diff options
author | netblue30 <netblue30@protonmail.com> | 2023-02-28 09:51:26 -0500 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2023-02-28 09:51:26 -0500 |
commit | 27c4d069f322fbeca07c88e0e96208233103a5db (patch) | |
tree | fb4b4fdc75eb5e633ab55b8228a60f54176446a0 /test/root/checkcfg.exp | |
parent | fix cppcheck/scan-build problems (diff) | |
download | firejail-27c4d069f322fbeca07c88e0e96208233103a5db.tar.gz firejail-27c4d069f322fbeca07c88e0e96208233103a5db.tar.zst firejail-27c4d069f322fbeca07c88e0e96208233103a5db.zip |
chroot testing
Diffstat (limited to 'test/root/checkcfg.exp')
-rwxr-xr-x | test/root/checkcfg.exp | 164 |
1 files changed, 0 insertions, 164 deletions
diff --git a/test/root/checkcfg.exp b/test/root/checkcfg.exp deleted file mode 100755 index d7aea8084..000000000 --- a/test/root/checkcfg.exp +++ /dev/null | |||
@@ -1,164 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2023 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | cd /home | ||
8 | spawn $env(SHELL) | ||
9 | match_max 100000 | ||
10 | |||
11 | send -- "rm /etc/firejail/firejail.config\r" | ||
12 | after 100 | ||
13 | |||
14 | send -- "firejail\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "firejail.config not found" | ||
18 | } | ||
19 | |||
20 | # seccomp | ||
21 | send -- "echo \"seccomp no\" > /etc/firejail/firejail.config\r" | ||
22 | after 100 | ||
23 | send -- "firejail --noprofile --seccomp\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 2\n";exit} | ||
26 | "seccomp feature is disabled in Firejail configuration file\r" | ||
27 | } | ||
28 | |||
29 | # whitelist | ||
30 | send -- "echo \"whitelist no\" > /etc/firejail/firejail.config\r" | ||
31 | after 100 | ||
32 | send -- "firejail --noprofile --whitelist=~/.config\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 3\n";exit} | ||
35 | "whitelist feature is disabled in Firejail configuration file\r" | ||
36 | } | ||
37 | |||
38 | # network | ||
39 | send -- "echo \"network no\" > /etc/firejail/firejail.config\r" | ||
40 | after 100 | ||
41 | send -- "firejail --noprofile --net=eth0\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "networking feature is disabled in Firejail configuration file\r" | ||
45 | } | ||
46 | |||
47 | # bind | ||
48 | send -- "echo \"bind no\" > /etc/firejail/firejail.config\r" | ||
49 | after 100 | ||
50 | send -- "firejail --noprofile --bind=/tmp,/var/tmp\r" | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5\n";exit} | ||
53 | "bind feature is disabled in Firejail configuration file\r" | ||
54 | } | ||
55 | |||
56 | # overlay | ||
57 | send -- "echo \"overlayfs no\" > /etc/firejail/firejail.config\r" | ||
58 | after 100 | ||
59 | send -- "firejail --noprofile --overlay\r" | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 6\n";exit} | ||
62 | "overlayfs feature is disabled in Firejail configuration file\r" | ||
63 | } | ||
64 | |||
65 | # private-home | ||
66 | send -- "echo \"private-home no\" > /etc/firejail/firejail.config\r" | ||
67 | after 100 | ||
68 | send -- "firejail --noprofile --private-home=/tmp\r" | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 7\n";exit} | ||
71 | "private-home feature is disabled in Firejail configuration file\r" | ||
72 | } | ||
73 | |||
74 | # chroot | ||
75 | send -- "echo \"chroot no\" > /etc/firejail/firejail.config\r" | ||
76 | after 100 | ||
77 | send -- "firejail --noprofile --chroot=/tmp\r" | ||
78 | expect { | ||
79 | timeout {puts "TESTING ERROR 8\n";exit} | ||
80 | "chroot feature is disabled in Firejail configuration file\r" | ||
81 | } | ||
82 | |||
83 | # userns | ||
84 | send -- "echo \"userns no\" > /etc/firejail/firejail.config\r" | ||
85 | after 100 | ||
86 | send -- "firejail --noprofile --noroot\r" | ||
87 | expect { | ||
88 | timeout {puts "TESTING ERROR 9\n";exit} | ||
89 | "noroot feature is disabled in Firejail configuration file\r" | ||
90 | } | ||
91 | sleep 1 | ||
92 | |||
93 | # netfilter-default | ||
94 | send -- "echo \"netfilter-default blablabla\" > /etc/firejail/firejail.config\r" | ||
95 | after 100 | ||
96 | send -- "firejail --noprofile\r" | ||
97 | expect { | ||
98 | timeout {puts "TESTING ERROR 10\n";exit} | ||
99 | "netfilter-default file blablabla not available\r" | ||
100 | } | ||
101 | after 100 | ||
102 | |||
103 | # strings | ||
104 | send -- "echo \"xephyr-screen 800x600\" > /etc/firejail/firejail.config\r" | ||
105 | after 100 | ||
106 | send -- "echo \"xvfb-screen 800x600x24\" >> /etc/firejail/firejail.config\r" | ||
107 | after 100 | ||
108 | send -- "echo \"xvfb-extra-params blablabla\" >> /etc/firejail/firejail.config\r" | ||
109 | sleep 1 | ||
110 | send -- "stty -echo\r" | ||
111 | after 100 | ||
112 | send -- "firejail --noprofile echo done\r" | ||
113 | expect { | ||
114 | timeout {puts "TESTING ERROR 11\n";exit} | ||
115 | "done\r" | ||
116 | } | ||
117 | sleep 1 | ||
118 | |||
119 | after 100 | ||
120 | send -- "echo \"join no\" > /etc/firejail/firejail.config\r" | ||
121 | after 100 | ||
122 | send -- "echo \"cache-tmpfs no\" >> /etc/firejail/firejail.config\r" | ||
123 | after 100 | ||
124 | send -- "echo \"file-transfer no\" >> /etc/firejail/firejail.config\r" | ||
125 | after 100 | ||
126 | send -- "echo \"x11 no\" >> /etc/firejail/firejail.config\r" | ||
127 | after 100 | ||
128 | send -- "echo \"firejail-prompt yes\" >> /etc/firejail/firejail.config\r" | ||
129 | after 100 | ||
130 | send -- "echo \"follow-symlink-as-user yes\" >> /etc/firejail/firejail.config\r" | ||
131 | after 100 | ||
132 | send -- "echo \"follow-symlink-private-bin yes\" >> /etc/firejail/firejail.config\r" | ||
133 | after 100 | ||
134 | send -- "echo \"force-nonewprivs yes\" >> /etc/firejail/firejail.config\r" | ||
135 | after 100 | ||
136 | send -- "echo \"seccomp no\" >> /etc/firejail/firejail.config\r" | ||
137 | after 100 | ||
138 | send -- "echo \"restricted-network yes\" >> /etc/firejail/firejail.config\r" | ||
139 | after 100 | ||
140 | send -- "echo \"xephyr-window-title yes\" >> /etc/firejail/firejail.config\r" | ||
141 | after 100 | ||
142 | send -- "echo \"quiet-by-default yes\" >> /etc/firejail/firejail.config\r" | ||
143 | after 100 | ||
144 | send -- "echo \"chroot-desktop no\" >> /etc/firejail/firejail.config\r" | ||
145 | after 100 | ||
146 | send -- "echo \"private-bin-no-local yes\" >> /etc/firejail/firejail.config\r" | ||
147 | after 100 | ||
148 | send -- "echo \"disable-mnt yes\" >> /etc/firejail/firejail.config\r" | ||
149 | after 100 | ||
150 | send -- "echo \"xephyr-window-title no\" >> /etc/firejail/firejail.config\r" | ||
151 | after 100 | ||
152 | send -- "echo \"remount-proc-sys no\" >> /etc/firejail/firejail.config\r" | ||
153 | after 100 | ||
154 | send -- "echo \"disable-mnt no\" >> /etc/firejail/firejail.config\r" | ||
155 | after 100 | ||
156 | send -- "echo \"blablabla\" >> /etc/firejail/firejail.config\r" | ||
157 | after 100 | ||
158 | send -- "firejail --noprofile\r" | ||
159 | expect { | ||
160 | timeout {puts "TESTING ERROR 12\n";exit} | ||
161 | "" | ||
162 | } | ||
163 | after 100 | ||
164 | puts "\nall done\n" | ||