whitelist test

author: netblue30 <netblue30@yahoo.com> 2016-08-05 12:37:53 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-08-05 12:37:53 -0400
commit: 2775b37ed206e5650b1ec4398d33718562f4d657 (patch)
tree: 0204a9f1a2938787f362ec45681fbeb596c90408 /test/fs
parent: Merge pull request #684 from Fred-Barclay/checkmate (diff)
download: firejail-2775b37ed206e5650b1ec4398d33718562f4d657.tar.gz
firejail-2775b37ed206e5650b1ec4398d33718562f4d657.tar.zst
firejail-2775b37ed206e5650b1ec4398d33718562f4d657.zip
3 files changed, 240 insertions, 1 deletions
diff --git a/test/fs/fs.sh b/test/fs/fs.sh
index ee6351e2e..d45ef48bd 100755
--- a/test/fs/fs.sh
+++ b/test/fs/fs.sh
@@ -56,3 +56,16 @@ echo "TESTING: recursive mkdir (test/fs/mkdir.exp)"
 echo "TESTING: double whitelist (test/fs/whitelist-double.exp)"
 ./whitelist-double.exp
+echo "TESTING: whitelist (test/fs/whitelist.exp)"
+./whitelist.exp
+rm -fr ~/fjtest-dir
+rm -fr ~/fjtest-dir-lnk
+rm -f ~/fjtest-file
+rm -f ~/fjtest-file-lnk
+rm -f /tmp/fjtest-file
+rm -fr /tmp/fjtest-dir
diff --git a/test/fs/whitelist-double.exp b/test/fs/whitelist-double.exp
index 87d6ed686..43e4d6fc0 100755
--- a/test/fs/whitelist-double.exp
+++ b/test/fs/whitelist-double.exp
@@ -3,7 +3,7 @@
 # Copyright (C) 2014-2016 Firejail Authors
 # License GPL v2
-set timeout 30
+set timeout 10
 spawn $env(SHELL)
 match_max 100000
diff --git a/test/fs/whitelist.exp b/test/fs/whitelist.exp
new file mode 100755
index 000000000..9a9a0f353
--- /dev/null
+++ b/test/fs/whitelist.exp
@@ -0,0 +1,226 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+# cleanup
+send -- "rm -fr ~/fjtest-dir\r"
+after 200
+send -- "rm -fr ~/fjtest-dir-lnk\r"
+after 200
+send -- "rm ~/fjtest-file\r"
+after 200
+send -- "rm ~/fjtest-file-lnk\r"
+after 200
+send -- "rm /tmp/fjtest-file\r"
+after 200
+send -- "rm -fr /tmp/fjtest-dir\r"
+after 200
+# simple files and directories
+send -- "mkdir -p ~/fjtest-dir/fjtest-dir\r"
+after 200
+send -- "echo 123 > ~/fjtest-file\r"
+after 200
+send -- "echo 123 > ~/fjtest-dir/fjtest-file\r"
+after 200
+send -- "echo 123 > ~/fjtest-dir/fjtest-dir/fjtest-file\r"
+after 200
+send -- "ln -s ~/fjtest-file ~/fjtest-file-lnk\r"
+after 200
+send -- "ln -s ~/fjtest-dir ~/fjtest-dir-lnk\r"
+after 200
+send -- "firejail --whitelist=~/fjtest-file --whitelist=~/fjtest-dir\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "ls -l ~/ | grep -v total | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "2"
+}
+send -- "cat fjtest-file\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "123"
+}
+send -- "cat fjtest-dir/fjtest-file\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "123"
+}
+send -- "cat fjtest-dir/fjtest-dir/fjtest-file\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "123"
+}
+send -- "exit\r"
+sleep 1
+# simple files and directories
+send -- "firejail --whitelist=~/fjtest-dir/fjtest-dir/fjtest-file\r"
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "ls -l ~/ | grep -v total | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "1"
+}
+send -- "cat fjtest-dir/fjtest-dir/fjtest-file\r"
+expect {
+        timeout {puts "TESTING ERROR 12\n";exit}
+        "123"
+}
+send -- "exit\r"
+sleep 1
+# symlinks
+send -- "firejail --whitelist=~/fjtest-file-lnk --whitelist=~/fjtest-dir-lnk\r"
+expect {
+        timeout {puts "TESTING ERROR 20\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "ls -l ~/ | grep -v total | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 21\n";exit}
+        "4"
+}
+send -- "cat fjtest-file\r"
+expect {
+        timeout {puts "TESTING ERROR 22\n";exit}
+        "123"
+}
+send -- "cat fjtest-dir/fjtest-file\r"
+expect {
+        timeout {puts "TESTING ERROR 23\n";exit}
+        "123"
+}
+send -- "cat fjtest-dir/fjtest-dir/fjtest-file\r"
+expect {
+        timeout {puts "TESTING ERROR 24\n";exit}
+        "123"
+}
+send -- "cat fjtest-file-lnk\r"
+expect {
+        timeout {puts "TESTING ERROR 25\n";exit}
+        "123"
+}
+send -- "cat fjtest-dir-lnk/fjtest-file\r"
+expect {
+        timeout {puts "TESTING ERROR 26\n";exit}
+        "123"
+}
+send -- "cat fjtest-dir-lnk/fjtest-dir/fjtest-file\r"
+expect {
+        timeout {puts "TESTING ERROR 27\n";exit}
+        "123"
+}
+send -- "exit\r"
+sleep 1
+# symlinks outside home to a file we don't own
+send -- "rm ~/fjtest-file-lnk\r"
+after 200
+send -- "ln -s /etc/passwd ~/fjtest-file-lnk\r"
+after 200
+send -- "firejail --whitelist=~/fjtest-file-lnk --whitelist=~/fjtest-dir-lnk\r"
+expect {
+        timeout {puts "TESTING ERROR 30\n";exit}
+        "invalid whitelist path"
+}
+expect {
+        timeout {puts "TESTING ERROR 31\n";exit}
+        "exiting"
+}
+sleep 1
+# symlinks outside home to a file we own
+send -- "rm -fr ~/fjtest-dir-lnk\r"
+after 200
+send -- "rm ~/fjtest-file-lnk\r"
+after 200
+send -- "echo 123 > /tmp/fjtest-file\r"
+after 200
+send -- "mkdir /tmp/fjtest-dir\r"
+after 200
+send -- "echo 123 > /tmp/fjtest-dir/fjtest-file\r"
+after 200
+send -- "ln -s /tmp/fjtest-file ~/fjtest-file-lnk\r"
+after 200
+send -- "ln -s /tmp/fjtest-dir ~/fjtest-dir-lnk\r"
+after 200
+send -- "firejail --whitelist=~/fjtest-file-lnk --whitelist=~/fjtest-dir-lnk\r"
+expect {
+        timeout {puts "TESTING ERROR 40\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "ls -l ~/ | grep -v total | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 41\n";exit}
+        "2"
+}
+send -- "cat fjtest-file-lnk\r"
+expect {
+        timeout {puts "TESTING ERROR 42\n";exit}
+        "123"
+}
+send -- "cat fjtest-dir-lnk/fjtest-file\r"
+expect {
+        timeout {puts "TESTING ERROR 43\n";exit}
+        "123"
+}
+send -- "exit\r"
+sleep 1
+# cleanup
+send -- "rm -fr ~/fjtest-dir\r"
+after 200
+send -- "rm -fr ~/fjtest-dir-lnk\r"
+after 200
+send -- "rm ~/fjtest-file\r"
+after 200
+send -- "rm ~/fjtest-file-lnk\r"
+after 200
+send -- "rm /tmp/fjtest-file\r"
+after 200
+send -- "rm -fr /tmp/fjtest-dir\r"
+after 200
+puts "\nall done\n"
author	netblue30 <netblue30@yahoo.com>	2016-08-05 12:37:53 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-08-05 12:37:53 -0400
commit	2775b37ed206e5650b1ec4398d33718562f4d657 (patch)
tree	0204a9f1a2938787f362ec45681fbeb596c90408 /test/fs
parent	Merge pull request #684 from Fred-Barclay/checkmate (diff)
download	firejail-2775b37ed206e5650b1ec4398d33718562f4d657.tar.gz firejail-2775b37ed206e5650b1ec4398d33718562f4d657.tar.zst firejail-2775b37ed206e5650b1ec4398d33718562f4d657.zip

diff --git a/test/fs/fs.sh b/test/fs/fs.sh index ee6351e2e..d45ef48bd 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh
@@ -56,3 +56,16 @@ echo "TESTING: recursive mkdir (test/fs/mkdir.exp)"
56		56
57	echo "TESTING: double whitelist (test/fs/whitelist-double.exp)"	57	echo "TESTING: double whitelist (test/fs/whitelist-double.exp)"
58	./whitelist-double.exp	58	./whitelist-double.exp
		59
		60
		61	echo "TESTING: whitelist (test/fs/whitelist.exp)"
		62	./whitelist.exp
		63	rm -fr ~/fjtest-dir
		64	rm -fr ~/fjtest-dir-lnk
		65	rm -f ~/fjtest-file
		66	rm -f ~/fjtest-file-lnk
		67	rm -f /tmp/fjtest-file
		68	rm -fr /tmp/fjtest-dir
		69
		70
		71


diff --git a/test/fs/whitelist-double.exp b/test/fs/whitelist-double.exp index 87d6ed686..43e4d6fc0 100755 --- a/test/fs/whitelist-double.exp +++ b/test/fs/whitelist-double.exp
@@ -3,7 +3,7 @@
3	# Copyright (C) 2014-2016 Firejail Authors	3	# Copyright (C) 2014-2016 Firejail Authors
4	# License GPL v2	4	# License GPL v2
5		5
6	set timeout 30	6	set timeout 10
7	spawn $env(SHELL)	7	spawn $env(SHELL)
8	match_max 100000	8	match_max 100000
9		9


diff --git a/test/fs/whitelist.exp b/test/fs/whitelist.exp new file mode 100755 index 000000000..9a9a0f353 --- /dev/null +++ b/test/fs/whitelist.exp
@@ -0,0 +1,226 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2016 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	# cleanup
		11	send -- "rm -fr ~/fjtest-dir\r"
		12	after 200
		13	send -- "rm -fr ~/fjtest-dir-lnk\r"
		14	after 200
		15	send -- "rm ~/fjtest-file\r"
		16	after 200
		17	send -- "rm ~/fjtest-file-lnk\r"
		18	after 200
		19	send -- "rm /tmp/fjtest-file\r"
		20	after 200
		21	send -- "rm -fr /tmp/fjtest-dir\r"
		22	after 200
		23
		24
		25	# simple files and directories
		26	send -- "mkdir -p ~/fjtest-dir/fjtest-dir\r"
		27	after 200
		28	send -- "echo 123 > ~/fjtest-file\r"
		29	after 200
		30	send -- "echo 123 > ~/fjtest-dir/fjtest-file\r"
		31	after 200
		32	send -- "echo 123 > ~/fjtest-dir/fjtest-dir/fjtest-file\r"
		33	after 200
		34	send -- "ln -s ~/fjtest-file ~/fjtest-file-lnk\r"
		35	after 200
		36	send -- "ln -s ~/fjtest-dir ~/fjtest-dir-lnk\r"
		37	after 200
		38
		39	send -- "firejail --whitelist=~/fjtest-file --whitelist=~/fjtest-dir\r"
		40	expect {
		41	timeout {puts "TESTING ERROR 0\n";exit}
		42	"Child process initialized"
		43	}
		44	sleep 1
		45
		46	send -- "ls -l ~/ \| grep -v total \| wc -l\r"
		47	expect {
		48	timeout {puts "TESTING ERROR 1\n";exit}
		49	"2"
		50	}
		51
		52	send -- "cat fjtest-file\r"
		53	expect {
		54	timeout {puts "TESTING ERROR 2\n";exit}
		55	"123"
		56	}
		57
		58	send -- "cat fjtest-dir/fjtest-file\r"
		59	expect {
		60	timeout {puts "TESTING ERROR 3\n";exit}
		61	"123"
		62	}
		63
		64	send -- "cat fjtest-dir/fjtest-dir/fjtest-file\r"
		65	expect {
		66	timeout {puts "TESTING ERROR 4\n";exit}
		67	"123"
		68	}
		69
		70	send -- "exit\r"
		71	sleep 1
		72
		73
		74
		75	# simple files and directories
		76	send -- "firejail --whitelist=~/fjtest-dir/fjtest-dir/fjtest-file\r"
		77	expect {
		78	timeout {puts "TESTING ERROR 10\n";exit}
		79	"Child process initialized"
		80	}
		81	sleep 1
		82
		83	send -- "ls -l ~/ \| grep -v total \| wc -l\r"
		84	expect {
		85	timeout {puts "TESTING ERROR 11\n";exit}
		86	"1"
		87	}
		88
		89	send -- "cat fjtest-dir/fjtest-dir/fjtest-file\r"
		90	expect {
		91	timeout {puts "TESTING ERROR 12\n";exit}
		92	"123"
		93	}
		94
		95	send -- "exit\r"
		96	sleep 1
		97
		98
		99
		100	# symlinks
		101	send -- "firejail --whitelist=~/fjtest-file-lnk --whitelist=~/fjtest-dir-lnk\r"
		102	expect {
		103	timeout {puts "TESTING ERROR 20\n";exit}
		104	"Child process initialized"
		105	}
		106	sleep 1
		107
		108	send -- "ls -l ~/ \| grep -v total \| wc -l\r"
		109	expect {
		110	timeout {puts "TESTING ERROR 21\n";exit}
		111	"4"
		112	}
		113
		114	send -- "cat fjtest-file\r"
		115	expect {
		116	timeout {puts "TESTING ERROR 22\n";exit}
		117	"123"
		118	}
		119
		120	send -- "cat fjtest-dir/fjtest-file\r"
		121	expect {
		122	timeout {puts "TESTING ERROR 23\n";exit}
		123	"123"
		124	}
		125
		126	send -- "cat fjtest-dir/fjtest-dir/fjtest-file\r"
		127	expect {
		128	timeout {puts "TESTING ERROR 24\n";exit}
		129	"123"
		130	}
		131
		132	send -- "cat fjtest-file-lnk\r"
		133	expect {
		134	timeout {puts "TESTING ERROR 25\n";exit}
		135	"123"
		136	}
		137
		138	send -- "cat fjtest-dir-lnk/fjtest-file\r"
		139	expect {
		140	timeout {puts "TESTING ERROR 26\n";exit}
		141	"123"
		142	}
		143
		144	send -- "cat fjtest-dir-lnk/fjtest-dir/fjtest-file\r"
		145	expect {
		146	timeout {puts "TESTING ERROR 27\n";exit}
		147	"123"
		148	}
		149	send -- "exit\r"
		150	sleep 1
		151
		152	# symlinks outside home to a file we don't own
		153	send -- "rm ~/fjtest-file-lnk\r"
		154	after 200
		155	send -- "ln -s /etc/passwd ~/fjtest-file-lnk\r"
		156	after 200
		157	send -- "firejail --whitelist=~/fjtest-file-lnk --whitelist=~/fjtest-dir-lnk\r"
		158	expect {
		159	timeout {puts "TESTING ERROR 30\n";exit}
		160	"invalid whitelist path"
		161	}
		162	expect {
		163	timeout {puts "TESTING ERROR 31\n";exit}
		164	"exiting"
		165	}
		166	sleep 1
		167
		168	# symlinks outside home to a file we own
		169	send -- "rm -fr ~/fjtest-dir-lnk\r"
		170	after 200
		171	send -- "rm ~/fjtest-file-lnk\r"
		172	after 200
		173	send -- "echo 123 > /tmp/fjtest-file\r"
		174	after 200
		175	send -- "mkdir /tmp/fjtest-dir\r"
		176	after 200
		177	send -- "echo 123 > /tmp/fjtest-dir/fjtest-file\r"
		178	after 200
		179	send -- "ln -s /tmp/fjtest-file ~/fjtest-file-lnk\r"
		180	after 200
		181	send -- "ln -s /tmp/fjtest-dir ~/fjtest-dir-lnk\r"
		182	after 200
		183	send -- "firejail --whitelist=~/fjtest-file-lnk --whitelist=~/fjtest-dir-lnk\r"
		184	expect {
		185	timeout {puts "TESTING ERROR 40\n";exit}
		186	"Child process initialized"
		187	}
		188	sleep 1
		189
		190	send -- "ls -l ~/ \| grep -v total \| wc -l\r"
		191	expect {
		192	timeout {puts "TESTING ERROR 41\n";exit}
		193	"2"
		194	}
		195
		196	send -- "cat fjtest-file-lnk\r"
		197	expect {
		198	timeout {puts "TESTING ERROR 42\n";exit}
		199	"123"
		200	}
		201
		202	send -- "cat fjtest-dir-lnk/fjtest-file\r"
		203	expect {
		204	timeout {puts "TESTING ERROR 43\n";exit}
		205	"123"
		206	}
		207	send -- "exit\r"
		208	sleep 1
		209
		210	# cleanup
		211	send -- "rm -fr ~/fjtest-dir\r"
		212	after 200
		213	send -- "rm -fr ~/fjtest-dir-lnk\r"
		214	after 200
		215	send -- "rm ~/fjtest-file\r"
		216	after 200
		217	send -- "rm ~/fjtest-file-lnk\r"
		218	after 200
		219	send -- "rm /tmp/fjtest-file\r"
		220	after 200
		221	send -- "rm -fr /tmp/fjtest-dir\r"
		222	after 200
		223
		224
		225	puts "\nall done\n"
		226