testing

author: netblue30 <netblue30@protonmail.com> 2023-03-08 16:23:30 -0500
committer: netblue30 <netblue30@protonmail.com> 2023-03-08 16:23:30 -0500
commit: acf8efb878b84882a9df61eff51fdcaceb522a4c (patch)
tree: 88042e5d0723c36a10efc05774335bd0df52703a /test/capabilities/caps.exp
parent: Merge pull request #5717 from glitsj16/aa-examples (diff)
download: firejail-acf8efb878b84882a9df61eff51fdcaceb522a4c.tar.gz
firejail-acf8efb878b84882a9df61eff51fdcaceb522a4c.tar.zst
firejail-acf8efb878b84882a9df61eff51fdcaceb522a4c.zip
1 files changed, 139 insertions, 0 deletions
diff --git a/test/capabilities/caps.exp b/test/capabilities/caps.exp
new file mode 100755
index 000000000..dbd63efda
--- /dev/null
+++ b/test/capabilities/caps.exp
@@ -0,0 +1,139 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --caps.keep=chown,fowner --noprofile\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+after 100
+send -- "cat /proc/self/status\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "CapBnd:        0000000000000009"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Seccomp:"
+}
+send -- "exit\r"
+sleep 1
+send -- "firejail --caps.drop=all --noprofile\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+after 100
+send -- "cat /proc/self/status\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "CapBnd:        0000000000000000"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "Seccomp:"
+}
+send -- "exit\r"
+sleep 1
+send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+after 100
+send -- "cat /proc/self/status\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "fffffff0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "Seccomp:"
+}
+send -- "exit\r"
+sleep 1
+send -- "firejail --profile=caps1.profile --debug\r"
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "Drop CAP_SYS_MODULE"
+}
+expect {
+        timeout {puts "TESTING ERROR 12\n";exit}
+        "Drop CAP_SYS_ADMIN"
+}
+expect {
+        timeout {puts "TESTING ERROR 13\n";exit}
+        "Drop CAP_" {puts "TESTING ERROR 14\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+after 100
+send -- "exit\r"
+sleep 1
+## tofix: possible problem with caps.keep in profile files
+##send -- "firejail --caps.keep=chown,fowner --noprofile\r"
+#send -- "firejail --profile=caps2.profile\r"
+#expect {
+#       timeout {puts "TESTING ERROR 15\n";exit}
+#       -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+#}
+#after 100
+#
+#send -- "cat /proc/self/status\r"
+#expect {
+#       timeout {puts "TESTING ERROR 16\n";exit}
+#       "CapBnd:        0000000000000009"
+#}
+#expect {
+#       timeout {puts "TESTING ERROR 17\n";exit}
+#       "Seccomp:"
+#}
+#send -- "exit\r"
+#sleep 1
+#send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r"
+send -- "firejail --profile=caps3.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 18\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+after 100
+send -- "cat /proc/self/status\r"
+expect {
+        timeout {puts "TESTING ERROR 19\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 20\n";exit}
+        "fffffff0"
+}
+expect {
+        timeout {puts "TESTING ERROR 21\n";exit}
+        "Seccomp:"
+}
+send -- "exit\r"
+sleep 1
+after 100
+puts "\nall done\n"
author	netblue30 <netblue30@protonmail.com>	2023-03-08 16:23:30 -0500
committer	netblue30 <netblue30@protonmail.com>	2023-03-08 16:23:30 -0500
commit	acf8efb878b84882a9df61eff51fdcaceb522a4c (patch)
tree	88042e5d0723c36a10efc05774335bd0df52703a /test/capabilities/caps.exp
parent	Merge pull request #5717 from glitsj16/aa-examples (diff)
download	firejail-acf8efb878b84882a9df61eff51fdcaceb522a4c.tar.gz firejail-acf8efb878b84882a9df61eff51fdcaceb522a4c.tar.zst firejail-acf8efb878b84882a9df61eff51fdcaceb522a4c.zip

diff --git a/test/capabilities/caps.exp b/test/capabilities/caps.exp new file mode 100755 index 000000000..dbd63efda --- /dev/null +++ b/test/capabilities/caps.exp
@@ -0,0 +1,139 @@
	1	#!/usr/bin/expect -f
	2	# This file is part of Firejail project
	3	# Copyright (C) 2014-2023 Firejail Authors
	4	# License GPL v2
	5
	6	set timeout 10
	7	spawn $env(SHELL)
	8	match_max 100000
	9
	10	send -- "firejail --caps.keep=chown,fowner --noprofile\r"
	11	expect {
	12	timeout {puts "TESTING ERROR 1\n";exit}
	13	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	14	}
	15	after 100
	16
	17	send -- "cat /proc/self/status\r"
	18	expect {
	19	timeout {puts "TESTING ERROR 2\n";exit}
	20	"CapBnd: 0000000000000009"
	21	}
	22	expect {
	23	timeout {puts "TESTING ERROR 3\n";exit}
	24	"Seccomp:"
	25	}
	26	send -- "exit\r"
	27	sleep 1
	28
	29	send -- "firejail --caps.drop=all --noprofile\r"
	30	expect {
	31	timeout {puts "TESTING ERROR 4\n";exit}
	32	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	33	}
	34	after 100
	35
	36	send -- "cat /proc/self/status\r"
	37	expect {
	38	timeout {puts "TESTING ERROR 5\n";exit}
	39	"CapBnd: 0000000000000000"
	40	}
	41	expect {
	42	timeout {puts "TESTING ERROR 6\n";exit}
	43	"Seccomp:"
	44	}
	45	send -- "exit\r"
	46	sleep 1
	47
	48	send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r"
	49	expect {
	50	timeout {puts "TESTING ERROR 7\n";exit}
	51	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	52	}
	53	after 100
	54
	55	send -- "cat /proc/self/status\r"
	56	expect {
	57	timeout {puts "TESTING ERROR 8\n";exit}
	58	"CapBnd:"
	59	}
	60	expect {
	61	timeout {puts "TESTING ERROR 9\n";exit}
	62	"fffffff0"
	63	}
	64	expect {
	65	timeout {puts "TESTING ERROR 10\n";exit}
	66	"Seccomp:"
	67	}
	68	send -- "exit\r"
	69	sleep 1
	70
	71
	72	send -- "firejail --profile=caps1.profile --debug\r"
	73	expect {
	74	timeout {puts "TESTING ERROR 11\n";exit}
	75	"Drop CAP_SYS_MODULE"
	76	}
	77	expect {
	78	timeout {puts "TESTING ERROR 12\n";exit}
	79	"Drop CAP_SYS_ADMIN"
	80	}
	81	expect {
	82	timeout {puts "TESTING ERROR 13\n";exit}
	83	"Drop CAP_" {puts "TESTING ERROR 14\n";exit}
	84	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	85	}
	86	after 100
	87	send -- "exit\r"
	88	sleep 1
	89
	90
	91	## tofix: possible problem with caps.keep in profile files
	92	##send -- "firejail --caps.keep=chown,fowner --noprofile\r"
	93	#send -- "firejail --profile=caps2.profile\r"
	94	#expect {
	95	# timeout {puts "TESTING ERROR 15\n";exit}
	96	# -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	97	#}
	98	#after 100
	99	#
	100	#send -- "cat /proc/self/status\r"
	101	#expect {
	102	# timeout {puts "TESTING ERROR 16\n";exit}
	103	# "CapBnd: 0000000000000009"
	104	#}
	105	#expect {
	106	# timeout {puts "TESTING ERROR 17\n";exit}
	107	# "Seccomp:"
	108	#}
	109	#send -- "exit\r"
	110	#sleep 1
	111
	112	#send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r"
	113	send -- "firejail --profile=caps3.profile\r"
	114	expect {
	115	timeout {puts "TESTING ERROR 18\n";exit}
	116	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	117	}
	118	after 100
	119
	120	send -- "cat /proc/self/status\r"
	121	expect {
	122	timeout {puts "TESTING ERROR 19\n";exit}
	123	"CapBnd:"
	124	}
	125	expect {
	126	timeout {puts "TESTING ERROR 20\n";exit}
	127	"fffffff0"
	128	}
	129	expect {
	130	timeout {puts "TESTING ERROR 21\n";exit}
	131	"Seccomp:"
	132	}
	133	send -- "exit\r"
	134	sleep 1
	135
	136
	137
	138	after 100
	139	puts "\nall done\n"