diff options
author | netblue30 <netblue30@protonmail.com> | 2023-02-06 22:28:25 -0500 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2023-02-06 22:28:25 -0500 |
commit | cb1104edf9c6ed0dc753724259b5c12fa5619afb (patch) | |
tree | d654d6547a7836faf5467cb37dac9f3ab50f7107 /test/private-etc | |
parent | testing (diff) | |
download | firejail-cb1104edf9c6ed0dc753724259b5c12fa5619afb.tar.gz firejail-cb1104edf9c6ed0dc753724259b5c12fa5619afb.tar.zst firejail-cb1104edf9c6ed0dc753724259b5c12fa5619afb.zip |
private-etc testing
Diffstat (limited to 'test/private-etc')
-rwxr-xr-x | test/private-etc/etc-cleanup.exp | 33 | ||||
-rwxr-xr-x | test/private-etc/groups.exp | 132 | ||||
-rw-r--r-- | test/private-etc/p1.profile | 1 | ||||
-rw-r--r-- | test/private-etc/p2.profile | 1 | ||||
-rw-r--r-- | test/private-etc/p3.profile | 1 | ||||
-rwxr-xr-x | test/private-etc/private-etc.exp | 68 | ||||
-rwxr-xr-x | test/private-etc/private-etc.sh | 21 | ||||
-rwxr-xr-x | test/private-etc/profile.exp | 90 |
8 files changed, 347 insertions, 0 deletions
diff --git a/test/private-etc/etc-cleanup.exp b/test/private-etc/etc-cleanup.exp new file mode 100755 index 000000000..eb7eedcf4 --- /dev/null +++ b/test/private-etc/etc-cleanup.exp | |||
@@ -0,0 +1,33 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2022 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "/usr/lib/firejail/etc-cleanup p1.profile\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "old: private-etc passwd,group,resolv.conf,X11" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 2\n";exit} | ||
17 | "new: private-etc @x11" | ||
18 | } | ||
19 | after 500 | ||
20 | |||
21 | send -- "/usr/lib/firejail/etc-cleanup p3.profile\r" | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 3\n";exit} | ||
24 | "old: private-etc @tls-ca,os-release,@x11,mime.types,mailcap" | ||
25 | } | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 4\n";exit} | ||
28 | "new: private-etc @tls-ca,@x11,mailcap,mime.types,os-release" | ||
29 | } | ||
30 | after 500 | ||
31 | |||
32 | |||
33 | puts "\nall done\n" | ||
diff --git a/test/private-etc/groups.exp b/test/private-etc/groups.exp new file mode 100755 index 000000000..fed6d40b0 --- /dev/null +++ b/test/private-etc/groups.exp | |||
@@ -0,0 +1,132 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2022 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --private-etc ls -l /etc\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Private /etc installed in" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "cron" {puts "TESTING ERROR 2\n"; exit} | ||
18 | "shadow" {puts "TESTING ERROR 3\n"; exit} | ||
19 | "ssl" {puts "TESTING ERROR 4\n"; exit} | ||
20 | "ld.so.cache" | ||
21 | } | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 5\n";exit} | ||
24 | "cron" {puts "TESTING ERROR 2\n"; exit} | ||
25 | "shadow" {puts "TESTING ERROR 3\n"; exit} | ||
26 | "ssl" {puts "TESTING ERROR 4\n"; exit} | ||
27 | "nsswitch.conf" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 6\n";exit} | ||
31 | "cron" {puts "TESTING ERROR 2\n"; exit} | ||
32 | "shadow" {puts "TESTING ERROR 3\n"; exit} | ||
33 | "ssl" {puts "TESTING ERROR 4\n"; exit} | ||
34 | "resolv.conf" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 7\n";exit} | ||
38 | "cron" {puts "TESTING ERROR 2\n"; exit} | ||
39 | "shadow" {puts "TESTING ERROR 3\n"; exit} | ||
40 | "xdg" {puts "TESTING ERROR 4\n"; exit} | ||
41 | "Parent is shutting down" | ||
42 | } | ||
43 | after 500 | ||
44 | |||
45 | |||
46 | send -- "firejail --private-etc=@tls-ca ls -l /etc\r" | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 10\n";exit} | ||
49 | "Private /etc installed in" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 11\n";exit} | ||
53 | "cron" {puts "TESTING ERROR 12\n"; exit} | ||
54 | "shadow" {puts "TESTING ERROR 13\n"; exit} | ||
55 | "ca-certificates" | ||
56 | } | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 14\n";exit} | ||
59 | "cron" {puts "TESTING ERROR 12\n"; exit} | ||
60 | "shadow" {puts "TESTING ERROR 13\n"; exit} | ||
61 | "nsswitch.conf" | ||
62 | } | ||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 15\n";exit} | ||
65 | "cron" {puts "TESTING ERROR 12\n"; exit} | ||
66 | "shadow" {puts "TESTING ERROR 13\n"; exit} | ||
67 | "resolv.conf" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 16\n";exit} | ||
71 | "cron" {puts "TESTING ERROR 12\n"; exit} | ||
72 | "shadow" {puts "TESTING ERROR 13\n"; exit} | ||
73 | "ssl" | ||
74 | } | ||
75 | after 500 | ||
76 | |||
77 | |||
78 | send -- "firejail --private-etc --nosound ls -l /etc\r" | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 20\n";exit} | ||
81 | "Private /etc installed in" | ||
82 | } | ||
83 | expect { | ||
84 | timeout {puts "TESTING ERROR 21\n";exit} | ||
85 | "cron" {puts "TESTING ERROR 22\n"; exit} | ||
86 | "shadow" {puts "TESTING ERROR 23\n"; exit} | ||
87 | "machine-id" {puts "TESTING ERROR 24\n"; exit} | ||
88 | "nsswitch.conf" | ||
89 | } | ||
90 | expect { | ||
91 | timeout {puts "TESTING ERROR 25\n";exit} | ||
92 | "Parent is shutting down" | ||
93 | } | ||
94 | after 500 | ||
95 | |||
96 | send -- "firejail --private-etc --net=none ls -l /etc\r" | ||
97 | expect { | ||
98 | timeout {puts "TESTING ERROR 30\n";exit} | ||
99 | "Private /etc installed in" | ||
100 | } | ||
101 | expect { | ||
102 | timeout {puts "TESTING ERROR 31\n";exit} | ||
103 | "cron" {puts "TESTING ERROR 32\n"; exit} | ||
104 | "shadow" {puts "TESTING ERROR 33\n"; exit} | ||
105 | "nsswitch.conf" | ||
106 | } | ||
107 | expect { | ||
108 | timeout {puts "TESTING ERROR 34\n";exit} | ||
109 | "resolv.conf" {puts "TESTING ERROR 35\n"; exit} | ||
110 | "Parent is shutting down" | ||
111 | } | ||
112 | after 500 | ||
113 | |||
114 | send -- "firejail --private-etc=@x11 ls -l /etc\r" | ||
115 | expect { | ||
116 | timeout {puts "TESTING ERROR 40\n";exit} | ||
117 | "Private /etc installed in" | ||
118 | } | ||
119 | expect { | ||
120 | timeout {puts "TESTING ERROR 41\n";exit} | ||
121 | "cron" {puts "TESTING ERROR 42\n"; exit} | ||
122 | "shadow" {puts "TESTING ERROR 43\n"; exit} | ||
123 | "nsswitch.conf" | ||
124 | } | ||
125 | expect { | ||
126 | timeout {puts "TESTING ERROR 44\n";exit} | ||
127 | "xdg" | ||
128 | } | ||
129 | after 100 | ||
130 | |||
131 | |||
132 | puts "\nall done\n" | ||
diff --git a/test/private-etc/p1.profile b/test/private-etc/p1.profile new file mode 100644 index 000000000..8929dace1 --- /dev/null +++ b/test/private-etc/p1.profile | |||
@@ -0,0 +1 @@ | |||
private-etc passwd,group,resolv.conf,X11 | |||
diff --git a/test/private-etc/p2.profile b/test/private-etc/p2.profile new file mode 100644 index 000000000..7193428b9 --- /dev/null +++ b/test/private-etc/p2.profile | |||
@@ -0,0 +1 @@ | |||
private-etc @x11 | |||
diff --git a/test/private-etc/p3.profile b/test/private-etc/p3.profile new file mode 100644 index 000000000..64e4025d0 --- /dev/null +++ b/test/private-etc/p3.profile | |||
@@ -0,0 +1 @@ | |||
private-etc @tls-ca,os-release,@x11,mime.types,mailcap | |||
diff --git a/test/private-etc/private-etc.exp b/test/private-etc/private-etc.exp new file mode 100755 index 000000000..3aac7cdf2 --- /dev/null +++ b/test/private-etc/private-etc.exp | |||
@@ -0,0 +1,68 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2022 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --private-etc=passwd,group,resolv.conf,X11\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "LC_ALL=C ls -al /etc\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 3\n";exit} | ||
20 | "X11" | ||
21 | } | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 4\n";exit} | ||
24 | "group" | ||
25 | } | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 5\n";exit} | ||
28 | "passwd" | ||
29 | } | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 6\n";exit} | ||
32 | "resolv.conf" | ||
33 | } | ||
34 | |||
35 | |||
36 | send -- "file /etc/shadow\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 7\n";exit} | ||
39 | "No such file or directory" | ||
40 | } | ||
41 | after 100 | ||
42 | send -- "exit\r" | ||
43 | sleep 1 | ||
44 | |||
45 | send -- "firejail --private-etc=shadow\r" | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 8\n";exit} | ||
48 | "invalid file type" | ||
49 | } | ||
50 | after 100 | ||
51 | |||
52 | send -- "firejail --private-etc=\"bla;bla\"\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 9\n";exit} | ||
55 | "is an invalid filename" | ||
56 | } | ||
57 | after 100 | ||
58 | |||
59 | send -- "firejail --private-etc=../bin/ls\r" | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 10\n";exit} | ||
62 | "is an invalid filename" | ||
63 | } | ||
64 | after 100 | ||
65 | |||
66 | send -- "exit\r" | ||
67 | after 100 | ||
68 | puts "\nall done\n" | ||
diff --git a/test/private-etc/private-etc.sh b/test/private-etc/private-etc.sh new file mode 100755 index 000000000..67076af95 --- /dev/null +++ b/test/private-etc/private-etc.sh | |||
@@ -0,0 +1,21 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2022 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | export LC_ALL=C | ||
9 | |||
10 | echo "TESTING: private-etc (test/private-etc/private-etc.exp)" | ||
11 | ./private-etc.exp | ||
12 | |||
13 | echo "TESTING: profile (test/private-etc/profile.exp)" | ||
14 | ./private-etc.exp | ||
15 | |||
16 | echo "TESTING: groups (test/private-etc/groups.exp)" | ||
17 | ./groups.exp | ||
18 | |||
19 | echo "TESTING: etc-cleanup (test/private-etc/etc-cleanup.exp)" | ||
20 | ./etc-cleanup.exp | ||
21 | |||
diff --git a/test/private-etc/profile.exp b/test/private-etc/profile.exp new file mode 100755 index 000000000..d5713fe95 --- /dev/null +++ b/test/private-etc/profile.exp | |||
@@ -0,0 +1,90 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2022 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --profile=p1.profile\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "LC_ALL=C ls -al /etc\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 3\n";exit} | ||
20 | "X11" | ||
21 | } | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 4\n";exit} | ||
24 | "group" | ||
25 | } | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 5\n";exit} | ||
28 | "passwd" | ||
29 | } | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 6\n";exit} | ||
32 | "resolv.conf" | ||
33 | } | ||
34 | |||
35 | |||
36 | send -- "file /etc/shadow\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 7\n";exit} | ||
39 | "No such file or directory" | ||
40 | } | ||
41 | after 100 | ||
42 | send -- "exit\r" | ||
43 | sleep 1 | ||
44 | |||
45 | send -- "firejail --profile=p2.profile\r" | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 11\n";exit} | ||
48 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
49 | } | ||
50 | sleep 1 | ||
51 | |||
52 | send -- "LC_ALL=C ls -al /etc\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 13\n";exit} | ||
55 | "X11" | ||
56 | } | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 14\n";exit} | ||
59 | "group" | ||
60 | } | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 15\n";exit} | ||
63 | "passwd" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 16\n";exit} | ||
67 | "resolv.conf" | ||
68 | } | ||
69 | |||
70 | |||
71 | send -- "file /etc/shadow\r" | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 17\n";exit} | ||
74 | "No such file or directory" | ||
75 | } | ||
76 | after 100 | ||
77 | send -- "exit\r" | ||
78 | sleep 1 | ||
79 | |||
80 | |||
81 | |||
82 | |||
83 | |||
84 | |||
85 | |||
86 | |||
87 | |||
88 | |||
89 | after 100 | ||
90 | puts "\nall done\n" | ||