diff options
| author |  Reiner Herrmann <reiner@reiner-h.de> | 2021-03-01 20:21:19 +0100 |
|---|---|---|
| committer | Reiner Herrmann <reiner@reiner-h.de> | 2021-03-01 20:21:19 +0100 |
| commit | e4eada2b2f3ee0bfdd8dd536f5237a8535cc285d (patch) | |
| tree | bab94682398e937b888b4d0a499921f1649d50d4 /test/utils | |
| parent | manpage: Add log as value of seccomp-error-action (diff) | |
| download | firejail-e4eada2b2f3ee0bfdd8dd536f5237a8535cc285d.tar.gz firejail-e4eada2b2f3ee0bfdd8dd536f5237a8535cc285d.tar.zst firejail-e4eada2b2f3ee0bfdd8dd536f5237a8535cc285d.zip | |
tests: drop (f)audit from tests
Diffstat (limited to 'test/utils')
| -rwxr-xr-x | test/utils/audit.exp | 167 | ||||
| -rwxr-xr-x | test/utils/utils.sh | 9 |
2 files changed, 1 insertions, 175 deletions
diff --git a/test/utils/audit.exp b/test/utils/audit.exp deleted file mode 100755 index ba537c3af..000000000 --- a/test/utils/audit.exp +++ /dev/null | |||
| @@ -1,167 +0,0 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | # This file is part of Firejail project | ||
| 3 | # Copyright (C) 2014-2021 Firejail Authors | ||
| 4 | # License GPL v2 | ||
| 5 | |||
| 6 | set timeout 10 | ||
| 7 | spawn $env(SHELL) | ||
| 8 | match_max 100000 | ||
| 9 | |||
| 10 | send -- "firejail --audit\r" | ||
| 11 | expect { | ||
| 12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
| 13 | "Firejail Audit" | ||
| 14 | } | ||
| 15 | expect { | ||
| 16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
| 17 | "is running in a PID namespace" | ||
| 18 | } | ||
| 19 | expect { | ||
| 20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
| 21 | "container/sandbox firejail" | ||
| 22 | } | ||
| 23 | expect { | ||
| 24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
| 25 | "seccomp BPF enabled" | ||
| 26 | } | ||
| 27 | expect { | ||
| 28 | timeout {puts "TESTING ERROR 4\n";exit} | ||
| 29 | "all capabilities are disabled" | ||
| 30 | } | ||
| 31 | expect { | ||
| 32 | timeout {puts "TESTING ERROR 5\n";exit} | ||
| 33 | "dev directory seems to be fully populated" | ||
| 34 | } | ||
| 35 | expect { | ||
| 36 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
| 37 | "Parent is shutting down, bye..." | ||
| 38 | } | ||
| 39 | after 100 | ||
| 40 | |||
| 41 | |||
| 42 | send -- "firejail --audit\r" | ||
| 43 | expect { | ||
| 44 | timeout {puts "TESTING ERROR 6\n";exit} | ||
| 45 | "Firejail Audit" | ||
| 46 | } | ||
| 47 | expect { | ||
| 48 | timeout {puts "TESTING ERROR 7\n";exit} | ||
| 49 | "is running in a PID namespace" | ||
| 50 | } | ||
| 51 | expect { | ||
| 52 | timeout {puts "TESTING ERROR 8\n";exit} | ||
| 53 | "container/sandbox firejail" | ||
| 54 | } | ||
| 55 | expect { | ||
| 56 | timeout {puts "TESTING ERROR 9\n";exit} | ||
| 57 | "seccomp BPF enabled" | ||
| 58 | } | ||
| 59 | expect { | ||
| 60 | timeout {puts "TESTING ERROR 10\n";exit} | ||
| 61 | "all capabilities are disabled" | ||
| 62 | } | ||
| 63 | expect { | ||
| 64 | timeout {puts "TESTING ERROR 11\n";exit} | ||
| 65 | "dev directory seems to be fully populated" | ||
| 66 | } | ||
| 67 | expect { | ||
| 68 | timeout {puts "TESTING ERROR 11.1\n";exit} | ||
| 69 | "Parent is shutting down, bye..." | ||
| 70 | } | ||
| 71 | after 100 | ||
| 72 | |||
| 73 | send -- "firejail --audit=blablabla\r" | ||
| 74 | expect { | ||
| 75 | timeout {puts "TESTING ERROR 12\n";exit} | ||
| 76 | "cannot find the audit program" | ||
| 77 | } | ||
| 78 | after 100 | ||
| 79 | |||
| 80 | send -- "firejail --audit=\r" | ||
| 81 | expect { | ||
| 82 | timeout {puts "TESTING ERROR 12\n";exit} | ||
| 83 | "invalid audit program" | ||
| 84 | } | ||
| 85 | after 100 | ||
| 86 | |||
| 87 | # run audit executable without a sandbox | ||
| 88 | send -- "faudit\r" | ||
| 89 | expect { | ||
| 90 | timeout {puts "TESTING ERROR 13\n";exit} | ||
| 91 | "is not running in a PID namespace" | ||
| 92 | } | ||
| 93 | expect { | ||
| 94 | timeout {puts "TESTING ERROR 14\n";exit} | ||
| 95 | "BAD: seccomp disabled" | ||
| 96 | } | ||
| 97 | expect { | ||
| 98 | timeout {puts "TESTING ERROR 15\n";exit} | ||
| 99 | "BAD: the capability map is" | ||
| 100 | } | ||
| 101 | expect { | ||
| 102 | timeout {puts "TESTING ERROR 16\n";exit} | ||
| 103 | "MAYBE: /dev directory seems to be fully populated" | ||
| 104 | } | ||
| 105 | after 100 | ||
| 106 | |||
| 107 | # test seccomp | ||
| 108 | send -- "firejail --seccomp.drop=mkdir --audit\r" | ||
| 109 | expect { | ||
| 110 | timeout {puts "TESTING ERROR 17\n";exit} | ||
| 111 | "Firejail Audit" | ||
| 112 | } | ||
| 113 | expect { | ||
| 114 | timeout {puts "TESTING ERROR 18\n";exit} | ||
| 115 | "GOOD: seccomp BPF enabled" | ||
| 116 | } | ||
| 117 | expect { | ||
| 118 | timeout {puts "TESTING ERROR 19\n";exit} | ||
| 119 | "UGLY: mount syscall permitted" | ||
| 120 | } | ||
| 121 | expect { | ||
| 122 | timeout {puts "TESTING ERROR 20\n";exit} | ||
| 123 | "UGLY: umount2 syscall permitted" | ||
| 124 | } | ||
| 125 | expect { | ||
| 126 | timeout {puts "TESTING ERROR 21\n";exit} | ||
| 127 | "UGLY: ptrace syscall permitted" | ||
| 128 | } | ||
| 129 | expect { | ||
| 130 | timeout {puts "TESTING ERROR 22\n";exit} | ||
| 131 | "UGLY: swapon syscall permitted" | ||
| 132 | } | ||
| 133 | expect { | ||
| 134 | timeout {puts "TESTING ERROR 23\n";exit} | ||
| 135 | "UGLY: swapoff syscall permitted" | ||
| 136 | } | ||
| 137 | expect { | ||
| 138 | timeout {puts "TESTING ERROR 24\n";exit} | ||
| 139 | "UGLY: init_module syscall permitted" | ||
| 140 | } | ||
| 141 | expect { | ||
| 142 | timeout {puts "TESTING ERROR 25\n";exit} | ||
| 143 | "UGLY: delete_module syscall permitted" | ||
| 144 | } | ||
| 145 | expect { | ||
| 146 | timeout {puts "TESTING ERROR 26\n";exit} | ||
| 147 | "UGLY: chroot syscall permitted" | ||
| 148 | } | ||
| 149 | expect { | ||
| 150 | timeout {puts "TESTING ERROR 27\n";exit} | ||
| 151 | "UGLY: pivot_root syscall permitted" | ||
| 152 | } | ||
| 153 | expect { | ||
| 154 | timeout {puts "TESTING ERROR 28\n";exit} | ||
| 155 | "UGLY: iopl syscall permitted" | ||
| 156 | } | ||
| 157 | expect { | ||
| 158 | timeout {puts "TESTING ERROR 29\n";exit} | ||
| 159 | "UGLY: ioperm syscall permitted" | ||
| 160 | } | ||
| 161 | expect { | ||
| 162 | timeout {puts "TESTING ERROR 30\n";exit} | ||
| 163 | "GOOD: all capabilities are disabled" | ||
| 164 | } | ||
| 165 | after 100 | ||
| 166 | |||
| 167 | puts "\nall done\n" | ||
diff --git a/test/utils/utils.sh b/test/utils/utils.sh index 9ef409ae7..c021d6287 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh | |||
| @@ -8,7 +8,7 @@ export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | |||
| 8 | export LC_ALL=C | 8 | export LC_ALL=C |
| 9 | 9 | ||
| 10 | if [ -f /etc/debian_version ]; then | 10 | if [ -f /etc/debian_version ]; then |
| 11 | libdir=$(dirname "$(dpkg -L firejail | grep faudit)") | 11 | libdir=$(dirname "$(dpkg -L firejail | grep fcopy)") |
| 12 | export PATH="$PATH:$libdir" | 12 | export PATH="$PATH:$libdir" |
| 13 | fi | 13 | fi |
| 14 | export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail" | 14 | export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail" |
| @@ -18,13 +18,6 @@ echo "TESTING: build (test/utils/build.exp)" | |||
| 18 | rm -f ~/firejail-test-file-7699 | 18 | rm -f ~/firejail-test-file-7699 |
| 19 | rm -f firejail-test-file-4388 | 19 | rm -f firejail-test-file-4388 |
| 20 | 20 | ||
| 21 | if [ $(faudit | grep -c "is running in a PID namespace.") -gt 0 ]; then | ||
| 22 | echo "TESTING SKIP: already running in pid namespace (test/utils/audit.exp)" | ||
| 23 | else | ||
| 24 | echo "TESTING: audit (test/utils/audit.exp)" | ||
| 25 | ./audit.exp | ||
| 26 | fi | ||
| 27 | |||
| 28 | echo "TESTING: name (test/utils/name.exp)" | 21 | echo "TESTING: name (test/utils/name.exp)" |
| 29 | ./name.exp | 22 | ./name.exp |
| 30 | 23 | ||