diff options
author | netblue30 <netblue30@yahoo.com> | 2015-11-22 13:15:13 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-11-22 13:15:13 -0500 |
commit | a8d758ba9e7314de9208e4b7d4a5307d1b4fefd0 (patch) | |
tree | 4002cad80b79157ef2c300ca8f12625a5b0b8b17 /test/features | |
parent | fixes (diff) | |
download | firejail-a8d758ba9e7314de9208e4b7d4a5307d1b4fefd0.tar.gz firejail-a8d758ba9e7314de9208e4b7d4a5307d1b4fefd0.tar.zst firejail-a8d758ba9e7314de9208e4b7d4a5307d1b4fefd0.zip |
feature test
Diffstat (limited to 'test/features')
-rwxr-xr-x | test/features/1.1.exp | 69 | ||||
-rwxr-xr-x | test/features/1.2.exp | 141 | ||||
-rwxr-xr-x | test/features/1.5.exp | 69 | ||||
-rwxr-xr-x | test/features/1.6.exp | 69 | ||||
-rwxr-xr-x | test/features/1.7.exp | 71 | ||||
-rwxr-xr-x | test/features/1.8.exp | 71 | ||||
-rw-r--r-- | test/features/features.txt | 64 | ||||
-rwxr-xr-x | test/features/test.sh | 24 |
8 files changed, 578 insertions, 0 deletions
diff --git a/test/features/1.1.exp b/test/features/1.1.exp new file mode 100755 index 000000000..41443a080 --- /dev/null +++ b/test/features/1.1.exp | |||
@@ -0,0 +1,69 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # | ||
3 | # new /boot | ||
4 | # | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # | ||
11 | # N | ||
12 | # | ||
13 | send -- "firejail --noprofile\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 0\n";exit} | ||
16 | "Child process initialized" | ||
17 | } | ||
18 | sleep 1 | ||
19 | |||
20 | send -- "ls -l /boot | wc -l\r" | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 1\n";exit} | ||
23 | "1" | ||
24 | } | ||
25 | after 100 | ||
26 | send -- "exit\r" | ||
27 | sleep 1 | ||
28 | |||
29 | |||
30 | # | ||
31 | # O | ||
32 | # | ||
33 | send -- "firejail --noprofile --overlay\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 2\n";exit} | ||
36 | "Child process initialized" | ||
37 | } | ||
38 | sleep 1 | ||
39 | |||
40 | send -- "ls -l /boot | wc -l\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 3\n";exit} | ||
43 | "1" | ||
44 | } | ||
45 | after 100 | ||
46 | send -- "exit\r" | ||
47 | sleep 1 | ||
48 | |||
49 | # | ||
50 | # C | ||
51 | # | ||
52 | send -- "firejail --noprofile --chroot=/tmp/chroot\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 3\n";exit} | ||
55 | "Child process initialized" | ||
56 | } | ||
57 | sleep 1 | ||
58 | |||
59 | send -- "ls -l /boot | wc -l\r" | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 4\n";exit} | ||
62 | "1" | ||
63 | } | ||
64 | after 100 | ||
65 | send -- "exit\r" | ||
66 | sleep 1 | ||
67 | |||
68 | |||
69 | puts "\nall done\n" | ||
diff --git a/test/features/1.2.exp b/test/features/1.2.exp new file mode 100755 index 000000000..399e9948b --- /dev/null +++ b/test/features/1.2.exp | |||
@@ -0,0 +1,141 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # | ||
3 | # new /proc | ||
4 | # | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # | ||
11 | # N | ||
12 | # | ||
13 | send -- "firejail --noprofile\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 0\n";exit} | ||
16 | "Child process initialized" | ||
17 | } | ||
18 | sleep 1 | ||
19 | |||
20 | send -- "cat /proc/mounts | grep proc\r" | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
23 | "proc /proc proc" | ||
24 | } | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
27 | "proc /proc proc" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 1.3\n";exit} | ||
31 | "proc /proc/sys proc" | ||
32 | } | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 1.4\n";exit} | ||
35 | "proc /proc/sysrq-trigger proc" | ||
36 | } | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 1.5\n";exit} | ||
39 | "proc /proc/sys/kernel/hotplug" | ||
40 | } | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 1.6\n";exit} | ||
43 | "proc /proc/irq proc" | ||
44 | } | ||
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 1.7\n";exit} | ||
47 | "proc /proc/bus proc" | ||
48 | } | ||
49 | after 100 | ||
50 | send -- "exit\r" | ||
51 | sleep 1 | ||
52 | |||
53 | |||
54 | # | ||
55 | # O | ||
56 | # | ||
57 | send -- "firejail --noprofile --overlay\r" | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 2\n";exit} | ||
60 | "Child process initialized" | ||
61 | } | ||
62 | sleep 1 | ||
63 | |||
64 | send -- "cat /proc/mounts | grep proc\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
67 | "proc /proc proc" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
71 | "proc /proc proc" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 3.3\n";exit} | ||
75 | "proc /proc/sys proc" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 3.4\n";exit} | ||
79 | "proc /proc/sysrq-trigger proc" | ||
80 | } | ||
81 | expect { | ||
82 | timeout {puts "TESTING ERROR 3.5\n";exit} | ||
83 | "proc /proc/sys/kernel/hotplug" | ||
84 | } | ||
85 | expect { | ||
86 | timeout {puts "TESTING ERROR 3.6\n";exit} | ||
87 | "proc /proc/irq proc" | ||
88 | } | ||
89 | expect { | ||
90 | timeout {puts "TESTING ERROR 3.7\n";exit} | ||
91 | "proc /proc/bus proc" | ||
92 | } | ||
93 | after 100 | ||
94 | send -- "exit\r" | ||
95 | sleep 1 | ||
96 | |||
97 | # | ||
98 | # C | ||
99 | # | ||
100 | send -- "firejail --noprofile --chroot=/tmp/chroot\r" | ||
101 | expect { | ||
102 | timeout {puts "TESTING ERROR 4\n";exit} | ||
103 | "Child process initialized" | ||
104 | } | ||
105 | sleep 1 | ||
106 | |||
107 | send -- "cat /proc/mounts | grep proc\r" | ||
108 | expect { | ||
109 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
110 | "proc /proc proc" | ||
111 | } | ||
112 | expect { | ||
113 | timeout {puts "TESTING ERROR 5.2\n";exit} | ||
114 | "proc /proc proc" | ||
115 | } | ||
116 | expect { | ||
117 | timeout {puts "TESTING ERROR 5.3\n";exit} | ||
118 | "proc /proc/sys proc" | ||
119 | } | ||
120 | expect { | ||
121 | timeout {puts "TESTING ERROR 5.4\n";exit} | ||
122 | "proc /proc/sysrq-trigger proc" | ||
123 | } | ||
124 | expect { | ||
125 | timeout {puts "TESTING ERROR 5.5\n";exit} | ||
126 | "proc /proc/sys/kernel/hotplug" | ||
127 | } | ||
128 | expect { | ||
129 | timeout {puts "TESTING ERROR 5.6\n";exit} | ||
130 | "proc /proc/irq proc" | ||
131 | } | ||
132 | expect { | ||
133 | timeout {puts "TESTING ERROR 5.7\n";exit} | ||
134 | "proc /proc/bus proc" | ||
135 | } | ||
136 | after 100 | ||
137 | send -- "exit\r" | ||
138 | sleep 1 | ||
139 | |||
140 | |||
141 | puts "\nall done\n" | ||
diff --git a/test/features/1.5.exp b/test/features/1.5.exp new file mode 100755 index 000000000..d722c5811 --- /dev/null +++ b/test/features/1.5.exp | |||
@@ -0,0 +1,69 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # | ||
3 | # PID namespace | ||
4 | # | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # | ||
11 | # N | ||
12 | # | ||
13 | send -- "firejail --noprofile\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 0\n";exit} | ||
16 | "Child process initialized" | ||
17 | } | ||
18 | sleep 1 | ||
19 | |||
20 | send -- "ps aux | wc -l \r" | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 1\n";exit} | ||
23 | "5" | ||
24 | } | ||
25 | after 100 | ||
26 | send -- "exit\r" | ||
27 | sleep 1 | ||
28 | |||
29 | |||
30 | # | ||
31 | # O | ||
32 | # | ||
33 | send -- "firejail --noprofile --overlay\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 2\n";exit} | ||
36 | "Child process initialized" | ||
37 | } | ||
38 | sleep 1 | ||
39 | |||
40 | send -- "ps aux | wc -l \r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 3\n";exit} | ||
43 | "5" | ||
44 | } | ||
45 | after 100 | ||
46 | send -- "exit\r" | ||
47 | sleep 1 | ||
48 | |||
49 | # | ||
50 | # C | ||
51 | # | ||
52 | send -- "firejail --noprofile --chroot=/tmp/chroot\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 3\n";exit} | ||
55 | "Child process initialized" | ||
56 | } | ||
57 | sleep 1 | ||
58 | |||
59 | send -- "ps aux | wc -l \r" | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 4\n";exit} | ||
62 | "5" | ||
63 | } | ||
64 | after 100 | ||
65 | send -- "exit\r" | ||
66 | sleep 1 | ||
67 | |||
68 | |||
69 | puts "\nall done\n" | ||
diff --git a/test/features/1.6.exp b/test/features/1.6.exp new file mode 100755 index 000000000..a9c8f2a19 --- /dev/null +++ b/test/features/1.6.exp | |||
@@ -0,0 +1,69 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # | ||
3 | # new /var/log | ||
4 | # | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # | ||
11 | # N | ||
12 | # | ||
13 | send -- "firejail --noprofile\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 0\n";exit} | ||
16 | "Child process initialized" | ||
17 | } | ||
18 | sleep 1 | ||
19 | |||
20 | send -- "ls -l /var/log/syslog | wc -l\r" | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 1\n";exit} | ||
23 | "0" | ||
24 | } | ||
25 | after 100 | ||
26 | send -- "exit\r" | ||
27 | sleep 1 | ||
28 | |||
29 | |||
30 | # | ||
31 | # O | ||
32 | # | ||
33 | send -- "firejail --noprofile --overlay\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 2\n";exit} | ||
36 | "Child process initialized" | ||
37 | } | ||
38 | sleep 1 | ||
39 | |||
40 | send -- "ls -l /var/log/syslog | wc -l\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 3\n";exit} | ||
43 | "0" | ||
44 | } | ||
45 | after 100 | ||
46 | send -- "exit\r" | ||
47 | sleep 1 | ||
48 | |||
49 | # | ||
50 | # C | ||
51 | # | ||
52 | send -- "firejail --noprofile --chroot=/tmp/chroot\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 3\n";exit} | ||
55 | "Child process initialized" | ||
56 | } | ||
57 | sleep 1 | ||
58 | |||
59 | send -- "ls -l /var/log/syslog | wc -l\r" | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 4\n";exit} | ||
62 | "0" | ||
63 | } | ||
64 | after 100 | ||
65 | send -- "exit\r" | ||
66 | sleep 1 | ||
67 | |||
68 | |||
69 | puts "\nall done\n" | ||
diff --git a/test/features/1.7.exp b/test/features/1.7.exp new file mode 100755 index 000000000..0de3e224d --- /dev/null +++ b/test/features/1.7.exp | |||
@@ -0,0 +1,71 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # | ||
3 | # new /var/tmp | ||
4 | # | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # | ||
11 | # N | ||
12 | # | ||
13 | send -- "touch /var/tmp/somefile\r" | ||
14 | sleep 1 | ||
15 | send -- "firejail --noprofile\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 0\n";exit} | ||
18 | "Child process initialized" | ||
19 | } | ||
20 | sleep 1 | ||
21 | |||
22 | send -- "ls -l /var/tmp/somefile | wc -l\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 1\n";exit} | ||
25 | "0" | ||
26 | } | ||
27 | after 100 | ||
28 | send -- "exit\r" | ||
29 | sleep 1 | ||
30 | |||
31 | |||
32 | # | ||
33 | # O | ||
34 | # | ||
35 | send -- "firejail --noprofile --overlay\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 2\n";exit} | ||
38 | "Child process initialized" | ||
39 | } | ||
40 | sleep 1 | ||
41 | |||
42 | send -- "ls -l /var/tmp/somefile | wc -l\r" | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 3\n";exit} | ||
45 | "0" | ||
46 | } | ||
47 | after 100 | ||
48 | send -- "exit\r" | ||
49 | sleep 1 | ||
50 | |||
51 | # | ||
52 | # C | ||
53 | # | ||
54 | send -- "firejail --noprofile --chroot=/tmp/chroot\r" | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 3\n";exit} | ||
57 | "Child process initialized" | ||
58 | } | ||
59 | sleep 1 | ||
60 | |||
61 | send -- "ls -l /var/tmp/somefile | wc -l\r" | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 4\n";exit} | ||
64 | "0" | ||
65 | } | ||
66 | after 100 | ||
67 | send -- "exit\r" | ||
68 | sleep 1 | ||
69 | |||
70 | |||
71 | puts "\nall done\n" | ||
diff --git a/test/features/1.8.exp b/test/features/1.8.exp new file mode 100755 index 000000000..514dd3b81 --- /dev/null +++ b/test/features/1.8.exp | |||
@@ -0,0 +1,71 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # | ||
3 | # disable /etc/firejail and ~/.config/firejail | ||
4 | # | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # | ||
11 | # N | ||
12 | # | ||
13 | send -- "touch /var/tmp/somefile\r" | ||
14 | sleep 1 | ||
15 | send -- "firejail --noprofile\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 0\n";exit} | ||
18 | "Child process initialized" | ||
19 | } | ||
20 | sleep 1 | ||
21 | |||
22 | send -- "ls -l /var/tmp/somefile | wc -l\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 1\n";exit} | ||
25 | "0" | ||
26 | } | ||
27 | after 100 | ||
28 | send -- "exit\r" | ||
29 | sleep 1 | ||
30 | |||
31 | |||
32 | # | ||
33 | # O | ||
34 | # | ||
35 | send -- "firejail --noprofile --overlay\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 2\n";exit} | ||
38 | "Child process initialized" | ||
39 | } | ||
40 | sleep 1 | ||
41 | |||
42 | send -- "ls -l /var/tmp/somefile | wc -l\r" | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 3\n";exit} | ||
45 | "0" | ||
46 | } | ||
47 | after 100 | ||
48 | send -- "exit\r" | ||
49 | sleep 1 | ||
50 | |||
51 | # | ||
52 | # C | ||
53 | # | ||
54 | send -- "firejail --noprofile --chroot=/tmp/chroot\r" | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 3\n";exit} | ||
57 | "Child process initialized" | ||
58 | } | ||
59 | sleep 1 | ||
60 | |||
61 | send -- "ls -l /var/tmp/somefile | wc -l\r" | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 4\n";exit} | ||
64 | "0" | ||
65 | } | ||
66 | after 100 | ||
67 | send -- "exit\r" | ||
68 | sleep 1 | ||
69 | |||
70 | |||
71 | puts "\nall done\n" | ||
diff --git a/test/features/features.txt b/test/features/features.txt new file mode 100644 index 000000000..a95eeef37 --- /dev/null +++ b/test/features/features.txt | |||
@@ -0,0 +1,64 @@ | |||
1 | Firejail Feature Testing | ||
2 | |||
3 | N - normal user filesystem | ||
4 | O - overlay filesystem | ||
5 | C - chroot filesystem | ||
6 | |||
7 | |||
8 | |||
9 | 1. Default features (tesing with --noprofile) | ||
10 | |||
11 | 1.1 new /boot | ||
12 | - N, O, C | ||
13 | |||
14 | 1.2 new /proc | ||
15 | - N, O, C | ||
16 | |||
17 | 1.3 new /sys | ||
18 | - N, O fails remount, C fails remount | ||
19 | |||
20 | 1.4 mask other users | ||
21 | - home directory: N, O, C | ||
22 | - /etc/passwd: N, O, C to test | ||
23 | - /etc/group: N, O, C to test | ||
24 | |||
25 | 1.5 PID namespace | ||
26 | - N, O, C | ||
27 | |||
28 | 1.6 new /var/log | ||
29 | - N, O, C | ||
30 | |||
31 | 1.7 new /var/tmp | ||
32 | -N, O, C | ||
33 | |||
34 | 1.8 disable /etc/firejail and ~/.config/firejail | ||
35 | |||
36 | |||
37 | |||
38 | 2. Networking features | ||
39 | |||
40 | 2.1 Hostname (use --hostname=bing, do a ping and cat /etc/hostname) | ||
41 | - N, O, C | ||
42 | - ping disabled for C by default seccomp filter, use "getent hosts bingo" | ||
43 | |||
44 | 2.2 DNS (use --dns=4.2.2.1, use "dig google.com") | ||
45 | - N, O, C | ||
46 | |||
47 | 2.3 mac-vlan (use --net=eth0 and --noprofile; run ifconfig and dig google.com) | ||
48 | - N, O, C | ||
49 | |||
50 | 2.4 bridge (use --net=br0 and --noprofile; run ifconfig, netstat -rn, ping default gw) | ||
51 | - N, O, C | ||
52 | - ping disabled for C by default seccomp filter | ||
53 | |||
54 | 2.5 IP address (--noprofile --net=eth0 --ip=192.168.1.226 --net=br0 --ip=10.10.20.3, run ifconfig and netstat -rn) | ||
55 | - N, O, C | ||
56 | |||
57 | 2.6 Default gw (--noprofile --net=eth0 --defaultgw=192.168.1.10, run netstat -rn) | ||
58 | - N, O, C | ||
59 | |||
60 | |||
61 | |||
62 | 3. Filesystem features (use --noprofile) | ||
63 | |||
64 | \ No newline at end of file | ||
diff --git a/test/features/test.sh b/test/features/test.sh new file mode 100755 index 000000000..b4ef6503a --- /dev/null +++ b/test/features/test.sh | |||
@@ -0,0 +1,24 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | # | ||
4 | # Feature testing | ||
5 | # | ||
6 | |||
7 | echo "TESTING: 1.1. new /boot" | ||
8 | ./1.1.exp | ||
9 | |||
10 | echo "TESTING: 1.2. new /proc" | ||
11 | ./1.2.exp | ||
12 | |||
13 | echo "TESTING: 1.5. PID namespace" | ||
14 | ./1.5.exp | ||
15 | |||
16 | echo "TESTING: 1.6 new /var/log" | ||
17 | ./1.6.exp | ||
18 | |||
19 | echo "TESTING: 1.7 new /var/tmp" | ||
20 | ./1.7.exp | ||
21 | |||
22 | #echo "TESTING: " | ||
23 | #./1..exp | ||
24 | |||