp)" | ||
19 | ./caps-print.exp | ||
20 | |||
21 | echo "TESTING: capabilities join (test/filters/caps-join.exp)" | ||
22 | ./caps-join.exp | ||
23 | |||
diff --git a/test/filters/caps-join.exp b/test/capabilities/caps-join.exp index 1830143fb..1830143fb 100755 --- a/test/filters/caps-join.exp +++ b/test/capabilities/caps-join.exp | |||
diff --git a/test/filters/caps-print.exp b/test/capabilities/caps-print.exp index b403f9ffe..b403f9ffe 100755 --- a/test/filters/caps-print.exp +++ b/test/capabilities/caps-print.exp | |||
diff --git a/test/filters/caps.exp b/test/capabilities/caps.exp index dbd63efda..dbd63efda 100755 --- a/test/filters/caps.exp +++ b/test/capabilities/caps.exp | |||
diff --git a/test/filters/caps1.profile b/test/capabilities/caps1.profile index 8b0c3b340..8b0c3b340 100644 --- a/test/filters/caps1.profile +++ b/test/capabilities/caps1.profile | |||
diff --git a/test/filters/caps2.profile b/test/capabilities/caps2.profile index ad49719f1..ad49719f1 100644 --- a/test/filters/caps2.profile +++ b/test/capabilities/caps2.profile | |||
diff --git a/test/filters/caps3.profile b/test/capabilities/caps3.profile index ad49719f1..ad49719f1 100644 --- a/test/filters/caps3.profile +++ b/test/capabilities/caps3.profile | |||
diff --git a/test/filters/filters.sh b/test/filters/filters.sh index 2d115db1b..e19047e6f 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh | |||
@@ -57,18 +57,18 @@ echo "TESTING: noroot (test/filters/noroot.exp)" | |||
57 | ./noroot.exp | 57 | ./noroot.exp |
58 | 58 | ||
59 | 59 | ||
60 | if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then | 60 | #if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then |
61 | echo "TESTING: capabilities (test/filters/caps.exp)" | 61 | # echo "TESTING: capabilities (test/filters/caps.exp)" |
62 | ./caps.exp | 62 | # ./caps.exp |
63 | else | 63 | #else |
64 | echo "TESTING SKIP: other capabilities than expected (test/filters/caps.exp)" | 64 | # echo "TESTING SKIP: other capabilities than expected (test/filters/caps.exp)" |
65 | fi | 65 | #fi |
66 | 66 | # | |
67 | echo "TESTING: capabilities print (test/filters/caps-print.exp)" | 67 | #echo "TESTING: capabilities print (test/filters/caps-print.exp)" |
68 | ./caps-print.exp | 68 | #./caps-print.exp |
69 | 69 | # | |
70 | echo "TESTING: capabilities join (test/filters/caps-join.exp)" | 70 | #echo "TESTING: capabilities join (test/filters/caps-join.exp)" |
71 | ./caps-join.exp | 71 | #./caps-join.exp |
72 | 72 | ||
73 | rm -f seccomp-test-file | 73 | rm -f seccomp-test-file |
74 | if [[ $(uname -m) == "x86_64" ]]; then | 74 | if [[ $(uname -m) == "x86_64" ]]; then |
diff --git a/test/firecfg/firecfg.exp b/test/firecfg/firecfg.exp index 0249fb7fa..755eea3a1 100755 --- a/test/firecfg/firecfg.exp +++ b/test/firecfg/firecfg.exp | |||
@@ -12,7 +12,20 @@ expect { | |||
12 | timeout {puts "TESTING ERROR 0\n";exit} | 12 | timeout {puts "TESTING ERROR 0\n";exit} |
13 | "ping: symbolic link to /usr/bin/firejail" | 13 | "ping: symbolic link to /usr/bin/firejail" |
14 | } | 14 | } |
15 | after 100 | ||
15 | 16 | ||
17 | send -- "file /tmp/ttt/ping\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 0\n";exit} | ||
20 | "ping: symbolic link to /usr/bin/firejail" | ||
21 | } | ||
22 | after 100 | ||
23 | |||
24 | send -- "firecfg --list\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 1\n";exit} | ||
27 | "/usr/local/bin/ping" | ||
28 | } | ||
16 | after 100 | 29 | after 100 |
17 | 30 | ||
18 | puts "\nall done\n" | 31 | puts "\nall done\n" |
diff --git a/test/firecfg/firecfg.sh b/test/firecfg/firecfg.sh index 6b03cc841..6f2bb5244 100755 --- a/test/firecfg/firecfg.sh +++ b/test/firecfg/firecfg.sh | |||
@@ -7,6 +7,11 @@ export MALLOC_CHECK_=3 | |||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | 7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) |
8 | export LC_ALL=C | 8 | export LC_ALL=C |
9 | 9 | ||
10 | sudo mkdir /tmp/ttt | ||
10 | sudo firecfg | 11 | sudo firecfg |
12 | sudo firecfg --bindir=/tmp/ttt | ||
13 | |||
11 | echo "TESTING: firecfg (test/firecfg/firecfg.exp)" | 14 | echo "TESTING: firecfg (test/firecfg/firecfg.exp)" |
12 | ./firecfg.exp | 15 | ./firecfg.exp |
16 | |||
17 | sudo rm -fr /tmp/ttt | ||