diff options
author | netblue30 <netblue30@protonmail.com> | 2023-02-28 09:51:26 -0500 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2023-02-28 09:51:26 -0500 |
commit | 27c4d069f322fbeca07c88e0e96208233103a5db (patch) | |
tree | fb4b4fdc75eb5e633ab55b8228a60f54176446a0 /test/features/features.txt | |
parent | fix cppcheck/scan-build problems (diff) | |
download | firejail-27c4d069f322fbeca07c88e0e96208233103a5db.tar.gz firejail-27c4d069f322fbeca07c88e0e96208233103a5db.tar.zst firejail-27c4d069f322fbeca07c88e0e96208233103a5db.zip |
chroot testing
Diffstat (limited to 'test/features/features.txt')
-rw-r--r-- | test/features/features.txt | 61 |
1 files changed, 0 insertions, 61 deletions
diff --git a/test/features/features.txt b/test/features/features.txt deleted file mode 100644 index 904803234..000000000 --- a/test/features/features.txt +++ /dev/null | |||
@@ -1,61 +0,0 @@ | |||
1 | Firejail Feature Testing | ||
2 | |||
3 | N - normal user filesystem | ||
4 | O - overlay filesystem | ||
5 | C - chroot filesystem | ||
6 | |||
7 | |||
8 | |||
9 | 1. Default features (tesing with --noprofile) | ||
10 | |||
11 | 1.1 disable /boot | ||
12 | 1.2 new /proc | ||
13 | 1.3 new /sys | ||
14 | - N, O fails remount, C fails remount | ||
15 | |||
16 | 1.4 mask other users | ||
17 | - home directory: N, O, C | ||
18 | - /etc/passwd: N, O, C to test | ||
19 | - /etc/group: N, O, C to test | ||
20 | |||
21 | 1.5 PID namespace | ||
22 | 1.6 new /var/log | ||
23 | 1.7 new /var/tmp | ||
24 | 1.8 disable firejail config and run time information | ||
25 | 1.9 mount namespace | ||
26 | 1.10 disable /selinux | ||
27 | |||
28 | |||
29 | 2. Networking features | ||
30 | |||
31 | 2.1 Hostname (use --hostname=newhostname, do a ping and cat /etc/hostname) | ||
32 | - ping disabled for C by default seccomp filter, use "getent hosts bingo" | ||
33 | |||
34 | 2.2 DNS (use --dns=4.2.2.1, use "dig google.com") | ||
35 | 2.3 mac-vlan (use --net=eth0 and --noprofile; run ifconfig and dig google.com) | ||
36 | 2.4 bridge (use --net=br0 and --noprofile; run ifconfig, netstat -rn, ping default gw) | ||
37 | - ping disabled for C by default seccomp filter - transfer test not implemented for C | ||
38 | 2.5 interface | ||
39 | 2.6 Default gw (--noprofile --net=eth0 --defaultgw=192.168.1.10, run netstat -rn) | ||
40 | |||
41 | |||
42 | 3. Filesystem features (use --noprofile) | ||
43 | |||
44 | 3.1 private | ||
45 | 3.2 read-only | ||
46 | 3.3 blacklist | ||
47 | 3.4 whitelist home | ||
48 | - N braking on Fedora | ||
49 | 3.5 private-dev | ||
50 | - O, C - somehow /dev/log is missing | ||
51 | - N - problems on Debian wheezy 32-bit, Fedora | ||
52 | 3.6 private-etc | ||
53 | - O not working - todo | ||
54 | 3.7 private-tmp | ||
55 | 3.8 private-bin | ||
56 | - O, C not working - todo | ||
57 | 3.9 whitelist dev | ||
58 | - N not working on Debian wheezy (32-bit and 64-bit) - todo | ||
59 | 3.10 whitelist tmp | ||
60 | - O not working on Arch Linux - todo | ||
61 | 3.11 mkdir | ||