diff options
author | netblue30 <netblue30@protonmail.com> | 2023-03-09 08:39:25 -0500 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2023-03-09 08:39:25 -0500 |
commit | c79aa14295f907ffac0cf5555515602b7393b8b6 (patch) | |
tree | 87a114af4e12388e09e2d16d518b50be9ddbe0a6 /test/filters/noroot.exp | |
parent | testing (diff) | |
download | firejail-c79aa14295f907ffac0cf5555515602b7393b8b6.tar.gz firejail-c79aa14295f907ffac0cf5555515602b7393b8b6.tar.zst firejail-c79aa14295f907ffac0cf5555515602b7393b8b6.zip |
testing
Diffstat (limited to 'test/filters/noroot.exp')
-rwxr-xr-x | test/filters/noroot.exp | 136 |
1 files changed, 0 insertions, 136 deletions
diff --git a/test/filters/noroot.exp b/test/filters/noroot.exp deleted file mode 100755 index 8a8842cd9..000000000 --- a/test/filters/noroot.exp +++ /dev/null | |||
@@ -1,136 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2023 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --noroot --noprofile\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | # check seccomp disabled and all caps enabled | ||
18 | send -- "cat /proc/self/status\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "CapBnd:" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | "ffffffff" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 4\n";exit} | ||
29 | "Seccomp:" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 5\n";exit} | ||
33 | "0" | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 6\n";exit} | ||
37 | "Cpus_allowed:" | ||
38 | } | ||
39 | puts "\n" | ||
40 | |||
41 | send -- "whoami\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 7\n";exit} | ||
44 | $env(USER) | ||
45 | } | ||
46 | send -- "sudo -s\r" | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 8\n";exit} | ||
49 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | ||
50 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
51 | } | ||
52 | |||
53 | send -- "sudo su -\r" | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 9\n";exit} | ||
56 | "effective uid is not 0" {puts "OK\n"} | ||
57 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
58 | } | ||
59 | |||
60 | send -- "sudo ls\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 10\n";exit} | ||
63 | "effective uid is not 0" {puts "OK\n"} | ||
64 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
65 | } | ||
66 | |||
67 | send -- "cat /proc/self/uid_map | wc -l\r" | ||
68 | expect { | ||
69 | timeout {puts "TESTING ERROR 11\n";exit} | ||
70 | "1" | ||
71 | } | ||
72 | send -- "cat /proc/self/gid_map | wc -l\r" | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 12\n";exit} | ||
75 | "9" | ||
76 | } | ||
77 | |||
78 | |||
79 | |||
80 | spawn $env(SHELL) | ||
81 | send -- "firejail --debug --join=test\r" | ||
82 | expect { | ||
83 | timeout {puts "TESTING ERROR 13\n";exit} | ||
84 | "Joining user namespace" | ||
85 | } | ||
86 | expect { | ||
87 | timeout {puts "TESTING ERROR 14\n";exit} | ||
88 | "Child process initialized" | ||
89 | } | ||
90 | sleep 1 | ||
91 | |||
92 | send -- "sudo -s\r" | ||
93 | expect { | ||
94 | timeout {puts "TESTING ERROR 15\n";exit} | ||
95 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | ||
96 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
97 | "Permission denied" { puts "OK\n";} | ||
98 | } | ||
99 | send -- "cat /proc/self/uid_map | wc -l\r" | ||
100 | expect { | ||
101 | timeout {puts "TESTING ERROR 16\n";exit} | ||
102 | "1" | ||
103 | } | ||
104 | send -- "cat /proc/self/gid_map | wc -l\r" | ||
105 | expect { | ||
106 | timeout {puts "TESTING ERROR 17\n";exit} | ||
107 | "9" | ||
108 | } | ||
109 | |||
110 | # check seccomp disabled and all caps enabled | ||
111 | send -- "cat /proc/self/status\r" | ||
112 | expect { | ||
113 | timeout {puts "TESTING ERROR 18\n";exit} | ||
114 | "CapBnd:" | ||
115 | } | ||
116 | expect { | ||
117 | timeout {puts "TESTING ERROR 19\n";exit} | ||
118 | "ffffffff" | ||
119 | } | ||
120 | expect { | ||
121 | timeout {puts "TESTING ERROR 20\n";exit} | ||
122 | "Seccomp:" | ||
123 | } | ||
124 | expect { | ||
125 | timeout {puts "TESTING ERROR 21\n";exit} | ||
126 | "0" | ||
127 | } | ||
128 | expect { | ||
129 | timeout {puts "TESTING ERROR 22\n";exit} | ||
130 | "Cpus_allowed:" | ||
131 | } | ||
132 | puts "\n" | ||
133 | |||
134 | |||
135 | after 100 | ||
136 | puts "\nall done\n" | ||