diff options
author | netblue30 <netblue30@yahoo.com> | 2016-08-05 12:37:53 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-08-05 12:37:53 -0400 |
commit | 2775b37ed206e5650b1ec4398d33718562f4d657 (patch) | |
tree | 0204a9f1a2938787f362ec45681fbeb596c90408 /test/fs | |
parent | Merge pull request #684 from Fred-Barclay/checkmate (diff) | |
download | firejail-2775b37ed206e5650b1ec4398d33718562f4d657.tar.gz firejail-2775b37ed206e5650b1ec4398d33718562f4d657.tar.zst firejail-2775b37ed206e5650b1ec4398d33718562f4d657.zip |
whitelist test
Diffstat (limited to 'test/fs')
-rwxr-xr-x | test/fs/fs.sh | 13 | ||||
-rwxr-xr-x | test/fs/whitelist-double.exp | 2 | ||||
-rwxr-xr-x | test/fs/whitelist.exp | 226 |
3 files changed, 240 insertions, 1 deletions
diff --git a/test/fs/fs.sh b/test/fs/fs.sh index ee6351e2e..d45ef48bd 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh | |||
@@ -56,3 +56,16 @@ echo "TESTING: recursive mkdir (test/fs/mkdir.exp)" | |||
56 | 56 | ||
57 | echo "TESTING: double whitelist (test/fs/whitelist-double.exp)" | 57 | echo "TESTING: double whitelist (test/fs/whitelist-double.exp)" |
58 | ./whitelist-double.exp | 58 | ./whitelist-double.exp |
59 | |||
60 | |||
61 | echo "TESTING: whitelist (test/fs/whitelist.exp)" | ||
62 | ./whitelist.exp | ||
63 | rm -fr ~/fjtest-dir | ||
64 | rm -fr ~/fjtest-dir-lnk | ||
65 | rm -f ~/fjtest-file | ||
66 | rm -f ~/fjtest-file-lnk | ||
67 | rm -f /tmp/fjtest-file | ||
68 | rm -fr /tmp/fjtest-dir | ||
69 | |||
70 | |||
71 | |||
diff --git a/test/fs/whitelist-double.exp b/test/fs/whitelist-double.exp index 87d6ed686..43e4d6fc0 100755 --- a/test/fs/whitelist-double.exp +++ b/test/fs/whitelist-double.exp | |||
@@ -3,7 +3,7 @@ | |||
3 | # Copyright (C) 2014-2016 Firejail Authors | 3 | # Copyright (C) 2014-2016 Firejail Authors |
4 | # License GPL v2 | 4 | # License GPL v2 |
5 | 5 | ||
6 | set timeout 30 | 6 | set timeout 10 |
7 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
8 | match_max 100000 | 8 | match_max 100000 |
9 | 9 | ||
diff --git a/test/fs/whitelist.exp b/test/fs/whitelist.exp new file mode 100755 index 000000000..9a9a0f353 --- /dev/null +++ b/test/fs/whitelist.exp | |||
@@ -0,0 +1,226 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # cleanup | ||
11 | send -- "rm -fr ~/fjtest-dir\r" | ||
12 | after 200 | ||
13 | send -- "rm -fr ~/fjtest-dir-lnk\r" | ||
14 | after 200 | ||
15 | send -- "rm ~/fjtest-file\r" | ||
16 | after 200 | ||
17 | send -- "rm ~/fjtest-file-lnk\r" | ||
18 | after 200 | ||
19 | send -- "rm /tmp/fjtest-file\r" | ||
20 | after 200 | ||
21 | send -- "rm -fr /tmp/fjtest-dir\r" | ||
22 | after 200 | ||
23 | |||
24 | |||
25 | # simple files and directories | ||
26 | send -- "mkdir -p ~/fjtest-dir/fjtest-dir\r" | ||
27 | after 200 | ||
28 | send -- "echo 123 > ~/fjtest-file\r" | ||
29 | after 200 | ||
30 | send -- "echo 123 > ~/fjtest-dir/fjtest-file\r" | ||
31 | after 200 | ||
32 | send -- "echo 123 > ~/fjtest-dir/fjtest-dir/fjtest-file\r" | ||
33 | after 200 | ||
34 | send -- "ln -s ~/fjtest-file ~/fjtest-file-lnk\r" | ||
35 | after 200 | ||
36 | send -- "ln -s ~/fjtest-dir ~/fjtest-dir-lnk\r" | ||
37 | after 200 | ||
38 | |||
39 | send -- "firejail --whitelist=~/fjtest-file --whitelist=~/fjtest-dir\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 0\n";exit} | ||
42 | "Child process initialized" | ||
43 | } | ||
44 | sleep 1 | ||
45 | |||
46 | send -- "ls -l ~/ | grep -v total | wc -l\r" | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 1\n";exit} | ||
49 | "2" | ||
50 | } | ||
51 | |||
52 | send -- "cat fjtest-file\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 2\n";exit} | ||
55 | "123" | ||
56 | } | ||
57 | |||
58 | send -- "cat fjtest-dir/fjtest-file\r" | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 3\n";exit} | ||
61 | "123" | ||
62 | } | ||
63 | |||
64 | send -- "cat fjtest-dir/fjtest-dir/fjtest-file\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 4\n";exit} | ||
67 | "123" | ||
68 | } | ||
69 | |||
70 | send -- "exit\r" | ||
71 | sleep 1 | ||
72 | |||
73 | |||
74 | |||
75 | # simple files and directories | ||
76 | send -- "firejail --whitelist=~/fjtest-dir/fjtest-dir/fjtest-file\r" | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 10\n";exit} | ||
79 | "Child process initialized" | ||
80 | } | ||
81 | sleep 1 | ||
82 | |||
83 | send -- "ls -l ~/ | grep -v total | wc -l\r" | ||
84 | expect { | ||
85 | timeout {puts "TESTING ERROR 11\n";exit} | ||
86 | "1" | ||
87 | } | ||
88 | |||
89 | send -- "cat fjtest-dir/fjtest-dir/fjtest-file\r" | ||
90 | expect { | ||
91 | timeout {puts "TESTING ERROR 12\n";exit} | ||
92 | "123" | ||
93 | } | ||
94 | |||
95 | send -- "exit\r" | ||
96 | sleep 1 | ||
97 | |||
98 | |||
99 | |||
100 | # symlinks | ||
101 | send -- "firejail --whitelist=~/fjtest-file-lnk --whitelist=~/fjtest-dir-lnk\r" | ||
102 | expect { | ||
103 | timeout {puts "TESTING ERROR 20\n";exit} | ||
104 | "Child process initialized" | ||
105 | } | ||
106 | sleep 1 | ||
107 | |||
108 | send -- "ls -l ~/ | grep -v total | wc -l\r" | ||
109 | expect { | ||
110 | timeout {puts "TESTING ERROR 21\n";exit} | ||
111 | "4" | ||
112 | } | ||
113 | |||
114 | send -- "cat fjtest-file\r" | ||
115 | expect { | ||
116 | timeout {puts "TESTING ERROR 22\n";exit} | ||
117 | "123" | ||
118 | } | ||
119 | |||
120 | send -- "cat fjtest-dir/fjtest-file\r" | ||
121 | expect { | ||
122 | timeout {puts "TESTING ERROR 23\n";exit} | ||
123 | "123" | ||
124 | } | ||
125 | |||
126 | send -- "cat fjtest-dir/fjtest-dir/fjtest-file\r" | ||
127 | expect { | ||
128 | timeout {puts "TESTING ERROR 24\n";exit} | ||
129 | "123" | ||
130 | } | ||
131 | |||
132 | send -- "cat fjtest-file-lnk\r" | ||
133 | expect { | ||
134 | timeout {puts "TESTING ERROR 25\n";exit} | ||
135 | "123" | ||
136 | } | ||
137 | |||
138 | send -- "cat fjtest-dir-lnk/fjtest-file\r" | ||
139 | expect { | ||
140 | timeout {puts "TESTING ERROR 26\n";exit} | ||
141 | "123" | ||
142 | } | ||
143 | |||
144 | send -- "cat fjtest-dir-lnk/fjtest-dir/fjtest-file\r" | ||
145 | expect { | ||
146 | timeout {puts "TESTING ERROR 27\n";exit} | ||
147 | "123" | ||
148 | } | ||
149 | send -- "exit\r" | ||
150 | sleep 1 | ||
151 | |||
152 | # symlinks outside home to a file we don't own | ||
153 | send -- "rm ~/fjtest-file-lnk\r" | ||
154 | after 200 | ||
155 | send -- "ln -s /etc/passwd ~/fjtest-file-lnk\r" | ||
156 | after 200 | ||
157 | send -- "firejail --whitelist=~/fjtest-file-lnk --whitelist=~/fjtest-dir-lnk\r" | ||
158 | expect { | ||
159 | timeout {puts "TESTING ERROR 30\n";exit} | ||
160 | "invalid whitelist path" | ||
161 | } | ||
162 | expect { | ||
163 | timeout {puts "TESTING ERROR 31\n";exit} | ||
164 | "exiting" | ||
165 | } | ||
166 | sleep 1 | ||
167 | |||
168 | # symlinks outside home to a file we own | ||
169 | send -- "rm -fr ~/fjtest-dir-lnk\r" | ||
170 | after 200 | ||
171 | send -- "rm ~/fjtest-file-lnk\r" | ||
172 | after 200 | ||
173 | send -- "echo 123 > /tmp/fjtest-file\r" | ||
174 | after 200 | ||
175 | send -- "mkdir /tmp/fjtest-dir\r" | ||
176 | after 200 | ||
177 | send -- "echo 123 > /tmp/fjtest-dir/fjtest-file\r" | ||
178 | after 200 | ||
179 | send -- "ln -s /tmp/fjtest-file ~/fjtest-file-lnk\r" | ||
180 | after 200 | ||
181 | send -- "ln -s /tmp/fjtest-dir ~/fjtest-dir-lnk\r" | ||
182 | after 200 | ||
183 | send -- "firejail --whitelist=~/fjtest-file-lnk --whitelist=~/fjtest-dir-lnk\r" | ||
184 | expect { | ||
185 | timeout {puts "TESTING ERROR 40\n";exit} | ||
186 | "Child process initialized" | ||
187 | } | ||
188 | sleep 1 | ||
189 | |||
190 | send -- "ls -l ~/ | grep -v total | wc -l\r" | ||
191 | expect { | ||
192 | timeout {puts "TESTING ERROR 41\n";exit} | ||
193 | "2" | ||
194 | } | ||
195 | |||
196 | send -- "cat fjtest-file-lnk\r" | ||
197 | expect { | ||
198 | timeout {puts "TESTING ERROR 42\n";exit} | ||
199 | "123" | ||
200 | } | ||
201 | |||
202 | send -- "cat fjtest-dir-lnk/fjtest-file\r" | ||
203 | expect { | ||
204 | timeout {puts "TESTING ERROR 43\n";exit} | ||
205 | "123" | ||
206 | } | ||
207 | send -- "exit\r" | ||
208 | sleep 1 | ||
209 | |||
210 | # cleanup | ||
211 | send -- "rm -fr ~/fjtest-dir\r" | ||
212 | after 200 | ||
213 | send -- "rm -fr ~/fjtest-dir-lnk\r" | ||
214 | after 200 | ||
215 | send -- "rm ~/fjtest-file\r" | ||
216 | after 200 | ||
217 | send -- "rm ~/fjtest-file-lnk\r" | ||
218 | after 200 | ||
219 | send -- "rm /tmp/fjtest-file\r" | ||
220 | after 200 | ||
221 | send -- "rm -fr /tmp/fjtest-dir\r" | ||
222 | after 200 | ||
223 | |||
224 | |||
225 | puts "\nall done\n" | ||
226 | |||