aboutsummaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2019-10-31 14:24:03 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2019-10-31 14:24:03 -0400
commitd0a4842403a3f01b18a5c404de7de2d390dd1d59 (patch)
tree13beeadc949bf3130a43649dde6ee95cdfc21c32 /test
parentgitignore (diff)
downloadfirejail-d0a4842403a3f01b18a5c404de7de2d390dd1d59.tar.gz
firejail-d0a4842403a3f01b18a5c404de7de2d390dd1d59.tar.zst
firejail-d0a4842403a3f01b18a5c404de7de2d390dd1d59.zip
testing
Diffstat (limited to 'test')
-rwxr-xr-xtest/filters/noroot.exp130
-rwxr-xr-xtest/filters/seccomp-su.exp7
2 files changed, 52 insertions, 85 deletions
diff --git a/test/filters/noroot.exp b/test/filters/noroot.exp
index 68304437f..9b8d2e91c 100755
--- a/test/filters/noroot.exp
+++ b/test/filters/noroot.exp
@@ -7,156 +7,130 @@ set timeout 10
7spawn $env(SHELL) 7spawn $env(SHELL)
8match_max 100000 8match_max 100000
9 9
10send -- "firejail --noprofile --noroot --caps.drop=all --seccomp\r" 10send -- "firejail --name=test --noroot --noprofile\r"
11expect { 11expect {
12 timeout {puts "TESTING ERROR 1\n";exit} 12 timeout {puts "TESTING ERROR 1\n";exit}
13 "cannot create a new user namespace" {puts "TESTING SKIP: user namespace not available\n"; exit}
14 "noroot option is not available" {puts "TESTING SKIP: user namespace not available\n"; exit}
15 "Child process initialized" 13 "Child process initialized"
16} 14}
17sleep 1 15sleep 1
18 16
17# check seccomp disabled and all caps enabled
19send -- "cat /proc/self/status\r" 18send -- "cat /proc/self/status\r"
20expect { 19expect {
21 timeout {puts "TESTING ERROR 1\n";exit}
22 "CapBnd: 0000000000000000"
23}
24expect {
25 timeout {puts "TESTING ERROR 2\n";exit} 20 timeout {puts "TESTING ERROR 2\n";exit}
26 "Seccomp:" 21 "CapBnd:"
27} 22}
28expect { 23expect {
29 timeout {puts "TESTING ERROR 3\n";exit} 24 timeout {puts "TESTING ERROR 3\n";exit}
30 "2" 25 "ffffffff"
31} 26}
32expect { 27expect {
33 timeout {puts "TESTING ERROR 4\n";exit} 28 timeout {puts "TESTING ERROR 4\n";exit}
34 "Cpus_allowed:" 29 "Seccomp:"
35} 30}
36puts "\n"
37
38send -- "ping 0\r"
39expect { 31expect {
40 timeout {puts "TESTING ERROR 5\n";exit} 32 timeout {puts "TESTING ERROR 5\n";exit}
41 "Operation not permitted" 33 "0"
42} 34}
43send -- "whoami\r"
44expect { 35expect {
45 timeout {puts "TESTING ERROR 6\n";exit} 36 timeout {puts "TESTING ERROR 6\n";exit}
46 $env(USER) 37 "Cpus_allowed:"
47} 38}
48send -- "sudo -s\r" 39puts "\n"
40
41send -- "whoami\r"
49expect { 42expect {
50 timeout {puts "TESTING ERROR 7\n";exit} 43 timeout {puts "TESTING ERROR 7\n";exit}
51 "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} 44 $env(USER)
52 "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
53 "Bad system call" { puts "OK\n";}
54} 45}
55send -- "cat /proc/self/uid_map | wc -l\r" 46send -- "sudo -s\r"
56expect { 47expect {
57 timeout {puts "TESTING ERROR 8\n";exit} 48 timeout {puts "TESTING ERROR 8\n";exit}
58 "1" 49 "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
50 "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
59} 51}
60send -- "cat /proc/self/gid_map | wc -l\r" 52
53send -- "sudo su -\r"
61expect { 54expect {
62 timeout {puts "TESTING ERROR 9\n";exit} 55 timeout {puts "TESTING ERROR 9\n";exit}
63 "5" 56 "effective uid is not 0" {puts "OK\n"}
57 "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
64} 58}
65 59
66puts "\n" 60send -- "sudo ls\r"
67send -- "exit\r"
68sleep 2
69
70
71
72send -- "firejail --name=test --noroot --noprofile\r"
73expect { 61expect {
74 timeout {puts "TESTING ERROR 10\n";exit} 62 timeout {puts "TESTING ERROR 10\n";exit}
75 "Child process initialized" 63 "effective uid is not 0" {puts "OK\n"}
64 "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
76} 65}
77sleep 1
78 66
79send -- "cat /proc/self/status\r" 67send -- "cat /proc/self/uid_map | wc -l\r"
80expect { 68expect {
81 timeout {puts "TESTING ERROR 11\n";exit} 69 timeout {puts "TESTING ERROR 11\n";exit}
82 "CapBnd:" 70 "1"
83} 71}
72send -- "cat /proc/self/gid_map | wc -l\r"
84expect { 73expect {
85 timeout {puts "TESTING ERROR 12\n";exit} 74 timeout {puts "TESTING ERROR 12\n";exit}
86 "ffffffff" 75 "5"
87} 76}
77
78
79
80spawn $env(SHELL)
81send -- "firejail --debug --join=test\r"
88expect { 82expect {
89 timeout {puts "TESTING ERROR 13\n";exit} 83 timeout {puts "TESTING ERROR 13\n";exit}
90 "Seccomp:" 84 "User namespace detected"
91} 85}
92expect { 86expect {
93 timeout {puts "TESTING ERROR 14\n";exit} 87 timeout {puts "TESTING ERROR 14\n";exit}
94 "2" {puts "seccomp already active\n";} 88 "Joining user namespace"
95 "0"
96}
97expect {
98 timeout {puts "TESTING ERROR 15\n";exit}
99 "Cpus_allowed:"
100} 89}
101puts "\n" 90sleep 1
102 91
103send -- "whoami\r"
104expect {
105 timeout {puts "TESTING ERROR 16\n";exit}
106 $env(USER)
107}
108send -- "sudo -s\r" 92send -- "sudo -s\r"
109expect { 93expect {
110 timeout {puts "TESTING ERROR 17\n";exit} 94 timeout {puts "TESTING ERROR 15\n";exit}
111 "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} 95 "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
112 "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} 96 "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
113} 97 "Permission denied" { puts "OK\n";}
114send -- "ping 0\r"
115expect {
116 timeout {puts "TESTING ERROR 18\n";exit}
117 "Operation not permitted"
118} 98}
119send -- "cat /proc/self/uid_map | wc -l\r" 99send -- "cat /proc/self/uid_map | wc -l\r"
120expect { 100expect {
121 timeout {puts "TESTING ERROR 19\n";exit} 101 timeout {puts "TESTING ERROR 16\n";exit}
122 "1" 102 "1"
123} 103}
124send -- "cat /proc/self/gid_map | wc -l\r" 104send -- "cat /proc/self/gid_map | wc -l\r"
125expect { 105expect {
126 timeout {puts "TESTING ERROR 20\n";exit} 106 timeout {puts "TESTING ERROR 17\n";exit}
127 "5" 107 "5"
128} 108}
129 109
130 110# check seccomp disabled and all caps enabled
131 111send -- "cat /proc/self/status\r"
132spawn $env(SHELL)
133send -- "firejail --debug --join=test\r"
134expect { 112expect {
135 timeout {puts "TESTING ERROR 21\n";exit} 113 timeout {puts "TESTING ERROR 18\n";exit}
136 "User namespace detected" 114 "CapBnd:"
137} 115}
138expect { 116expect {
139 timeout {puts "TESTING ERROR 22\n";exit} 117 timeout {puts "TESTING ERROR 19\n";exit}
140 "Joining user namespace" 118 "ffffffff"
141} 119}
142sleep 1
143
144send -- "sudo -s\r"
145expect { 120expect {
146 timeout {puts "TESTING ERROR 23\n";exit} 121 timeout {puts "TESTING ERROR 20\n";exit}
147 "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} 122 "Seccomp:"
148 "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
149 "Permission denied" { puts "OK\n";}
150} 123}
151send -- "cat /proc/self/uid_map | wc -l\r"
152expect { 124expect {
153 timeout {puts "TESTING ERROR 24\n";exit} 125 timeout {puts "TESTING ERROR 21\n";exit}
154 "1" 126 "0"
155} 127}
156send -- "cat /proc/self/gid_map | wc -l\r"
157expect { 128expect {
158 timeout {puts "TESTING ERROR 25\n";exit} 129 timeout {puts "TESTING ERROR 22\n";exit}
159 "5" 130 "Cpus_allowed:"
160} 131}
132puts "\n"
133
134
161after 100 135after 100
162puts "\nall done\n" 136puts "\nall done\n"
diff --git a/test/filters/seccomp-su.exp b/test/filters/seccomp-su.exp
index 3ff75b3b6..8417cadaf 100755
--- a/test/filters/seccomp-su.exp
+++ b/test/filters/seccomp-su.exp
@@ -28,13 +28,6 @@ expect {
28 "Bad system call" {puts "OK\n"} 28 "Bad system call" {puts "OK\n"}
29} 29}
30 30
31send -- "ping google.com\r"
32expect {
33 timeout {puts "TESTING ERROR 3\n";exit}
34 "Operation not permitted" {puts "OK\n"}
35 "unknown host" {puts "OK\n"}
36}
37
38send -- "exit\r" 31send -- "exit\r"
39after 100 32after 100
40puts "all done\n" 33puts "all done\n"
generated by cgit v1.2.3-54-g00ecf (git 2.45.1) at 2024-06-01 09:26:45 +0000