testing

22 files changed, 243 insertions, 103 deletions

diff --git a/Makefile.in b/Makefile.in
index 803769f3f..95b07c170 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -161,6 +161,9 @@ install-snap: snap
 
 test-compile: dist
         cd test/compile; ./compile.sh $(NAME)-$(VERSION)
+
+test-root:
+        cd test/root; su -c ./start.sh
         
 .PHONY: rpms
 rpms:
diff --git a/test/filters/filters.sh b/test/filters/filters.sh
index 67b9f2c0d..5093c8614 100755
--- a/test/filters/filters.sh
+++ b/test/filters/filters.sh
@@ -45,7 +45,7 @@ echo "TESTING: seccomp chmod - seccomp lists (test/filters/seccomp-chmod.exp)"
 echo "TESTING: seccomp chmod profile - seccomp lists (test/filters/seccomp-chmod-profile.exp)"
 ./seccomp-chmod-profile.exp
 
-# todo:  fix pwd and add seccomp-chown.exp and seccomp-umount.exp
+# todo:  fix pwd and add seccomp-chown.exp
 
 echo "TESTING: seccomp empty (test/filters/seccomp-empty.exp)"
 ./seccomp-empty.exp
diff --git a/test/filters/seccomp-su.exp b/test/filters/seccomp-su.exp
index 7833c69b0..3feabc20f 100755
--- a/test/filters/seccomp-su.exp
+++ b/test/filters/seccomp-su.exp
@@ -30,7 +30,7 @@ expect {
 
 send -- "ping google.com\r"
 expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
+        timeout {puts "TESTING ERROR 3\n";exit}
         "Operation not permitted" {puts "OK\n"}
         "unknown host" {puts "OK\n"}
 }
diff --git a/test/servers3.exp b/test/root/apache2.exp
index eccdaa1d9..7f67f4706 100755
--- a/test/servers3.exp
+++ b/test/root/apache2.exp
@@ -4,12 +4,6 @@ set timeout 5
 spawn $env(SHELL)
 match_max 100000
 
-send -- "sudo ls; sudo whoami; sudo pwd\r"
-expect {
-        timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit}
-        "root"
-}
-
 send -- "pkill apache\r"
 sleep 2
 
diff --git a/test/root/configure b/test/root/configure
new file mode 100755
index 000000000..35d938340
--- /dev/null
+++ b/test/root/configure
@@ -0,0 +1,27 @@
+#!/bin/bash
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+
+brctl addbr br0
+ifconfig br0 10.10.20.1/29 up
+# NAT masquerade
+iptables -t nat -A POSTROUTING -o eth0 -s 10.10.20.0/29 -j MASQUERADE
+# port forwarding
+# iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.10.20.2:80
+        
+brctl addbr br1
+ifconfig br1 10.10.30.1/24 up
+brctl addbr br2
+ifconfig br2 10.10.40.1/24 up
+brctl addbr br3
+ifconfig br3 10.10.50.1/24 up
+brctl addbr br4
+ifconfig br4 10.10.60.1/24 up
+ip link add link eth0 name eth0.5 type vlan id 5
+/sbin/ifconfig eth0.5 10.10.205.10/24 up
+ip link add link eth0 name eth0.6 type vlan id 6
+/sbin/ifconfig eth0.6 10.10.206.10/24 up
+ip link add link eth0 name eth0.7 type vlan id 7
+/sbin/ifconfig eth0.7 10.10.207.10/24 up
+
diff --git a/test/firemon-interface.exp b/test/root/firemon-interface.exp
index 6a82ae41e..6a82ae41e 100755
--- a/test/firemon-interface.exp
+++ b/test/root/firemon-interface.exp
diff --git a/test/servers4.exp b/test/root/isc-dhcp.exp
index 86500707a..86500707a 100755
--- a/test/servers4.exp
+++ b/test/root/isc-dhcp.exp
diff --git a/test/network/net_interface.exp b/test/root/net_interface.exp
index 2f87024d8..2f87024d8 100755
--- a/test/network/net_interface.exp
+++ b/test/root/net_interface.exp
diff --git a/test/servers6.exp b/test/root/nginx.exp
index 9ef4ea514..0b62fada9 100755
--- a/test/servers6.exp
+++ b/test/root/nginx.exp
@@ -4,12 +4,6 @@ set timeout 5
 spawn $env(SHELL)
 match_max 100000
 
-send -- "sudo ls; sudo whoami; sudo pwd\r"
-expect {
-        timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit}
-        "root"
-}
-
 send -- "pkill nginx\r"
 sleep 2
 
diff --git a/test/option_bind_directory.exp b/test/root/option_bind_directory.exp
index 3233c68de..3233c68de 100755
--- a/test/option_bind_directory.exp
+++ b/test/root/option_bind_directory.exp
diff --git a/test/option_bind_file.exp b/test/root/option_bind_file.exp
index 8926e0391..8926e0391 100755
--- a/test/option_bind_file.exp
+++ b/test/root/option_bind_file.exp
diff --git a/test/option_tmpfs.exp b/test/root/option_tmpfs.exp
index 6522ef2d3..20e42a858 100755
--- a/test/option_tmpfs.exp
+++ b/test/root/option_tmpfs.exp
@@ -40,5 +40,5 @@ expect {
 after 100
 
 
-puts "\nalldone\n"
+puts "\nall done\n"
 
diff --git a/test/profile_tmpfs.exp b/test/root/profile_tmpfs.exp
index a2faa32f7..da7c084a2 100755
--- a/test/profile_tmpfs.exp
+++ b/test/root/profile_tmpfs.exp
@@ -34,4 +34,4 @@ send -- "rm -fr  /tmp/firejailtestdir\r"
 
 sleep 1
 
-puts "\n"
+puts "\nall done\n"
diff --git a/test/root/root.sh b/test/root/root.sh
new file mode 100755
index 000000000..960071d45
--- /dev/null
+++ b/test/root/root.sh
@@ -0,0 +1,105 @@
+#!/bin/bash
+
+./configure 2 > /dev/null
+
+#********************************
+# servers
+#********************************
+if [ -f /etc/init.d/snmpd ]
+then
+        echo "TESTING: snmpd (test/root/snmpd.exp)"
+        ./snmpd.exp
+else
+        echo "TESTING SKIP: snmpd  not found"
+fi
+
+
+if [ -f /etc/init.d/apache2 ]
+then
+        echo "TESTING: apache2 (test/root/apache2.exp)"
+        ./apache2.exp
+else
+        echo "TESTING SKIP: apache2  not found"
+fi
+
+if [ -f /etc/init.d/isc-dhcp-server ]
+then
+        echo "TESTING: isc dhcp server (test/root/isc-dhscp.exp)"
+        ./isc-dhcp.exp
+else
+        echo "TESTING SKIP: isc dhcp server not found"
+fi
+
+if [ -f /etc/init.d/unbound ]
+then
+        echo "TESTING: unbound (test/root/unbound.exp)"
+        ./unbound.exp
+else
+        echo "TESTING SKIP: unbound  not found"
+fi
+
+if [ -f /etc/init.d/nginx ]
+then
+        echo "TESTING: nginx (test/root/nginx.exp)"
+        ./nginx.exp
+else
+        echo "TESTING SKIP: nginx  not found"
+fi
+
+#********************************
+# seccomp
+#********************************
+echo "TESTING: seccomp umount (test/root/seccomp-umount.exp)"
+./seccomp-umount.exp
+
+echo "TESTING: seccomp chmod (test/root/seccomp-chmod.exp)"
+./seccomp-chmod.exp
+
+echo "TESTING: seccomp chown (test/root/seccomp-chown.exp)"
+./seccomp-chown.exp
+
+#********************************
+# command line options
+#********************************
+echo "TESTING: tmpfs (test/root/option_tmpfs.exp)"
+./option_tmpfs.exp
+
+echo "TESTING: profile tmpfs (test/root/profile_tmpfs)"
+./profile_tmpfs.exp
+
+echo "TESTING: bind directory (test/root/option_bind_directory.exp)"
+./option_bind_directory.exp
+
+echo "TESTING: bind file (test/root/option_bind_file.exp)"
+echo hello > tmpfile
+./option_bind_file.exp
+rm -f tmpfile
+
+#********************************
+# networking
+#********************************
+echo "TESTING: network interfaces (test/root/net_interface.exp)"
+./net_interface.exp
+
+echo "TESTING: firemon --interface (test/root/firemon-interface.exp)"
+./firemon-interface.exp
+
+#if [ -f /sys/fs/cgroup/g1/tasks ]
+#then
+#       echo "TESTING: firemon --cgroup (firemon-cgroup.exp)"
+#       ./firemon-cgroup.exp
+#fi
+#
+#echo "TESTING: chroot resolv.conf (chroot-resolvconf.exp)"
+#rm -f tmpfile
+#touch tmpfile
+#rm -f /tmp/chroot/etc/resolv.conf
+#ln -s tmp /tmp/chroot/etc/resolv.conf
+#./chroot-resolvconf.exp
+#rm -f tmpfile
+#rm /tmp/chroot/etc/resolv.conf
+
+#echo "TESTING: chroot (fs_chroot_asroot.exp)"
+#./fs_chroot_asroot.exp
+
+
diff --git a/test/root/seccomp-chmod.exp b/test/root/seccomp-chmod.exp
new file mode 100755
index 000000000..b17990e3a
--- /dev/null
+++ b/test/root/seccomp-chmod.exp
@@ -0,0 +1,51 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --seccomp=chmod,fchmod,fchmodat --private\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+send -- "cd ~; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "done"
+}
+
+send -- "touch testfile; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "done"
+}
+
+send -- "ls -l testfile; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "testfile"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "done"
+}
+
+send -- "chmod +x testfile; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "Bad system call"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "done"
+}
+
+send -- "exit\r"
+after 100
+puts "\nall done\n"
diff --git a/test/root/seccomp-chown.exp b/test/root/seccomp-chown.exp
new file mode 100755
index 000000000..a54d279f1
--- /dev/null
+++ b/test/root/seccomp-chown.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --seccomp=chown,fchown,fchownat,lchown --private\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+send -- "touch testfile;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "/root" {puts "running as root"}
+        "/home"
+}
+
+send -- "ls -l testfile;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "testfile"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "/root" {puts "running as root"}
+        "/home"
+}
+
+send -- "chown netblue:netblue testfile;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Bad system call"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "/root" {puts "running as root"}
+        "/home"
+}
+
+
+send -- "exit\r"
+after 100
+puts "\nall done\n"
diff --git a/test/filters/seccomp-umount.exp b/test/root/seccomp-umount.exp
index df38dba5e..04a9b7a3d 100755
--- a/test/filters/seccomp-umount.exp
+++ b/test/root/seccomp-umount.exp
@@ -7,12 +7,6 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
 
-send -- "sudo ls; sudo whoami; sudo pwd\r"
-expect {
-        timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit}
-        "root"
-}
-
 send --  "firejail --net=br0 --ip=10.10.20.5 --seccomp --noprofile\r"
 expect {
         timeout {puts "TESTING ERROR 0\n";exit}
diff --git a/test/servers2.exp b/test/root/snmpd.exp
index 90e34470f..90e34470f 100755
--- a/test/servers2.exp
+++ b/test/root/snmpd.exp
diff --git a/test/root/start.sh b/test/root/start.sh
new file mode 100755
index 000000000..8e7a869cd
--- /dev/null
+++ b/test/root/start.sh
@@ -0,0 +1,4 @@
+#/bin/bash
+
+./configure
+./root.sh | grep TESTING
\ No newline at end of file
diff --git a/test/tmpfs.profile b/test/root/tmpfs.profile
index 0680f4d69..0680f4d69 100644
--- a/test/tmpfs.profile
+++ b/test/root/tmpfs.profile
diff --git a/test/servers5.exp b/test/root/unbound.exp
index 193e662ff..193e662ff 100755
--- a/test/servers5.exp
+++ b/test/root/unbound.exp
diff --git a/test/test-root.sh b/test/test-root.sh
deleted file mode 100755
index 0fdaf4ff7..000000000
--- a/test/test-root.sh
+++ /dev/null
@@ -1,81 +0,0 @@
-#!/bin/bash
-
-./chk_config.exp
-
-echo "TESTING: tmpfs (option_tmpfs.exp)"
-./option_tmpfs.exp
-
-echo "TESTING: profile tmpfs (profile_tmpfs)"
-./profile_tmpfs.exp
-
-echo "TESTING: network interfaces (net_interface.exp)"
-./network/net_interface.exp
-
-echo "TESTING: chroot (fs_chroot_asroot.exp)"
-./fs_chroot_asroot.exp
-
-if [ -f /etc/init.d/snmpd ]
-then
-        echo "TESTING: servers snmpd, private-dev (servers2.exp)"
-        ./servers2.exp
-fi
-
-if [ -f /etc/init.d/apache2 ]
-then
-        echo "TESTING: servers apache2, private-dev, private-tmp (servers3.exp)"
-        ./servers3.exp
-fi
-
-if [ -f /etc/init.d/isc-dhcp-server ]
-then
-        echo "TESTING: servers isc dhcp server, private-dev (servers4.exp)"
-        ./servers4.exp
-fi
-
-if [ -f /etc/init.d/unbound ]
-then
-        echo "TESTING: servers unbound, private-dev, private-tmp (servers5.exp)"
-        ./servers5.exp
-fi
-
-if [ -f /etc/init.d/nginx ]
-then
-        echo "TESTING: servers nginx, private-dev, private-tmp (servers6.exp)"
-        ./servers6.exp
-fi
-
-echo "TESTING: seccomp umount (seccomp-umount.exp)"
-./filters/seccomp-umount.exp
-
-echo "TESTING: seccomp chmod (seccomp-chmod.exp)"
-./filters/seccomp-chmod.exp
-
-echo "TESTING: seccomp chown (seccomp-chown.exp)"
-./filters/seccomp-chown.exp
-
-echo "TESTING: bind directory (option_bind_directory.exp)"
-./option_bind_directory.exp
-
-echo "TESTING: bind file (option_bind_file.exp)"
-echo hello > tmpfile
-./option_bind_file.exp
-rm -f tmpfile
-
-echo "TESTING: firemon --interface (firemon-interface.exp)"
-./firemon-interface.exp
-
-if [ -f /sys/fs/cgroup/g1/tasks ]
-then
-        echo "TESTING: firemon --cgroup (firemon-cgroup.exp)"
-        ./firemon-cgroup.exp
-fi
-
-echo "TESTING: chroot resolv.conf (chroot-resolvconf.exp)"
-rm -f tmpfile
-touch tmpfile
-rm -f /tmp/chroot/etc/resolv.conf
-ln -s tmp /tmp/chroot/etc/resolv.conf
-./chroot-resolvconf.exp
-rm -f tmpfile
-rm /tmp/chroot/etc/resolv.conf
-