aboutsummaryrefslogtreecommitdiffstats
path: root/test/fs
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2016-05-05 10:22:18 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2016-05-05 10:22:18 -0400
commit37a5a3545ef6d8d03dad8bbd888f53e13274c9e5 (patch)
tree5d56a4b0a0933963d97eb0a88dd00fec9ea58bf2 /test/fs
parentrename generic.profile as default.profile (diff)
downloadfirejail-37a5a3545ef6d8d03dad8bbd888f53e13274c9e5.tar.gz
firejail-37a5a3545ef6d8d03dad8bbd888f53e13274c9e5.tar.zst
firejail-37a5a3545ef6d8d03dad8bbd888f53e13274c9e5.zip
testing
Diffstat (limited to 'test/fs')
-rwxr-xr-xtest/fs/fs.sh50
-rwxr-xr-xtest/fs/fs_dev_shm.exp90
-rwxr-xr-xtest/fs/fs_var_lock.exp90
-rwxr-xr-xtest/fs/fs_var_tmp.exp90
-rwxr-xr-xtest/fs/invalid_filename.exp189
-rwxr-xr-xtest/fs/kmsg.exp32
-rwxr-xr-xtest/fs/option_bind_user.exp15
-rwxr-xr-xtest/fs/option_blacklist.exp38
-rwxr-xr-xtest/fs/option_blacklist_file.exp26
-rwxr-xr-xtest/fs/private-bin.exp71
-rw-r--r--test/fs/private-bin.profile1
-rwxr-xr-xtest/fs/private-etc.exp45
-rwxr-xr-xtest/fs/private-whitelist.exp39
-rwxr-xr-xtest/fs/private.exp100
-rwxr-xr-xtest/fs/whitelist-empty.exp53
15 files changed, 929 insertions, 0 deletions
diff --git a/test/fs/fs.sh b/test/fs/fs.sh
new file mode 100755
index 000000000..425af45a6
--- /dev/null
+++ b/test/fs/fs.sh
@@ -0,0 +1,50 @@
1#!/bin/bash
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6export MALLOC_CHECK_=3
7export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
8
9echo "TESTING: kmsg access (test/fs/kmsg.exp)"
10./kmsg.exp
11
12echo "TESTING: read/write /var/tmp (test/fs/fs_var_tmp.exp)"
13./fs_var_tmp.exp
14
15echo "TESTING: read/write /var/lock (test/fs/fs_var_lock.exp)"
16./fs_var_lock.exp
17
18echo "TESTING: read/write /dev/shm (test/fs/fs_dev_shm.exp)"
19./fs_dev_shm.exp
20
21echo "TESTING: private (test/fs/private.exp)"
22./private.exp `whoami`
23
24echo "TESTING: private-etc (test/fs/private-etc.exp)"
25./private-etc.exp
26
27echo "TESTING: private-bin (test/fs/private-bin.exp)"
28./private-bin.exp
29
30echo "TESTING: whitelist empty (test/fs/whitelist-empty.exp)"
31./whitelist-empty.exp
32
33echo "TESTING: private whitelist (test/fs/private-whitelist.exp)"
34echo "TESTING: (failing on OpenSUSE)"
35./private-whitelist.exp
36
37echo "TESTING: invalid filename (test/fs/invalid_filename.exp)"
38./invalid_filename.exp
39
40echo "TESTING: blacklist directory (test/fs/option_blacklist.exp)"
41./option_blacklist.exp
42
43echo "TESTING: blacklist file (test/fs/option_blacklist_file.exp)"
44./option_blacklist_file.exp
45
46echo "TESTING: bind as user (test/fs/option_bind_user.exp)"
47./option_bind_user.exp
48
49
50
diff --git a/test/fs/fs_dev_shm.exp b/test/fs/fs_dev_shm.exp
new file mode 100755
index 000000000..6d27978e2
--- /dev/null
+++ b/test/fs/fs_dev_shm.exp
@@ -0,0 +1,90 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10# testing read-write /dev/shm
11send -- "firejail\r"
12expect {
13 timeout {puts "TESTING ERROR 0\n";exit}
14 "Child process initialized"
15}
16sleep 1
17
18send -- "echo mytest > /dev/shm/ttt;echo done\r"
19expect {
20 timeout {puts "TESTING ERROR 1\n";exit}
21 "done"
22}
23
24send -- "cat /dev/shm/ttt;echo done\r"
25expect {
26 timeout {puts "TESTING ERROR 2\n";exit}
27 "mytest"
28}
29expect {
30 timeout {puts "TESTING ERROR 3\n";exit}
31 "done"
32}
33
34send -- "rm /dev/shm/ttt;echo done\r"
35expect {
36 timeout {puts "TESTING ERROR 4\n";exit}
37 "done"
38}
39
40send -- "cat /dev/shm/ttt;echo done\r"
41expect {
42 timeout {puts "TESTING ERROR 5\n";exit}
43 "mytest" {puts "TESTING ERROR 6\n";exit}
44 "done"
45}
46
47sleep 1
48send -- "exit\r"
49sleep 1
50
51# redo the test with --private
52send -- "firejail\r"
53expect {
54 timeout {puts "TESTING ERROR 7\n";exit}
55 "Child process initialized"
56}
57sleep 1
58
59send -- "echo mytest > /dev/shm/ttt;echo done\r"
60expect {
61 timeout {puts "TESTING ERROR 8\n";exit}
62 "done"
63}
64
65send -- "cat /dev/shm/ttt;echo done\r"
66expect {
67 timeout {puts "TESTING ERROR 9\n";exit}
68 "mytest"
69}
70expect {
71 timeout {puts "TESTING ERROR 10\n";exit}
72 "done"
73}
74
75send -- "rm /dev/shm/ttt;echo done\r"
76expect {
77 timeout {puts "TESTING ERROR 11\n";exit}
78 "done"
79}
80
81send -- "cat /dev/shm/ttt;echo done\r"
82expect {
83 timeout {puts "TESTING ERROR 12\n";exit}
84 "mytest" {puts "TESTING ERROR 13\n";exit}
85 "done"
86}
87
88sleep 1
89
90puts "\nall done\n"
diff --git a/test/fs/fs_var_lock.exp b/test/fs/fs_var_lock.exp
new file mode 100755
index 000000000..0e2b3181a
--- /dev/null
+++ b/test/fs/fs_var_lock.exp
@@ -0,0 +1,90 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10# testing read-write /var/lock
11send -- "firejail\r"
12expect {
13 timeout {puts "TESTING ERROR 0\n";exit}
14 "Child process initialized"
15}
16sleep 1
17
18send -- "echo mytest > /var/lock/ttt;echo done\r"
19expect {
20 timeout {puts "TESTING ERROR 1\n";exit}
21 "done"
22}
23
24send -- "cat /var/lock/ttt;echo done\r"
25expect {
26 timeout {puts "TESTING ERROR 2\n";exit}
27 "mytest"
28}
29expect {
30 timeout {puts "TESTING ERROR 3\n";exit}
31 "done"
32}
33
34send -- "rm /var/lock/ttt;echo done\r"
35expect {
36 timeout {puts "TESTING ERROR 4\n";exit}
37 "done"
38}
39
40send -- "cat /var/lock/ttt;echo done\r"
41expect {
42 timeout {puts "TESTING ERROR 5\n";exit}
43 "mytest" {puts "TESTING ERROR 6\n";exit}
44 "done"
45}
46
47sleep 1
48send -- "exit\r"
49sleep 1
50
51# redo the test with --private
52send -- "firejail\r"
53expect {
54 timeout {puts "TESTING ERROR 7\n";exit}
55 "Child process initialized"
56}
57sleep 1
58
59send -- "echo mytest > /var/lock/ttt;echo done\r"
60expect {
61 timeout {puts "TESTING ERROR 8\n";exit}
62 "done"
63}
64
65send -- "cat /var/lock/ttt;echo done\r"
66expect {
67 timeout {puts "TESTING ERROR 9\n";exit}
68 "mytest"
69}
70expect {
71 timeout {puts "TESTING ERROR 10\n";exit}
72 "done"
73}
74
75send -- "rm /var/lock/ttt;echo done\r"
76expect {
77 timeout {puts "TESTING ERROR 11\n";exit}
78 "done"
79}
80
81send -- "cat /var/lock/ttt;echo done\r"
82expect {
83 timeout {puts "TESTING ERROR 12\n";exit}
84 "mytest" {puts "TESTING ERROR 13\n";exit}
85 "done"
86}
87
88sleep 1
89
90puts "\nall done\n"
diff --git a/test/fs/fs_var_tmp.exp b/test/fs/fs_var_tmp.exp
new file mode 100755
index 000000000..811baac68
--- /dev/null
+++ b/test/fs/fs_var_tmp.exp
@@ -0,0 +1,90 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10# testing read-write /var/tmp
11send -- "firejail\r"
12expect {
13 timeout {puts "TESTING ERROR 0\n";exit}
14 "Child process initialized"
15}
16sleep 1
17
18send -- "echo mytest > /var/tmp/ttt;echo done\r"
19expect {
20 timeout {puts "TESTING ERROR 1\n";exit}
21 "done"
22}
23
24send -- "cat /var/tmp/ttt;echo done\r"
25expect {
26 timeout {puts "TESTING ERROR 2\n";exit}
27 "mytest"
28}
29expect {
30 timeout {puts "TESTING ERROR 3\n";exit}
31 "done"
32}
33
34send -- "rm /var/tmp/ttt;echo done\r"
35expect {
36 timeout {puts "TESTING ERROR 4\n";exit}
37 "done"
38}
39
40send -- "cat /var/tmp/ttt;echo done\r"
41expect {
42 timeout {puts "TESTING ERROR 5\n";exit}
43 "mytest" {puts "TESTING ERROR 6\n";exit}
44 "done"
45}
46
47sleep 1
48send -- "exit\r"
49sleep 1
50
51# redo the test with --private
52send -- "firejail\r"
53expect {
54 timeout {puts "TESTING ERROR 7\n";exit}
55 "Child process initialized"
56}
57sleep 1
58
59send -- "echo mytest > /var/tmp/ttt;echo done\r"
60expect {
61 timeout {puts "TESTING ERROR 8\n";exit}
62 "done"
63}
64
65send -- "cat /var/tmp/ttt;echo done\r"
66expect {
67 timeout {puts "TESTING ERROR 9\n";exit}
68 "mytest"
69}
70expect {
71 timeout {puts "TESTING ERROR 10\n";exit}
72 "done"
73}
74
75send -- "rm /var/tmp/ttt;echo done\r"
76expect {
77 timeout {puts "TESTING ERROR 11\n";exit}
78 "done"
79}
80
81send -- "cat /var/tmp/ttt;echo done\r"
82expect {
83 timeout {puts "TESTING ERROR 12\n";exit}
84 "mytest" {puts "TESTING ERROR 13\n";exit}
85 "done"
86}
87
88sleep 1
89
90puts "\nall done\n"
diff --git a/test/fs/invalid_filename.exp b/test/fs/invalid_filename.exp
new file mode 100755
index 000000000..1acc85491
--- /dev/null
+++ b/test/fs/invalid_filename.exp
@@ -0,0 +1,189 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail --debug-check-filename --noprofile --blacklist=\"bla&&bla\"\r"
11expect {
12 timeout {puts "TESTING ERROR 1.1\n";exit}
13 "Checking filename bla&&bla"
14}
15expect {
16 timeout {puts "TESTING ERROR 1.2\n";exit}
17 "Error:"
18}
19expect {
20 timeout {puts "TESTING ERROR 1.3\n";exit}
21 "is an invalid filename"
22}
23after 100
24
25send -- "firejail --debug-check-filename --noprofile --cgroup=\"bla&&bla\"\r"
26expect {
27 timeout {puts "TESTING ERROR 2.1\n";exit}
28 "Checking filename bla&&bla"
29}
30expect {
31 timeout {puts "TESTING ERROR 2.2\n";exit}
32 "Error:"
33}
34expect {
35 timeout {puts "TESTING ERROR 2.3\n";exit}
36 "is an invalid filename"
37}
38after 100
39
40send -- "firejail --debug-check-filename --noprofile --chroot=\"bla&&bla\"\r"
41expect {
42 timeout {puts "TESTING ERROR 3.1\n";exit}
43 "Checking filename bla&&bla" {puts "normal system\n"}
44 "Error: --chroot option is not available on Grsecurity systems" { puts "\nall done\n"; exit}
45}
46expect {
47 timeout {puts "TESTING ERROR 3.2\n";exit}
48 "Error:"
49}
50expect {
51 timeout {puts "TESTING ERROR 3.3\n";exit}
52 "is an invalid filename"
53}
54after 100
55
56send -- "firejail --debug-check-filename --noprofile --netfilter=\"bla&&bla\"\r"
57expect {
58 timeout {puts "TESTING ERROR 4.1\n";exit}
59 "Checking filename bla&&bla"
60}
61expect {
62 timeout {puts "TESTING ERROR 4.2\n";exit}
63 "Error:"
64}
65expect {
66 timeout {puts "TESTING ERROR 4.3\n";exit}
67 "is an invalid filename"
68}
69after 100
70
71send -- "firejail --debug-check-filename --noprofile --output=\"bla&&bla\"\r"
72expect {
73 timeout {puts "TESTING ERROR 5.2\n";exit}
74 "Error:"
75}
76expect {
77 timeout {puts "TESTING ERROR 5.3\n";exit}
78 "is an invalid filename"
79}
80after 100
81
82send -- "firejail --debug-check-filename --noprofile --private=\"bla&&bla\"\r"
83expect {
84 timeout {puts "TESTING ERROR 6.1\n";exit}
85 "Checking filename bla&&bla"
86}
87expect {
88 timeout {puts "TESTING ERROR 6.2\n";exit}
89 "Error:"
90}
91expect {
92 timeout {puts "TESTING ERROR 6.3\n";exit}
93 "is an invalid filename"
94}
95after 100
96
97send -- "firejail --debug-check-filename --noprofile --private-bin=\"bla&&bla\"\r"
98expect {
99 timeout {puts "TESTING ERROR 7.1\n";exit}
100 "Checking filename bla&&bla"
101}
102expect {
103 timeout {puts "TESTING ERROR 7.2\n";exit}
104 "Error:"
105}
106expect {
107 timeout {puts "TESTING ERROR 7.3\n";exit}
108 "is an invalid filename"
109}
110after 100
111
112send -- "firejail --debug-check-filename --noprofile --private-etc=\"bla&&bla\"\r"
113expect {
114 timeout {puts "TESTING ERROR 9.1\n";exit}
115 "Checking filename bla&&bla"
116}
117expect {
118 timeout {puts "TESTING ERROR 9.2\n";exit}
119 "Error:"
120}
121expect {
122 timeout {puts "TESTING ERROR 9.3\n";exit}
123 "is an invalid filename"
124}
125after 100
126
127send -- "firejail --debug-check-filename --profile=\"bla&&bla\"\r"
128expect {
129 timeout {puts "TESTING ERROR 10.1\n";exit}
130 "Checking filename bla&&bla"
131}
132expect {
133 timeout {puts "TESTING ERROR 10.2\n";exit}
134 "Error:"
135}
136expect {
137 timeout {puts "TESTING ERROR 10.3\n";exit}
138 "is an invalid filename"
139}
140after 100
141
142send -- "firejail --debug-check-filename --read-only=\"bla&&bla\"\r"
143expect {
144 timeout {puts "TESTING ERROR 11.1\n";exit}
145 "Checking filename bla&&bla"
146}
147expect {
148 timeout {puts "TESTING ERROR 11.2\n";exit}
149 "Error:"
150}
151expect {
152 timeout {puts "TESTING ERROR 11.3\n";exit}
153 "is an invalid filename"
154}
155after 100
156
157send -- "firejail --debug-check-filename --shell=\"bla&&bla\"\r"
158expect {
159 timeout {puts "TESTING ERROR 12.1\n";exit}
160 "Checking filename bla&&bla"
161}
162expect {
163 timeout {puts "TESTING ERROR 12.2\n";exit}
164 "Error:"
165}
166expect {
167 timeout {puts "TESTING ERROR 12.3\n";exit}
168 "is an invalid filename"
169}
170after 100
171
172
173send -- "firejail --debug-check-filename --whitelist=\"bla&&bla\"\r"
174expect {
175 timeout {puts "TESTING ERROR 14.1\n";exit}
176 "Checking filename bla&&bla"
177}
178expect {
179 timeout {puts "TESTING ERROR 14.2\n";exit}
180 "Error:"
181}
182expect {
183 timeout {puts "TESTING ERROR 14.3\n";exit}
184 "is an invalid filename"
185}
186after 100
187
188puts "\nall done\n"
189
diff --git a/test/fs/kmsg.exp b/test/fs/kmsg.exp
new file mode 100755
index 000000000..abc711aee
--- /dev/null
+++ b/test/fs/kmsg.exp
@@ -0,0 +1,32 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail\r"
11expect {
12 timeout {puts "TESTING ERROR 1\n";exit}
13 "Child process initialized"
14}
15sleep 1
16
17send -- "cat /dev/kmsg\r"
18expect {
19 timeout {puts "TESTING ERROR 2\n";exit}
20 "Permission denied"
21}
22after 100
23
24send -- "cat /proc/kmsg\r"
25expect {
26 timeout {puts "TESTING ERROR 3\n";exit}
27 "Permission denied"
28}
29after 100
30
31puts "\nall done\n"
32
diff --git a/test/fs/option_bind_user.exp b/test/fs/option_bind_user.exp
new file mode 100755
index 000000000..9d2d17d7f
--- /dev/null
+++ b/test/fs/option_bind_user.exp
@@ -0,0 +1,15 @@
1#!/usr/bin/expect -f
2
3set timeout 10
4spawn $env(SHELL)
5match_max 100000
6
7send -- "firejail --bind=/tmp/chroot,mntpoint\r"
8expect {
9 timeout {puts "TESTING ERROR 0\n";exit}
10 "bind option is available only if running as root"
11}
12sleep 1
13
14puts "\n"
15
diff --git a/test/fs/option_blacklist.exp b/test/fs/option_blacklist.exp
new file mode 100755
index 000000000..38fd19237
--- /dev/null
+++ b/test/fs/option_blacklist.exp
@@ -0,0 +1,38 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail --blacklist=/var\r"
11expect {
12 timeout {puts "TESTING ERROR 0\n";exit}
13 "Child process initialized"
14}
15sleep 1
16
17send -- "ls -l /var;echo done\r"
18expect {
19 timeout {puts "TESTING ERROR 1\n";exit}
20 "Permission denied"
21}
22expect {
23 timeout {puts "TESTING ERROR 2\n";exit}
24 "done"
25}
26send -- "cd /var;echo done\r"
27expect {
28 timeout {puts "TESTING ERROR 3\n";exit}
29 "Permission denied"
30}
31expect {
32 timeout {puts "TESTING ERROR 4\n";exit}
33 "done"
34}
35sleep 1
36
37puts "\n"
38
diff --git a/test/fs/option_blacklist_file.exp b/test/fs/option_blacklist_file.exp
new file mode 100755
index 000000000..846735d9e
--- /dev/null
+++ b/test/fs/option_blacklist_file.exp
@@ -0,0 +1,26 @@
1#!/usr/bin/expect -f
2
3set timeout 10
4spawn $env(SHELL)
5match_max 100000
6
7send -- "firejail --blacklist=/etc/passwd\r"
8expect {
9 timeout {puts "TESTING ERROR 0\n";exit}
10 "Child process initialized"
11}
12sleep 1
13
14send -- "cat /etc/passwd;echo done\r"
15expect {
16 timeout {puts "TESTING ERROR 1\n";exit}
17 "Permission denied"
18}
19expect {
20 timeout {puts "TESTING ERROR 2\n";exit}
21 "done"
22}
23sleep 1
24
25puts "\n"
26
diff --git a/test/fs/private-bin.exp b/test/fs/private-bin.exp
new file mode 100755
index 000000000..c19702e77
--- /dev/null
+++ b/test/fs/private-bin.exp
@@ -0,0 +1,71 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail --private-bin=bash,ls,sh\r"
11expect {
12 timeout {puts "TESTING ERROR 1\n";exit}
13 "Child process initialized"
14}
15sleep 1
16
17send -- "ls /bin\r"
18expect {
19 timeout {puts "TESTING ERROR 2\n";exit}
20 "bash"
21}
22expect {
23 timeout {puts "TESTING ERROR 3\n";exit}
24 "ls"
25}
26expect {
27 timeout {puts "TESTING ERROR 4\n";exit}
28 "sh"
29}
30
31send -- "ls /bin\r"
32expect {
33 timeout {puts "TESTING ERROR 5\n";exit}
34 "ping" {puts "TESTING ERROR 6\n";exit}
35 "sh"
36}
37send -- "exit\r"
38sleep 1
39
40send -- "firejail --profile=private-bin.profile\r"
41expect {
42 timeout {puts "TESTING ERROR 7\n";exit}
43 "Child process initialized"
44}
45sleep 1
46
47send -- "ls /bin\r"
48expect {
49 timeout {puts "TESTING ERROR 8\n";exit}
50 "bash"
51}
52expect {
53 timeout {puts "TESTING ERROR 9\n";exit}
54 "ls"
55}
56expect {
57 timeout {puts "TESTING ERROR 10\n";exit}
58 "sh"
59}
60
61send -- "ls /bin\r"
62expect {
63 timeout {puts "TESTING ERROR 5\n";exit}
64 "ping" {puts "TESTING ERROR 6\n";exit}
65 "sh"
66}
67send -- "exit\r"
68
69sleep 1
70puts "\nall done\n"
71
diff --git a/test/fs/private-bin.profile b/test/fs/private-bin.profile
new file mode 100644
index 000000000..24cf5929a
--- /dev/null
+++ b/test/fs/private-bin.profile
@@ -0,0 +1 @@
private-bin bash,ls,sh
diff --git a/test/fs/private-etc.exp b/test/fs/private-etc.exp
new file mode 100755
index 000000000..e5a006585
--- /dev/null
+++ b/test/fs/private-etc.exp
@@ -0,0 +1,45 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10# directory with ~
11send -- "firejail --private-etc=passwd,group,resolv.conf,X11\r"
12expect {
13 timeout {puts "TESTING ERROR 1\n";exit}
14 "Child process initialized"
15}
16sleep 1
17
18send -- "ls -al /etc\r"
19expect {
20 timeout {puts "TESTING ERROR 3\n";exit}
21 "group"
22}
23expect {
24 timeout {puts "TESTING ERROR 4\n";exit}
25 "passwd"
26}
27expect {
28 timeout {puts "TESTING ERROR 5\n";exit}
29 "resolv.conf"
30}
31expect {
32 timeout {puts "TESTING ERROR 6\n";exit}
33 "X11"
34}
35
36send -- "ls -al /etc\r"
37expect {
38 timeout {puts "TESTING ERROR 7\n";exit}
39 "shadow" {puts "TESTING ERROR 8\n";exit}
40 "X11"
41}
42
43sleep 1
44puts "\nall done\n"
45
diff --git a/test/fs/private-whitelist.exp b/test/fs/private-whitelist.exp
new file mode 100755
index 000000000..a3d60369a
--- /dev/null
+++ b/test/fs/private-whitelist.exp
@@ -0,0 +1,39 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail --private --whitelist=/tmp/.X11-unix\r"
11expect {
12 timeout {puts "TESTING ERROR 1\n";exit}
13 "Child process initialized"
14}
15sleep 1
16
17send -- "ls -al /tmp\r"
18expect {
19 timeout {puts "TESTING ERROR 2\n";exit}
20 ".X11-unix"
21}
22sleep 1
23
24send -- "ls -a /tmp | wc -l\r"
25expect {
26 timeout {puts "TESTING ERROR 3\n";exit}
27 "3"
28}
29sleep 1
30
31send -- "ls -a ~ | wc -l\r"
32expect {
33 timeout {puts "TESTING ERROR 4\n";exit}
34 "5"
35}
36
37sleep 1
38puts "\nall done\n"
39
diff --git a/test/fs/private.exp b/test/fs/private.exp
new file mode 100755
index 000000000..01f04d3cb
--- /dev/null
+++ b/test/fs/private.exp
@@ -0,0 +1,100 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10if { $argc != 1 } {
11 puts "TESTING ERROR: argument missing"
12 puts "Usage: private.exp username"
13 puts "where username is the name of the current user"
14 exit
15}
16
17# testing profile and private
18send -- "firejail --private --profile=/etc/firejail/default.profile\r"
19expect {
20 timeout {puts "TESTING ERROR 0\n";exit}
21 "Child process initialized"
22}
23sleep 1
24send -- "exit\r"
25sleep 1
26
27send -- "firejail --private --noprofile\r"
28expect {
29 timeout {puts "TESTING ERROR 1\n";exit}
30 "Child process initialized"
31}
32
33sleep 1
34send -- "cd ~; ls -al; echo done\r"
35expect {
36 timeout {puts "TESTING ERROR 2\n";exit}
37 ".bashrc"
38}
39expect {
40 timeout {puts "TESTING ERROR 3\n";exit}
41 [lindex $argv 0]
42}
43send -- "ls -al; echo done\r"
44expect {
45 timeout {
46 # OpenSUSE doesn't use .Xauthority from user done directory
47 send -- "env | grep XAUTHORITY\r"
48
49 expect {
50 timeout {puts "TESTING ERROR 4\n";exit}
51 "/run/lightdm/netblue/xauthority"
52 }
53 }
54 ".Xauthority"
55}
56expect {
57 timeout {puts "TESTING ERROR 5\n";exit}
58 [lindex $argv 0]
59}
60
61
62# testing private only
63send -- "bash\r"
64sleep 1
65# owner /done/netblue
66send -- "ls -l /done;echo done\r"
67expect {
68 timeout {puts "TESTING ERROR 6\n";exit}
69 [lindex $argv 0]
70}
71expect {
72 timeout {puts "TESTING ERROR 7\n";exit}
73 [lindex $argv 0]
74}
75expect {
76 timeout {puts "TESTING ERROR 8\n";exit}
77 [lindex $argv 0]
78}
79expect {
80 timeout {puts "TESTING ERROR 9\n";exit}
81 "done"
82}
83sleep 1
84
85# owner /tmp
86send -- "stat -c %U%a /tmp;echo done\r"
87expect {
88 timeout {puts "TESTING ERROR 10\n";exit}
89 "root777" {puts "version 1\n";}
90 "root1777" {puts "version 2\n";}
91 "nobody777" {puts "version 3\n";}
92 "nobody1777" {puts "version 4\n";}
93}
94expect {
95 timeout {puts "TESTING ERROR 11\n";exit}
96 "done"
97}
98sleep 1
99
100puts "all done\n"
diff --git a/test/fs/whitelist-empty.exp b/test/fs/whitelist-empty.exp
new file mode 100755
index 000000000..f44d4fb58
--- /dev/null
+++ b/test/fs/whitelist-empty.exp
@@ -0,0 +1,53 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 30
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail --whitelist=~/blablabla --whitelist=/tmp/blablabla --whitelist=/media/blablabla --whitelist=/var/blablabla --whitelist=/dev/blablabla --whitelist=/opt/blablabla\r"
11expect {
12 timeout {puts "TESTING ERROR 0\n";exit}
13 "Child process initialized"
14}
15sleep 1
16
17send -- "ls -l ~/ | wc -l\r"
18expect {
19 timeout {puts "TESTING ERROR 1\n";exit}
20 "0"
21}
22
23send -- "ls -l /tmp | wc -l\r"
24expect {
25 timeout {puts "TESTING ERROR 2\n";exit}
26 "0"
27}
28
29send -- "ls -l /media | wc -l\r"
30expect {
31 timeout {puts "TESTING ERROR 3\n";exit}
32 "0"
33}
34
35send -- "ls -l /var | wc -l\r"
36expect {
37 timeout {puts "TESTING ERROR 4\n";exit}
38 "0"
39}
40
41send -- "ls -l /dev | wc -l\r"
42expect {
43 timeout {puts "TESTING ERROR 5\n";exit}
44 "0"
45}
46send -- "ls -l /opt | wc -l\r"
47expect {
48 timeout {puts "TESTING ERROR 6\n";exit}
49 "0"
50}
51
52
53puts "\nall done\n"
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-03 06:10:17 +0000