testing

author: smitsohu <smitsohu@gmail.com> 2022-12-24 03:06:46 +0100
committer: smitsohu <smitsohu@gmail.com> 2022-12-24 03:08:31 +0100
commit: 5116c1ceddf1966c852cbe2d81a2b2672dc3ba90 (patch)
tree: e906d805ab72e9de41328cfdd7089ee4c17c66a6 /test/filters/namespaces-32.exp
parent: chroot: make search permission check explicit (diff)
download: firejail-5116c1ceddf1966c852cbe2d81a2b2672dc3ba90.tar.gz
firejail-5116c1ceddf1966c852cbe2d81a2b2672dc3ba90.tar.zst
firejail-5116c1ceddf1966c852cbe2d81a2b2672dc3ba90.zip
1 files changed, 173 insertions, 0 deletions
diff --git a/test/filters/namespaces-32.exp b/test/filters/namespaces-32.exp
new file mode 100755
index 000000000..b643a28d3
--- /dev/null
+++ b/test/filters/namespaces-32.exp
@@ -0,0 +1,173 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2022 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+#
+# clone
+#
+send --  "firejail --noprofile ./namespaces-32 clone cgroup,ipc,mnt,net,pid,user,uts\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "clone successful"
+}
+after 100
+send --  "firejail --noprofile --restrict-namespaces ./namespaces-32 clone user\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Error: clone: Operation not permitted"
+}
+after 100
+send --  "firejail --noprofile --restrict-namespaces=user ./namespaces-32 clone user\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "Error: clone: Operation not permitted"
+}
+after 100
+send --  "firejail --noprofile --restrict-namespaces=user ./namespaces-32 clone cgroup,ipc,mnt,net,pid,user,uts\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "Error: clone: Operation not permitted"
+}
+after 100
+send --  "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 clone cgroup\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "Error: clone: Operation not permitted"
+}
+after 100
+send --  "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 clone ipc\r"
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "Error: clone: Operation not permitted"
+}
+after 100
+send --  "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 clone mnt,net,pid,uts\r"
+expect {
+        timeout {puts "TESTING ERROR 12\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 13\n";exit}
+        "clone successful"
+}
+after 100
+#
+# unshare
+#
+send --  "firejail --noprofile ./namespaces-32 unshare cgroup,ipc,mnt,net,pid,user,uts\r"
+expect {
+        timeout {puts "TESTING ERROR 14\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 15\n";exit}
+        "unshare successful"
+}
+after 100
+send --  "firejail --noprofile --restrict-namespaces ./namespaces-32 unshare user\r"
+expect {
+        timeout {puts "TESTING ERROR 16\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 17\n";exit}
+        "Error: unshare: Operation not permitted"
+}
+after 100
+send --  "firejail --noprofile --restrict-namespaces=user ./namespaces-32 unshare user\r"
+expect {
+        timeout {puts "TESTING ERROR 18\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 19\n";exit}
+        "Error: unshare: Operation not permitted"
+}
+after 100
+send --  "firejail --noprofile --restrict-namespaces=user ./namespaces-32 unshare cgroup,ipc,mnt,net,pid,user,uts\r"
+expect {
+        timeout {puts "TESTING ERROR 20\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 21\n";exit}
+        "Error: unshare: Operation not permitted"
+}
+after 100
+send --  "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 unshare cgroup\r"
+expect {
+        timeout {puts "TESTING ERROR 22\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 23\n";exit}
+        "Error: unshare: Operation not permitted"
+}
+after 100
+send --  "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 unshare ipc\r"
+expect {
+        timeout {puts "TESTING ERROR 24\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 25\n";exit}
+        "Error: unshare: Operation not permitted"
+}
+after 100
+send --  "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 unshare mnt,net,pid,uts\r"
+expect {
+        timeout {puts "TESTING ERROR 26\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 27\n";exit}
+        "unshare successful"
+}
+after 100
+puts "\nall done\n"
author	smitsohu <smitsohu@gmail.com>	2022-12-24 03:06:46 +0100
committer	smitsohu <smitsohu@gmail.com>	2022-12-24 03:08:31 +0100
commit	5116c1ceddf1966c852cbe2d81a2b2672dc3ba90 (patch)
tree	e906d805ab72e9de41328cfdd7089ee4c17c66a6 /test/filters/namespaces-32.exp
parent	chroot: make search permission check explicit (diff)
download	firejail-5116c1ceddf1966c852cbe2d81a2b2672dc3ba90.tar.gz firejail-5116c1ceddf1966c852cbe2d81a2b2672dc3ba90.tar.zst firejail-5116c1ceddf1966c852cbe2d81a2b2672dc3ba90.zip

diff --git a/test/filters/namespaces-32.exp b/test/filters/namespaces-32.exp new file mode 100755 index 000000000..b643a28d3 --- /dev/null +++ b/test/filters/namespaces-32.exp
@@ -0,0 +1,173 @@
	1	#!/usr/bin/expect -f
	2	# This file is part of Firejail project
	3	# Copyright (C) 2014-2022 Firejail Authors
	4	# License GPL v2
	5
	6	set timeout 10
	7	spawn $env(SHELL)
	8	match_max 100000
	9
	10	#
	11	# clone
	12	#
	13
	14	send -- "firejail --noprofile ./namespaces-32 clone cgroup,ipc,mnt,net,pid,user,uts\r"
	15	expect {
	16	timeout {puts "TESTING ERROR 0\n";exit}
	17	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	18	}
	19	expect {
	20	timeout {puts "TESTING ERROR 1\n";exit}
	21	"clone successful"
	22	}
	23	after 100
	24
	25	send -- "firejail --noprofile --restrict-namespaces ./namespaces-32 clone user\r"
	26	expect {
	27	timeout {puts "TESTING ERROR 2\n";exit}
	28	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	29	}
	30	expect {
	31	timeout {puts "TESTING ERROR 3\n";exit}
	32	"Error: clone: Operation not permitted"
	33	}
	34	after 100
	35
	36	send -- "firejail --noprofile --restrict-namespaces=user ./namespaces-32 clone user\r"
	37	expect {
	38	timeout {puts "TESTING ERROR 4\n";exit}
	39	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	40	}
	41	expect {
	42	timeout {puts "TESTING ERROR 5\n";exit}
	43	"Error: clone: Operation not permitted"
	44	}
	45	after 100
	46
	47	send -- "firejail --noprofile --restrict-namespaces=user ./namespaces-32 clone cgroup,ipc,mnt,net,pid,user,uts\r"
	48	expect {
	49	timeout {puts "TESTING ERROR 6\n";exit}
	50	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	51	}
	52	expect {
	53	timeout {puts "TESTING ERROR 7\n";exit}
	54	"Error: clone: Operation not permitted"
	55	}
	56	after 100
	57
	58	send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 clone cgroup\r"
	59	expect {
	60	timeout {puts "TESTING ERROR 8\n";exit}
	61	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	62	}
	63	expect {
	64	timeout {puts "TESTING ERROR 9\n";exit}
	65	"Error: clone: Operation not permitted"
	66	}
	67	after 100
	68
	69	send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 clone ipc\r"
	70	expect {
	71	timeout {puts "TESTING ERROR 10\n";exit}
	72	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	73	}
	74	expect {
	75	timeout {puts "TESTING ERROR 11\n";exit}
	76	"Error: clone: Operation not permitted"
	77	}
	78	after 100
	79
	80	send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 clone mnt,net,pid,uts\r"
	81	expect {
	82	timeout {puts "TESTING ERROR 12\n";exit}
	83	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	84	}
	85	expect {
	86	timeout {puts "TESTING ERROR 13\n";exit}
	87	"clone successful"
	88	}
	89	after 100
	90
	91	#
	92	# unshare
	93	#
	94
	95	send -- "firejail --noprofile ./namespaces-32 unshare cgroup,ipc,mnt,net,pid,user,uts\r"
	96	expect {
	97	timeout {puts "TESTING ERROR 14\n";exit}
	98	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	99	}
	100	expect {
	101	timeout {puts "TESTING ERROR 15\n";exit}
	102	"unshare successful"
	103	}
	104	after 100
	105
	106	send -- "firejail --noprofile --restrict-namespaces ./namespaces-32 unshare user\r"
	107	expect {
	108	timeout {puts "TESTING ERROR 16\n";exit}
	109	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	110	}
	111	expect {
	112	timeout {puts "TESTING ERROR 17\n";exit}
	113	"Error: unshare: Operation not permitted"
	114	}
	115	after 100
	116
	117	send -- "firejail --noprofile --restrict-namespaces=user ./namespaces-32 unshare user\r"
	118	expect {
	119	timeout {puts "TESTING ERROR 18\n";exit}
	120	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	121	}
	122	expect {
	123	timeout {puts "TESTING ERROR 19\n";exit}
	124	"Error: unshare: Operation not permitted"
	125	}
	126	after 100
	127
	128	send -- "firejail --noprofile --restrict-namespaces=user ./namespaces-32 unshare cgroup,ipc,mnt,net,pid,user,uts\r"
	129	expect {
	130	timeout {puts "TESTING ERROR 20\n";exit}
	131	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	132	}
	133	expect {
	134	timeout {puts "TESTING ERROR 21\n";exit}
	135	"Error: unshare: Operation not permitted"
	136	}
	137	after 100
	138
	139	send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 unshare cgroup\r"
	140	expect {
	141	timeout {puts "TESTING ERROR 22\n";exit}
	142	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	143	}
	144	expect {
	145	timeout {puts "TESTING ERROR 23\n";exit}
	146	"Error: unshare: Operation not permitted"
	147	}
	148	after 100
	149
	150	send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 unshare ipc\r"
	151	expect {
	152	timeout {puts "TESTING ERROR 24\n";exit}
	153	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	154	}
	155	expect {
	156	timeout {puts "TESTING ERROR 25\n";exit}
	157	"Error: unshare: Operation not permitted"
	158	}
	159	after 100
	160
	161	send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 unshare mnt,net,pid,uts\r"
	162	expect {
	163	timeout {puts "TESTING ERROR 26\n";exit}
	164	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	165	}
	166	expect {
	167	timeout {puts "TESTING ERROR 27\n";exit}
	168	"unshare successful"
	169	}
	170
	171
	172	after 100
	173	puts "\nall done\n"