diff options
author | netblue30 <netblue30@yahoo.com> | 2016-09-15 09:59:11 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-09-15 09:59:11 -0400 |
commit | fc116c063938d5e141d5fbc38e8013d9832ef315 (patch) | |
tree | 382b401cc0a9efeda1509a88bd430cd68b741346 /test/root | |
parent | fixed /etc/login.def reading on Mageia systems (diff) | |
download | firejail-fc116c063938d5e141d5fbc38e8013d9832ef315.tar.gz firejail-fc116c063938d5e141d5fbc38e8013d9832ef315.tar.zst firejail-fc116c063938d5e141d5fbc38e8013d9832ef315.zip |
testing
Diffstat (limited to 'test/root')
-rwxr-xr-x | test/root/apache2.exp | 69 | ||||
-rwxr-xr-x | test/root/configure | 27 | ||||
-rwxr-xr-x | test/root/firemon-interface.exp | 34 | ||||
-rwxr-xr-x | test/root/isc-dhcp.exp | 58 | ||||
-rwxr-xr-x | test/root/net_interface.exp | 93 | ||||
-rwxr-xr-x | test/root/nginx.exp | 69 | ||||
-rwxr-xr-x | test/root/option_bind_directory.exp | 22 | ||||
-rwxr-xr-x | test/root/option_bind_file.exp | 22 | ||||
-rwxr-xr-x | test/root/option_tmpfs.exp | 44 | ||||
-rwxr-xr-x | test/root/profile_tmpfs.exp | 37 | ||||
-rwxr-xr-x | test/root/root.sh | 105 | ||||
-rwxr-xr-x | test/root/seccomp-chmod.exp | 51 | ||||
-rwxr-xr-x | test/root/seccomp-chown.exp | 49 | ||||
-rwxr-xr-x | test/root/seccomp-umount.exp | 25 | ||||
-rwxr-xr-x | test/root/snmpd.exp | 57 | ||||
-rwxr-xr-x | test/root/start.sh | 4 | ||||
-rw-r--r-- | test/root/tmpfs.profile | 1 | ||||
-rwxr-xr-x | test/root/unbound.exp | 57 |
18 files changed, 824 insertions, 0 deletions
diff --git a/test/root/apache2.exp b/test/root/apache2.exp new file mode 100755 index 000000000..7f67f4706 --- /dev/null +++ b/test/root/apache2.exp | |||
@@ -0,0 +1,69 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 5 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "pkill apache\r" | ||
8 | sleep 2 | ||
9 | |||
10 | |||
11 | send -- "firejail --name=apache /etc/init.d/apache2 start\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 2 | ||
17 | |||
18 | |||
19 | spawn $env(SHELL) | ||
20 | send -- "firejail --tree\r" | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 1\n";exit} | ||
23 | "root:/usr/sbin/apache2" | ||
24 | } | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "www-data:/usr/sbin/apache2" | ||
28 | } | ||
29 | sleep 2 | ||
30 | |||
31 | |||
32 | send -- "rm index.html\r" | ||
33 | sleep 1 | ||
34 | send -- "wget 0\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 3\n";exit} | ||
37 | "saved" | ||
38 | } | ||
39 | send -- "cat index.html\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 4\n";exit} | ||
42 | "DOCTYPE html PUBLIC" | ||
43 | } | ||
44 | |||
45 | sleep 1 | ||
46 | send -- "rm index.html\r" | ||
47 | |||
48 | send -- "firejail --join=apache\r" | ||
49 | sleep 2 | ||
50 | |||
51 | send -- "ls /dev\r" | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 5\n";exit} | ||
54 | "tty0" {puts "TESTING ERROR 6\n";exit} | ||
55 | "ttyS0" {puts "TESTING ERROR 6\n";exit} | ||
56 | "audio" {puts "TESTING ERROR 6\n";exit} | ||
57 | "ppp" {puts "TESTING ERROR 6\n";exit} | ||
58 | "log" | ||
59 | } | ||
60 | sleep 1 | ||
61 | send -- "ls -al /tmp;pwd\r" | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 10\n";exit} | ||
64 | "X11-unix" {puts "TESTING ERROR 11\n";exit} | ||
65 | "/root" | ||
66 | } | ||
67 | sleep 2 | ||
68 | |||
69 | puts "\nall done\n" | ||
diff --git a/test/root/configure b/test/root/configure new file mode 100755 index 000000000..35d938340 --- /dev/null +++ b/test/root/configure | |||
@@ -0,0 +1,27 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | brctl addbr br0 | ||
7 | ifconfig br0 10.10.20.1/29 up | ||
8 | # NAT masquerade | ||
9 | iptables -t nat -A POSTROUTING -o eth0 -s 10.10.20.0/29 -j MASQUERADE | ||
10 | # port forwarding | ||
11 | # iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.10.20.2:80 | ||
12 | |||
13 | brctl addbr br1 | ||
14 | ifconfig br1 10.10.30.1/24 up | ||
15 | brctl addbr br2 | ||
16 | ifconfig br2 10.10.40.1/24 up | ||
17 | brctl addbr br3 | ||
18 | ifconfig br3 10.10.50.1/24 up | ||
19 | brctl addbr br4 | ||
20 | ifconfig br4 10.10.60.1/24 up | ||
21 | ip link add link eth0 name eth0.5 type vlan id 5 | ||
22 | /sbin/ifconfig eth0.5 10.10.205.10/24 up | ||
23 | ip link add link eth0 name eth0.6 type vlan id 6 | ||
24 | /sbin/ifconfig eth0.6 10.10.206.10/24 up | ||
25 | ip link add link eth0 name eth0.7 type vlan id 7 | ||
26 | /sbin/ifconfig eth0.7 10.10.207.10/24 up | ||
27 | |||
diff --git a/test/root/firemon-interface.exp b/test/root/firemon-interface.exp new file mode 100755 index 000000000..6a82ae41e --- /dev/null +++ b/test/root/firemon-interface.exp | |||
@@ -0,0 +1,34 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "firemon --interface\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "lo UP" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 2\n";exit} | ||
22 | "10.10.20.1/29" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3\n";exit} | ||
26 | "10.10.50.1/24" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 3\n";exit} | ||
30 | "br3" | ||
31 | } | ||
32 | sleep 1 | ||
33 | |||
34 | puts "\n" | ||
diff --git a/test/root/isc-dhcp.exp b/test/root/isc-dhcp.exp new file mode 100755 index 000000000..86500707a --- /dev/null +++ b/test/root/isc-dhcp.exp | |||
@@ -0,0 +1,58 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 5 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "sudo ls; sudo whoami; sudo pwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
10 | "root" | ||
11 | } | ||
12 | |||
13 | send -- "pkill dhcpd\r" | ||
14 | sleep 2 | ||
15 | |||
16 | send -- "firejail --name=dhcpd /etc/init.d/isc-dhcp-server start\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 0\n";exit} | ||
19 | "Child process initialized" | ||
20 | } | ||
21 | sleep 2 | ||
22 | |||
23 | spawn $env(SHELL) | ||
24 | send -- "firejail --tree\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "root:/usr/sbin/dhcpd" | ||
28 | } | ||
29 | sleep 2 | ||
30 | |||
31 | send -- "tail -n 200 /var/log/syslog\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 3\n";exit} | ||
34 | "Internet Systems Consortium DHCP Server" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 4\n";exit} | ||
38 | "Wrote 0 leases to leases file" | ||
39 | } | ||
40 | sleep 2 | ||
41 | |||
42 | send -- "firejail --join=dhcpd\r" | ||
43 | sleep 2 | ||
44 | |||
45 | send -- "ls /dev\r" | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 5\n";exit} | ||
48 | "tty0" {puts "TESTING ERROR 6\n";exit} | ||
49 | "ttyS0" {puts "TESTING ERROR 6\n";exit} | ||
50 | "ppp" {puts "TESTING ERROR 6\n";exit} | ||
51 | "audio" {puts "TESTING ERROR 6\n";exit} | ||
52 | "log" | ||
53 | } | ||
54 | sleep 2 | ||
55 | |||
56 | |||
57 | puts "\nall done\n" | ||
58 | |||
diff --git a/test/root/net_interface.exp b/test/root/net_interface.exp new file mode 100755 index 000000000..2f87024d8 --- /dev/null +++ b/test/root/net_interface.exp | |||
@@ -0,0 +1,93 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "ip link add link eth0 name eth0.100 type vlan id 100\r" | ||
11 | sleep 1 | ||
12 | send -- "ip link add link eth0 name eth0.101 type vlan id 101\r" | ||
13 | sleep 1 | ||
14 | send -- "ip link add link eth0 name eth0.102 type vlan id 102\r" | ||
15 | sleep 1 | ||
16 | send -- "ip link add link eth0 name eth0.103 type vlan id 103\r" | ||
17 | sleep 1 | ||
18 | send -- "ip link add link eth0 name eth0.104 type vlan id 104\r" | ||
19 | sleep 1 | ||
20 | puts "\n" | ||
21 | |||
22 | send -- "/sbin/ifconfig eth0.100 10.200.0.1/24\r" | ||
23 | sleep 1 | ||
24 | send -- "/sbin/ifconfig eth0.101 10.200.1.1/24\r" | ||
25 | sleep 1 | ||
26 | send -- "/sbin/ifconfig eth0.102 10.200.2.1/24\r" | ||
27 | sleep 1 | ||
28 | send -- "/sbin/ifconfig eth0.103 10.200.3.1/24\r" | ||
29 | sleep 1 | ||
30 | send -- "/sbin/ifconfig eth0.104 10.200.4.1/24\r" | ||
31 | sleep 1 | ||
32 | puts "\n" | ||
33 | |||
34 | |||
35 | |||
36 | send -- "firejail --noprofile --interface=eth0.100 --interface=eth0.101 --interface=eth0.102 --interface=eth0.103 --interface=eth0.104\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 0\n";exit} | ||
39 | "maximum 4 interfaces are allowed" | ||
40 | } | ||
41 | sleep 1 | ||
42 | |||
43 | send -- "firejail --noprofile --interface=eth0.100 --interface=eth0.101 --interface=eth0.102 --interface=eth0.103\r" | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 1\n";exit} | ||
46 | "eth0.100" | ||
47 | } | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
50 | "UP" | ||
51 | } | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 2\n";exit} | ||
54 | "eth0.101" | ||
55 | } | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
58 | "UP" | ||
59 | } | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 3\n";exit} | ||
62 | "eth0.102" | ||
63 | } | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
66 | "UP" | ||
67 | } | ||
68 | expect { | ||
69 | timeout {puts "TESTING ERROR 4\n";exit} | ||
70 | "eth0.103" | ||
71 | } | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
74 | "UP" | ||
75 | } | ||
76 | sleep 1 | ||
77 | send -- "exit\r" | ||
78 | sleep 1 | ||
79 | |||
80 | send -- "firejail --noprofile --interface=eth0.104\r" | ||
81 | expect { | ||
82 | timeout {puts "TESTING ERROR 5\n";exit} | ||
83 | "eth0.104" | ||
84 | } | ||
85 | expect { | ||
86 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
87 | "UP" | ||
88 | } | ||
89 | send -- "exit\r" | ||
90 | after 100 | ||
91 | |||
92 | puts "all done\n" | ||
93 | |||
diff --git a/test/root/nginx.exp b/test/root/nginx.exp new file mode 100755 index 000000000..0b62fada9 --- /dev/null +++ b/test/root/nginx.exp | |||
@@ -0,0 +1,69 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 5 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "pkill nginx\r" | ||
8 | sleep 2 | ||
9 | |||
10 | |||
11 | send -- "firejail --name=nginx /etc/init.d/nginx start\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 2 | ||
17 | |||
18 | |||
19 | spawn $env(SHELL) | ||
20 | send -- "firejail --tree\r" | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 1\n";exit} | ||
23 | "root:nginx" | ||
24 | } | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "www-data:nginx" | ||
28 | } | ||
29 | sleep 2 | ||
30 | |||
31 | |||
32 | send -- "rm index.html\r" | ||
33 | sleep 1 | ||
34 | send -- "wget 0\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 3\n";exit} | ||
37 | "saved" | ||
38 | } | ||
39 | send -- "cat index.html\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 4\n";exit} | ||
42 | "DOCTYPE html PUBLIC" | ||
43 | } | ||
44 | |||
45 | sleep 1 | ||
46 | send -- "rm index.html\r" | ||
47 | |||
48 | send -- "firejail --join=nginx\r" | ||
49 | sleep 2 | ||
50 | |||
51 | send -- "ls /dev\r" | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 5\n";exit} | ||
54 | "tty0" {puts "TESTING ERROR 6\n";exit} | ||
55 | "ttyS0" {puts "TESTING ERROR 6\n";exit} | ||
56 | "audio" {puts "TESTING ERROR 6\n";exit} | ||
57 | "ppp" {puts "TESTING ERROR 6\n";exit} | ||
58 | "log" | ||
59 | } | ||
60 | sleep 1 | ||
61 | send -- "ls -al /tmp;pwd\r" | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 10\n";exit} | ||
64 | "X11-unix" {puts "TESTING ERROR 11\n";exit} | ||
65 | "/root" | ||
66 | } | ||
67 | sleep 2 | ||
68 | |||
69 | puts "\nall done\n" | ||
diff --git a/test/root/option_bind_directory.exp b/test/root/option_bind_directory.exp new file mode 100755 index 000000000..3233c68de --- /dev/null +++ b/test/root/option_bind_directory.exp | |||
@@ -0,0 +1,22 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --bind=/tmp/chroot,mntpoint\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "ls mntpoint;pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "root" | ||
18 | } | ||
19 | sleep 1 | ||
20 | |||
21 | puts "\n" | ||
22 | |||
diff --git a/test/root/option_bind_file.exp b/test/root/option_bind_file.exp new file mode 100755 index 000000000..8926e0391 --- /dev/null +++ b/test/root/option_bind_file.exp | |||
@@ -0,0 +1,22 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --bind=tmpfile,/etc/passwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "cat /etc/passwd;pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "hello" | ||
18 | } | ||
19 | sleep 1 | ||
20 | |||
21 | puts "\n" | ||
22 | |||
diff --git a/test/root/option_tmpfs.exp b/test/root/option_tmpfs.exp new file mode 100755 index 000000000..20e42a858 --- /dev/null +++ b/test/root/option_tmpfs.exp | |||
@@ -0,0 +1,44 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --tmpfs=/var\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "ls -l /var;pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "total 0" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "/root" | ||
22 | } | ||
23 | sleep 1 | ||
24 | send -- "exit\r" | ||
25 | sleep 2 | ||
26 | |||
27 | send -- "firejail --debug-check-filename --tmpfs=\"bla&&bla\"\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 13.1\n";exit} | ||
30 | "Checking filename bla&&bla" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 13.2\n";exit} | ||
34 | "Error:" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 13.3\n";exit} | ||
38 | "is an invalid filename" | ||
39 | } | ||
40 | after 100 | ||
41 | |||
42 | |||
43 | puts "\nall done\n" | ||
44 | |||
diff --git a/test/root/profile_tmpfs.exp b/test/root/profile_tmpfs.exp new file mode 100755 index 000000000..da7c084a2 --- /dev/null +++ b/test/root/profile_tmpfs.exp | |||
@@ -0,0 +1,37 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "mkdir /tmp/firejailtestdir\r" | ||
8 | sleep 1 | ||
9 | send -- "ls > /tmp/firejailtestdir/tmpfile\r" | ||
10 | sleep 1 | ||
11 | |||
12 | send -- "firejail --profile=tmpfs.profile\r" | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 0\n";exit} | ||
15 | "Child process initialized" | ||
16 | } | ||
17 | |||
18 | # testing private only | ||
19 | send -- "bash\r" | ||
20 | sleep 1 | ||
21 | |||
22 | send -- "ls -l /tmp/firejailtestdir;pwd\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
25 | "tmpfile" {puts "TESTING ERROR 1\n";exit} | ||
26 | "home" | ||
27 | } | ||
28 | sleep 1 | ||
29 | send -- "exit\r" | ||
30 | sleep 1 | ||
31 | send -- "exit\r" | ||
32 | sleep 1 | ||
33 | send -- "rm -fr /tmp/firejailtestdir\r" | ||
34 | |||
35 | sleep 1 | ||
36 | |||
37 | puts "\nall done\n" | ||
diff --git a/test/root/root.sh b/test/root/root.sh new file mode 100755 index 000000000..960071d45 --- /dev/null +++ b/test/root/root.sh | |||
@@ -0,0 +1,105 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | ./configure 2 > /dev/null | ||
4 | |||
5 | #******************************** | ||
6 | # servers | ||
7 | #******************************** | ||
8 | if [ -f /etc/init.d/snmpd ] | ||
9 | then | ||
10 | echo "TESTING: snmpd (test/root/snmpd.exp)" | ||
11 | ./snmpd.exp | ||
12 | else | ||
13 | echo "TESTING SKIP: snmpd not found" | ||
14 | fi | ||
15 | |||
16 | |||
17 | if [ -f /etc/init.d/apache2 ] | ||
18 | then | ||
19 | echo "TESTING: apache2 (test/root/apache2.exp)" | ||
20 | ./apache2.exp | ||
21 | else | ||
22 | echo "TESTING SKIP: apache2 not found" | ||
23 | fi | ||
24 | |||
25 | if [ -f /etc/init.d/isc-dhcp-server ] | ||
26 | then | ||
27 | echo "TESTING: isc dhcp server (test/root/isc-dhscp.exp)" | ||
28 | ./isc-dhcp.exp | ||
29 | else | ||
30 | echo "TESTING SKIP: isc dhcp server not found" | ||
31 | fi | ||
32 | |||
33 | if [ -f /etc/init.d/unbound ] | ||
34 | then | ||
35 | echo "TESTING: unbound (test/root/unbound.exp)" | ||
36 | ./unbound.exp | ||
37 | else | ||
38 | echo "TESTING SKIP: unbound not found" | ||
39 | fi | ||
40 | |||
41 | if [ -f /etc/init.d/nginx ] | ||
42 | then | ||
43 | echo "TESTING: nginx (test/root/nginx.exp)" | ||
44 | ./nginx.exp | ||
45 | else | ||
46 | echo "TESTING SKIP: nginx not found" | ||
47 | fi | ||
48 | |||
49 | #******************************** | ||
50 | # seccomp | ||
51 | #******************************** | ||
52 | echo "TESTING: seccomp umount (test/root/seccomp-umount.exp)" | ||
53 | ./seccomp-umount.exp | ||
54 | |||
55 | echo "TESTING: seccomp chmod (test/root/seccomp-chmod.exp)" | ||
56 | ./seccomp-chmod.exp | ||
57 | |||
58 | echo "TESTING: seccomp chown (test/root/seccomp-chown.exp)" | ||
59 | ./seccomp-chown.exp | ||
60 | |||
61 | #******************************** | ||
62 | # command line options | ||
63 | #******************************** | ||
64 | echo "TESTING: tmpfs (test/root/option_tmpfs.exp)" | ||
65 | ./option_tmpfs.exp | ||
66 | |||
67 | echo "TESTING: profile tmpfs (test/root/profile_tmpfs)" | ||
68 | ./profile_tmpfs.exp | ||
69 | |||
70 | echo "TESTING: bind directory (test/root/option_bind_directory.exp)" | ||
71 | ./option_bind_directory.exp | ||
72 | |||
73 | echo "TESTING: bind file (test/root/option_bind_file.exp)" | ||
74 | echo hello > tmpfile | ||
75 | ./option_bind_file.exp | ||
76 | rm -f tmpfile | ||
77 | |||
78 | #******************************** | ||
79 | # networking | ||
80 | #******************************** | ||
81 | echo "TESTING: network interfaces (test/root/net_interface.exp)" | ||
82 | ./net_interface.exp | ||
83 | |||
84 | echo "TESTING: firemon --interface (test/root/firemon-interface.exp)" | ||
85 | ./firemon-interface.exp | ||
86 | |||
87 | #if [ -f /sys/fs/cgroup/g1/tasks ] | ||
88 | #then | ||
89 | # echo "TESTING: firemon --cgroup (firemon-cgroup.exp)" | ||
90 | # ./firemon-cgroup.exp | ||
91 | #fi | ||
92 | # | ||
93 | #echo "TESTING: chroot resolv.conf (chroot-resolvconf.exp)" | ||
94 | #rm -f tmpfile | ||
95 | #touch tmpfile | ||
96 | #rm -f /tmp/chroot/etc/resolv.conf | ||
97 | #ln -s tmp /tmp/chroot/etc/resolv.conf | ||
98 | #./chroot-resolvconf.exp | ||
99 | #rm -f tmpfile | ||
100 | #rm /tmp/chroot/etc/resolv.conf | ||
101 | |||
102 | #echo "TESTING: chroot (fs_chroot_asroot.exp)" | ||
103 | #./fs_chroot_asroot.exp | ||
104 | |||
105 | |||
diff --git a/test/root/seccomp-chmod.exp b/test/root/seccomp-chmod.exp new file mode 100755 index 000000000..b17990e3a --- /dev/null +++ b/test/root/seccomp-chmod.exp | |||
@@ -0,0 +1,51 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --seccomp=chmod,fchmod,fchmodat --private\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 2 | ||
16 | |||
17 | send -- "cd ~; echo done\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "done" | ||
21 | } | ||
22 | |||
23 | send -- "touch testfile; echo done\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 2\n";exit} | ||
26 | "done" | ||
27 | } | ||
28 | |||
29 | send -- "ls -l testfile; echo done\r" | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 3\n";exit} | ||
32 | "testfile" | ||
33 | } | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4\n";exit} | ||
36 | "done" | ||
37 | } | ||
38 | |||
39 | send -- "chmod +x testfile; echo done\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 5\n";exit} | ||
42 | "Bad system call" | ||
43 | } | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 6\n";exit} | ||
46 | "done" | ||
47 | } | ||
48 | |||
49 | send -- "exit\r" | ||
50 | after 100 | ||
51 | puts "\nall done\n" | ||
diff --git a/test/root/seccomp-chown.exp b/test/root/seccomp-chown.exp new file mode 100755 index 000000000..a54d279f1 --- /dev/null +++ b/test/root/seccomp-chown.exp | |||
@@ -0,0 +1,49 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --seccomp=chown,fchown,fchownat,lchown --private\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 2 | ||
16 | |||
17 | send -- "touch testfile;pwd\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "/root" {puts "running as root"} | ||
21 | "/home" | ||
22 | } | ||
23 | |||
24 | send -- "ls -l testfile;pwd\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "testfile" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 3\n";exit} | ||
31 | "/root" {puts "running as root"} | ||
32 | "/home" | ||
33 | } | ||
34 | |||
35 | send -- "chown netblue:netblue testfile;pwd\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 2\n";exit} | ||
38 | "Bad system call" | ||
39 | } | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 3\n";exit} | ||
42 | "/root" {puts "running as root"} | ||
43 | "/home" | ||
44 | } | ||
45 | |||
46 | |||
47 | send -- "exit\r" | ||
48 | after 100 | ||
49 | puts "\nall done\n" | ||
diff --git a/test/root/seccomp-umount.exp b/test/root/seccomp-umount.exp new file mode 100755 index 000000000..04a9b7a3d --- /dev/null +++ b/test/root/seccomp-umount.exp | |||
@@ -0,0 +1,25 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --net=br0 --ip=10.10.20.5 --seccomp --noprofile\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 2 | ||
16 | |||
17 | send -- "umount /proc\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "Bad system call" | ||
21 | } | ||
22 | |||
23 | send -- "exit\r" | ||
24 | after 100 | ||
25 | puts "\n" | ||
diff --git a/test/root/snmpd.exp b/test/root/snmpd.exp new file mode 100755 index 000000000..90e34470f --- /dev/null +++ b/test/root/snmpd.exp | |||
@@ -0,0 +1,57 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 5 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "sudo ls; sudo whoami; sudo pwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
10 | "root" | ||
11 | } | ||
12 | |||
13 | send -- "pkill snmpd\r" | ||
14 | sleep 2 | ||
15 | |||
16 | |||
17 | send -- "firejail --name=snmpd /etc/init.d/snmpd start\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 0\n";exit} | ||
20 | "Child process initialized" | ||
21 | } | ||
22 | sleep 2 | ||
23 | |||
24 | spawn $env(SHELL) | ||
25 | send -- "firejail --tree\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 2\n";exit} | ||
28 | "snmp:/usr/sbin/snmpd" | ||
29 | } | ||
30 | sleep 2 | ||
31 | |||
32 | send -- "tail /var/log/syslog\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 3\n";exit} | ||
35 | "snmpd" | ||
36 | } | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 4\n";exit} | ||
39 | "NET-SNMP version" | ||
40 | } | ||
41 | |||
42 | send -- "firejail --join=snmpd\r" | ||
43 | sleep 2 | ||
44 | |||
45 | send -- "ls /dev\r" | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 5\n";exit} | ||
48 | "tty0" {puts "TESTING ERROR 6\n";exit} | ||
49 | "ttyS0" {puts "TESTING ERROR 6\n";exit} | ||
50 | "audio" {puts "TESTING ERROR 6\n";exit} | ||
51 | "ppp" {puts "TESTING ERROR 6\n";exit} | ||
52 | "log" | ||
53 | } | ||
54 | sleep 2 | ||
55 | |||
56 | sleep 2 | ||
57 | puts "\nall done\n" | ||
diff --git a/test/root/start.sh b/test/root/start.sh new file mode 100755 index 000000000..8e7a869cd --- /dev/null +++ b/test/root/start.sh | |||
@@ -0,0 +1,4 @@ | |||
1 | #/bin/bash | ||
2 | |||
3 | ./configure | ||
4 | ./root.sh | grep TESTING \ No newline at end of file | ||
diff --git a/test/root/tmpfs.profile b/test/root/tmpfs.profile new file mode 100644 index 000000000..0680f4d69 --- /dev/null +++ b/test/root/tmpfs.profile | |||
@@ -0,0 +1 @@ | |||
tmpfs /tmp/firejailtestdir \ No newline at end of file | |||
diff --git a/test/root/unbound.exp b/test/root/unbound.exp new file mode 100755 index 000000000..193e662ff --- /dev/null +++ b/test/root/unbound.exp | |||
@@ -0,0 +1,57 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 5 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "sudo ls; sudo whoami; sudo pwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
10 | "root" | ||
11 | } | ||
12 | |||
13 | send -- "pkill unbound\r" | ||
14 | sleep 2 | ||
15 | |||
16 | send -- "firejail --name=unbound unbound\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 0\n";exit} | ||
19 | "Child process initialized" | ||
20 | } | ||
21 | sleep 2 | ||
22 | |||
23 | spawn $env(SHELL) | ||
24 | send -- "firejail --tree\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "unbound:unbound" | ||
28 | } | ||
29 | sleep 2 | ||
30 | |||
31 | send -- "tail /var/log/syslog\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 3\n";exit} | ||
34 | "unbound" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 4\n";exit} | ||
38 | "info: start of service" | ||
39 | } | ||
40 | sleep 2 | ||
41 | |||
42 | send -- "firejail --join=unbound\r" | ||
43 | sleep 2 | ||
44 | |||
45 | send -- "ls /dev\r" | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 5\n";exit} | ||
48 | "tty0" {puts "TESTING ERROR 6\n";exit} | ||
49 | "ttyS0" {puts "TESTING ERROR 6\n";exit} | ||
50 | "audio" {puts "TESTING ERROR 6\n";exit} | ||
51 | "ppp" {puts "TESTING ERROR 6\n";exit} | ||
52 | "log" | ||
53 | } | ||
54 | sleep 2 | ||
55 | |||
56 | |||
57 | puts "\nall done\n" | ||