diff options
author | netblue30 <netblue30@yahoo.com> | 2016-11-29 21:38:09 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-11-29 21:38:09 -0500 |
commit | 84fa03cd77b0afcdee5cc6816596ab5c8a633185 (patch) | |
tree | 97b0ef919fbe2a32cbfcf61ccad86cc20ef41ce4 /test/root | |
parent | testing (diff) | |
download | firejail-84fa03cd77b0afcdee5cc6816596ab5c8a633185.tar.gz firejail-84fa03cd77b0afcdee5cc6816596ab5c8a633185.tar.zst firejail-84fa03cd77b0afcdee5cc6816596ab5c8a633185.zip |
private-opt and private-srv
Diffstat (limited to 'test/root')
-rwxr-xr-x | test/root/private.exp | 57 | ||||
-rwxr-xr-x | test/root/root.sh | 4 | ||||
-rwxr-xr-x | test/root/whitelist-mnt.exp | 105 | ||||
-rwxr-xr-x | test/root/whitelist.exp | 118 |
4 files changed, 177 insertions, 107 deletions
diff --git a/test/root/private.exp b/test/root/private.exp index 4040081ee..9ce9716f9 100755 --- a/test/root/private.exp +++ b/test/root/private.exp | |||
@@ -29,5 +29,62 @@ expect { | |||
29 | after 100 | 29 | after 100 |
30 | 30 | ||
31 | send -- "exit\r" | 31 | send -- "exit\r" |
32 | sleep 1 | ||
33 | |||
34 | |||
35 | |||
36 | send -- "touch /opt/firejail-test-file\r" | ||
37 | after 100 | ||
38 | send -- "mkdir /opt/firejail-test-dir\r" | ||
39 | after 100 | ||
40 | send -- "touch /opt/firejail-test-dir/firejail-test-file\r" | ||
41 | after 100 | ||
42 | send -- "firejail --private-opt=firejail-test-file,firejail-test-dir --debug\r" | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 3\n";exit} | ||
45 | "Child process initialized" | ||
46 | } | ||
47 | sleep 1 | ||
48 | |||
49 | send -- "find /opt | wc -l\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 4\n";exit} | ||
52 | "4" | ||
53 | } | ||
54 | after 100 | ||
55 | send -- "exit\r" | ||
56 | sleep 1 | ||
57 | |||
58 | |||
59 | send -- "touch /srv/firejail-test-file\r" | ||
60 | after 100 | ||
61 | send -- "mkdir /srv/firejail-test-dir\r" | ||
62 | after 100 | ||
63 | send -- "touch /srv/firejail-test-dir/firejail-test-file\r" | ||
32 | after 100 | 64 | after 100 |
65 | send -- "firejail --private-srv=firejail-test-file,firejail-test-dir --debug\r" | ||
66 | expect { | ||
67 | timeout {puts "TESTING ERROR 5\n";exit} | ||
68 | "Child process initialized" | ||
69 | } | ||
70 | sleep 1 | ||
71 | |||
72 | send -- "find /srv | wc -l\r" | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6\n";exit} | ||
75 | "4" | ||
76 | } | ||
77 | after 100 | ||
78 | send -- "exit\r" | ||
79 | sleep 1 | ||
80 | |||
81 | |||
82 | |||
83 | |||
84 | |||
85 | |||
86 | |||
87 | |||
88 | |||
89 | |||
33 | puts "\nall done\n" | 90 | puts "\nall done\n" |
diff --git a/test/root/root.sh b/test/root/root.sh index 01c372f68..371bccdff 100755 --- a/test/root/root.sh +++ b/test/root/root.sh | |||
@@ -53,8 +53,8 @@ fi | |||
53 | echo "TESTING: fs private (test/root/private.exp)" | 53 | echo "TESTING: fs private (test/root/private.exp)" |
54 | ./private.exp | 54 | ./private.exp |
55 | 55 | ||
56 | echo "TESTING: fs whitelist mnt, opt, media(test/root/whitelist-mnt.exp)" | 56 | echo "TESTING: fs whitelist mnt, opt, media (test/root/whitelist-mnt.exp)" |
57 | ./whitelist-mnt.exp | 57 | ./whitelist.exp |
58 | 58 | ||
59 | #******************************** | 59 | #******************************** |
60 | # seccomp | 60 | # seccomp |
diff --git a/test/root/whitelist-mnt.exp b/test/root/whitelist-mnt.exp deleted file mode 100755 index a21446afe..000000000 --- a/test/root/whitelist-mnt.exp +++ /dev/null | |||
@@ -1,105 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "touch /mnt/firejail-test-file\r" | ||
11 | after 100 | ||
12 | send -- "firejail --whitelist=/mnt/firejail-test-file --debug\r" | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 0\n";exit} | ||
15 | "Child process initialized" | ||
16 | } | ||
17 | sleep 1 | ||
18 | |||
19 | send -- "find /mnt | wc -l\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "2" | ||
23 | } | ||
24 | after 100 | ||
25 | send -- "exit\r" | ||
26 | sleep 1 | ||
27 | |||
28 | |||
29 | send -- "touch /opt/firejail-test-file\r" | ||
30 | after 100 | ||
31 | send -- "firejail --whitelist=/opt/firejail-test-file --debug\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 0\n";exit} | ||
34 | "Child process initialized" | ||
35 | } | ||
36 | sleep 1 | ||
37 | |||
38 | send -- "find /opt | wc -l\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 1\n";exit} | ||
41 | "2" | ||
42 | } | ||
43 | after 100 | ||
44 | send -- "exit\r" | ||
45 | sleep 1 | ||
46 | |||
47 | send -- "touch /media/firejail-test-file\r" | ||
48 | after 100 | ||
49 | send -- "firejail --whitelist=/media/firejail-test-file --debug\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 0\n";exit} | ||
52 | "Child process initialized" | ||
53 | } | ||
54 | sleep 1 | ||
55 | |||
56 | send -- "find /media | wc -l\r" | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 1\n";exit} | ||
59 | "2" | ||
60 | } | ||
61 | after 100 | ||
62 | send -- "exit\r" | ||
63 | sleep 1 | ||
64 | |||
65 | |||
66 | send -- "firejail --whitelist=/var/run --whitelist=/var/lock --debug\r" | ||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 0\n";exit} | ||
69 | "Child process initialized" | ||
70 | } | ||
71 | sleep 1 | ||
72 | |||
73 | send -- "find /var | wc -l\r" | ||
74 | expect { | ||
75 | timeout {puts "TESTING ERROR 1\n";exit} | ||
76 | "" | ||
77 | } | ||
78 | after 100 | ||
79 | send -- "exit\r" | ||
80 | sleep 1 | ||
81 | |||
82 | send -- "touch /srv/firejail-test-file\r" | ||
83 | after 100 | ||
84 | send -- "firejail --whitelist=/srv/firejail-test-file --debug\r" | ||
85 | expect { | ||
86 | timeout {puts "TESTING ERROR 0\n";exit} | ||
87 | "Child process initialized" | ||
88 | } | ||
89 | sleep 1 | ||
90 | |||
91 | send -- "find /srv | wc -l\r" | ||
92 | expect { | ||
93 | timeout {puts "TESTING ERROR 1\n";exit} | ||
94 | "2" | ||
95 | } | ||
96 | after 100 | ||
97 | send -- "exit\r" | ||
98 | sleep 1 | ||
99 | |||
100 | |||
101 | |||
102 | |||
103 | after 100 | ||
104 | puts "\nall done\n" | ||
105 | |||
diff --git a/test/root/whitelist.exp b/test/root/whitelist.exp new file mode 100755 index 000000000..f6936c048 --- /dev/null +++ b/test/root/whitelist.exp | |||
@@ -0,0 +1,118 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "touch /mnt/firejail-test-file\r" | ||
11 | after 100 | ||
12 | send -- "mkdir /mnt/firejail-test-dir\r" | ||
13 | after 100 | ||
14 | send -- "touch /mnt/firejail-test-dir/firejail-test-file\r" | ||
15 | after 100 | ||
16 | send -- "firejail --whitelist=/mnt/firejail-test-file --whitelist=/mnt/firejail-test-dir --debug\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 0\n";exit} | ||
19 | "Child process initialized" | ||
20 | } | ||
21 | sleep 1 | ||
22 | |||
23 | send -- "find /mnt | wc -l\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 1\n";exit} | ||
26 | "4" | ||
27 | } | ||
28 | after 100 | ||
29 | send -- "exit\r" | ||
30 | sleep 1 | ||
31 | |||
32 | |||
33 | send -- "touch /opt/firejail-test-file\r" | ||
34 | after 100 | ||
35 | send -- "mkdir /opt/firejail-test-dir\r" | ||
36 | after 100 | ||
37 | send -- "touch /opt/firejail-test-dir/firejail-test-file\r" | ||
38 | after 100 | ||
39 | send -- "firejail --whitelist=/opt/firejail-test-file --whitelist=/opt/firejail-test-dir --debug\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 2\n";exit} | ||
42 | "Child process initialized" | ||
43 | } | ||
44 | sleep 1 | ||
45 | |||
46 | send -- "find /opt | wc -l\r" | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 3\n";exit} | ||
49 | "4" | ||
50 | } | ||
51 | after 100 | ||
52 | send -- "exit\r" | ||
53 | sleep 1 | ||
54 | |||
55 | send -- "touch /media/firejail-test-file\r" | ||
56 | after 100 | ||
57 | send -- "mkdir /media/firejail-test-dir\r" | ||
58 | after 100 | ||
59 | send -- "touch /media/firejail-test-dir/firejail-test-file\r" | ||
60 | after 100 | ||
61 | send -- "firejail --whitelist=/media/firejail-test-file --whitelist=/media/firejail-test-dir --debug\r" | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 4\n";exit} | ||
64 | "Child process initialized" | ||
65 | } | ||
66 | sleep 1 | ||
67 | |||
68 | send -- "find /media | wc -l\r" | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 5\n";exit} | ||
71 | "4" | ||
72 | } | ||
73 | after 100 | ||
74 | send -- "exit\r" | ||
75 | sleep 1 | ||
76 | |||
77 | |||
78 | send -- "firejail --whitelist=/var/run --whitelist=/var/lock --debug\r" | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 6\n";exit} | ||
81 | "Child process initialized" | ||
82 | } | ||
83 | sleep 1 | ||
84 | |||
85 | send -- "find /var | wc -l\r" | ||
86 | expect { | ||
87 | timeout {puts "TESTING ERROR 7\n";exit} | ||
88 | "" | ||
89 | } | ||
90 | after 100 | ||
91 | send -- "exit\r" | ||
92 | sleep 1 | ||
93 | |||
94 | send -- "touch /srv/firejail-test-file\r" | ||
95 | after 100 | ||
96 | send -- "mkdir /srv/firejail-test-dir\r" | ||
97 | after 100 | ||
98 | send -- "touch /srv/firejail-test-dir/firejail-test-file\r" | ||
99 | after 100 | ||
100 | send -- "firejail --whitelist=/srv/firejail-test-file --whitelist=/srv/firejail-test-dir --debug\r" | ||
101 | expect { | ||
102 | timeout {puts "TESTING ERROR 8\n";exit} | ||
103 | "Child process initialized" | ||
104 | } | ||
105 | sleep 1 | ||
106 | |||
107 | send -- "find /srv | wc -l\r" | ||
108 | expect { | ||
109 | timeout {puts "TESTING ERROR 9\n";exit} | ||
110 | "4" | ||
111 | } | ||
112 | after 100 | ||
113 | send -- "exit\r" | ||
114 | |||
115 | |||
116 | after 100 | ||
117 | puts "\nall done\n" | ||
118 | |||