aboutsummaryrefslogtreecommitdiffstats
path: root/test/capabilities/caps.exp
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@protonmail.com>2023-03-08 17:09:17 -0500
committerLibravatar netblue30 <netblue30@protonmail.com>2023-03-08 17:09:17 -0500
commitaa0194eae75871f3fb5e15d31a9060527711adae (patch)
treebb535822c1469d4a1d6a736b7b58616b37d19d7d /test/capabilities/caps.exp
parenttesting (diff)
downloadfirejail-aa0194eae75871f3fb5e15d31a9060527711adae.tar.gz
firejail-aa0194eae75871f3fb5e15d31a9060527711adae.tar.zst
firejail-aa0194eae75871f3fb5e15d31a9060527711adae.zip
testing
Diffstat (limited to 'test/capabilities/caps.exp')
-rwxr-xr-xtest/capabilities/caps.exp44
1 files changed, 10 insertions, 34 deletions
diff --git a/test/capabilities/caps.exp b/test/capabilities/caps.exp
index dbd63efda..bd7ab04eb 100755
--- a/test/capabilities/caps.exp
+++ b/test/capabilities/caps.exp
@@ -7,14 +7,11 @@ set timeout 10
7spawn $env(SHELL) 7spawn $env(SHELL)
8match_max 100000 8match_max 100000
9 9
10send -- "firejail --caps.keep=chown,fowner --noprofile\r" 10send -- "firejail --caps.keep=chown,fowner --noprofile cat /proc/self/status\r"
11expect { 11expect {
12 timeout {puts "TESTING ERROR 1\n";exit} 12 timeout {puts "TESTING ERROR 1\n";exit}
13 -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" 13 -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
14} 14}
15after 100
16
17send -- "cat /proc/self/status\r"
18expect { 15expect {
19 timeout {puts "TESTING ERROR 2\n";exit} 16 timeout {puts "TESTING ERROR 2\n";exit}
20 "CapBnd: 0000000000000009" 17 "CapBnd: 0000000000000009"
@@ -23,17 +20,13 @@ expect {
23 timeout {puts "TESTING ERROR 3\n";exit} 20 timeout {puts "TESTING ERROR 3\n";exit}
24 "Seccomp:" 21 "Seccomp:"
25} 22}
26send -- "exit\r" 23after 500
27sleep 1
28 24
29send -- "firejail --caps.drop=all --noprofile\r" 25send -- "firejail --caps.drop=all --noprofile cat /proc/self/status\r"
30expect { 26expect {
31 timeout {puts "TESTING ERROR 4\n";exit} 27 timeout {puts "TESTING ERROR 4\n";exit}
32 -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" 28 -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
33} 29}
34after 100
35
36send -- "cat /proc/self/status\r"
37expect { 30expect {
38 timeout {puts "TESTING ERROR 5\n";exit} 31 timeout {puts "TESTING ERROR 5\n";exit}
39 "CapBnd: 0000000000000000" 32 "CapBnd: 0000000000000000"
@@ -42,17 +35,13 @@ expect {
42 timeout {puts "TESTING ERROR 6\n";exit} 35 timeout {puts "TESTING ERROR 6\n";exit}
43 "Seccomp:" 36 "Seccomp:"
44} 37}
45send -- "exit\r" 38after 500
46sleep 1
47 39
48send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r" 40send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile cat /proc/self/status\r"
49expect { 41expect {
50 timeout {puts "TESTING ERROR 7\n";exit} 42 timeout {puts "TESTING ERROR 7\n";exit}
51 -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" 43 -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
52} 44}
53after 100
54
55send -- "cat /proc/self/status\r"
56expect { 45expect {
57 timeout {puts "TESTING ERROR 8\n";exit} 46 timeout {puts "TESTING ERROR 8\n";exit}
58 "CapBnd:" 47 "CapBnd:"
@@ -65,11 +54,9 @@ expect {
65 timeout {puts "TESTING ERROR 10\n";exit} 54 timeout {puts "TESTING ERROR 10\n";exit}
66 "Seccomp:" 55 "Seccomp:"
67} 56}
68send -- "exit\r" 57after 500
69sleep 1
70 58
71 59send -- "firejail --profile=caps1.profile --debug ls\r"
72send -- "firejail --profile=caps1.profile --debug\r"
73expect { 60expect {
74 timeout {puts "TESTING ERROR 11\n";exit} 61 timeout {puts "TESTING ERROR 11\n";exit}
75 "Drop CAP_SYS_MODULE" 62 "Drop CAP_SYS_MODULE"
@@ -83,10 +70,7 @@ expect {
83 "Drop CAP_" {puts "TESTING ERROR 14\n";exit} 70 "Drop CAP_" {puts "TESTING ERROR 14\n";exit}
84 -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" 71 -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
85} 72}
86after 100 73after 500
87send -- "exit\r"
88sleep 1
89
90 74
91## tofix: possible problem with caps.keep in profile files 75## tofix: possible problem with caps.keep in profile files
92##send -- "firejail --caps.keep=chown,fowner --noprofile\r" 76##send -- "firejail --caps.keep=chown,fowner --noprofile\r"
@@ -110,14 +94,11 @@ sleep 1
110#sleep 1 94#sleep 1
111 95
112#send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r" 96#send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r"
113send -- "firejail --profile=caps3.profile\r" 97send -- "firejail --profile=caps3.profile cat /proc/self/status\r"
114expect { 98expect {
115 timeout {puts "TESTING ERROR 18\n";exit} 99 timeout {puts "TESTING ERROR 18\n";exit}
116 -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" 100 -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
117} 101}
118after 100
119
120send -- "cat /proc/self/status\r"
121expect { 102expect {
122 timeout {puts "TESTING ERROR 19\n";exit} 103 timeout {puts "TESTING ERROR 19\n";exit}
123 "CapBnd:" 104 "CapBnd:"
@@ -130,10 +111,5 @@ expect {
130 timeout {puts "TESTING ERROR 21\n";exit} 111 timeout {puts "TESTING ERROR 21\n";exit}
131 "Seccomp:" 112 "Seccomp:"
132} 113}
133send -- "exit\r" 114after 500
134sleep 1
135
136
137
138after 100
139puts "\nall done\n" 115puts "\nall done\n"
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-24 18:12:47 +0000