make test-profiles

author: netblue30 <netblue30@yahoo.com> 2016-04-21 14:37:53 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-04-21 14:37:53 -0400
commit: ad2f7bc496e3cc83bca2381515312dd2ef6fc7f1 (patch)
tree: 0a923afb486b1f13ab35d26138cdbf51e0961aec /test/profiles
parent: --read-write option (diff)
download: firejail-ad2f7bc496e3cc83bca2381515312dd2ef6fc7f1.tar.gz
firejail-ad2f7bc496e3cc83bca2381515312dd2ef6fc7f1.tar.zst
firejail-ad2f7bc496e3cc83bca2381515312dd2ef6fc7f1.zip
6 files changed, 167 insertions, 0 deletions
diff --git a/test/profiles/profile_syntax.exp b/test/profiles/profile_syntax.exp
new file mode 100755
index 000000000..ecad1043b
--- /dev/null
+++ b/test/profiles/profile_syntax.exp
@@ -0,0 +1,66 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --profile=test.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "cat /sbin/iptables\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "No such file" {puts "\nTESTING /sbin/iptables not found\n"}
+        "Permission denied"
+}
+sleep 1
+send -- "ls -l /etc/shadow\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "root root 0"
+}
+sleep 1
+send -- "rmdir;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Permission denied"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "home"
+}
+sleep 1
+send -- "mount;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "Permission denied"
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "home"
+}
+sleep 1
+send -- "umount;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "Permission denied"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "home"
+}
+send -- "exit\r"
+sleep 1
+puts "\n"
diff --git a/test/profiles/profile_syntax2.exp b/test/profiles/profile_syntax2.exp
new file mode 100755
index 000000000..ba83731be
--- /dev/null
+++ b/test/profiles/profile_syntax2.exp
@@ -0,0 +1,50 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --debug --profile=test2.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Reading profile test2.profile"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Reading profile test.profile"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Mounting a new /home directory"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Disable /bin/rmdir" {puts "Most Linux platforms\n"}
+        "Disable /usr/bin/rmdir" { puts "OpenSUSE platform\n"}
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Drop CAP_SYS_MODULE"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "SECCOMP Filter"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "BLACKLIST"
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "mount"
+}
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "Child process initialized"
+}
+sleep 1
+puts "\nall done\n"
diff --git a/test/profiles/profiles.sh b/test/profiles/profiles.sh
new file mode 100755
index 000000000..ea1f51c1a
--- /dev/null
+++ b/test/profiles/profiles.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+echo "TESTING: default profiles installed in /etc"
+PROFILES=`ls /etc/firejail/*.profile`
+for PROFILE in $PROFILES
+do
+        echo "TESTING: $PROFILE"
+        ./test-profile.exp $PROFILE
+done
+echo "TESTING: profile syntax (profiles/profile_syntax.exp)"
+./profile_syntax.exp
+echo "TESTING: profile syntax 2 (profiles/profile_syntax2.exp)"
+./profile_syntax2.exp
diff --git a/test/profiles/test-profile.exp b/test/profiles/test-profile.exp
new file mode 100755
index 000000000..590b42652
--- /dev/null
+++ b/test/profiles/test-profile.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+if { $argc != 1 } {
+        puts "TESTING ERROR: argument missing"
+        puts "Usage: test-profile.exp profile_name"
+        exit
+}
+send -- "firejail --profile=$argv /bin/bash\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+send -- "exit\r"
+after 100
+puts "\n"
diff --git a/test/profiles/test.profile b/test/profiles/test.profile
new file mode 100644
index 000000000..1d69cc960
--- /dev/null
+++ b/test/profiles/test.profile
@@ -0,0 +1,5 @@
+   blacklist /sbin/iptables
+blacklist                /etc/shadow
+        blacklist               /bin/rmdir
+blacklist ${PATH}/umount
+blacklist ${PATH}/mount
diff --git a/test/profiles/test2.profile b/test/profiles/test2.profile
new file mode 100644
index 000000000..d7e1a1f21
--- /dev/null
+++ b/test/profiles/test2.profile
@@ -0,0 +1,4 @@
+caps    
+seccomp 
+  private   
+  include test.profile
author	netblue30 <netblue30@yahoo.com>	2016-04-21 14:37:53 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-04-21 14:37:53 -0400
commit	ad2f7bc496e3cc83bca2381515312dd2ef6fc7f1 (patch)
tree	0a923afb486b1f13ab35d26138cdbf51e0961aec /test/profiles
parent	--read-write option (diff)
download	firejail-ad2f7bc496e3cc83bca2381515312dd2ef6fc7f1.tar.gz firejail-ad2f7bc496e3cc83bca2381515312dd2ef6fc7f1.tar.zst firejail-ad2f7bc496e3cc83bca2381515312dd2ef6fc7f1.zip

diff --git a/test/profiles/profile_syntax.exp b/test/profiles/profile_syntax.exp new file mode 100755 index 000000000..ecad1043b --- /dev/null +++ b/test/profiles/profile_syntax.exp
@@ -0,0 +1,66 @@
	1	#!/usr/bin/expect -f
	2	# This file is part of Firejail project
	3	# Copyright (C) 2014-2016 Firejail Authors
	4	# License GPL v2
	5
	6	set timeout 10
	7	spawn $env(SHELL)
	8	match_max 100000
	9
	10	send -- "firejail --profile=test.profile\r"
	11	expect {
	12	timeout {puts "TESTING ERROR 0\n";exit}
	13	"Child process initialized"
	14	}
	15
	16	sleep 2
	17	send -- "cat /sbin/iptables\r"
	18	expect {
	19	timeout {puts "TESTING ERROR 2\n";exit}
	20	"No such file" {puts "\nTESTING /sbin/iptables not found\n"}
	21	"Permission denied"
	22	}
	23
	24	sleep 1
	25	send -- "ls -l /etc/shadow\r"
	26	expect {
	27	timeout {puts "TESTING ERROR 3\n";exit}
	28	"root root 0"
	29	}
	30
	31	sleep 1
	32	send -- "rmdir;pwd\r"
	33	expect {
	34	timeout {puts "TESTING ERROR 4\n";exit}
	35	"Permission denied"
	36	}
	37	expect {
	38	timeout {puts "TESTING ERROR 5\n";exit}
	39	"home"
	40	}
	41
	42	sleep 1
	43	send -- "mount;pwd\r"
	44	expect {
	45	timeout {puts "TESTING ERROR 6\n";exit}
	46	"Permission denied"
	47	}
	48	expect {
	49	timeout {puts "TESTING ERROR 7\n";exit}
	50	"home"
	51	}
	52
	53	sleep 1
	54	send -- "umount;pwd\r"
	55	expect {
	56	timeout {puts "TESTING ERROR 8\n";exit}
	57	"Permission denied"
	58	}
	59	expect {
	60	timeout {puts "TESTING ERROR 9\n";exit}
	61	"home"
	62	}
	63	send -- "exit\r"
	64
	65	sleep 1
	66	puts "\n"


diff --git a/test/profiles/profile_syntax2.exp b/test/profiles/profile_syntax2.exp new file mode 100755 index 000000000..ba83731be --- /dev/null +++ b/test/profiles/profile_syntax2.exp
@@ -0,0 +1,50 @@
	1	#!/usr/bin/expect -f
	2	# This file is part of Firejail project
	3	# Copyright (C) 2014-2016 Firejail Authors
	4	# License GPL v2
	5
	6	set timeout 10
	7	spawn $env(SHELL)
	8	match_max 100000
	9
	10	send -- "firejail --debug --profile=test2.profile\r"
	11	expect {
	12	timeout {puts "TESTING ERROR 0\n";exit}
	13	"Reading profile test2.profile"
	14	}
	15	expect {
	16	timeout {puts "TESTING ERROR 1\n";exit}
	17	"Reading profile test.profile"
	18	}
	19	expect {
	20	timeout {puts "TESTING ERROR 2\n";exit}
	21	"Mounting a new /home directory"
	22	}
	23	expect {
	24	timeout {puts "TESTING ERROR 3\n";exit}
	25	"Disable /bin/rmdir" {puts "Most Linux platforms\n"}
	26	"Disable /usr/bin/rmdir" { puts "OpenSUSE platform\n"}
	27	}
	28	expect {
	29	timeout {puts "TESTING ERROR 4\n";exit}
	30	"Drop CAP_SYS_MODULE"
	31	}
	32	expect {
	33	timeout {puts "TESTING ERROR 5\n";exit}
	34	"SECCOMP Filter"
	35	}
	36	expect {
	37	timeout {puts "TESTING ERROR 6\n";exit}
	38	"BLACKLIST"
	39	}
	40	expect {
	41	timeout {puts "TESTING ERROR 7\n";exit}
	42	"mount"
	43	}
	44	expect {
	45	timeout {puts "TESTING ERROR 8\n";exit}
	46	"Child process initialized"
	47	}
	48
	49	sleep 1
	50	puts "\nall done\n"


diff --git a/test/profiles/profiles.sh b/test/profiles/profiles.sh new file mode 100755 index 000000000..ea1f51c1a --- /dev/null +++ b/test/profiles/profiles.sh
@@ -0,0 +1,19 @@
	1	#!/bin/bash
	2	# This file is part of Firejail project
	3	# Copyright (C) 2014-2016 Firejail Authors
	4	# License GPL v2
	5
	6	echo "TESTING: default profiles installed in /etc"
	7	PROFILES=`ls /etc/firejail/*.profile`
	8	for PROFILE in $PROFILES
	9	do
	10	echo "TESTING: $PROFILE"
	11	./test-profile.exp $PROFILE
	12	done
	13
	14	echo "TESTING: profile syntax (profiles/profile_syntax.exp)"
	15	./profile_syntax.exp
	16
	17	echo "TESTING: profile syntax 2 (profiles/profile_syntax2.exp)"
	18	./profile_syntax2.exp
	19


diff --git a/test/profiles/test-profile.exp b/test/profiles/test-profile.exp new file mode 100755 index 000000000..590b42652 --- /dev/null +++ b/test/profiles/test-profile.exp
@@ -0,0 +1,23 @@
	1	#!/usr/bin/expect -f
	2	# This file is part of Firejail project
	3	# Copyright (C) 2014-2016 Firejail Authors
	4	# License GPL v2
	5
	6	set timeout 10
	7	spawn $env(SHELL)
	8	match_max 100000
	9
	10	if { $argc != 1 } {
	11	puts "TESTING ERROR: argument missing"
	12	puts "Usage: test-profile.exp profile_name"
	13	exit
	14	}
	15
	16	send -- "firejail --profile=$argv /bin/bash\r"
	17	expect {
	18	timeout {puts "TESTING ERROR 0\n";exit}
	19	"Child process initialized"
	20	}
	21	send -- "exit\r"
	22	after 100
	23	puts "\n"


diff --git a/test/profiles/test.profile b/test/profiles/test.profile new file mode 100644 index 000000000..1d69cc960 --- /dev/null +++ b/test/profiles/test.profile
@@ -0,0 +1,5 @@
	1	blacklist /sbin/iptables
	2	blacklist /etc/shadow
	3	blacklist /bin/rmdir
	4	blacklist ${PATH}/umount
	5	blacklist ${PATH}/mount


diff --git a/test/profiles/test2.profile b/test/profiles/test2.profile new file mode 100644 index 000000000..d7e1a1f21 --- /dev/null +++ b/test/profiles/test2.profile
@@ -0,0 +1,4 @@
	1	caps
	2	seccomp
	3	private
	4	include test.profile