major cleanup and testing

author: netblue30 <netblue30@yahoo.com> 2016-11-13 10:47:20 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-11-13 10:47:20 -0500
commit: 63e16bfcd9f79c63f3801f51df4840f74fa6f41b (patch)
tree: fa62784ad7ff5becbb4856ed84264cb5d4de8828 /test
parent: set_perms cleanup (diff)
download: firejail-63e16bfcd9f79c63f3801f51df4840f74fa6f41b.tar.gz
firejail-63e16bfcd9f79c63f3801f51df4840f74fa6f41b.tar.zst
firejail-63e16bfcd9f79c63f3801f51df4840f74fa6f41b.zip
16 files changed, 392 insertions, 27 deletions
diff --git a/test/appimage/appimage-v1.exp b/test/appimage/appimage-v1.exp
index 88687ae2a..503da2b9b 100755
--- a/test/appimage/appimage-v1.exp
+++ b/test/appimage/appimage-v1.exp
@@ -7,7 +7,7 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
-send -- "firejail --appimage Leafpad-0.8.17-x86_64.AppImage\r"
+send -- "firejail --name=appimage-test --appimage Leafpad-0.8.17-x86_64.AppImage\r"
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
        "Child process initialized"
@@ -77,5 +77,9 @@ expect {
 }
 after 100
+spawn $env(SHELL)
+send -- "firejail --shutdown=appimage-test\r"
+sleep 3
 puts "\nall done\n"
diff --git a/test/appimage/appimage-v2.exp b/test/appimage/appimage-v2.exp
index 7b3bf4cbd..5cb9d0849 100755
--- a/test/appimage/appimage-v2.exp
+++ b/test/appimage/appimage-v2.exp
@@ -77,5 +77,9 @@ expect {
 }
 after 100
+spawn $env(SHELL)
+send -- "firejail --shutdown=appimage-test\r"
+sleep 3
 puts "\nall done\n"
diff --git a/test/apps-x11/apps-x11.sh b/test/apps-x11/apps-x11.sh
index 1b3494290..4a8671dbd 100755
--- a/test/apps-x11/apps-x11.sh
+++ b/test/apps-x11/apps-x11.sh
@@ -6,6 +6,33 @@
 export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
+echo "TESTING: no x11 (test/apps-x11/x11-none.exp)"
+./x11-none.exp
+which xterm
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: xterm x11 xorg"
+        ./xterm-xorg.exp
+        which xpra
+        if [ "$?" -eq 0 ];
+        then
+        echo "TESTING: xterm x11 xpra"
+        ./xterm-xpra.exp
+        fi
+        
+        which Xephyr
+        if [ "$?" -eq 0 ];
+        then
+        echo "TESTING: xterm x11 xephyr"
+        ./xterm-xephyr.exp
+        fi
+else
+        echo "TESTING SKIP: xterm not found"
+fi
 # check xpra/xephyr
 which xpra
 if [ "$?" -eq 0 ];
@@ -23,15 +50,6 @@ else
        fi
 fi
-which xterm
-if [ "$?" -eq 0 ];
-then
-        echo "TESTING: xterm x11"
-        ./xterm.exp
-else
-        echo "TESTING SKIP: xterm not found"
-fi
 which firefox
 if [ "$?" -eq 0 ];
 then
diff --git a/test/apps-x11/x11-none.exp b/test/apps-x11/x11-none.exp
new file mode 100755
index 000000000..e9908839b
--- /dev/null
+++ b/test/apps-x11/x11-none.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --name=test --x11=none\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "use network namespace in firejail"
+}
+sleep 1
+send -- "firejail --name=test --net=none --x11=none\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "ls -al /tmp/.X11-unix\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "cannot open directory"
+}
+after 100
+send -- "xterm\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "DISPLAY is not set"
+}
+after 100
+send -- "export DISPLAY=:0.0\r"
+after 100
+send -- "xterm\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Xt error"
+}
+after 100
+puts "\nall done\n"
diff --git a/test/apps-x11/x11-xephyr.exp b/test/apps-x11/x11-xephyr.exp
new file mode 100755
index 000000000..41a413890
--- /dev/null
+++ b/test/apps-x11/x11-xephyr.exp
@@ -0,0 +1,59 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --name=test --x11=xephyr xterm\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+exit
+sleep 5
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "use network namespace in firejail"
+}
+sleep 1
+send -- "firejail --name=test --net=none --x11=none\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "ls -al /tmp/.X11-unix\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "cannot open directory"
+}
+after 100
+send -- "xterm\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "DISPLAY is not set"
+}
+after 100
+send -- "export DISPLAY=:0.0\r"
+after 100
+send -- "xterm\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Xt error"
+}
+after 100
+puts "\nall done\n"
diff --git a/test/apps-x11/xterm-xephyr.exp b/test/apps-x11/xterm-xephyr.exp
new file mode 100755
index 000000000..5b4299478
--- /dev/null
+++ b/test/apps-x11/xterm-xephyr.exp
@@ -0,0 +1,86 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --name=test --x11=xephyr xterm\r"
+sleep 10
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "xterm"
+}
+sleep 1
+# grsecurity exit
+send -- "file /proc/sys/kernel/grsecurity\r"
+expect {
+        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
+        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
+        "cannot open" {puts "grsecurity not present\n"}
+}
+send -- "firejail --name=blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+spawn $env(SHELL)
+send -- "firemon --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.0\n";exit}
+        "xterm"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
+        "Seccomp:       2"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "name=blablabla"
+}
+sleep 1
+send -- "firemon --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.0\n";exit}
+        "xterm"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "CapBnd"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "0000000000000000"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.3\n";exit}
+        "name=blablabla"
+}
+sleep 1
+send -- "firejail --shutdown=test\r"
+sleep 3
+puts "\nall done\n"
diff --git a/test/apps-x11/xterm.exp b/test/apps-x11/xterm-xorg.exp
index 4fa5ddf0c..fbc88f196 100755
--- a/test/apps-x11/xterm.exp
+++ b/test/apps-x11/xterm-xorg.exp
@@ -7,7 +7,7 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
-send -- "firejail --name=test --x11 xterm\r"
+send -- "firejail --name=test --x11=xorg xterm\r"
 sleep 10
 spawn $env(SHELL)
diff --git a/test/apps-x11/xterm-xpra.exp b/test/apps-x11/xterm-xpra.exp
new file mode 100755
index 000000000..379de131a
--- /dev/null
+++ b/test/apps-x11/xterm-xpra.exp
@@ -0,0 +1,86 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --name=test --x11=xpra xterm\r"
+sleep 10
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "xterm"
+}
+sleep 1
+# grsecurity exit
+send -- "file /proc/sys/kernel/grsecurity\r"
+expect {
+        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
+        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
+        "cannot open" {puts "grsecurity not present\n"}
+}
+send -- "firejail --name=blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+spawn $env(SHELL)
+send -- "firemon --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.0\n";exit}
+        "xterm"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
+        "Seccomp:       2"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "name=blablabla"
+}
+sleep 1
+send -- "firemon --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.0\n";exit}
+        "xterm"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "CapBnd"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "0000000000000000"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.3\n";exit}
+        "name=blablabla"
+}
+sleep 1
+send -- "firejail --shutdown=test\r"
+sleep 3
+puts "\nall done\n"
diff --git a/test/fs/read-write.exp b/test/fs/read-write.exp
index cfca15605..57986488e 100755
--- a/test/fs/read-write.exp
+++ b/test/fs/read-write.exp
@@ -20,12 +20,14 @@ expect {
        timeout {puts "TESTING ERROR 1\n";exit}
        "done"
 }
+after 100
 send -- "echo mytest >~/_firejail_test_dir/test1/b;echo done\r"
 expect {
        timeout {puts "TESTING ERROR 2\n";exit}
        "done"
 }
+after 100
 send -- "cat ~/_firejail_test_dir/a;echo done\r"
 expect {
@@ -33,7 +35,7 @@ expect {
        "mytest" {puts "TESTING ERROR 4\n";exit}
        "done"
 }
+after 100
 send -- "cat ~/_firejail_test_dir/test1/b;echo done\r"
 expect {
diff --git a/test/network/firemon-arp.exp b/test/network/firemon-arp.exp
index e40ffb609..71fa1660f 100755
--- a/test/network/firemon-arp.exp
+++ b/test/network/firemon-arp.exp
@@ -4,12 +4,12 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
-send -- "ping -c 3 192.168.1.1\r"
+#send -- "ping -c 3 192.168.1.1\r"
-expect {
+#expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
+#       timeout {puts "TESTING ERROR 0\n";exit}
-        "3 packets transmitted"
+#       "3 packets transmitted"
-}
+#}
-sleep 1
+#sleep 1
 send --  "firejail --name=test1\r"
 expect {
diff --git a/test/root/firejail.config b/test/root/firejail.config
new file mode 100644
index 000000000..71ff2f4e9
--- /dev/null
+++ b/test/root/firejail.config
@@ -0,0 +1,20 @@
+bind yes
+chroot yes
+chroot-desktop yes
+file-transfer yes
+force-nonewprivs no
+network yes
+overlayfs yes
+private-bin-no-local no
+private-home yes
+quiet-by-default no
+remount-proc-sys yes
+restricted-network no
+# netfilter-default /etc/iptables.iptables.rules
+seccomp yes
+userns yes
+whitelist yes
+x11 yes
+xephyr-screen 800x600
+xephyr-window-title yes
+xephyr-extra-params -grayscale
diff --git a/test/root/root.sh b/test/root/root.sh
index 8c7437e49..471b7d535 100755
--- a/test/root/root.sh
+++ b/test/root/root.sh
@@ -1,5 +1,8 @@
 #!/bin/bash
+# set a new firejail config file
+cp firejail.config /etc/firejail/firejail.config
 #********************************
 # servers
 #********************************
@@ -91,3 +94,6 @@ else
        echo "TESTING SKIP: firecfg, firefox not found"
 fi
+# restore the default config file
+cp ../../etc/firejail.config /etc/firejail/firejail.config
diff --git a/test/root/seccomp-umount.exp b/test/root/seccomp-umount.exp
index 04a9b7a3d..c441c5fc4 100755
--- a/test/root/seccomp-umount.exp
+++ b/test/root/seccomp-umount.exp
@@ -7,7 +7,7 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
-send --  "firejail --net=br0 --ip=10.10.20.5 --seccomp --noprofile\r"
+send --  "firejail --seccomp --noprofile\r"
 expect {
        timeout {puts "TESTING ERROR 0\n";exit}
        "Child process initialized"
diff --git a/test/utils/join.exp b/test/utils/join.exp
index 7f582e2e5..fc30bc6a4 100755
--- a/test/utils/join.exp
+++ b/test/utils/join.exp
@@ -8,7 +8,7 @@ cd /home
 spawn $env(SHELL)
 match_max 100000
-send --  "firejail --name=jointesting\r"
+send --  "firejail --name=jointesting --cpu=0 --nice=2\r"
 expect {
        timeout {puts "TESTING ERROR 0\n";exit}
        "Child process initialized"
diff --git a/test/utils/ls.exp b/test/utils/ls.exp
index cd2c2984c..ff6867c51 100755
--- a/test/utils/ls.exp
+++ b/test/utils/ls.exp
@@ -3,6 +3,8 @@
 set timeout 10
 spawn $env(SHELL)
 match_max 100000
+set firstspawn $spawn_id
 send -- "rm -f lstesting\r"
 sleep 1
@@ -11,11 +13,11 @@ expect {
        timeout {puts "TESTING ERROR 0\n";exit}
        "Child process initialized"
 }
-sleep 2
+sleep 1
 send -- "echo my_testing > ~/lstesting\r"
-sleep 2
+after 100
+# ls
 spawn $env(SHELL)
 send -- "firejail --ls=test ~/.\r"
 expect {
@@ -23,14 +25,44 @@ expect {
        "lstesting"
 }
 sleep 1
+# get
 send -- "firejail --get=test ~/lstesting\r"
-sleep 2
+sleep 1
 send -- "cat lstesting\r"
 expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
+        timeout {puts "TESTING ERROR 2n";exit}
        "my_testing"
 }
+after 100
+# put
+send -- "echo put_test > ~/lstesting\r"
+after 100
+send -- "firejail --put=test ~/lstesting ~/lstesting_2\r"
 sleep 1
+set spawn_id $firstspawn
+send -- "ls -al ~\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "lstesting_2"
+}
+after 100
+send -- "cat ~/lstesting_2\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "put_test"
+}
+after 100
+send -- "exit\r"
+sleep 1
 send -- "rm -f lstesting\r"
 after 100
diff --git a/test/utils/utils.sh b/test/utils/utils.sh
index 7b0ab1096..bd91110f7 100755
--- a/test/utils/utils.sh
+++ b/test/utils/utils.sh
@@ -88,10 +88,10 @@ echo "TESTING: top (test/utils/top.exp)"
 echo "TESTING: file transfer (test/utils/ls.exp)"
 ./ls.exp
-echo "TESTING: firemon --seccomp (test/utils/firemon-seccomp.exp)"
+echo "TESTING: firemon seccomp (test/utils/firemon-seccomp.exp)"
 ./firemon-seccomp.exp
-echo "TESTING: firemon --caps (test/utils/firemon-caps.exp)"
+echo "TESTING: firemon caps (test/utils/firemon-caps.exp)"
 ./firemon-caps.exp
 echo "TESTING: firemon cpu (test/utils/firemon-cpu.exp)"
author	netblue30 <netblue30@yahoo.com>	2016-11-13 10:47:20 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-11-13 10:47:20 -0500
commit	63e16bfcd9f79c63f3801f51df4840f74fa6f41b (patch)
tree	fa62784ad7ff5becbb4856ed84264cb5d4de8828 /test
parent	set_perms cleanup (diff)
download	firejail-63e16bfcd9f79c63f3801f51df4840f74fa6f41b.tar.gz firejail-63e16bfcd9f79c63f3801f51df4840f74fa6f41b.tar.zst firejail-63e16bfcd9f79c63f3801f51df4840f74fa6f41b.zip

diff --git a/test/appimage/appimage-v1.exp b/test/appimage/appimage-v1.exp index 88687ae2a..503da2b9b 100755 --- a/test/appimage/appimage-v1.exp +++ b/test/appimage/appimage-v1.exp
@@ -7,7 +7,7 @@ set timeout 10
7	spawn $env(SHELL)	7	spawn $env(SHELL)
8	match_max 100000	8	match_max 100000
9		9
10	send -- "firejail --appimage Leafpad-0.8.17-x86_64.AppImage\r"	10	send -- "firejail --name=appimage-test --appimage Leafpad-0.8.17-x86_64.AppImage\r"
11	expect {	11	expect {
12	timeout {puts "TESTING ERROR 1\n";exit}	12	timeout {puts "TESTING ERROR 1\n";exit}
13	"Child process initialized"	13	"Child process initialized"
@@ -77,5 +77,9 @@ expect {
77	}	77	}
78	after 100	78	after 100
79		79
		80	spawn $env(SHELL)
		81	send -- "firejail --shutdown=appimage-test\r"
		82	sleep 3
		83
80	puts "\nall done\n"	84	puts "\nall done\n"
81		85


diff --git a/test/appimage/appimage-v2.exp b/test/appimage/appimage-v2.exp index 7b3bf4cbd..5cb9d0849 100755 --- a/test/appimage/appimage-v2.exp +++ b/test/appimage/appimage-v2.exp
@@ -77,5 +77,9 @@ expect {
77	}	77	}
78	after 100	78	after 100
79		79
		80	spawn $env(SHELL)
		81	send -- "firejail --shutdown=appimage-test\r"
		82	sleep 3
		83
80	puts "\nall done\n"	84	puts "\nall done\n"
81		85


diff --git a/test/apps-x11/apps-x11.sh b/test/apps-x11/apps-x11.sh index 1b3494290..4a8671dbd 100755 --- a/test/apps-x11/apps-x11.sh +++ b/test/apps-x11/apps-x11.sh
@@ -6,6 +6,33 @@
6	export MALLOC_CHECK_=3	6	export MALLOC_CHECK_=3
7	export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))	7	export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
8		8
		9	echo "TESTING: no x11 (test/apps-x11/x11-none.exp)"
		10	./x11-none.exp
		11
		12
		13	which xterm
		14	if [ "$?" -eq 0 ];
		15	then
		16	echo "TESTING: xterm x11 xorg"
		17	./xterm-xorg.exp
		18
		19	which xpra
		20	if [ "$?" -eq 0 ];
		21	then
		22	echo "TESTING: xterm x11 xpra"
		23	./xterm-xpra.exp
		24	fi
		25
		26	which Xephyr
		27	if [ "$?" -eq 0 ];
		28	then
		29	echo "TESTING: xterm x11 xephyr"
		30	./xterm-xephyr.exp
		31	fi
		32	else
		33	echo "TESTING SKIP: xterm not found"
		34	fi
		35
9	# check xpra/xephyr	36	# check xpra/xephyr
10	which xpra	37	which xpra
11	if [ "$?" -eq 0 ];	38	if [ "$?" -eq 0 ];
@@ -23,15 +50,6 @@ else
23	fi	50	fi
24	fi	51	fi
25		52
26	which xterm
27	if [ "$?" -eq 0 ];
28	then
29	echo "TESTING: xterm x11"
30	./xterm.exp
31	else
32	echo "TESTING SKIP: xterm not found"
33	fi
34
35	which firefox	53	which firefox
36	if [ "$?" -eq 0 ];	54	if [ "$?" -eq 0 ];
37	then	55	then


diff --git a/test/apps-x11/x11-none.exp b/test/apps-x11/x11-none.exp new file mode 100755 index 000000000..e9908839b --- /dev/null +++ b/test/apps-x11/x11-none.exp
@@ -0,0 +1,48 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2016 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --name=test --x11=none\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	"use network namespace in firejail"
		14	}
		15	sleep 1
		16
		17	send -- "firejail --name=test --net=none --x11=none\r"
		18	expect {
		19	timeout {puts "TESTING ERROR 1\n";exit}
		20	"Child process initialized"
		21	}
		22	sleep 1
		23
		24	send -- "ls -al /tmp/.X11-unix\r"
		25	expect {
		26	timeout {puts "TESTING ERROR 2\n";exit}
		27	"cannot open directory"
		28	}
		29	after 100
		30
		31	send -- "xterm\r"
		32	expect {
		33	timeout {puts "TESTING ERROR 3\n";exit}
		34	"DISPLAY is not set"
		35	}
		36	after 100
		37
		38	send -- "export DISPLAY=:0.0\r"
		39	after 100
		40	send -- "xterm\r"
		41	expect {
		42	timeout {puts "TESTING ERROR 4\n";exit}
		43	"Xt error"
		44	}
		45	after 100
		46
		47	puts "\nall done\n"
		48


diff --git a/test/apps-x11/x11-xephyr.exp b/test/apps-x11/x11-xephyr.exp new file mode 100755 index 000000000..41a413890 --- /dev/null +++ b/test/apps-x11/x11-xephyr.exp
@@ -0,0 +1,59 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2016 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --name=test --x11=xephyr xterm\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 1\n";exit}
		13	"Child process initialized"
		14	}
		15
		16	exit
		17
		18
		19	sleep 5
		20
		21
		22	expect {
		23	timeout {puts "TESTING ERROR 0\n";exit}
		24	"use network namespace in firejail"
		25	}
		26	sleep 1
		27
		28	send -- "firejail --name=test --net=none --x11=none\r"
		29	expect {
		30	timeout {puts "TESTING ERROR 1\n";exit}
		31	"Child process initialized"
		32	}
		33	sleep 1
		34
		35	send -- "ls -al /tmp/.X11-unix\r"
		36	expect {
		37	timeout {puts "TESTING ERROR 2\n";exit}
		38	"cannot open directory"
		39	}
		40	after 100
		41
		42	send -- "xterm\r"
		43	expect {
		44	timeout {puts "TESTING ERROR 3\n";exit}
		45	"DISPLAY is not set"
		46	}
		47	after 100
		48
		49	send -- "export DISPLAY=:0.0\r"
		50	after 100
		51	send -- "xterm\r"
		52	expect {
		53	timeout {puts "TESTING ERROR 4\n";exit}
		54	"Xt error"
		55	}
		56	after 100
		57
		58	puts "\nall done\n"
		59


diff --git a/test/apps-x11/xterm-xephyr.exp b/test/apps-x11/xterm-xephyr.exp new file mode 100755 index 000000000..5b4299478 --- /dev/null +++ b/test/apps-x11/xterm-xephyr.exp
@@ -0,0 +1,86 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2016 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --name=test --x11=xephyr xterm\r"
		11	sleep 10
		12
		13	spawn $env(SHELL)
		14	send -- "firejail --list\r"
		15	expect {
		16	timeout {puts "TESTING ERROR 3\n";exit}
		17	":firejail"
		18	}
		19	expect {
		20	timeout {puts "TESTING ERROR 3.1\n";exit}
		21	"xterm"
		22	}
		23	sleep 1
		24
		25	# grsecurity exit
		26	send -- "file /proc/sys/kernel/grsecurity\r"
		27	expect {
		28	timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
		29	"grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
		30	"cannot open" {puts "grsecurity not present\n"}
		31	}
		32
		33	send -- "firejail --name=blablabla\r"
		34	expect {
		35	timeout {puts "TESTING ERROR 4\n";exit}
		36	"Child process initialized"
		37	}
		38	sleep 2
		39
		40	spawn $env(SHELL)
		41	send -- "firemon --seccomp\r"
		42	expect {
		43	timeout {puts "TESTING ERROR 5\n";exit}
		44	"need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
		45	":firejail"
		46	}
		47	expect {
		48	timeout {puts "TESTING ERROR 5.0\n";exit}
		49	"xterm"
		50	}
		51	expect {
		52	timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
		53	"Seccomp: 2"
		54	}
		55	expect {
		56	timeout {puts "TESTING ERROR 5.1\n";exit}
		57	"name=blablabla"
		58	}
		59	sleep 1
		60	send -- "firemon --caps\r"
		61	expect {
		62	timeout {puts "TESTING ERROR 6\n";exit}
		63	":firejail"
		64	}
		65	expect {
		66	timeout {puts "TESTING ERROR 6.0\n";exit}
		67	"xterm"
		68	}
		69	expect {
		70	timeout {puts "TESTING ERROR 6.1\n";exit}
		71	"CapBnd"
		72	}
		73	expect {
		74	timeout {puts "TESTING ERROR 6.2\n";exit}
		75	"0000000000000000"
		76	}
		77	expect {
		78	timeout {puts "TESTING ERROR 6.3\n";exit}
		79	"name=blablabla"
		80	}
		81	sleep 1
		82	send -- "firejail --shutdown=test\r"
		83	sleep 3
		84
		85	puts "\nall done\n"
		86


diff --git a/test/apps-x11/xterm.exp b/test/apps-x11/xterm-xorg.exp index 4fa5ddf0c..fbc88f196 100755 --- a/test/apps-x11/xterm.exp +++ b/test/apps-x11/xterm-xorg.exp
@@ -7,7 +7,7 @@ set timeout 10
7	spawn $env(SHELL)	7	spawn $env(SHELL)
8	match_max 100000	8	match_max 100000
9		9
10	send -- "firejail --name=test --x11 xterm\r"	10	send -- "firejail --name=test --x11=xorg xterm\r"
11	sleep 10	11	sleep 10
12		12
13	spawn $env(SHELL)	13	spawn $env(SHELL)


diff --git a/test/apps-x11/xterm-xpra.exp b/test/apps-x11/xterm-xpra.exp new file mode 100755 index 000000000..379de131a --- /dev/null +++ b/test/apps-x11/xterm-xpra.exp
@@ -0,0 +1,86 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2016 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --name=test --x11=xpra xterm\r"
		11	sleep 10
		12
		13	spawn $env(SHELL)
		14	send -- "firejail --list\r"
		15	expect {
		16	timeout {puts "TESTING ERROR 3\n";exit}
		17	":firejail"
		18	}
		19	expect {
		20	timeout {puts "TESTING ERROR 3.1\n";exit}
		21	"xterm"
		22	}
		23	sleep 1
		24
		25	# grsecurity exit
		26	send -- "file /proc/sys/kernel/grsecurity\r"
		27	expect {
		28	timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
		29	"grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
		30	"cannot open" {puts "grsecurity not present\n"}
		31	}
		32
		33	send -- "firejail --name=blablabla\r"
		34	expect {
		35	timeout {puts "TESTING ERROR 4\n";exit}
		36	"Child process initialized"
		37	}
		38	sleep 2
		39
		40	spawn $env(SHELL)
		41	send -- "firemon --seccomp\r"
		42	expect {
		43	timeout {puts "TESTING ERROR 5\n";exit}
		44	"need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
		45	":firejail"
		46	}
		47	expect {
		48	timeout {puts "TESTING ERROR 5.0\n";exit}
		49	"xterm"
		50	}
		51	expect {
		52	timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
		53	"Seccomp: 2"
		54	}
		55	expect {
		56	timeout {puts "TESTING ERROR 5.1\n";exit}
		57	"name=blablabla"
		58	}
		59	sleep 1
		60	send -- "firemon --caps\r"
		61	expect {
		62	timeout {puts "TESTING ERROR 6\n";exit}
		63	":firejail"
		64	}
		65	expect {
		66	timeout {puts "TESTING ERROR 6.0\n";exit}
		67	"xterm"
		68	}
		69	expect {
		70	timeout {puts "TESTING ERROR 6.1\n";exit}
		71	"CapBnd"
		72	}
		73	expect {
		74	timeout {puts "TESTING ERROR 6.2\n";exit}
		75	"0000000000000000"
		76	}
		77	expect {
		78	timeout {puts "TESTING ERROR 6.3\n";exit}
		79	"name=blablabla"
		80	}
		81	sleep 1
		82	send -- "firejail --shutdown=test\r"
		83	sleep 3
		84
		85	puts "\nall done\n"
		86


diff --git a/test/fs/read-write.exp b/test/fs/read-write.exp index cfca15605..57986488e 100755 --- a/test/fs/read-write.exp +++ b/test/fs/read-write.exp
@@ -20,12 +20,14 @@ expect {
20	timeout {puts "TESTING ERROR 1\n";exit}	20	timeout {puts "TESTING ERROR 1\n";exit}
21	"done"	21	"done"
22	}	22	}
		23	after 100
23		24
24	send -- "echo mytest >~/_firejail_test_dir/test1/b;echo done\r"	25	send -- "echo mytest >~/_firejail_test_dir/test1/b;echo done\r"
25	expect {	26	expect {
26	timeout {puts "TESTING ERROR 2\n";exit}	27	timeout {puts "TESTING ERROR 2\n";exit}
27	"done"	28	"done"
28	}	29	}
		30	after 100
29		31
30	send -- "cat ~/_firejail_test_dir/a;echo done\r"	32	send -- "cat ~/_firejail_test_dir/a;echo done\r"
31	expect {	33	expect {
@@ -33,7 +35,7 @@ expect {
33	"mytest" {puts "TESTING ERROR 4\n";exit}	35	"mytest" {puts "TESTING ERROR 4\n";exit}
34	"done"	36	"done"
35	}	37	}
36		38	after 100
37		39
38	send -- "cat ~/_firejail_test_dir/test1/b;echo done\r"	40	send -- "cat ~/_firejail_test_dir/test1/b;echo done\r"
39	expect {	41	expect {


diff --git a/test/network/firemon-arp.exp b/test/network/firemon-arp.exp index e40ffb609..71fa1660f 100755 --- a/test/network/firemon-arp.exp +++ b/test/network/firemon-arp.exp
@@ -4,12 +4,12 @@ set timeout 10
4	spawn $env(SHELL)	4	spawn $env(SHELL)
5	match_max 100000	5	match_max 100000
6		6
7	send -- "ping -c 3 192.168.1.1\r"	7	#send -- "ping -c 3 192.168.1.1\r"
8	expect {	8	#expect {
9	timeout {puts "TESTING ERROR 0\n";exit}	9	# timeout {puts "TESTING ERROR 0\n";exit}
10	"3 packets transmitted"	10	# "3 packets transmitted"
11	}	11	#}
12	sleep 1	12	#sleep 1
13		13
14	send -- "firejail --name=test1\r"	14	send -- "firejail --name=test1\r"
15	expect {	15	expect {


diff --git a/test/root/firejail.config b/test/root/firejail.config new file mode 100644 index 000000000..71ff2f4e9 --- /dev/null +++ b/test/root/firejail.config
@@ -0,0 +1,20 @@
		1	bind yes
		2	chroot yes
		3	chroot-desktop yes
		4	file-transfer yes
		5	force-nonewprivs no
		6	network yes
		7	overlayfs yes
		8	private-bin-no-local no
		9	private-home yes
		10	quiet-by-default no
		11	remount-proc-sys yes
		12	restricted-network no
		13	# netfilter-default /etc/iptables.iptables.rules
		14	seccomp yes
		15	userns yes
		16	whitelist yes
		17	x11 yes
		18	xephyr-screen 800x600
		19	xephyr-window-title yes
		20	xephyr-extra-params -grayscale


diff --git a/test/root/root.sh b/test/root/root.sh index 8c7437e49..471b7d535 100755 --- a/test/root/root.sh +++ b/test/root/root.sh
@@ -1,5 +1,8 @@
1	#!/bin/bash	1	#!/bin/bash
2		2
		3	# set a new firejail config file
		4	cp firejail.config /etc/firejail/firejail.config
		5
3	#********************************	6	#********************************
4	# servers	7	# servers
5	#********************************	8	#********************************
@@ -91,3 +94,6 @@ else
91	echo "TESTING SKIP: firecfg, firefox not found"	94	echo "TESTING SKIP: firecfg, firefox not found"
92	fi	95	fi
93		96
		97	# restore the default config file
		98	cp ../../etc/firejail.config /etc/firejail/firejail.config
		99


diff --git a/test/root/seccomp-umount.exp b/test/root/seccomp-umount.exp index 04a9b7a3d..c441c5fc4 100755 --- a/test/root/seccomp-umount.exp +++ b/test/root/seccomp-umount.exp
@@ -7,7 +7,7 @@ set timeout 10
7	spawn $env(SHELL)	7	spawn $env(SHELL)
8	match_max 100000	8	match_max 100000
9		9
10	send -- "firejail --net=br0 --ip=10.10.20.5 --seccomp --noprofile\r"	10	send -- "firejail --seccomp --noprofile\r"
11	expect {	11	expect {
12	timeout {puts "TESTING ERROR 0\n";exit}	12	timeout {puts "TESTING ERROR 0\n";exit}
13	"Child process initialized"	13	"Child process initialized"


diff --git a/test/utils/join.exp b/test/utils/join.exp index 7f582e2e5..fc30bc6a4 100755 --- a/test/utils/join.exp +++ b/test/utils/join.exp
@@ -8,7 +8,7 @@ cd /home
8	spawn $env(SHELL)	8	spawn $env(SHELL)
9	match_max 100000	9	match_max 100000
10		10
11	send -- "firejail --name=jointesting\r"	11	send -- "firejail --name=jointesting --cpu=0 --nice=2\r"
12	expect {	12	expect {
13	timeout {puts "TESTING ERROR 0\n";exit}	13	timeout {puts "TESTING ERROR 0\n";exit}
14	"Child process initialized"	14	"Child process initialized"


diff --git a/test/utils/ls.exp b/test/utils/ls.exp index cd2c2984c..ff6867c51 100755 --- a/test/utils/ls.exp +++ b/test/utils/ls.exp
@@ -3,6 +3,8 @@
3	set timeout 10	3	set timeout 10
4	spawn $env(SHELL)	4	spawn $env(SHELL)
5	match_max 100000	5	match_max 100000
		6	set firstspawn $spawn_id
		7
6		8
7	send -- "rm -f lstesting\r"	9	send -- "rm -f lstesting\r"
8	sleep 1	10	sleep 1
@@ -11,11 +13,11 @@ expect {
11	timeout {puts "TESTING ERROR 0\n";exit}	13	timeout {puts "TESTING ERROR 0\n";exit}
12	"Child process initialized"	14	"Child process initialized"
13	}	15	}
14	sleep 2	16	sleep 1
15	send -- "echo my_testing > ~/lstesting\r"	17	send -- "echo my_testing > ~/lstesting\r"
16	sleep 2	18	after 100
17
18		19
		20	# ls
19	spawn $env(SHELL)	21	spawn $env(SHELL)
20	send -- "firejail --ls=test ~/.\r"	22	send -- "firejail --ls=test ~/.\r"
21	expect {	23	expect {
@@ -23,14 +25,44 @@ expect {
23	"lstesting"	25	"lstesting"
24	}	26	}
25	sleep 1	27	sleep 1
		28
		29	# get
26	send -- "firejail --get=test ~/lstesting\r"	30	send -- "firejail --get=test ~/lstesting\r"
27	sleep 2	31	sleep 1
28	send -- "cat lstesting\r"	32	send -- "cat lstesting\r"
29	expect {	33	expect {
30	timeout {puts "TESTING ERROR 3\n";exit}	34	timeout {puts "TESTING ERROR 2n";exit}
31	"my_testing"	35	"my_testing"
32	}	36	}
		37	after 100
		38
		39	# put
		40	send -- "echo put_test > ~/lstesting\r"
		41	after 100
		42	send -- "firejail --put=test ~/lstesting ~/lstesting_2\r"
33	sleep 1	43	sleep 1
		44
		45	set spawn_id $firstspawn
		46	send -- "ls -al ~\r"
		47	expect {
		48	timeout {puts "TESTING ERROR 3\n";exit}
		49	"lstesting_2"
		50	}
		51
		52	after 100
		53	send -- "cat ~/lstesting_2\r"
		54	expect {
		55	timeout {puts "TESTING ERROR 4\n";exit}
		56	"put_test"
		57	}
		58	after 100
		59	send -- "exit\r"
		60	sleep 1
		61
		62
		63
		64
		65
34	send -- "rm -f lstesting\r"	66	send -- "rm -f lstesting\r"
35		67
36	after 100	68	after 100


diff --git a/test/utils/utils.sh b/test/utils/utils.sh index 7b0ab1096..bd91110f7 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh
@@ -88,10 +88,10 @@ echo "TESTING: top (test/utils/top.exp)"
88	echo "TESTING: file transfer (test/utils/ls.exp)"	88	echo "TESTING: file transfer (test/utils/ls.exp)"
89	./ls.exp	89	./ls.exp
90		90
91	echo "TESTING: firemon --seccomp (test/utils/firemon-seccomp.exp)"	91	echo "TESTING: firemon seccomp (test/utils/firemon-seccomp.exp)"
92	./firemon-seccomp.exp	92	./firemon-seccomp.exp
93		93
94	echo "TESTING: firemon --caps (test/utils/firemon-caps.exp)"	94	echo "TESTING: firemon caps (test/utils/firemon-caps.exp)"
95	./firemon-caps.exp	95	./firemon-caps.exp
96		96
97	echo "TESTING: firemon cpu (test/utils/firemon-cpu.exp)"	97	echo "TESTING: firemon cpu (test/utils/firemon-cpu.exp)"