networking features testing

6 files changed, 99 insertions, 0 deletions

diff --git a/test/profiles/profile_followlnk.exp b/test/profiles/profile_followlnk.exp
new file mode 100755
index 000000000..4d89de26b
--- /dev/null
+++ b/test/profiles/profile_followlnk.exp
@@ -0,0 +1,37 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "mkdir /tmp/firejailtestdir\r"
+send -- "ln -s /tmp/firejailtestdir  /tmp/firejailtestdirlnk\r"
+send -- "touch /tmp/firejailtestfile\r"
+send -- "ln -s /tmp/firejailtestfile /tmp/firejailtestfilelnk\r"
+sleep 1
+
+send -- "firejail --profile=readonly-lnk.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+
+send -- "ls > /tmp/firejailtestdirlnk/ttt\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Read-only file system"
+}
+sleep 1
+
+send -- "ls > /tmp/firejailtestfilelnk;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Read-only file system"
+}
+sleep 1
+
+send -- "exit\r"
+send -- "rm -fr /tmp/firejailtest*\r"
+sleep 1
+
+puts "\nall done\n"
diff --git a/test/profiles/profile_noperm.exp b/test/profiles/profile_noperm.exp
new file mode 100755
index 000000000..25ec580bd
--- /dev/null
+++ b/test/profiles/profile_noperm.exp
@@ -0,0 +1,13 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --profile=/etc/shadow\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "cannot access profile"
+}
+sleep 1
+puts "\nall done\n"
diff --git a/test/profiles/profile_readonly.exp b/test/profiles/profile_readonly.exp
new file mode 100755
index 000000000..e8e78d6ad
--- /dev/null
+++ b/test/profiles/profile_readonly.exp
@@ -0,0 +1,36 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "mkdir /tmp/firejailtestdir\r"
+send -- "touch /tmp/firejailtestfile\r"
+sleep 1
+
+send -- "firejail --profile=readonly.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+send -- "ls > /tmp/firejailtestdir/ttt\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Read-only file system"
+}
+sleep 1
+
+send -- "ls > /tmp/firejailtestfile\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Read-only file system"
+}
+send -- "exit\r"
+sleep 1
+
+send -- "rm -fr /tmp/firejailtest*\r"
+sleep 1
+
+puts "\nall done\n"
diff --git a/test/profiles/profiles.sh b/test/profiles/profiles.sh
index e3adc8a4f..ca0b9fb29 100755
--- a/test/profiles/profiles.sh
+++ b/test/profiles/profiles.sh
@@ -23,3 +23,12 @@ echo "TESTING: profile syntax 2 (test/profiles/profile_syntax2.exp)"
 echo "TESTING: ignore command (test/profiles/ignore.exp)"
 ./ignore.exp
 
+echo "TESTING: profile read-only (test/profiles/profile_readonly.exp)"
+./profile_readonly.exp
+
+echo "TESTING: profile read-only links (test/profiles/profile_readonly.exp)"
+./profile_followlnk.exp
+
+echo "TESTING: profile no permissions (test/profiles/profile_noperm.exp)"
+./profile_noperm.exp
+
diff --git a/test/profiles/readonly-lnk.profile b/test/profiles/readonly-lnk.profile
new file mode 100644
index 000000000..71ffb1a26
--- /dev/null
+++ b/test/profiles/readonly-lnk.profile
@@ -0,0 +1,2 @@
+read-only /tmp/firejailtestdirlnk
+read-only /tmp/firejailtestfilelnk
diff --git a/test/profiles/readonly.profile b/test/profiles/readonly.profile
new file mode 100644
index 000000000..55d89e3d7
--- /dev/null
+++ b/test/profiles/readonly.profile
@@ -0,0 +1,2 @@
+read-only /tmp/firejailtestdir
+read-only /tmp/firejailtestfile
\ No newline at end of file