testing

author: netblue30 <netblue30@protonmail.com> 2023-03-09 08:39:25 -0500
committer: netblue30 <netblue30@protonmail.com> 2023-03-09 08:39:25 -0500
commit: c79aa14295f907ffac0cf5555515602b7393b8b6 (patch)
tree: 87a114af4e12388e09e2d16d518b50be9ddbe0a6 /test/seccomp-extra/noroot.exp
parent: testing (diff)
download: firejail-c79aa14295f907ffac0cf5555515602b7393b8b6.tar.gz
firejail-c79aa14295f907ffac0cf5555515602b7393b8b6.tar.zst
firejail-c79aa14295f907ffac0cf5555515602b7393b8b6.zip
1 files changed, 136 insertions, 0 deletions
diff --git a/test/seccomp-extra/noroot.exp b/test/seccomp-extra/noroot.exp
new file mode 100755
index 000000000..eeb82833e
--- /dev/null
+++ b/test/seccomp-extra/noroot.exp
@@ -0,0 +1,136 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --name=test --noroot --noprofile\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+sleep 1
+# check seccomp disabled and all caps enabled
+send -- "cat /proc/self/status\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "ffffffff"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Seccomp:"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "0"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "Cpus_allowed:"
+}
+puts "\n"
+send -- "whoami\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        $env(USER)
+}
+send -- "sudo -s\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
+        "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
+}
+send -- "sudo su -\r"
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "effective uid is not 0" {puts "OK\n"}
+        "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
+}
+send -- "sudo ls\r"
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "effective uid is not 0" {puts "OK\n"}
+        "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
+}
+send -- "cat /proc/self/uid_map | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "1"
+}
+send -- "cat /proc/self/gid_map | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 12\n";exit}
+        "9"
+}
+spawn $env(SHELL)
+send -- "firejail --debug --join=test\r"
+expect {
+        timeout {puts "TESTING ERROR 13\n";exit}
+        "Joining user namespace"
+}
+expect {
+        timeout {puts "TESTING ERROR 14\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "sudo -s\r"
+expect {
+        timeout {puts "TESTING ERROR 15\n";exit}
+        "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
+        "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
+        "Permission denied" { puts "OK\n";}
+}
+send -- "cat /proc/self/uid_map | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 16\n";exit}
+        "1"
+}
+send -- "cat /proc/self/gid_map | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 17\n";exit}
+        "9"
+}
+# check seccomp disabled and all caps enabled
+send -- "cat /proc/self/status\r"
+expect {
+        timeout {puts "TESTING ERROR 18\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 19\n";exit}
+        "ffffffff"
+}
+expect {
+        timeout {puts "TESTING ERROR 20\n";exit}
+        "Seccomp:"
+}
+expect {
+        timeout {puts "TESTING ERROR 21\n";exit}
+        "0"
+}
+expect {
+        timeout {puts "TESTING ERROR 22\n";exit}
+        "Cpus_allowed:"
+}
+puts "\n"
+after 500
+puts "\nall done\n"
author	netblue30 <netblue30@protonmail.com>	2023-03-09 08:39:25 -0500
committer	netblue30 <netblue30@protonmail.com>	2023-03-09 08:39:25 -0500
commit	c79aa14295f907ffac0cf5555515602b7393b8b6 (patch)
tree	87a114af4e12388e09e2d16d518b50be9ddbe0a6 /test/seccomp-extra/noroot.exp
parent	testing (diff)
download	firejail-c79aa14295f907ffac0cf5555515602b7393b8b6.tar.gz firejail-c79aa14295f907ffac0cf5555515602b7393b8b6.tar.zst firejail-c79aa14295f907ffac0cf5555515602b7393b8b6.zip

diff --git a/test/seccomp-extra/noroot.exp b/test/seccomp-extra/noroot.exp new file mode 100755 index 000000000..eeb82833e --- /dev/null +++ b/test/seccomp-extra/noroot.exp
@@ -0,0 +1,136 @@
	1	#!/usr/bin/expect -f
	2	# This file is part of Firejail project
	3	# Copyright (C) 2014-2023 Firejail Authors
	4	# License GPL v2
	5
	6	set timeout 10
	7	spawn $env(SHELL)
	8	match_max 100000
	9
	10	send -- "firejail --name=test --noroot --noprofile\r"
	11	expect {
	12	timeout {puts "TESTING ERROR 1\n";exit}
	13	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	14	}
	15	sleep 1
	16
	17	# check seccomp disabled and all caps enabled
	18	send -- "cat /proc/self/status\r"
	19	expect {
	20	timeout {puts "TESTING ERROR 2\n";exit}
	21	"CapBnd:"
	22	}
	23	expect {
	24	timeout {puts "TESTING ERROR 3\n";exit}
	25	"ffffffff"
	26	}
	27	expect {
	28	timeout {puts "TESTING ERROR 4\n";exit}
	29	"Seccomp:"
	30	}
	31	expect {
	32	timeout {puts "TESTING ERROR 5\n";exit}
	33	"0"
	34	}
	35	expect {
	36	timeout {puts "TESTING ERROR 6\n";exit}
	37	"Cpus_allowed:"
	38	}
	39	puts "\n"
	40
	41	send -- "whoami\r"
	42	expect {
	43	timeout {puts "TESTING ERROR 7\n";exit}
	44	$env(USER)
	45	}
	46	send -- "sudo -s\r"
	47	expect {
	48	timeout {puts "TESTING ERROR 8\n";exit}
	49	"effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
	50	"sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
	51	}
	52
	53	send -- "sudo su -\r"
	54	expect {
	55	timeout {puts "TESTING ERROR 9\n";exit}
	56	"effective uid is not 0" {puts "OK\n"}
	57	"sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
	58	}
	59
	60	send -- "sudo ls\r"
	61	expect {
	62	timeout {puts "TESTING ERROR 10\n";exit}
	63	"effective uid is not 0" {puts "OK\n"}
	64	"sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
	65	}
	66
	67	send -- "cat /proc/self/uid_map \| wc -l\r"
	68	expect {
	69	timeout {puts "TESTING ERROR 11\n";exit}
	70	"1"
	71	}
	72	send -- "cat /proc/self/gid_map \| wc -l\r"
	73	expect {
	74	timeout {puts "TESTING ERROR 12\n";exit}
	75	"9"
	76	}
	77
	78
	79
	80	spawn $env(SHELL)
	81	send -- "firejail --debug --join=test\r"
	82	expect {
	83	timeout {puts "TESTING ERROR 13\n";exit}
	84	"Joining user namespace"
	85	}
	86	expect {
	87	timeout {puts "TESTING ERROR 14\n";exit}
	88	"Child process initialized"
	89	}
	90	sleep 1
	91
	92	send -- "sudo -s\r"
	93	expect {
	94	timeout {puts "TESTING ERROR 15\n";exit}
	95	"effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
	96	"sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
	97	"Permission denied" { puts "OK\n";}
	98	}
	99	send -- "cat /proc/self/uid_map \| wc -l\r"
	100	expect {
	101	timeout {puts "TESTING ERROR 16\n";exit}
	102	"1"
	103	}
	104	send -- "cat /proc/self/gid_map \| wc -l\r"
	105	expect {
	106	timeout {puts "TESTING ERROR 17\n";exit}
	107	"9"
	108	}
	109
	110	# check seccomp disabled and all caps enabled
	111	send -- "cat /proc/self/status\r"
	112	expect {
	113	timeout {puts "TESTING ERROR 18\n";exit}
	114	"CapBnd:"
	115	}
	116	expect {
	117	timeout {puts "TESTING ERROR 19\n";exit}
	118	"ffffffff"
	119	}
	120	expect {
	121	timeout {puts "TESTING ERROR 20\n";exit}
	122	"Seccomp:"
	123	}
	124	expect {
	125	timeout {puts "TESTING ERROR 21\n";exit}
	126	"0"
	127	}
	128	expect {
	129	timeout {puts "TESTING ERROR 22\n";exit}
	130	"Cpus_allowed:"
	131	}
	132	puts "\n"
	133
	134
	135	after 500
	136	puts "\nall done\n"