diff options
author | netblue30 <netblue30@yahoo.com> | 2018-11-08 10:49:44 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-11-08 10:49:44 -0500 |
commit | 2acc910daf73c284965ca96bc70b4eb980c865cf (patch) | |
tree | 7b5733a8ccacba4089a7a9c067b12355372c8dc9 /test/profiles | |
parent | Merge pull request #2251 from glitsj16/sort (diff) | |
download | firejail-2acc910daf73c284965ca96bc70b4eb980c865cf.tar.gz firejail-2acc910daf73c284965ca96bc70b4eb980c865cf.tar.zst firejail-2acc910daf73c284965ca96bc70b4eb980c865cf.zip |
profile parser testing
Diffstat (limited to 'test/profiles')
-rwxr-xr-x | test/profiles/profile_appname.exp | 25 | ||||
-rwxr-xr-x | test/profiles/profile_noperm.exp | 2 | ||||
-rwxr-xr-x | test/profiles/profile_recursivity.exp | 25 | ||||
-rwxr-xr-x | test/profiles/profile_syntax2.exp | 27 | ||||
-rwxr-xr-x | test/profiles/profiles.sh | 27 | ||||
-rw-r--r-- | test/profiles/test2.profile | 4 | ||||
-rw-r--r-- | test/profiles/test3.profile | 1 |
7 files changed, 85 insertions, 26 deletions
diff --git a/test/profiles/profile_appname.exp b/test/profiles/profile_appname.exp new file mode 100755 index 000000000..c70e7ad57 --- /dev/null +++ b/test/profiles/profile_appname.exp | |||
@@ -0,0 +1,25 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --profile=firefox\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Reading profile /etc/firejail/firefox.profile" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Reading profile /etc/firejail/firefox-common.profile" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "shell=none configured, but no program specified" | ||
22 | } | ||
23 | |||
24 | after 100 | ||
25 | puts "\nall done\n" | ||
diff --git a/test/profiles/profile_noperm.exp b/test/profiles/profile_noperm.exp index b3b031cb2..9f8cb54e2 100755 --- a/test/profiles/profile_noperm.exp +++ b/test/profiles/profile_noperm.exp | |||
@@ -7,7 +7,7 @@ match_max 100000 | |||
7 | send -- "firejail --profile=/etc/shadow\r" | 7 | send -- "firejail --profile=/etc/shadow\r" |
8 | expect { | 8 | expect { |
9 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
10 | "cannot access profile" | 10 | "inaccessible profile file" |
11 | } | 11 | } |
12 | after 100 | 12 | after 100 |
13 | puts "\nall done\n" | 13 | puts "\nall done\n" |
diff --git a/test/profiles/profile_recursivity.exp b/test/profiles/profile_recursivity.exp new file mode 100755 index 000000000..66e4510bf --- /dev/null +++ b/test/profiles/profile_recursivity.exp | |||
@@ -0,0 +1,25 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --profile=test3.profile\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Reading profile test3.profile" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Reading profile test3.profile" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "maximum profile include level was reached" | ||
22 | } | ||
23 | |||
24 | after 100 | ||
25 | puts "\nall done\n" | ||
diff --git a/test/profiles/profile_syntax2.exp b/test/profiles/profile_syntax2.exp index 4d621f3ec..da34b67e8 100755 --- a/test/profiles/profile_syntax2.exp +++ b/test/profiles/profile_syntax2.exp | |||
@@ -7,7 +7,7 @@ set timeout 10 | |||
7 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
8 | match_max 100000 | 8 | match_max 100000 |
9 | 9 | ||
10 | send -- "firejail --debug --profile=test2.profile\r" | 10 | send -- "firejail --profile=test2.profile\r" |
11 | expect { | 11 | expect { |
12 | timeout {puts "TESTING ERROR 0\n";exit} | 12 | timeout {puts "TESTING ERROR 0\n";exit} |
13 | "Reading profile test2.profile" | 13 | "Reading profile test2.profile" |
@@ -18,29 +18,8 @@ expect { | |||
18 | } | 18 | } |
19 | expect { | 19 | expect { |
20 | timeout {puts "TESTING ERROR 2\n";exit} | 20 | timeout {puts "TESTING ERROR 2\n";exit} |
21 | "Mounting a new /home directory" | 21 | "cannot access profile file" |
22 | } | 22 | } |
23 | expect { | 23 | |
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | "Disable /bin/rmdir" {puts "Most Linux platforms\n"} | ||
26 | "Disable /usr/bin/rmdir" { puts "OpenSUSE platform\n"} | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 4\n";exit} | ||
30 | "Drop CAP_SYS_MODULE" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 5\n";exit} | ||
34 | "seccomp entries in /run/firejail/mnt/seccomp" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 7\n";exit} | ||
38 | "jeq mount" | ||
39 | } | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 8\n";exit} | ||
42 | "Child process initialized" | ||
43 | } | ||
44 | send -- "exit\r" | ||
45 | after 100 | 24 | after 100 |
46 | puts "\nall done\n" | 25 | puts "\nall done\n" |
diff --git a/test/profiles/profiles.sh b/test/profiles/profiles.sh index 7c3549aea..a3d24ac0c 100755 --- a/test/profiles/profiles.sh +++ b/test/profiles/profiles.sh | |||
@@ -6,6 +6,33 @@ | |||
6 | export MALLOC_CHECK_=3 | 6 | export MALLOC_CHECK_=3 |
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | 7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) |
8 | 8 | ||
9 | echo "TESTING: profile recursivity (test/profiles/profile_recursivity.exp)" | ||
10 | ./profile_recursivity.exp | ||
11 | |||
12 | echo "TESTING: profile application name (test/profiles/profile_appname.exp)" | ||
13 | ./profile_appname.exp | ||
14 | |||
15 | echo "TESTING: profile syntax (test/profiles/profile_syntax.exp)" | ||
16 | ./profile_syntax.exp | ||
17 | |||
18 | echo "TESTING: profile syntax 2 (test/profiles/profile_syntax2.exp)" | ||
19 | ./profile_syntax2.exp | ||
20 | |||
21 | echo "TESTING: ignore command (test/profiles/ignore.exp)" | ||
22 | ./ignore.exp | ||
23 | |||
24 | echo "TESTING: profile read-only (test/profiles/profile_readonly.exp)" | ||
25 | ./profile_readonly.exp | ||
26 | |||
27 | echo "TESTING: profile read-only links (test/profiles/profile_readonly.exp)" | ||
28 | ./profile_followlnk.exp | ||
29 | |||
30 | echo "TESTING: profile no permissions (test/profiles/profile_noperm.exp)" | ||
31 | ./profile_noperm.exp | ||
32 | |||
33 | |||
34 | |||
35 | |||
9 | echo "TESTING: default profiles installed in /etc" | 36 | echo "TESTING: default profiles installed in /etc" |
10 | PROFILES=`ls /etc/firejail/*.profile` | 37 | PROFILES=`ls /etc/firejail/*.profile` |
11 | for PROFILE in $PROFILES | 38 | for PROFILE in $PROFILES |
diff --git a/test/profiles/test2.profile b/test/profiles/test2.profile index e219d800d..9fbd5219a 100644 --- a/test/profiles/test2.profile +++ b/test/profiles/test2.profile | |||
@@ -1,4 +1,6 @@ | |||
1 | caps | 1 | caps |
2 | seccomp | 2 | seccomp |
3 | private | 3 | private |
4 | include test.profile | 4 | include test.profile |
5 | include test.local | ||
6 | include test25.profile | ||
diff --git a/test/profiles/test3.profile b/test/profiles/test3.profile new file mode 100644 index 000000000..c28ddadb5 --- /dev/null +++ b/test/profiles/test3.profile | |||
@@ -0,0 +1 @@ | |||
include test3.profile \ No newline at end of file | |||