diff options
author | netblue30 <netblue30@yahoo.com> | 2015-08-08 19:12:30 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-08-08 19:12:30 -0400 |
commit | 1379851360349d6617ad32944a25ee5e2bb74fc2 (patch) | |
tree | f69b48e90708bfa3c2723d5a27ed3e024c827b43 /test/noroot.exp | |
parent | delete files (diff) | |
download | firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.tar.gz firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.tar.zst firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.zip |
Baseline firejail 0.9.28
Diffstat (limited to 'test/noroot.exp')
-rwxr-xr-x | test/noroot.exp | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/test/noroot.exp b/test/noroot.exp new file mode 100755 index 000000000..78991d4a9 --- /dev/null +++ b/test/noroot.exp | |||
@@ -0,0 +1,124 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --debug --noroot --caps.drop=all --seccomp --cpu=0,1 --name=noroot-sandbox\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "cat /proc/self/status\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "CapBnd:" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
21 | "0000000000000000" | ||
22 | } | ||
23 | |||
24 | send -- "cat /proc/self/status\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "Cpus_allowed:" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
31 | "3" | ||
32 | } | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
35 | "Cpus_allowed_list:" | ||
36 | } | ||
37 | puts "\n" | ||
38 | |||
39 | send -- "cat /proc/self/status\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 2\n";exit} | ||
42 | "Seccomp:" | ||
43 | } | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
46 | "2" | ||
47 | } | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
50 | "Cpus_allowed:" | ||
51 | } | ||
52 | puts "\n" | ||
53 | |||
54 | send -- "cat /etc/hostname\r" | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 3\n";exit} | ||
57 | "noroot-sandbox" | ||
58 | } | ||
59 | puts "\n" | ||
60 | |||
61 | send -- "ping 0\r" | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 4\n";exit} | ||
64 | "Operation not permitted" | ||
65 | } | ||
66 | puts "\n" | ||
67 | |||
68 | send -- "whoami\r" | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 55\\n";exit} | ||
71 | "netblue" | ||
72 | } | ||
73 | puts "\n" | ||
74 | send -- "exit\r" | ||
75 | sleep 2 | ||
76 | |||
77 | |||
78 | send -- "firejail --noroot\r" | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 6\n";exit} | ||
81 | "Child process initialized" | ||
82 | } | ||
83 | sleep 1 | ||
84 | send -- "whoami\r" | ||
85 | expect { | ||
86 | timeout {puts "TESTING ERROR 7\n";exit} | ||
87 | "netblue" | ||
88 | } | ||
89 | send -- "sudo -s\r" | ||
90 | expect { | ||
91 | timeout {puts "TESTING ERROR 8\n";exit} | ||
92 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | ||
93 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
94 | } | ||
95 | puts "\n" | ||
96 | send -- "exit\r" | ||
97 | sleep 2 | ||
98 | |||
99 | send -- "firejail --name=test --noroot\r" | ||
100 | expect { | ||
101 | timeout {puts "TESTING ERROR 9\n";exit} | ||
102 | "Child process initialized" | ||
103 | } | ||
104 | sleep 1 | ||
105 | |||
106 | spawn $env(SHELL) | ||
107 | send -- "firejail --debug --join=test\r" | ||
108 | expect { | ||
109 | timeout {puts "TESTING ERROR 9\n";exit} | ||
110 | "User namespace detected" | ||
111 | } | ||
112 | expect { | ||
113 | timeout {puts "TESTING ERROR 9\n";exit} | ||
114 | "Joining user namespace" | ||
115 | } | ||
116 | sleep 1 | ||
117 | |||
118 | send -- "sudo -s\r" | ||
119 | expect { | ||
120 | timeout {puts "TESTING ERROR 8\n";exit} | ||
121 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | ||
122 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
123 | } | ||
124 | puts "\n" | ||