diff options
author | netblue30 <netblue30@yahoo.com> | 2016-04-30 07:27:31 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-04-30 07:27:31 -0400 |
commit | a1272742cfbdbfe999a701f804b58ceb4605713d (patch) | |
tree | 16d6013c8d99d9e4370d1672b4018f958081f416 /test/filters/noroot.exp | |
parent | Merge pull request #490 from reinerh/master (diff) | |
download | firejail-a1272742cfbdbfe999a701f804b58ceb4605713d.tar.gz firejail-a1272742cfbdbfe999a701f804b58ceb4605713d.tar.zst firejail-a1272742cfbdbfe999a701f804b58ceb4605713d.zip |
added make test-filters
Diffstat (limited to 'test/filters/noroot.exp')
-rwxr-xr-x | test/filters/noroot.exp | 156 |
1 files changed, 156 insertions, 0 deletions
diff --git a/test/filters/noroot.exp b/test/filters/noroot.exp new file mode 100755 index 000000000..a1f6ce88d --- /dev/null +++ b/test/filters/noroot.exp | |||
@@ -0,0 +1,156 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --noprofile --noroot --caps.drop=all --seccomp\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "cat /proc/self/status\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "CapBnd: 0000000000000000" | ||
21 | } | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 2\n";exit} | ||
24 | "Seccomp:" | ||
25 | } | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 3\n";exit} | ||
28 | "2" | ||
29 | } | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 4\n";exit} | ||
32 | "Cpus_allowed:" | ||
33 | } | ||
34 | puts "\n" | ||
35 | |||
36 | send -- "ping 0\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 5\n";exit} | ||
39 | "Operation not permitted" | ||
40 | } | ||
41 | send -- "whoami\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 6\n";exit} | ||
44 | $env(USER) | ||
45 | } | ||
46 | send -- "sudo -s\r" | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 8\n";exit} | ||
49 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | ||
50 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
51 | } | ||
52 | send -- "cat /proc/self/uid_map | wc -l\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 7\n";exit} | ||
55 | "1" | ||
56 | } | ||
57 | send -- "cat /proc/self/gid_map | wc -l\r" | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 8\n";exit} | ||
60 | "3" | ||
61 | } | ||
62 | |||
63 | puts "\n" | ||
64 | send -- "exit\r" | ||
65 | sleep 2 | ||
66 | |||
67 | |||
68 | |||
69 | send -- "firejail --name=test --noroot --noprofile\r" | ||
70 | expect { | ||
71 | timeout {puts "TESTING ERROR 9\n";exit} | ||
72 | "Child process initialized" | ||
73 | } | ||
74 | sleep 1 | ||
75 | |||
76 | send -- "cat /proc/self/status\r" | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 10\n";exit} | ||
79 | "CapBnd:" | ||
80 | } | ||
81 | expect { | ||
82 | timeout {puts "TESTING ERROR 11\n";exit} | ||
83 | "ffffffff" | ||
84 | } | ||
85 | expect { | ||
86 | timeout {puts "TESTING ERROR 12\n";exit} | ||
87 | "Seccomp:" | ||
88 | } | ||
89 | expect { | ||
90 | timeout {puts "TESTING ERROR 13\n";exit} | ||
91 | "0" | ||
92 | } | ||
93 | expect { | ||
94 | timeout {puts "TESTING ERROR 14\n";exit} | ||
95 | "Cpus_allowed:" | ||
96 | } | ||
97 | puts "\n" | ||
98 | |||
99 | send -- "whoami\r" | ||
100 | expect { | ||
101 | timeout {puts "TESTING ERROR 15\n";exit} | ||
102 | $env(USER) | ||
103 | } | ||
104 | send -- "sudo -s\r" | ||
105 | expect { | ||
106 | timeout {puts "TESTING ERROR 16\n";exit} | ||
107 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | ||
108 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
109 | } | ||
110 | send -- "ping 0\r" | ||
111 | expect { | ||
112 | timeout {puts "TESTING ERROR 17\n";exit} | ||
113 | "Operation not permitted" | ||
114 | } | ||
115 | send -- "cat /proc/self/uid_map | wc -l\r" | ||
116 | expect { | ||
117 | timeout {puts "TESTING ERROR 18\n";exit} | ||
118 | "1" | ||
119 | } | ||
120 | send -- "cat /proc/self/gid_map | wc -l\r" | ||
121 | expect { | ||
122 | timeout {puts "TESTING ERROR 19\n";exit} | ||
123 | "3" | ||
124 | } | ||
125 | |||
126 | |||
127 | |||
128 | spawn $env(SHELL) | ||
129 | send -- "firejail --debug --join=test\r" | ||
130 | expect { | ||
131 | timeout {puts "TESTING ERROR 20\n";exit} | ||
132 | "User namespace detected" | ||
133 | } | ||
134 | expect { | ||
135 | timeout {puts "TESTING ERROR 21\n";exit} | ||
136 | "Joining user namespace" | ||
137 | } | ||
138 | sleep 1 | ||
139 | |||
140 | send -- "sudo -s\r" | ||
141 | expect { | ||
142 | timeout {puts "TESTING ERROR 22\n";exit} | ||
143 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | ||
144 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
145 | } | ||
146 | send -- "cat /proc/self/uid_map | wc -l\r" | ||
147 | expect { | ||
148 | timeout {puts "TESTING ERROR 23\n";exit} | ||
149 | "1" | ||
150 | } | ||
151 | send -- "cat /proc/self/gid_map | wc -l\r" | ||
152 | expect { | ||
153 | timeout {puts "TESTING ERROR 24\n";exit} | ||
154 | "3" | ||
155 | } | ||
156 | puts "\nall done\n" | ||