testing

author: netblue30 <netblue30@yahoo.com> 2016-09-15 09:59:11 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-09-15 09:59:11 -0400
commit: fc116c063938d5e141d5fbc38e8013d9832ef315 (patch)
tree: 382b401cc0a9efeda1509a88bd430cd68b741346 /test/root
parent: fixed /etc/login.def reading on Mageia systems (diff)
download: firejail-fc116c063938d5e141d5fbc38e8013d9832ef315.tar.gz
firejail-fc116c063938d5e141d5fbc38e8013d9832ef315.tar.zst
firejail-fc116c063938d5e141d5fbc38e8013d9832ef315.zip
18 files changed, 824 insertions, 0 deletions
diff --git a/test/root/apache2.exp b/test/root/apache2.exp
new file mode 100755
index 000000000..7f67f4706
--- /dev/null
+++ b/test/root/apache2.exp
@@ -0,0 +1,69 @@
+#!/usr/bin/expect -f
+set timeout 5
+spawn $env(SHELL)
+match_max 100000
+send -- "pkill apache\r"
+sleep 2
+send -- "firejail --name=apache /etc/init.d/apache2 start\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+spawn $env(SHELL)
+send -- "firejail --tree\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "root:/usr/sbin/apache2"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "www-data:/usr/sbin/apache2"
+}
+sleep 2
+send -- "rm index.html\r"
+sleep 1
+send -- "wget 0\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "saved"
+}
+send -- "cat index.html\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "DOCTYPE html PUBLIC"
+}
+sleep 1
+send -- "rm index.html\r"
+send -- "firejail --join=apache\r"
+sleep 2
+send -- "ls /dev\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "tty0" {puts "TESTING ERROR 6\n";exit}
+        "ttyS0" {puts "TESTING ERROR 6\n";exit}
+        "audio" {puts "TESTING ERROR 6\n";exit}
+        "ppp" {puts "TESTING ERROR 6\n";exit}
+        "log"
+}
+sleep 1
+send -- "ls -al /tmp;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "X11-unix" {puts "TESTING ERROR 11\n";exit}
+        "/root"
+}
+sleep 2
+puts "\nall done\n"
diff --git a/test/root/configure b/test/root/configure
new file mode 100755
index 000000000..35d938340
--- /dev/null
+++ b/test/root/configure
@@ -0,0 +1,27 @@
+#!/bin/bash
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+brctl addbr br0
+ifconfig br0 10.10.20.1/29 up
+# NAT masquerade
+iptables -t nat -A POSTROUTING -o eth0 -s 10.10.20.0/29 -j MASQUERADE
+# port forwarding
+# iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.10.20.2:80
+        
+brctl addbr br1
+ifconfig br1 10.10.30.1/24 up
+brctl addbr br2
+ifconfig br2 10.10.40.1/24 up
+brctl addbr br3
+ifconfig br3 10.10.50.1/24 up
+brctl addbr br4
+ifconfig br4 10.10.60.1/24 up
+ip link add link eth0 name eth0.5 type vlan id 5
+/sbin/ifconfig eth0.5 10.10.205.10/24 up
+ip link add link eth0 name eth0.6 type vlan id 6
+/sbin/ifconfig eth0.6 10.10.206.10/24 up
+ip link add link eth0 name eth0.7 type vlan id 7
+/sbin/ifconfig eth0.7 10.10.207.10/24 up
diff --git a/test/root/firemon-interface.exp b/test/root/firemon-interface.exp
new file mode 100755
index 000000000..6a82ae41e
--- /dev/null
+++ b/test/root/firemon-interface.exp
@@ -0,0 +1,34 @@
+#!/usr/bin/expect -f
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send --  "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+spawn $env(SHELL)
+send -- "firemon --interface\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "lo UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "10.10.20.1/29"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "10.10.50.1/24"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "br3"
+}
+sleep 1
+puts "\n"
diff --git a/test/root/isc-dhcp.exp b/test/root/isc-dhcp.exp
new file mode 100755
index 000000000..86500707a
--- /dev/null
+++ b/test/root/isc-dhcp.exp
@@ -0,0 +1,58 @@
+#!/usr/bin/expect -f
+set timeout 5
+spawn $env(SHELL)
+match_max 100000
+send -- "sudo ls; sudo whoami; sudo pwd\r"
+expect {
+        timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit}
+        "root"
+}
+send -- "pkill dhcpd\r"
+sleep 2
+send -- "firejail --name=dhcpd /etc/init.d/isc-dhcp-server start\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+spawn $env(SHELL)
+send -- "firejail --tree\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "root:/usr/sbin/dhcpd"
+}
+sleep 2
+send -- "tail -n 200 /var/log/syslog\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Internet Systems Consortium DHCP Server"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Wrote 0 leases to leases file"
+}
+sleep 2
+send -- "firejail --join=dhcpd\r"
+sleep 2
+send -- "ls /dev\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "tty0" {puts "TESTING ERROR 6\n";exit}
+        "ttyS0" {puts "TESTING ERROR 6\n";exit}
+        "ppp" {puts "TESTING ERROR 6\n";exit}
+        "audio" {puts "TESTING ERROR 6\n";exit}
+        "log"
+}
+sleep 2
+puts "\nall done\n"
diff --git a/test/root/net_interface.exp b/test/root/net_interface.exp
new file mode 100755
index 000000000..2f87024d8
--- /dev/null
+++ b/test/root/net_interface.exp
@@ -0,0 +1,93 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "ip link add link eth0 name eth0.100 type vlan id 100\r"
+sleep 1
+send -- "ip link add link eth0 name eth0.101 type vlan id 101\r"
+sleep 1
+send -- "ip link add link eth0 name eth0.102 type vlan id 102\r"
+sleep 1
+send -- "ip link add link eth0 name eth0.103 type vlan id 103\r"
+sleep 1
+send -- "ip link add link eth0 name eth0.104 type vlan id 104\r"
+sleep 1
+puts "\n"
+send -- "/sbin/ifconfig eth0.100 10.200.0.1/24\r"
+sleep 1
+send -- "/sbin/ifconfig eth0.101 10.200.1.1/24\r"
+sleep 1
+send -- "/sbin/ifconfig eth0.102 10.200.2.1/24\r"
+sleep 1
+send -- "/sbin/ifconfig eth0.103 10.200.3.1/24\r"
+sleep 1
+send -- "/sbin/ifconfig eth0.104 10.200.4.1/24\r"
+sleep 1
+puts "\n"
+send -- "firejail --noprofile --interface=eth0.100 --interface=eth0.101 --interface=eth0.102 --interface=eth0.103 --interface=eth0.104\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "maximum 4 interfaces are allowed"
+}
+sleep 1
+send -- "firejail --noprofile --interface=eth0.100 --interface=eth0.101 --interface=eth0.102 --interface=eth0.103\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "eth0.100"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "eth0.101"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.2\n";exit}
+        "UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "eth0.102"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "eth0.103"
+}
+expect {
+        timeout {puts "TESTING ERROR 4.1\n";exit}
+        "UP"
+}
+sleep 1
+send -- "exit\r"
+sleep 1
+send -- "firejail --noprofile --interface=eth0.104\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "eth0.104"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "UP"
+}
+send -- "exit\r"
+after 100
+puts "all done\n"
diff --git a/test/root/nginx.exp b/test/root/nginx.exp
new file mode 100755
index 000000000..0b62fada9
--- /dev/null
+++ b/test/root/nginx.exp
@@ -0,0 +1,69 @@
+#!/usr/bin/expect -f
+set timeout 5
+spawn $env(SHELL)
+match_max 100000
+send -- "pkill nginx\r"
+sleep 2
+send -- "firejail --name=nginx /etc/init.d/nginx start\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+spawn $env(SHELL)
+send -- "firejail --tree\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "root:nginx"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "www-data:nginx"
+}
+sleep 2
+send -- "rm index.html\r"
+sleep 1
+send -- "wget 0\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "saved"
+}
+send -- "cat index.html\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "DOCTYPE html PUBLIC"
+}
+sleep 1
+send -- "rm index.html\r"
+send -- "firejail --join=nginx\r"
+sleep 2
+send -- "ls /dev\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "tty0" {puts "TESTING ERROR 6\n";exit}
+        "ttyS0" {puts "TESTING ERROR 6\n";exit}
+        "audio" {puts "TESTING ERROR 6\n";exit}
+        "ppp" {puts "TESTING ERROR 6\n";exit}
+        "log"
+}
+sleep 1
+send -- "ls -al /tmp;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "X11-unix" {puts "TESTING ERROR 11\n";exit}
+        "/root"
+}
+sleep 2
+puts "\nall done\n"
diff --git a/test/root/option_bind_directory.exp b/test/root/option_bind_directory.exp
new file mode 100755
index 000000000..3233c68de
--- /dev/null
+++ b/test/root/option_bind_directory.exp
@@ -0,0 +1,22 @@
+#!/usr/bin/expect -f
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --bind=/tmp/chroot,mntpoint\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "ls mntpoint;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "root"
+}
+sleep 1
+puts "\n"
diff --git a/test/root/option_bind_file.exp b/test/root/option_bind_file.exp
new file mode 100755
index 000000000..8926e0391
--- /dev/null
+++ b/test/root/option_bind_file.exp
@@ -0,0 +1,22 @@
+#!/usr/bin/expect -f
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --bind=tmpfile,/etc/passwd\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "cat /etc/passwd;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "hello"
+}
+sleep 1
+puts "\n"
diff --git a/test/root/option_tmpfs.exp b/test/root/option_tmpfs.exp
new file mode 100755
index 000000000..20e42a858
--- /dev/null
+++ b/test/root/option_tmpfs.exp
@@ -0,0 +1,44 @@
+#!/usr/bin/expect -f
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --tmpfs=/var\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "ls -l /var;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "total 0"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "/root"
+}
+sleep 1
+send -- "exit\r"
+sleep 2
+send -- "firejail --debug-check-filename --tmpfs=\"bla&&bla\"\r"
+expect {
+        timeout {puts "TESTING ERROR 13.1\n";exit}
+        "Checking filename bla&&bla"
+}
+expect {
+        timeout {puts "TESTING ERROR 13.2\n";exit}
+        "Error:"
+}
+expect {
+        timeout {puts "TESTING ERROR 13.3\n";exit}
+        "is an invalid filename"
+}
+after 100
+puts "\nall done\n"
diff --git a/test/root/profile_tmpfs.exp b/test/root/profile_tmpfs.exp
new file mode 100755
index 000000000..da7c084a2
--- /dev/null
+++ b/test/root/profile_tmpfs.exp
@@ -0,0 +1,37 @@
+#!/usr/bin/expect -f
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "mkdir /tmp/firejailtestdir\r"
+sleep 1
+send -- "ls > /tmp/firejailtestdir/tmpfile\r"
+sleep 1
+send -- "firejail --profile=tmpfs.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+# testing private only
+send -- "bash\r"
+sleep 1
+send -- "ls -l /tmp/firejailtestdir;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "tmpfile" {puts "TESTING ERROR 1\n";exit}
+        "home"
+}
+sleep 1
+send -- "exit\r"
+sleep 1
+send -- "exit\r"
+sleep 1
+send -- "rm -fr  /tmp/firejailtestdir\r"
+sleep 1
+puts "\nall done\n"
diff --git a/test/root/root.sh b/test/root/root.sh
new file mode 100755
index 000000000..960071d45
--- /dev/null
+++ b/test/root/root.sh
@@ -0,0 +1,105 @@
+#!/bin/bash
+./configure 2 > /dev/null
+#********************************
+# servers
+#********************************
+if [ -f /etc/init.d/snmpd ]
+then
+        echo "TESTING: snmpd (test/root/snmpd.exp)"
+        ./snmpd.exp
+else
+        echo "TESTING SKIP: snmpd  not found"
+fi
+if [ -f /etc/init.d/apache2 ]
+then
+        echo "TESTING: apache2 (test/root/apache2.exp)"
+        ./apache2.exp
+else
+        echo "TESTING SKIP: apache2  not found"
+fi
+if [ -f /etc/init.d/isc-dhcp-server ]
+then
+        echo "TESTING: isc dhcp server (test/root/isc-dhscp.exp)"
+        ./isc-dhcp.exp
+else
+        echo "TESTING SKIP: isc dhcp server not found"
+fi
+if [ -f /etc/init.d/unbound ]
+then
+        echo "TESTING: unbound (test/root/unbound.exp)"
+        ./unbound.exp
+else
+        echo "TESTING SKIP: unbound  not found"
+fi
+if [ -f /etc/init.d/nginx ]
+then
+        echo "TESTING: nginx (test/root/nginx.exp)"
+        ./nginx.exp
+else
+        echo "TESTING SKIP: nginx  not found"
+fi
+#********************************
+# seccomp
+#********************************
+echo "TESTING: seccomp umount (test/root/seccomp-umount.exp)"
+./seccomp-umount.exp
+echo "TESTING: seccomp chmod (test/root/seccomp-chmod.exp)"
+./seccomp-chmod.exp
+echo "TESTING: seccomp chown (test/root/seccomp-chown.exp)"
+./seccomp-chown.exp
+#********************************
+# command line options
+#********************************
+echo "TESTING: tmpfs (test/root/option_tmpfs.exp)"
+./option_tmpfs.exp
+echo "TESTING: profile tmpfs (test/root/profile_tmpfs)"
+./profile_tmpfs.exp
+echo "TESTING: bind directory (test/root/option_bind_directory.exp)"
+./option_bind_directory.exp
+echo "TESTING: bind file (test/root/option_bind_file.exp)"
+echo hello > tmpfile
+./option_bind_file.exp
+rm -f tmpfile
+#********************************
+# networking
+#********************************
+echo "TESTING: network interfaces (test/root/net_interface.exp)"
+./net_interface.exp
+echo "TESTING: firemon --interface (test/root/firemon-interface.exp)"
+./firemon-interface.exp
+#if [ -f /sys/fs/cgroup/g1/tasks ]
+#then
+#       echo "TESTING: firemon --cgroup (firemon-cgroup.exp)"
+#       ./firemon-cgroup.exp
+#fi
+#
+#echo "TESTING: chroot resolv.conf (chroot-resolvconf.exp)"
+#rm -f tmpfile
+#touch tmpfile
+#rm -f /tmp/chroot/etc/resolv.conf
+#ln -s tmp /tmp/chroot/etc/resolv.conf
+#./chroot-resolvconf.exp
+#rm -f tmpfile
+#rm /tmp/chroot/etc/resolv.conf
+#echo "TESTING: chroot (fs_chroot_asroot.exp)"
+#./fs_chroot_asroot.exp
diff --git a/test/root/seccomp-chmod.exp b/test/root/seccomp-chmod.exp
new file mode 100755
index 000000000..b17990e3a
--- /dev/null
+++ b/test/root/seccomp-chmod.exp
@@ -0,0 +1,51 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send --  "firejail --seccomp=chmod,fchmod,fchmodat --private\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "cd ~; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "done"
+}
+send -- "touch testfile; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "done"
+}
+send -- "ls -l testfile; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "testfile"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "done"
+}
+send -- "chmod +x testfile; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "Bad system call"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "done"
+}
+send -- "exit\r"
+after 100
+puts "\nall done\n"
diff --git a/test/root/seccomp-chown.exp b/test/root/seccomp-chown.exp
new file mode 100755
index 000000000..a54d279f1
--- /dev/null
+++ b/test/root/seccomp-chown.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send --  "firejail --seccomp=chown,fchown,fchownat,lchown --private\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "touch testfile;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "/root" {puts "running as root"}
+        "/home"
+}
+send -- "ls -l testfile;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "testfile"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "/root" {puts "running as root"}
+        "/home"
+}
+send -- "chown netblue:netblue testfile;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Bad system call"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "/root" {puts "running as root"}
+        "/home"
+}
+send -- "exit\r"
+after 100
+puts "\nall done\n"
diff --git a/test/root/seccomp-umount.exp b/test/root/seccomp-umount.exp
new file mode 100755
index 000000000..04a9b7a3d
--- /dev/null
+++ b/test/root/seccomp-umount.exp
@@ -0,0 +1,25 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send --  "firejail --net=br0 --ip=10.10.20.5 --seccomp --noprofile\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "umount /proc\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Bad system call"
+}
+send -- "exit\r"
+after 100
+puts "\n"
diff --git a/test/root/snmpd.exp b/test/root/snmpd.exp
new file mode 100755
index 000000000..90e34470f
--- /dev/null
+++ b/test/root/snmpd.exp
@@ -0,0 +1,57 @@
+#!/usr/bin/expect -f
+set timeout 5
+spawn $env(SHELL)
+match_max 100000
+send -- "sudo ls; sudo whoami; sudo pwd\r"
+expect {
+        timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit}
+        "root"
+}
+send -- "pkill snmpd\r"
+sleep 2
+send -- "firejail --name=snmpd /etc/init.d/snmpd start\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+spawn $env(SHELL)
+send -- "firejail --tree\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "snmp:/usr/sbin/snmpd"
+}
+sleep 2
+send -- "tail /var/log/syslog\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "snmpd"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "NET-SNMP version"
+}
+send -- "firejail --join=snmpd\r"
+sleep 2
+send -- "ls /dev\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "tty0" {puts "TESTING ERROR 6\n";exit}
+        "ttyS0" {puts "TESTING ERROR 6\n";exit}
+        "audio" {puts "TESTING ERROR 6\n";exit}
+        "ppp" {puts "TESTING ERROR 6\n";exit}
+        "log"
+}
+sleep 2
+sleep 2
+puts "\nall done\n"
diff --git a/test/root/start.sh b/test/root/start.sh
new file mode 100755
index 000000000..8e7a869cd
--- /dev/null
+++ b/test/root/start.sh
@@ -0,0 +1,4 @@
+#/bin/bash
+./configure
+./root.sh | grep TESTING
+\ No newline at end of file
diff --git a/test/root/tmpfs.profile b/test/root/tmpfs.profile
new file mode 100644
index 000000000..0680f4d69
--- /dev/null
+++ b/test/root/tmpfs.profile
@@ -0,0 +1 @@
+tmpfs /tmp/firejailtestdir
+\ No newline at end of file
diff --git a/test/root/unbound.exp b/test/root/unbound.exp
new file mode 100755
index 000000000..193e662ff
--- /dev/null
+++ b/test/root/unbound.exp
@@ -0,0 +1,57 @@
+#!/usr/bin/expect -f
+set timeout 5
+spawn $env(SHELL)
+match_max 100000
+send -- "sudo ls; sudo whoami; sudo pwd\r"
+expect {
+        timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit}
+        "root"
+}
+send -- "pkill unbound\r"
+sleep 2
+send -- "firejail --name=unbound unbound\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+spawn $env(SHELL)
+send -- "firejail --tree\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "unbound:unbound"
+}
+sleep 2
+send -- "tail /var/log/syslog\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "unbound"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "info: start of service"
+}
+sleep 2
+send -- "firejail --join=unbound\r"
+sleep 2
+send -- "ls /dev\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "tty0" {puts "TESTING ERROR 6\n";exit}
+        "ttyS0" {puts "TESTING ERROR 6\n";exit}
+        "audio" {puts "TESTING ERROR 6\n";exit}
+        "ppp" {puts "TESTING ERROR 6\n";exit}
+        "log"
+}
+sleep 2
+puts "\nall done\n"
author	netblue30 <netblue30@yahoo.com>	2016-09-15 09:59:11 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-09-15 09:59:11 -0400
commit	fc116c063938d5e141d5fbc38e8013d9832ef315 (patch)
tree	382b401cc0a9efeda1509a88bd430cd68b741346 /test/root
parent	fixed /etc/login.def reading on Mageia systems (diff)
download	firejail-fc116c063938d5e141d5fbc38e8013d9832ef315.tar.gz firejail-fc116c063938d5e141d5fbc38e8013d9832ef315.tar.zst firejail-fc116c063938d5e141d5fbc38e8013d9832ef315.zip

diff --git a/test/root/apache2.exp b/test/root/apache2.exp new file mode 100755 index 000000000..7f67f4706 --- /dev/null +++ b/test/root/apache2.exp
@@ -0,0 +1,69 @@
	1	#!/usr/bin/expect -f
	2
	3	set timeout 5
	4	spawn $env(SHELL)
	5	match_max 100000
	6
	7	send -- "pkill apache\r"
	8	sleep 2
	9
	10
	11	send -- "firejail --name=apache /etc/init.d/apache2 start\r"
	12	expect {
	13	timeout {puts "TESTING ERROR 0\n";exit}
	14	"Child process initialized"
	15	}
	16	sleep 2
	17
	18
	19	spawn $env(SHELL)
	20	send -- "firejail --tree\r"
	21	expect {
	22	timeout {puts "TESTING ERROR 1\n";exit}
	23	"root:/usr/sbin/apache2"
	24	}
	25	expect {
	26	timeout {puts "TESTING ERROR 2\n";exit}
	27	"www-data:/usr/sbin/apache2"
	28	}
	29	sleep 2
	30
	31
	32	send -- "rm index.html\r"
	33	sleep 1
	34	send -- "wget 0\r"
	35	expect {
	36	timeout {puts "TESTING ERROR 3\n";exit}
	37	"saved"
	38	}
	39	send -- "cat index.html\r"
	40	expect {
	41	timeout {puts "TESTING ERROR 4\n";exit}
	42	"DOCTYPE html PUBLIC"
	43	}
	44
	45	sleep 1
	46	send -- "rm index.html\r"
	47
	48	send -- "firejail --join=apache\r"
	49	sleep 2
	50
	51	send -- "ls /dev\r"
	52	expect {
	53	timeout {puts "TESTING ERROR 5\n";exit}
	54	"tty0" {puts "TESTING ERROR 6\n";exit}
	55	"ttyS0" {puts "TESTING ERROR 6\n";exit}
	56	"audio" {puts "TESTING ERROR 6\n";exit}
	57	"ppp" {puts "TESTING ERROR 6\n";exit}
	58	"log"
	59	}
	60	sleep 1
	61	send -- "ls -al /tmp;pwd\r"
	62	expect {
	63	timeout {puts "TESTING ERROR 10\n";exit}
	64	"X11-unix" {puts "TESTING ERROR 11\n";exit}
	65	"/root"
	66	}
	67	sleep 2
	68
	69	puts "\nall done\n"


diff --git a/test/root/configure b/test/root/configure new file mode 100755 index 000000000..35d938340 --- /dev/null +++ b/test/root/configure
@@ -0,0 +1,27 @@
	1	#!/bin/bash
	2	# This file is part of Firejail project
	3	# Copyright (C) 2014-2016 Firejail Authors
	4	# License GPL v2
	5
	6	brctl addbr br0
	7	ifconfig br0 10.10.20.1/29 up
	8	# NAT masquerade
	9	iptables -t nat -A POSTROUTING -o eth0 -s 10.10.20.0/29 -j MASQUERADE
	10	# port forwarding
	11	# iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.10.20.2:80
	12
	13	brctl addbr br1
	14	ifconfig br1 10.10.30.1/24 up
	15	brctl addbr br2
	16	ifconfig br2 10.10.40.1/24 up
	17	brctl addbr br3
	18	ifconfig br3 10.10.50.1/24 up
	19	brctl addbr br4
	20	ifconfig br4 10.10.60.1/24 up
	21	ip link add link eth0 name eth0.5 type vlan id 5
	22	/sbin/ifconfig eth0.5 10.10.205.10/24 up
	23	ip link add link eth0 name eth0.6 type vlan id 6
	24	/sbin/ifconfig eth0.6 10.10.206.10/24 up
	25	ip link add link eth0 name eth0.7 type vlan id 7
	26	/sbin/ifconfig eth0.7 10.10.207.10/24 up
	27


diff --git a/test/root/firemon-interface.exp b/test/root/firemon-interface.exp new file mode 100755 index 000000000..6a82ae41e --- /dev/null +++ b/test/root/firemon-interface.exp
@@ -0,0 +1,34 @@
	1	#!/usr/bin/expect -f
	2
	3	set timeout 10
	4	spawn $env(SHELL)
	5	match_max 100000
	6
	7	send -- "firejail\r"
	8	expect {
	9	timeout {puts "TESTING ERROR 0\n";exit}
	10	"Child process initialized"
	11	}
	12	sleep 1
	13
	14	spawn $env(SHELL)
	15	send -- "firemon --interface\r"
	16	expect {
	17	timeout {puts "TESTING ERROR 1\n";exit}
	18	"lo UP"
	19	}
	20	expect {
	21	timeout {puts "TESTING ERROR 2\n";exit}
	22	"10.10.20.1/29"
	23	}
	24	expect {
	25	timeout {puts "TESTING ERROR 3\n";exit}
	26	"10.10.50.1/24"
	27	}
	28	expect {
	29	timeout {puts "TESTING ERROR 3\n";exit}
	30	"br3"
	31	}
	32	sleep 1
	33
	34	puts "\n"


diff --git a/test/root/isc-dhcp.exp b/test/root/isc-dhcp.exp new file mode 100755 index 000000000..86500707a --- /dev/null +++ b/test/root/isc-dhcp.exp
@@ -0,0 +1,58 @@
	1	#!/usr/bin/expect -f
	2
	3	set timeout 5
	4	spawn $env(SHELL)
	5	match_max 100000
	6
	7	send -- "sudo ls; sudo whoami; sudo pwd\r"
	8	expect {
	9	timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit}
	10	"root"
	11	}
	12
	13	send -- "pkill dhcpd\r"
	14	sleep 2
	15
	16	send -- "firejail --name=dhcpd /etc/init.d/isc-dhcp-server start\r"
	17	expect {
	18	timeout {puts "TESTING ERROR 0\n";exit}
	19	"Child process initialized"
	20	}
	21	sleep 2
	22
	23	spawn $env(SHELL)
	24	send -- "firejail --tree\r"
	25	expect {
	26	timeout {puts "TESTING ERROR 2\n";exit}
	27	"root:/usr/sbin/dhcpd"
	28	}
	29	sleep 2
	30
	31	send -- "tail -n 200 /var/log/syslog\r"
	32	expect {
	33	timeout {puts "TESTING ERROR 3\n";exit}
	34	"Internet Systems Consortium DHCP Server"
	35	}
	36	expect {
	37	timeout {puts "TESTING ERROR 4\n";exit}
	38	"Wrote 0 leases to leases file"
	39	}
	40	sleep 2
	41
	42	send -- "firejail --join=dhcpd\r"
	43	sleep 2
	44
	45	send -- "ls /dev\r"
	46	expect {
	47	timeout {puts "TESTING ERROR 5\n";exit}
	48	"tty0" {puts "TESTING ERROR 6\n";exit}
	49	"ttyS0" {puts "TESTING ERROR 6\n";exit}
	50	"ppp" {puts "TESTING ERROR 6\n";exit}
	51	"audio" {puts "TESTING ERROR 6\n";exit}
	52	"log"
	53	}
	54	sleep 2
	55
	56
	57	puts "\nall done\n"
	58


diff --git a/test/root/net_interface.exp b/test/root/net_interface.exp new file mode 100755 index 000000000..2f87024d8 --- /dev/null +++ b/test/root/net_interface.exp
@@ -0,0 +1,93 @@
	1	#!/usr/bin/expect -f
	2	# This file is part of Firejail project
	3	# Copyright (C) 2014-2016 Firejail Authors
	4	# License GPL v2
	5
	6	set timeout 10
	7	spawn $env(SHELL)
	8	match_max 100000
	9
	10	send -- "ip link add link eth0 name eth0.100 type vlan id 100\r"
	11	sleep 1
	12	send -- "ip link add link eth0 name eth0.101 type vlan id 101\r"
	13	sleep 1
	14	send -- "ip link add link eth0 name eth0.102 type vlan id 102\r"
	15	sleep 1
	16	send -- "ip link add link eth0 name eth0.103 type vlan id 103\r"
	17	sleep 1
	18	send -- "ip link add link eth0 name eth0.104 type vlan id 104\r"
	19	sleep 1
	20	puts "\n"
	21
	22	send -- "/sbin/ifconfig eth0.100 10.200.0.1/24\r"
	23	sleep 1
	24	send -- "/sbin/ifconfig eth0.101 10.200.1.1/24\r"
	25	sleep 1
	26	send -- "/sbin/ifconfig eth0.102 10.200.2.1/24\r"
	27	sleep 1
	28	send -- "/sbin/ifconfig eth0.103 10.200.3.1/24\r"
	29	sleep 1
	30	send -- "/sbin/ifconfig eth0.104 10.200.4.1/24\r"
	31	sleep 1
	32	puts "\n"
	33
	34
	35
	36	send -- "firejail --noprofile --interface=eth0.100 --interface=eth0.101 --interface=eth0.102 --interface=eth0.103 --interface=eth0.104\r"
	37	expect {
	38	timeout {puts "TESTING ERROR 0\n";exit}
	39	"maximum 4 interfaces are allowed"
	40	}
	41	sleep 1
	42
	43	send -- "firejail --noprofile --interface=eth0.100 --interface=eth0.101 --interface=eth0.102 --interface=eth0.103\r"
	44	expect {
	45	timeout {puts "TESTING ERROR 1\n";exit}
	46	"eth0.100"
	47	}
	48	expect {
	49	timeout {puts "TESTING ERROR 1.1\n";exit}
	50	"UP"
	51	}
	52	expect {
	53	timeout {puts "TESTING ERROR 2\n";exit}
	54	"eth0.101"
	55	}
	56	expect {
	57	timeout {puts "TESTING ERROR 2.2\n";exit}
	58	"UP"
	59	}
	60	expect {
	61	timeout {puts "TESTING ERROR 3\n";exit}
	62	"eth0.102"
	63	}
	64	expect {
	65	timeout {puts "TESTING ERROR 3.1\n";exit}
	66	"UP"
	67	}
	68	expect {
	69	timeout {puts "TESTING ERROR 4\n";exit}
	70	"eth0.103"
	71	}
	72	expect {
	73	timeout {puts "TESTING ERROR 4.1\n";exit}
	74	"UP"
	75	}
	76	sleep 1
	77	send -- "exit\r"
	78	sleep 1
	79
	80	send -- "firejail --noprofile --interface=eth0.104\r"
	81	expect {
	82	timeout {puts "TESTING ERROR 5\n";exit}
	83	"eth0.104"
	84	}
	85	expect {
	86	timeout {puts "TESTING ERROR 5.1\n";exit}
	87	"UP"
	88	}
	89	send -- "exit\r"
	90	after 100
	91
	92	puts "all done\n"
	93


diff --git a/test/root/nginx.exp b/test/root/nginx.exp new file mode 100755 index 000000000..0b62fada9 --- /dev/null +++ b/test/root/nginx.exp
@@ -0,0 +1,69 @@
	1	#!/usr/bin/expect -f
	2
	3	set timeout 5
	4	spawn $env(SHELL)
	5	match_max 100000
	6
	7	send -- "pkill nginx\r"
	8	sleep 2
	9
	10
	11	send -- "firejail --name=nginx /etc/init.d/nginx start\r"
	12	expect {
	13	timeout {puts "TESTING ERROR 0\n";exit}
	14	"Child process initialized"
	15	}
	16	sleep 2
	17
	18
	19	spawn $env(SHELL)
	20	send -- "firejail --tree\r"
	21	expect {
	22	timeout {puts "TESTING ERROR 1\n";exit}
	23	"root:nginx"
	24	}
	25	expect {
	26	timeout {puts "TESTING ERROR 2\n";exit}
	27	"www-data:nginx"
	28	}
	29	sleep 2
	30
	31
	32	send -- "rm index.html\r"
	33	sleep 1
	34	send -- "wget 0\r"
	35	expect {
	36	timeout {puts "TESTING ERROR 3\n";exit}
	37	"saved"
	38	}
	39	send -- "cat index.html\r"
	40	expect {
	41	timeout {puts "TESTING ERROR 4\n";exit}
	42	"DOCTYPE html PUBLIC"
	43	}
	44
	45	sleep 1
	46	send -- "rm index.html\r"
	47
	48	send -- "firejail --join=nginx\r"
	49	sleep 2
	50
	51	send -- "ls /dev\r"
	52	expect {
	53	timeout {puts "TESTING ERROR 5\n";exit}
	54	"tty0" {puts "TESTING ERROR 6\n";exit}
	55	"ttyS0" {puts "TESTING ERROR 6\n";exit}
	56	"audio" {puts "TESTING ERROR 6\n";exit}
	57	"ppp" {puts "TESTING ERROR 6\n";exit}
	58	"log"
	59	}
	60	sleep 1
	61	send -- "ls -al /tmp;pwd\r"
	62	expect {
	63	timeout {puts "TESTING ERROR 10\n";exit}
	64	"X11-unix" {puts "TESTING ERROR 11\n";exit}
	65	"/root"
	66	}
	67	sleep 2
	68
	69	puts "\nall done\n"


diff --git a/test/root/option_bind_directory.exp b/test/root/option_bind_directory.exp new file mode 100755 index 000000000..3233c68de --- /dev/null +++ b/test/root/option_bind_directory.exp
@@ -0,0 +1,22 @@
	1	#!/usr/bin/expect -f
	2
	3	set timeout 10
	4	spawn $env(SHELL)
	5	match_max 100000
	6
	7	send -- "firejail --bind=/tmp/chroot,mntpoint\r"
	8	expect {
	9	timeout {puts "TESTING ERROR 0\n";exit}
	10	"Child process initialized"
	11	}
	12	sleep 1
	13
	14	send -- "ls mntpoint;pwd\r"
	15	expect {
	16	timeout {puts "TESTING ERROR 1\n";exit}
	17	"root"
	18	}
	19	sleep 1
	20
	21	puts "\n"
	22


diff --git a/test/root/option_bind_file.exp b/test/root/option_bind_file.exp new file mode 100755 index 000000000..8926e0391 --- /dev/null +++ b/test/root/option_bind_file.exp
@@ -0,0 +1,22 @@
	1	#!/usr/bin/expect -f
	2
	3	set timeout 10
	4	spawn $env(SHELL)
	5	match_max 100000
	6
	7	send -- "firejail --bind=tmpfile,/etc/passwd\r"
	8	expect {
	9	timeout {puts "TESTING ERROR 0\n";exit}
	10	"Child process initialized"
	11	}
	12	sleep 1
	13
	14	send -- "cat /etc/passwd;pwd\r"
	15	expect {
	16	timeout {puts "TESTING ERROR 1\n";exit}
	17	"hello"
	18	}
	19	sleep 1
	20
	21	puts "\n"
	22


diff --git a/test/root/option_tmpfs.exp b/test/root/option_tmpfs.exp new file mode 100755 index 000000000..20e42a858 --- /dev/null +++ b/test/root/option_tmpfs.exp
@@ -0,0 +1,44 @@
	1	#!/usr/bin/expect -f
	2
	3	set timeout 10
	4	spawn $env(SHELL)
	5	match_max 100000
	6
	7	send -- "firejail --tmpfs=/var\r"
	8	expect {
	9	timeout {puts "TESTING ERROR 0\n";exit}
	10	"Child process initialized"
	11	}
	12	sleep 1
	13
	14	send -- "ls -l /var;pwd\r"
	15	expect {
	16	timeout {puts "TESTING ERROR 1\n";exit}
	17	"total 0"
	18	}
	19	expect {
	20	timeout {puts "TESTING ERROR 2\n";exit}
	21	"/root"
	22	}
	23	sleep 1
	24	send -- "exit\r"
	25	sleep 2
	26
	27	send -- "firejail --debug-check-filename --tmpfs=\"bla&&bla\"\r"
	28	expect {
	29	timeout {puts "TESTING ERROR 13.1\n";exit}
	30	"Checking filename bla&&bla"
	31	}
	32	expect {
	33	timeout {puts "TESTING ERROR 13.2\n";exit}
	34	"Error:"
	35	}
	36	expect {
	37	timeout {puts "TESTING ERROR 13.3\n";exit}
	38	"is an invalid filename"
	39	}
	40	after 100
	41
	42
	43	puts "\nall done\n"
	44


diff --git a/test/root/profile_tmpfs.exp b/test/root/profile_tmpfs.exp new file mode 100755 index 000000000..da7c084a2 --- /dev/null +++ b/test/root/profile_tmpfs.exp
@@ -0,0 +1,37 @@
	1	#!/usr/bin/expect -f
	2
	3	set timeout 10
	4	spawn $env(SHELL)
	5	match_max 100000
	6
	7	send -- "mkdir /tmp/firejailtestdir\r"
	8	sleep 1
	9	send -- "ls > /tmp/firejailtestdir/tmpfile\r"
	10	sleep 1
	11
	12	send -- "firejail --profile=tmpfs.profile\r"
	13	expect {
	14	timeout {puts "TESTING ERROR 0\n";exit}
	15	"Child process initialized"
	16	}
	17
	18	# testing private only
	19	send -- "bash\r"
	20	sleep 1
	21
	22	send -- "ls -l /tmp/firejailtestdir;pwd\r"
	23	expect {
	24	timeout {puts "TESTING ERROR 1.1\n";exit}
	25	"tmpfile" {puts "TESTING ERROR 1\n";exit}
	26	"home"
	27	}
	28	sleep 1
	29	send -- "exit\r"
	30	sleep 1
	31	send -- "exit\r"
	32	sleep 1
	33	send -- "rm -fr /tmp/firejailtestdir\r"
	34
	35	sleep 1
	36
	37	puts "\nall done\n"


diff --git a/test/root/root.sh b/test/root/root.sh new file mode 100755 index 000000000..960071d45 --- /dev/null +++ b/test/root/root.sh
@@ -0,0 +1,105 @@
	1	#!/bin/bash
	2
	3	./configure 2 > /dev/null
	4
	5	#********************************
	6	# servers
	7	#********************************
	8	if [ -f /etc/init.d/snmpd ]
	9	then
	10	echo "TESTING: snmpd (test/root/snmpd.exp)"
	11	./snmpd.exp
	12	else
	13	echo "TESTING SKIP: snmpd not found"
	14	fi
	15
	16
	17	if [ -f /etc/init.d/apache2 ]
	18	then
	19	echo "TESTING: apache2 (test/root/apache2.exp)"
	20	./apache2.exp
	21	else
	22	echo "TESTING SKIP: apache2 not found"
	23	fi
	24
	25	if [ -f /etc/init.d/isc-dhcp-server ]
	26	then
	27	echo "TESTING: isc dhcp server (test/root/isc-dhscp.exp)"
	28	./isc-dhcp.exp
	29	else
	30	echo "TESTING SKIP: isc dhcp server not found"
	31	fi
	32
	33	if [ -f /etc/init.d/unbound ]
	34	then
	35	echo "TESTING: unbound (test/root/unbound.exp)"
	36	./unbound.exp
	37	else
	38	echo "TESTING SKIP: unbound not found"
	39	fi
	40
	41	if [ -f /etc/init.d/nginx ]
	42	then
	43	echo "TESTING: nginx (test/root/nginx.exp)"
	44	./nginx.exp
	45	else
	46	echo "TESTING SKIP: nginx not found"
	47	fi
	48
	49	#********************************
	50	# seccomp
	51	#********************************
	52	echo "TESTING: seccomp umount (test/root/seccomp-umount.exp)"
	53	./seccomp-umount.exp
	54
	55	echo "TESTING: seccomp chmod (test/root/seccomp-chmod.exp)"
	56	./seccomp-chmod.exp
	57
	58	echo "TESTING: seccomp chown (test/root/seccomp-chown.exp)"
	59	./seccomp-chown.exp
	60
	61	#********************************
	62	# command line options
	63	#********************************
	64	echo "TESTING: tmpfs (test/root/option_tmpfs.exp)"
	65	./option_tmpfs.exp
	66
	67	echo "TESTING: profile tmpfs (test/root/profile_tmpfs)"
	68	./profile_tmpfs.exp
	69
	70	echo "TESTING: bind directory (test/root/option_bind_directory.exp)"
	71	./option_bind_directory.exp
	72
	73	echo "TESTING: bind file (test/root/option_bind_file.exp)"
	74	echo hello > tmpfile
	75	./option_bind_file.exp
	76	rm -f tmpfile
	77
	78	#********************************
	79	# networking
	80	#********************************
	81	echo "TESTING: network interfaces (test/root/net_interface.exp)"
	82	./net_interface.exp
	83
	84	echo "TESTING: firemon --interface (test/root/firemon-interface.exp)"
	85	./firemon-interface.exp
	86
	87	#if [ -f /sys/fs/cgroup/g1/tasks ]
	88	#then
	89	# echo "TESTING: firemon --cgroup (firemon-cgroup.exp)"
	90	# ./firemon-cgroup.exp
	91	#fi
	92	#
	93	#echo "TESTING: chroot resolv.conf (chroot-resolvconf.exp)"
	94	#rm -f tmpfile
	95	#touch tmpfile
	96	#rm -f /tmp/chroot/etc/resolv.conf
	97	#ln -s tmp /tmp/chroot/etc/resolv.conf
	98	#./chroot-resolvconf.exp
	99	#rm -f tmpfile
	100	#rm /tmp/chroot/etc/resolv.conf
	101
	102	#echo "TESTING: chroot (fs_chroot_asroot.exp)"
	103	#./fs_chroot_asroot.exp
	104
	105


diff --git a/test/root/seccomp-chmod.exp b/test/root/seccomp-chmod.exp new file mode 100755 index 000000000..b17990e3a --- /dev/null +++ b/test/root/seccomp-chmod.exp
@@ -0,0 +1,51 @@
	1	#!/usr/bin/expect -f
	2	# This file is part of Firejail project
	3	# Copyright (C) 2014-2016 Firejail Authors
	4	# License GPL v2
	5
	6	set timeout 10
	7	spawn $env(SHELL)
	8	match_max 100000
	9
	10	send -- "firejail --seccomp=chmod,fchmod,fchmodat --private\r"
	11	expect {
	12	timeout {puts "TESTING ERROR 0\n";exit}
	13	"Child process initialized"
	14	}
	15	sleep 2
	16
	17	send -- "cd ~; echo done\r"
	18	expect {
	19	timeout {puts "TESTING ERROR 1\n";exit}
	20	"done"
	21	}
	22
	23	send -- "touch testfile; echo done\r"
	24	expect {
	25	timeout {puts "TESTING ERROR 2\n";exit}
	26	"done"
	27	}
	28
	29	send -- "ls -l testfile; echo done\r"
	30	expect {
	31	timeout {puts "TESTING ERROR 3\n";exit}
	32	"testfile"
	33	}
	34	expect {
	35	timeout {puts "TESTING ERROR 4\n";exit}
	36	"done"
	37	}
	38
	39	send -- "chmod +x testfile; echo done\r"
	40	expect {
	41	timeout {puts "TESTING ERROR 5\n";exit}
	42	"Bad system call"
	43	}
	44	expect {
	45	timeout {puts "TESTING ERROR 6\n";exit}
	46	"done"
	47	}
	48
	49	send -- "exit\r"
	50	after 100
	51	puts "\nall done\n"


diff --git a/test/root/seccomp-chown.exp b/test/root/seccomp-chown.exp new file mode 100755 index 000000000..a54d279f1 --- /dev/null +++ b/test/root/seccomp-chown.exp
@@ -0,0 +1,49 @@
	1	#!/usr/bin/expect -f
	2	# This file is part of Firejail project
	3	# Copyright (C) 2014-2016 Firejail Authors
	4	# License GPL v2
	5
	6	set timeout 10
	7	spawn $env(SHELL)
	8	match_max 100000
	9
	10	send -- "firejail --seccomp=chown,fchown,fchownat,lchown --private\r"
	11	expect {
	12	timeout {puts "TESTING ERROR 0\n";exit}
	13	"Child process initialized"
	14	}
	15	sleep 2
	16
	17	send -- "touch testfile;pwd\r"
	18	expect {
	19	timeout {puts "TESTING ERROR 1\n";exit}
	20	"/root" {puts "running as root"}
	21	"/home"
	22	}
	23
	24	send -- "ls -l testfile;pwd\r"
	25	expect {
	26	timeout {puts "TESTING ERROR 2\n";exit}
	27	"testfile"
	28	}
	29	expect {
	30	timeout {puts "TESTING ERROR 3\n";exit}
	31	"/root" {puts "running as root"}
	32	"/home"
	33	}
	34
	35	send -- "chown netblue:netblue testfile;pwd\r"
	36	expect {
	37	timeout {puts "TESTING ERROR 2\n";exit}
	38	"Bad system call"
	39	}
	40	expect {
	41	timeout {puts "TESTING ERROR 3\n";exit}
	42	"/root" {puts "running as root"}
	43	"/home"
	44	}
	45
	46
	47	send -- "exit\r"
	48	after 100
	49	puts "\nall done\n"


diff --git a/test/root/seccomp-umount.exp b/test/root/seccomp-umount.exp new file mode 100755 index 000000000..04a9b7a3d --- /dev/null +++ b/test/root/seccomp-umount.exp
@@ -0,0 +1,25 @@
	1	#!/usr/bin/expect -f
	2	# This file is part of Firejail project
	3	# Copyright (C) 2014-2016 Firejail Authors
	4	# License GPL v2
	5
	6	set timeout 10
	7	spawn $env(SHELL)
	8	match_max 100000
	9
	10	send -- "firejail --net=br0 --ip=10.10.20.5 --seccomp --noprofile\r"
	11	expect {
	12	timeout {puts "TESTING ERROR 0\n";exit}
	13	"Child process initialized"
	14	}
	15	sleep 2
	16
	17	send -- "umount /proc\r"
	18	expect {
	19	timeout {puts "TESTING ERROR 1\n";exit}
	20	"Bad system call"
	21	}
	22
	23	send -- "exit\r"
	24	after 100
	25	puts "\n"


diff --git a/test/root/snmpd.exp b/test/root/snmpd.exp new file mode 100755 index 000000000..90e34470f --- /dev/null +++ b/test/root/snmpd.exp
@@ -0,0 +1,57 @@
	1	#!/usr/bin/expect -f
	2
	3	set timeout 5
	4	spawn $env(SHELL)
	5	match_max 100000
	6
	7	send -- "sudo ls; sudo whoami; sudo pwd\r"
	8	expect {
	9	timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit}
	10	"root"
	11	}
	12
	13	send -- "pkill snmpd\r"
	14	sleep 2
	15
	16
	17	send -- "firejail --name=snmpd /etc/init.d/snmpd start\r"
	18	expect {
	19	timeout {puts "TESTING ERROR 0\n";exit}
	20	"Child process initialized"
	21	}
	22	sleep 2
	23
	24	spawn $env(SHELL)
	25	send -- "firejail --tree\r"
	26	expect {
	27	timeout {puts "TESTING ERROR 2\n";exit}
	28	"snmp:/usr/sbin/snmpd"
	29	}
	30	sleep 2
	31
	32	send -- "tail /var/log/syslog\r"
	33	expect {
	34	timeout {puts "TESTING ERROR 3\n";exit}
	35	"snmpd"
	36	}
	37	expect {
	38	timeout {puts "TESTING ERROR 4\n";exit}
	39	"NET-SNMP version"
	40	}
	41
	42	send -- "firejail --join=snmpd\r"
	43	sleep 2
	44
	45	send -- "ls /dev\r"
	46	expect {
	47	timeout {puts "TESTING ERROR 5\n";exit}
	48	"tty0" {puts "TESTING ERROR 6\n";exit}
	49	"ttyS0" {puts "TESTING ERROR 6\n";exit}
	50	"audio" {puts "TESTING ERROR 6\n";exit}
	51	"ppp" {puts "TESTING ERROR 6\n";exit}
	52	"log"
	53	}
	54	sleep 2
	55
	56	sleep 2
	57	puts "\nall done\n"


diff --git a/test/root/start.sh b/test/root/start.sh new file mode 100755 index 000000000..8e7a869cd --- /dev/null +++ b/test/root/start.sh
@@ -0,0 +1,4 @@
	1	#/bin/bash
	2
	3	./configure
	4	./root.sh \| grep TESTING \ No newline at end of file


diff --git a/test/root/tmpfs.profile b/test/root/tmpfs.profile new file mode 100644 index 000000000..0680f4d69 --- /dev/null +++ b/test/root/tmpfs.profile
@@ -0,0 +1 @@
		tmpfs /tmp/firejailtestdir \ No newline at end of file


diff --git a/test/root/unbound.exp b/test/root/unbound.exp new file mode 100755 index 000000000..193e662ff --- /dev/null +++ b/test/root/unbound.exp
@@ -0,0 +1,57 @@
	1	#!/usr/bin/expect -f
	2
	3	set timeout 5
	4	spawn $env(SHELL)
	5	match_max 100000
	6
	7	send -- "sudo ls; sudo whoami; sudo pwd\r"
	8	expect {
	9	timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit}
	10	"root"
	11	}
	12
	13	send -- "pkill unbound\r"
	14	sleep 2
	15
	16	send -- "firejail --name=unbound unbound\r"
	17	expect {
	18	timeout {puts "TESTING ERROR 0\n";exit}
	19	"Child process initialized"
	20	}
	21	sleep 2
	22
	23	spawn $env(SHELL)
	24	send -- "firejail --tree\r"
	25	expect {
	26	timeout {puts "TESTING ERROR 2\n";exit}
	27	"unbound:unbound"
	28	}
	29	sleep 2
	30
	31	send -- "tail /var/log/syslog\r"
	32	expect {
	33	timeout {puts "TESTING ERROR 3\n";exit}
	34	"unbound"
	35	}
	36	expect {
	37	timeout {puts "TESTING ERROR 4\n";exit}
	38	"info: start of service"
	39	}
	40	sleep 2
	41
	42	send -- "firejail --join=unbound\r"
	43	sleep 2
	44
	45	send -- "ls /dev\r"
	46	expect {
	47	timeout {puts "TESTING ERROR 5\n";exit}
	48	"tty0" {puts "TESTING ERROR 6\n";exit}
	49	"ttyS0" {puts "TESTING ERROR 6\n";exit}
	50	"audio" {puts "TESTING ERROR 6\n";exit}
	51	"ppp" {puts "TESTING ERROR 6\n";exit}
	52	"log"
	53	}
	54	sleep 2
	55
	56
	57	puts "\nall done\n"