feature testing

author: netblue30 <netblue30@yahoo.com> 2015-11-24 11:28:03 -0500
committer: netblue30 <netblue30@yahoo.com> 2015-11-24 11:28:03 -0500
commit: 3fe00bab994c8ac9da482c7711aaadd38e2ea97d (patch)
tree: ebf3f1a663a972e0767f69959283bfb54b95ec8a /test
parent: feature test (diff)
download: firejail-3fe00bab994c8ac9da482c7711aaadd38e2ea97d.tar.gz
firejail-3fe00bab994c8ac9da482c7711aaadd38e2ea97d.tar.zst
firejail-3fe00bab994c8ac9da482c7711aaadd38e2ea97d.zip
4 files changed, 148 insertions, 1 deletions
diff --git a/test/configure b/test/configure
index 73c808020..67122cfe1 100755
--- a/test/configure
+++ b/test/configure
@@ -28,12 +28,14 @@ ROOTDIR="/tmp/chroot"			# default chroot directory
 DEFAULT_FILES="/bin/bash /bin/sh "      # basic chroot files
 DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group "
 DEFAULT_FILES+=`find /lib -name libnss*`        # files required by glibc
-DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount"
+DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /usr/bin/touch /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount"
 rm -fr $ROOTDIR
 mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc}
 mkdir -p $ROOTDIR/etc/firejail
 mkdir -p $ROOTDIR/home/netblue/.config/firejail
+chown netblue:netblue $ROOTDIR/home/netblue
+chown netblue:netblue $ROOTDIR/home/netblue/.config
 mkdir $ROOTDIR/home/someotheruser
 mkdir $ROOTDIR/boot
 mkdir $ROOTDIR/selinux
diff --git a/test/features/3.1.exp b/test/features/3.1.exp
new file mode 100755
index 000000000..6abbf94a5
--- /dev/null
+++ b/test/features/3.1.exp
@@ -0,0 +1,72 @@
+#!/usr/bin/expect -f
+#
+# tmpfs
+#
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+#
+# N
+#
+send -- "touch ~/.config/firejail-test-file\r"
+sleep 1
+send -- "firejail --noprofile --tmpfs=/home/netblue/.config\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "ls ~/.config | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "0"
+}
+after 100
+send -- "exit\r"
+sleep 1
+#
+# O
+#
+send -- "firejail --noprofile --overlay --tmpfs=/home/netblue/.config\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "ls ~/.config | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "0"
+}
+after 100
+send -- "exit\r"
+sleep 1
+#
+# C
+#
+send -- "touch /tmp/chroot/home/netblue/.config/firejail-test-file\r"
+sleep 1
+send -- "firejail --noprofile --chroot=/tmp/chroot --tmpfs=/home/netblue/.config\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "ls ~/.config | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "0"
+}
+after 100
+send -- "exit\r"
+sleep 1
+puts "\nall done\n"
diff --git a/test/features/3.2.exp b/test/features/3.2.exp
new file mode 100755
index 000000000..f6ed01310
--- /dev/null
+++ b/test/features/3.2.exp
@@ -0,0 +1,72 @@
+#!/usr/bin/expect -f
+#
+# disable /boot
+#
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+#
+# N
+#
+send -- "rm -f ~/.config/firejail-test-file\r"
+sleep 1
+send -- "firejail --noprofile --read-only=/home/netblue/.config\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "touch ~/.config/firejail-test-file\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Read-only file system"
+}
+after 100
+send -- "exit\r"
+sleep 1
+#
+# O
+#
+send -- "firejail --noprofile --overlay --read-only=/home/netblue/.config\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "touch ~/.config/firejail-test-file\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Read-only file system"
+}
+after 100
+send -- "exit\r"
+sleep 1
+#
+# C
+#
+send -- "rm -f /tmp/chroot/home/netblue/.config/firejail-test-file\r"
+sleep 1
+send -- "firejail --noprofile --chroot=/tmp/chroot --read-only=/home/netblue/.config\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "touch ~/.config/firejail-test-file\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "Read-only file system"
+}
+after 100
+send -- "exit\r"
+sleep 1
+puts "\nall done\n"
diff --git a/test/features/features.txt b/test/features/features.txt
index 95e8cc5a0..492843adc 100644
--- a/test/features/features.txt
+++ b/test/features/features.txt
@@ -70,4 +70,5 @@ C - chroot filesystem
 3. Filesystem features (use --noprofile)
 3.1 tmpfs
+3.2 read-only
        
 \ No newline at end of file
author	netblue30 <netblue30@yahoo.com>	2015-11-24 11:28:03 -0500
committer	netblue30 <netblue30@yahoo.com>	2015-11-24 11:28:03 -0500
commit	3fe00bab994c8ac9da482c7711aaadd38e2ea97d (patch)
tree	ebf3f1a663a972e0767f69959283bfb54b95ec8a /test
parent	feature test (diff)
download	firejail-3fe00bab994c8ac9da482c7711aaadd38e2ea97d.tar.gz firejail-3fe00bab994c8ac9da482c7711aaadd38e2ea97d.tar.zst firejail-3fe00bab994c8ac9da482c7711aaadd38e2ea97d.zip

diff --git a/test/configure b/test/configure index 73c808020..67122cfe1 100755 --- a/test/configure +++ b/test/configure
@@ -28,12 +28,14 @@ ROOTDIR="/tmp/chroot" # default chroot directory
28	DEFAULT_FILES="/bin/bash /bin/sh " # basic chroot files	28	DEFAULT_FILES="/bin/bash /bin/sh " # basic chroot files
29	DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group "	29	DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group "
30	DEFAULT_FILES+=`find /lib -name libnss*` # files required by glibc	30	DEFAULT_FILES+=`find /lib -name libnss*` # files required by glibc
31	DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount"	31	DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /usr/bin/touch /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount"
32		32
33	rm -fr $ROOTDIR	33	rm -fr $ROOTDIR
34	mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc}	34	mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc}
35	mkdir -p $ROOTDIR/etc/firejail	35	mkdir -p $ROOTDIR/etc/firejail
36	mkdir -p $ROOTDIR/home/netblue/.config/firejail	36	mkdir -p $ROOTDIR/home/netblue/.config/firejail
		37	chown netblue:netblue $ROOTDIR/home/netblue
		38	chown netblue:netblue $ROOTDIR/home/netblue/.config
37	mkdir $ROOTDIR/home/someotheruser	39	mkdir $ROOTDIR/home/someotheruser
38	mkdir $ROOTDIR/boot	40	mkdir $ROOTDIR/boot
39	mkdir $ROOTDIR/selinux	41	mkdir $ROOTDIR/selinux


diff --git a/test/features/3.1.exp b/test/features/3.1.exp new file mode 100755 index 000000000..6abbf94a5 --- /dev/null +++ b/test/features/3.1.exp
@@ -0,0 +1,72 @@
		1	#!/usr/bin/expect -f
		2	#
		3	# tmpfs
		4	#
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	#
		11	# N
		12	#
		13	send -- "touch ~/.config/firejail-test-file\r"
		14	sleep 1
		15	send -- "firejail --noprofile --tmpfs=/home/netblue/.config\r"
		16	expect {
		17	timeout {puts "TESTING ERROR 0\n";exit}
		18	"Child process initialized"
		19	}
		20	sleep 1
		21
		22	send -- "ls ~/.config \| wc -l\r"
		23	expect {
		24	timeout {puts "TESTING ERROR 1\n";exit}
		25	"0"
		26	}
		27	after 100
		28	send -- "exit\r"
		29	sleep 1
		30
		31	#
		32	# O
		33	#
		34	send -- "firejail --noprofile --overlay --tmpfs=/home/netblue/.config\r"
		35	expect {
		36	timeout {puts "TESTING ERROR 2\n";exit}
		37	"Child process initialized"
		38	}
		39	sleep 1
		40
		41	send -- "ls ~/.config \| wc -l\r"
		42	expect {
		43	timeout {puts "TESTING ERROR 3\n";exit}
		44	"0"
		45	}
		46	after 100
		47	send -- "exit\r"
		48	sleep 1
		49
		50	#
		51	# C
		52	#
		53	send -- "touch /tmp/chroot/home/netblue/.config/firejail-test-file\r"
		54	sleep 1
		55	send -- "firejail --noprofile --chroot=/tmp/chroot --tmpfs=/home/netblue/.config\r"
		56	expect {
		57	timeout {puts "TESTING ERROR 4\n";exit}
		58	"Child process initialized"
		59	}
		60	sleep 1
		61
		62	send -- "ls ~/.config \| wc -l\r"
		63	expect {
		64	timeout {puts "TESTING ERROR 5\n";exit}
		65	"0"
		66	}
		67	after 100
		68	send -- "exit\r"
		69	sleep 1
		70
		71
		72	puts "\nall done\n"


diff --git a/test/features/3.2.exp b/test/features/3.2.exp new file mode 100755 index 000000000..f6ed01310 --- /dev/null +++ b/test/features/3.2.exp
@@ -0,0 +1,72 @@
		1	#!/usr/bin/expect -f
		2	#
		3	# disable /boot
		4	#
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	#
		11	# N
		12	#
		13	send -- "rm -f ~/.config/firejail-test-file\r"
		14	sleep 1
		15	send -- "firejail --noprofile --read-only=/home/netblue/.config\r"
		16	expect {
		17	timeout {puts "TESTING ERROR 0\n";exit}
		18	"Child process initialized"
		19	}
		20	sleep 1
		21
		22	send -- "touch ~/.config/firejail-test-file\r"
		23	expect {
		24	timeout {puts "TESTING ERROR 1\n";exit}
		25	"Read-only file system"
		26	}
		27	after 100
		28	send -- "exit\r"
		29	sleep 1
		30
		31	#
		32	# O
		33	#
		34	send -- "firejail --noprofile --overlay --read-only=/home/netblue/.config\r"
		35	expect {
		36	timeout {puts "TESTING ERROR 2\n";exit}
		37	"Child process initialized"
		38	}
		39	sleep 1
		40
		41	send -- "touch ~/.config/firejail-test-file\r"
		42	expect {
		43	timeout {puts "TESTING ERROR 3\n";exit}
		44	"Read-only file system"
		45	}
		46	after 100
		47	send -- "exit\r"
		48	sleep 1
		49
		50	#
		51	# C
		52	#
		53	send -- "rm -f /tmp/chroot/home/netblue/.config/firejail-test-file\r"
		54	sleep 1
		55	send -- "firejail --noprofile --chroot=/tmp/chroot --read-only=/home/netblue/.config\r"
		56	expect {
		57	timeout {puts "TESTING ERROR 4\n";exit}
		58	"Child process initialized"
		59	}
		60	sleep 1
		61
		62	send -- "touch ~/.config/firejail-test-file\r"
		63	expect {
		64	timeout {puts "TESTING ERROR 5\n";exit}
		65	"Read-only file system"
		66	}
		67	after 100
		68	send -- "exit\r"
		69	sleep 1
		70
		71
		72	puts "\nall done\n"


diff --git a/test/features/features.txt b/test/features/features.txt index 95e8cc5a0..492843adc 100644 --- a/test/features/features.txt +++ b/test/features/features.txt
@@ -70,4 +70,5 @@ C - chroot filesystem
70	3. Filesystem features (use --noprofile)	70	3. Filesystem features (use --noprofile)
71		71
72	3.1 tmpfs	72	3.1 tmpfs
		73	3.2 read-only
73	\ No newline at end of file	74	\ No newline at end of file