diff options
| author |  smitsohu <smitsohu@gmail.com> | 2023-03-02 17:34:07 +0100 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2023-03-02 17:34:07 +0100 |
| commit | eb8dfc1284f29afa76697f1f3e87b6374d1706fa (patch) | |
| tree | 7f0761dc76179d733c8fe2058e1ba16063c4d809 /test/filters/namespaces-32.exp | |
| parent | network testing; merges (diff) | |
| download | firejail-eb8dfc1284f29afa76697f1f3e87b6374d1706fa.tar.gz firejail-eb8dfc1284f29afa76697f1f3e87b6374d1706fa.tar.zst firejail-eb8dfc1284f29afa76697f1f3e87b6374d1706fa.zip | |
restrict-namespaces testing
Diffstat (limited to 'test/filters/namespaces-32.exp')
| -rwxr-xr-x | test/filters/namespaces-32.exp | 80 |
1 files changed, 60 insertions, 20 deletions
diff --git a/test/filters/namespaces-32.exp b/test/filters/namespaces-32.exp index 3b618bd01..f2310db3b 100755 --- a/test/filters/namespaces-32.exp +++ b/test/filters/namespaces-32.exp | |||
| @@ -20,7 +20,7 @@ expect { | |||
| 20 | timeout {puts "TESTING ERROR 1\n";exit} | 20 | timeout {puts "TESTING ERROR 1\n";exit} |
| 21 | "clone successful" | 21 | "clone successful" |
| 22 | } | 22 | } |
| 23 | after 100 | 23 | after 200 |
| 24 | 24 | ||
| 25 | send -- "firejail --noprofile --restrict-namespaces ./namespaces-32 clone user\r" | 25 | send -- "firejail --noprofile --restrict-namespaces ./namespaces-32 clone user\r" |
| 26 | expect { | 26 | expect { |
| @@ -31,7 +31,7 @@ expect { | |||
| 31 | timeout {puts "TESTING ERROR 3\n";exit} | 31 | timeout {puts "TESTING ERROR 3\n";exit} |
| 32 | "Error: clone: Operation not permitted" | 32 | "Error: clone: Operation not permitted" |
| 33 | } | 33 | } |
| 34 | after 100 | 34 | after 200 |
| 35 | 35 | ||
| 36 | send -- "firejail --noprofile --restrict-namespaces=user ./namespaces-32 clone user\r" | 36 | send -- "firejail --noprofile --restrict-namespaces=user ./namespaces-32 clone user\r" |
| 37 | expect { | 37 | expect { |
| @@ -42,7 +42,7 @@ expect { | |||
| 42 | timeout {puts "TESTING ERROR 5\n";exit} | 42 | timeout {puts "TESTING ERROR 5\n";exit} |
| 43 | "Error: clone: Operation not permitted" | 43 | "Error: clone: Operation not permitted" |
| 44 | } | 44 | } |
| 45 | after 100 | 45 | after 200 |
| 46 | 46 | ||
| 47 | send -- "firejail --noprofile --restrict-namespaces=user ./namespaces-32 clone cgroup,ipc,mnt,net,pid,user,uts\r" | 47 | send -- "firejail --noprofile --restrict-namespaces=user ./namespaces-32 clone cgroup,ipc,mnt,net,pid,user,uts\r" |
| 48 | expect { | 48 | expect { |
| @@ -53,9 +53,9 @@ expect { | |||
| 53 | timeout {puts "TESTING ERROR 7\n";exit} | 53 | timeout {puts "TESTING ERROR 7\n";exit} |
| 54 | "Error: clone: Operation not permitted" | 54 | "Error: clone: Operation not permitted" |
| 55 | } | 55 | } |
| 56 | after 100 | 56 | after 200 |
| 57 | 57 | ||
| 58 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 clone cgroup\r" | 58 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 clone cgroup,user\r" |
| 59 | expect { | 59 | expect { |
| 60 | timeout {puts "TESTING ERROR 8\n";exit} | 60 | timeout {puts "TESTING ERROR 8\n";exit} |
| 61 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | 61 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" |
| @@ -64,9 +64,9 @@ expect { | |||
| 64 | timeout {puts "TESTING ERROR 9\n";exit} | 64 | timeout {puts "TESTING ERROR 9\n";exit} |
| 65 | "Error: clone: Operation not permitted" | 65 | "Error: clone: Operation not permitted" |
| 66 | } | 66 | } |
| 67 | after 100 | 67 | after 200 |
| 68 | 68 | ||
| 69 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 clone ipc\r" | 69 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 clone ipc,user\r" |
| 70 | expect { | 70 | expect { |
| 71 | timeout {puts "TESTING ERROR 10\n";exit} | 71 | timeout {puts "TESTING ERROR 10\n";exit} |
| 72 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | 72 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" |
| @@ -75,9 +75,9 @@ expect { | |||
| 75 | timeout {puts "TESTING ERROR 11\n";exit} | 75 | timeout {puts "TESTING ERROR 11\n";exit} |
| 76 | "Error: clone: Operation not permitted" | 76 | "Error: clone: Operation not permitted" |
| 77 | } | 77 | } |
| 78 | after 100 | 78 | after 200 |
| 79 | 79 | ||
| 80 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 clone mnt,net,pid,uts\r" | 80 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 clone mnt,net,pid,user,uts\r" |
| 81 | expect { | 81 | expect { |
| 82 | timeout {puts "TESTING ERROR 12\n";exit} | 82 | timeout {puts "TESTING ERROR 12\n";exit} |
| 83 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | 83 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" |
| @@ -86,7 +86,7 @@ expect { | |||
| 86 | timeout {puts "TESTING ERROR 13\n";exit} | 86 | timeout {puts "TESTING ERROR 13\n";exit} |
| 87 | "clone successful" | 87 | "clone successful" |
| 88 | } | 88 | } |
| 89 | after 100 | 89 | after 200 |
| 90 | 90 | ||
| 91 | # | 91 | # |
| 92 | # unshare | 92 | # unshare |
| @@ -101,7 +101,7 @@ expect { | |||
| 101 | timeout {puts "TESTING ERROR 15\n";exit} | 101 | timeout {puts "TESTING ERROR 15\n";exit} |
| 102 | "unshare successful" | 102 | "unshare successful" |
| 103 | } | 103 | } |
| 104 | after 100 | 104 | after 200 |
| 105 | 105 | ||
| 106 | send -- "firejail --noprofile --restrict-namespaces ./namespaces-32 unshare user\r" | 106 | send -- "firejail --noprofile --restrict-namespaces ./namespaces-32 unshare user\r" |
| 107 | expect { | 107 | expect { |
| @@ -112,7 +112,7 @@ expect { | |||
| 112 | timeout {puts "TESTING ERROR 17\n";exit} | 112 | timeout {puts "TESTING ERROR 17\n";exit} |
| 113 | "Error: unshare: Operation not permitted" | 113 | "Error: unshare: Operation not permitted" |
| 114 | } | 114 | } |
| 115 | after 100 | 115 | after 200 |
| 116 | 116 | ||
| 117 | send -- "firejail --noprofile --restrict-namespaces=user ./namespaces-32 unshare user\r" | 117 | send -- "firejail --noprofile --restrict-namespaces=user ./namespaces-32 unshare user\r" |
| 118 | expect { | 118 | expect { |
| @@ -123,7 +123,7 @@ expect { | |||
| 123 | timeout {puts "TESTING ERROR 19\n";exit} | 123 | timeout {puts "TESTING ERROR 19\n";exit} |
| 124 | "Error: unshare: Operation not permitted" | 124 | "Error: unshare: Operation not permitted" |
| 125 | } | 125 | } |
| 126 | after 100 | 126 | after 200 |
| 127 | 127 | ||
| 128 | send -- "firejail --noprofile --restrict-namespaces=user ./namespaces-32 unshare cgroup,ipc,mnt,net,pid,user,uts\r" | 128 | send -- "firejail --noprofile --restrict-namespaces=user ./namespaces-32 unshare cgroup,ipc,mnt,net,pid,user,uts\r" |
| 129 | expect { | 129 | expect { |
| @@ -134,9 +134,9 @@ expect { | |||
| 134 | timeout {puts "TESTING ERROR 21\n";exit} | 134 | timeout {puts "TESTING ERROR 21\n";exit} |
| 135 | "Error: unshare: Operation not permitted" | 135 | "Error: unshare: Operation not permitted" |
| 136 | } | 136 | } |
| 137 | after 100 | 137 | after 200 |
| 138 | 138 | ||
| 139 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 unshare cgroup\r" | 139 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 unshare cgroup,user\r" |
| 140 | expect { | 140 | expect { |
| 141 | timeout {puts "TESTING ERROR 22\n";exit} | 141 | timeout {puts "TESTING ERROR 22\n";exit} |
| 142 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | 142 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" |
| @@ -145,9 +145,9 @@ expect { | |||
| 145 | timeout {puts "TESTING ERROR 23\n";exit} | 145 | timeout {puts "TESTING ERROR 23\n";exit} |
| 146 | "Error: unshare: Operation not permitted" | 146 | "Error: unshare: Operation not permitted" |
| 147 | } | 147 | } |
| 148 | after 100 | 148 | after 200 |
| 149 | 149 | ||
| 150 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 unshare ipc\r" | 150 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 unshare ipc,user\r" |
| 151 | expect { | 151 | expect { |
| 152 | timeout {puts "TESTING ERROR 24\n";exit} | 152 | timeout {puts "TESTING ERROR 24\n";exit} |
| 153 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | 153 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" |
| @@ -156,9 +156,9 @@ expect { | |||
| 156 | timeout {puts "TESTING ERROR 25\n";exit} | 156 | timeout {puts "TESTING ERROR 25\n";exit} |
| 157 | "Error: unshare: Operation not permitted" | 157 | "Error: unshare: Operation not permitted" |
| 158 | } | 158 | } |
| 159 | after 100 | 159 | after 200 |
| 160 | 160 | ||
| 161 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 unshare mnt,net,pid,uts\r" | 161 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 unshare mnt,net,pid,user,uts\r" |
| 162 | expect { | 162 | expect { |
| 163 | timeout {puts "TESTING ERROR 26\n";exit} | 163 | timeout {puts "TESTING ERROR 26\n";exit} |
| 164 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | 164 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" |
| @@ -167,7 +167,47 @@ expect { | |||
| 167 | timeout {puts "TESTING ERROR 27\n";exit} | 167 | timeout {puts "TESTING ERROR 27\n";exit} |
| 168 | "unshare successful" | 168 | "unshare successful" |
| 169 | } | 169 | } |
| 170 | after 200 | ||
| 170 | 171 | ||
| 171 | 172 | ||
| 172 | after 100 | 173 | # |
| 174 | # clone3 | ||
| 175 | # | ||
| 176 | |||
| 177 | send -- "firejail --noprofile ./namespaces-32 clone3 cgroup,ipc,mnt,net,pid,user,uts\r" | ||
| 178 | expect { | ||
| 179 | timeout {puts "TESTING ERROR 28\n";exit} | ||
| 180 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
| 181 | } | ||
| 182 | expect { | ||
| 183 | timeout {puts "TESTING ERROR 29\n";exit} | ||
| 184 | "Error: clone3: Function not implemented" {puts "OK, clone3 not available on this system\n"} | ||
| 185 | "clone3 successful" { | ||
| 186 | after 200 | ||
| 187 | |||
| 188 | send -- "firejail --noprofile --restrict-namespaces ./namespaces-32 clone3 user\r" | ||
| 189 | expect { | ||
| 190 | timeout {puts "TESTING ERROR 30\n";exit} | ||
| 191 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
| 192 | } | ||
| 193 | expect { | ||
| 194 | timeout {puts "TESTING ERROR 31\n";exit} | ||
| 195 | "Error: clone3: Function not implemented" | ||
| 196 | } | ||
| 197 | after 200 | ||
| 198 | |||
| 199 | # clone3 arguments are not checked | ||
| 200 | send -- "firejail --noprofile --restrict-namespaces=mnt ./namespaces-32 clone3 cgroup,ipc,net,pid,user,uts\r" | ||
| 201 | expect { | ||
| 202 | timeout {puts "TESTING ERROR 32\n";exit} | ||
| 203 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
| 204 | } | ||
| 205 | expect { | ||
| 206 | timeout {puts "TESTING ERROR 33\n";exit} | ||
| 207 | "Error: clone3: Function not implemented" | ||
| 208 | } | ||
| 209 | } | ||
| 210 | } | ||
| 211 | |||
| 212 | after 200 | ||
| 173 | puts "\nall done\n" | 213 | puts "\nall done\n" |