diff options
author | netblue30 <netblue30@yahoo.com> | 2017-12-28 15:36:40 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-12-28 15:36:40 -0500 |
commit | 8706d0591301cffd3965695107c767dae54cceb3 (patch) | |
tree | adca45f28613c65cd778aadd62be2df63c396733 /test | |
parent | replacing seccomp printing with a seccomp disassembler (diff) | |
download | firejail-8706d0591301cffd3965695107c767dae54cceb3.tar.gz firejail-8706d0591301cffd3965695107c767dae54cceb3.tar.zst firejail-8706d0591301cffd3965695107c767dae54cceb3.zip |
testing
Diffstat (limited to 'test')
-rwxr-xr-x | test/filters/fseccomp.exp | 52 | ||||
-rwxr-xr-x | test/filters/seccomp-debug.exp | 8 | ||||
-rwxr-xr-x | test/filters/seccomp-empty.exp | 34 | ||||
-rwxr-xr-x | test/filters/seccomp-errno.exp | 12 | ||||
-rwxr-xr-x | test/profiles/profile_syntax2.exp | 8 | ||||
-rwxr-xr-x | test/utils/seccomp-print.exp | 8 |
6 files changed, 67 insertions, 55 deletions
diff --git a/test/filters/fseccomp.exp b/test/filters/fseccomp.exp index a71c35302..15959ff26 100755 --- a/test/filters/fseccomp.exp +++ b/test/filters/fseccomp.exp | |||
@@ -31,104 +31,104 @@ expect { | |||
31 | after 100 | 31 | after 100 |
32 | send -- "fseccomp protocol build unix,inet seccomp-test-file\r" | 32 | send -- "fseccomp protocol build unix,inet seccomp-test-file\r" |
33 | after 100 | 33 | after 100 |
34 | send -- "fseccomp print seccomp-test-file\r" | 34 | send -- "fsec-print seccomp-test-file\r" |
35 | expect { | 35 | expect { |
36 | timeout {puts "TESTING ERROR 4.1\n";exit} | 36 | timeout {puts "TESTING ERROR 4.1\n";exit} |
37 | "WHITELIST 41 socket" | 37 | "jeq socket" |
38 | } | 38 | } |
39 | 39 | ||
40 | after 100 | 40 | after 100 |
41 | send -- "fseccomp secondary 64 seccomp-test-file\r" | 41 | send -- "fseccomp secondary 64 seccomp-test-file\r" |
42 | after 100 | 42 | after 100 |
43 | send -- "fseccomp print seccomp-test-file\r" | 43 | send -- "fsec-print seccomp-test-file\r" |
44 | expect { | 44 | expect { |
45 | timeout {puts "TESTING ERROR 5.1\n";exit} | 45 | timeout {puts "TESTING ERROR 5.1\n";exit} |
46 | "BLACKLIST 165 mount" | 46 | "jeq mount" |
47 | } | 47 | } |
48 | expect { | 48 | expect { |
49 | timeout {puts "TESTING ERROR 5.2\n";exit} | 49 | timeout {puts "TESTING ERROR 5.2\n";exit} |
50 | "BLACKLIST 166 umount2" | 50 | "jeq umount2" |
51 | } | 51 | } |
52 | expect { | 52 | expect { |
53 | timeout {puts "TESTING ERROR 5.3\n";exit} | 53 | timeout {puts "TESTING ERROR 5.3\n";exit} |
54 | "RETURN_ALLOW" | 54 | "ret ALLOW" |
55 | } | 55 | } |
56 | 56 | ||
57 | after 100 | 57 | after 100 |
58 | send -- "fseccomp default seccomp-test-file\r" | 58 | send -- "fseccomp default seccomp-test-file\r" |
59 | after 100 | 59 | after 100 |
60 | send -- "fseccomp print seccomp-test-file\r" | 60 | send -- "fsec-print seccomp-test-file\r" |
61 | expect { | 61 | expect { |
62 | timeout {puts "TESTING ERROR 6.1\n";exit} | 62 | timeout {puts "TESTING ERROR 6.1\n";exit} |
63 | "BLACKLIST 165 mount" | 63 | "jeq mount" |
64 | } | 64 | } |
65 | expect { | 65 | expect { |
66 | timeout {puts "TESTING ERROR 6.2\n";exit} | 66 | timeout {puts "TESTING ERROR 6.2\n";exit} |
67 | "BLACKLIST 166 umount2" | 67 | "jeq umount2" |
68 | } | 68 | } |
69 | expect { | 69 | expect { |
70 | timeout {puts "TESTING ERROR 6.3\n";exit} | 70 | timeout {puts "TESTING ERROR 6.3\n";exit} |
71 | "RETURN_ALLOW" | 71 | "ret ALLOW" |
72 | } | 72 | } |
73 | 73 | ||
74 | after 100 | 74 | after 100 |
75 | send -- "fseccomp drop seccomp-test-file tmpfile chmod,chown\r" | 75 | send -- "fseccomp drop seccomp-test-file tmpfile chmod,chown\r" |
76 | after 100 | 76 | after 100 |
77 | send -- "fseccomp print seccomp-test-file\r" | 77 | send -- "fsec-print seccomp-test-file\r" |
78 | expect { | 78 | expect { |
79 | timeout {puts "TESTING ERROR 7.1\n";exit} | 79 | timeout {puts "TESTING ERROR 7.1\n";exit} |
80 | "BLACKLIST 165 mount" {puts "TESTING ERROR 7.2\n";exit} | 80 | "jeq mount" {puts "TESTING ERROR 7.2\n";exit} |
81 | "BLACKLIST 166 umount2" {puts "TESTING ERROR 7.3\n";exit} | 81 | "jeq umount2" {puts "TESTING ERROR 7.3\n";exit} |
82 | "BLACKLIST 90 chmod" | 82 | "jeq chmod" |
83 | } | 83 | } |
84 | expect { | 84 | expect { |
85 | timeout {puts "TESTING ERROR 7.4\n";exit} | 85 | timeout {puts "TESTING ERROR 7.4\n";exit} |
86 | "BLACKLIST 92 chown" | 86 | "jeq chown" |
87 | } | 87 | } |
88 | expect { | 88 | expect { |
89 | timeout {puts "TESTING ERROR 7.5\n";exit} | 89 | timeout {puts "TESTING ERROR 7.5\n";exit} |
90 | "RETURN_ALLOW" | 90 | "ret ALLOW" |
91 | } | 91 | } |
92 | 92 | ||
93 | after 100 | 93 | after 100 |
94 | send -- "fseccomp default drop seccomp-test-file tmpfile chmod,chown\r" | 94 | send -- "fseccomp default drop seccomp-test-file tmpfile chmod,chown\r" |
95 | after 100 | 95 | after 100 |
96 | send -- "fseccomp print seccomp-test-file\r" | 96 | send -- "fsec-print seccomp-test-file\r" |
97 | expect { | 97 | expect { |
98 | timeout {puts "TESTING ERROR 8.1\n";exit} | 98 | timeout {puts "TESTING ERROR 8.1\n";exit} |
99 | "BLACKLIST 165 mount" | 99 | "jeq mount" |
100 | } | 100 | } |
101 | expect { | 101 | expect { |
102 | timeout {puts "TESTING ERROR 8.2\n";exit} | 102 | timeout {puts "TESTING ERROR 8.2\n";exit} |
103 | "BLACKLIST 166 umount2" | 103 | "jeq umount2" |
104 | } | 104 | } |
105 | expect { | 105 | expect { |
106 | timeout {puts "TESTING ERROR 8.3\n";exit} | 106 | timeout {puts "TESTING ERROR 8.3\n";exit} |
107 | "BLACKLIST 90 chmod" | 107 | "jeq chmod" |
108 | } | 108 | } |
109 | expect { | 109 | expect { |
110 | timeout {puts "TESTING ERROR 8.4\n";exit} | 110 | timeout {puts "TESTING ERROR 8.4\n";exit} |
111 | "BLACKLIST 92 chown" | 111 | "jeq chown" |
112 | } | 112 | } |
113 | expect { | 113 | expect { |
114 | timeout {puts "TESTING ERROR 8.5\n";exit} | 114 | timeout {puts "TESTING ERROR 8.5\n";exit} |
115 | "RETURN_ALLOW" | 115 | "ret ALLOW" |
116 | } | 116 | } |
117 | after 100 | 117 | after 100 |
118 | send -- "fseccomp keep seccomp-test-file tmpfile chmod,chown\r" | 118 | send -- "fseccomp keep seccomp-test-file tmpfile chmod,chown\r" |
119 | after 100 | 119 | after 100 |
120 | send -- "fseccomp print seccomp-test-file\r" | 120 | send -- "fsec-print seccomp-test-file\r" |
121 | expect { | 121 | expect { |
122 | timeout {puts "TESTING ERROR 9.1\n";exit} | 122 | timeout {puts "TESTING ERROR 9.1\n";exit} |
123 | "WHITELIST 90 chmod" | 123 | "jeq chmod" |
124 | } | 124 | } |
125 | expect { | 125 | expect { |
126 | timeout {puts "TESTING ERROR 9.2\n";exit} | 126 | timeout {puts "TESTING ERROR 9.2\n";exit} |
127 | "WHITELIST 92 chown" | 127 | "jeq chown" |
128 | } | 128 | } |
129 | expect { | 129 | expect { |
130 | timeout {puts "TESTING ERROR 9.3\n";exit} | 130 | timeout {puts "TESTING ERROR 9.3\n";exit} |
131 | "KILL_PROCESS" | 131 | "ret KILL" |
132 | } | 132 | } |
133 | 133 | ||
134 | 134 | ||
diff --git a/test/filters/seccomp-debug.exp b/test/filters/seccomp-debug.exp index f90bbfa03..ee72e34ae 100755 --- a/test/filters/seccomp-debug.exp +++ b/test/filters/seccomp-debug.exp | |||
@@ -13,15 +13,11 @@ after 100 | |||
13 | send -- "firejail --debug sleep 1; echo done\r" | 13 | send -- "firejail --debug sleep 1; echo done\r" |
14 | expect { | 14 | expect { |
15 | timeout {puts "TESTING ERROR 0\n";exit} | 15 | timeout {puts "TESTING ERROR 0\n";exit} |
16 | "SECCOMP Filter" | 16 | "seccomp entries in /run/firejail/mnt/seccomp" |
17 | } | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "BLACKLIST" | ||
21 | } | 17 | } |
22 | expect { | 18 | expect { |
23 | timeout {puts "TESTING ERROR 2\n";exit} | 19 | timeout {puts "TESTING ERROR 2\n";exit} |
24 | "open_by_handle_at" | 20 | "jeq open_by_handle_at" |
25 | } | 21 | } |
26 | expect { | 22 | expect { |
27 | timeout {puts "TESTING ERROR 3\n";exit} | 23 | timeout {puts "TESTING ERROR 3\n";exit} |
diff --git a/test/filters/seccomp-empty.exp b/test/filters/seccomp-empty.exp index 03e081b34..77e8a2651 100755 --- a/test/filters/seccomp-empty.exp +++ b/test/filters/seccomp-empty.exp | |||
@@ -10,7 +10,11 @@ match_max 100000 | |||
10 | send -- "firejail --debug --seccomp=chmod,fchmod,fchmodat --private\r" | 10 | send -- "firejail --debug --seccomp=chmod,fchmod,fchmodat --private\r" |
11 | expect { | 11 | expect { |
12 | timeout {puts "TESTING ERROR 0\n";exit} | 12 | timeout {puts "TESTING ERROR 0\n";exit} |
13 | "VALIDATE_ARCHITECTURE" | 13 | "seccomp entries in /run/firejail/mnt/seccomp" |
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 0.0\n";exit} | ||
17 | "ld data.architecture" | ||
14 | } | 18 | } |
15 | expect { | 19 | expect { |
16 | timeout {puts "TESTING ERROR 0.1\n";exit} | 20 | timeout {puts "TESTING ERROR 0.1\n";exit} |
@@ -34,7 +38,7 @@ expect { | |||
34 | } | 38 | } |
35 | expect { | 39 | expect { |
36 | timeout {puts "TESTING ERROR 0.6\n";exit} | 40 | timeout {puts "TESTING ERROR 0.6\n";exit} |
37 | "RETURN_ALLOW" | 41 | "ret ALLOW" |
38 | } | 42 | } |
39 | expect { | 43 | expect { |
40 | timeout {puts "TESTING ERROR 0.7\n";exit} | 44 | timeout {puts "TESTING ERROR 0.7\n";exit} |
@@ -48,7 +52,11 @@ puts "\n" | |||
48 | send -- "firejail --debug --seccomp.drop=chmod,fchmod,fchmodat --private\r" | 52 | send -- "firejail --debug --seccomp.drop=chmod,fchmod,fchmodat --private\r" |
49 | expect { | 53 | expect { |
50 | timeout {puts "TESTING ERROR 1\n";exit} | 54 | timeout {puts "TESTING ERROR 1\n";exit} |
51 | "VALIDATE_ARCHITECTURE" | 55 | "seccomp entries in /run/firejail/mnt/seccomp" |
56 | } | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 1.0\n";exit} | ||
59 | "ld data.architecture" | ||
52 | } | 60 | } |
53 | expect { | 61 | expect { |
54 | timeout {puts "TESTING ERROR 1.1\n";exit} | 62 | timeout {puts "TESTING ERROR 1.1\n";exit} |
@@ -66,7 +74,7 @@ expect { | |||
66 | } | 74 | } |
67 | expect { | 75 | expect { |
68 | timeout {puts "TESTING ERROR 1.6\n";exit} | 76 | timeout {puts "TESTING ERROR 1.6\n";exit} |
69 | "RETURN_ALLOW" | 77 | "ret ALLOW" |
70 | } | 78 | } |
71 | expect { | 79 | expect { |
72 | timeout {puts "TESTING ERROR 1.7\n";exit} | 80 | timeout {puts "TESTING ERROR 1.7\n";exit} |
@@ -80,7 +88,11 @@ sleep 2 | |||
80 | send -- "firejail --debug --profile=seccomp.profile --private\r" | 88 | send -- "firejail --debug --profile=seccomp.profile --private\r" |
81 | expect { | 89 | expect { |
82 | timeout {puts "TESTING ERROR 2\n";exit} | 90 | timeout {puts "TESTING ERROR 2\n";exit} |
83 | "VALIDATE_ARCHITECTURE" | 91 | "seccomp entries in /run/firejail/mnt/seccomp" |
92 | } | ||
93 | expect { | ||
94 | timeout {puts "TESTING ERROR 2.0\n";exit} | ||
95 | "ld data.architecture" | ||
84 | } | 96 | } |
85 | expect { | 97 | expect { |
86 | timeout {puts "TESTING ERROR 2.1\n";exit} | 98 | timeout {puts "TESTING ERROR 2.1\n";exit} |
@@ -104,7 +116,7 @@ expect { | |||
104 | } | 116 | } |
105 | expect { | 117 | expect { |
106 | timeout {puts "TESTING ERROR 2.6\n";exit} | 118 | timeout {puts "TESTING ERROR 2.6\n";exit} |
107 | "RETURN_ALLOW" | 119 | "ret ALLOW" |
108 | } | 120 | } |
109 | expect { | 121 | expect { |
110 | timeout {puts "TESTING ERROR 2.7\n";exit} | 122 | timeout {puts "TESTING ERROR 2.7\n";exit} |
@@ -118,7 +130,11 @@ puts "\n" | |||
118 | send -- "firejail --debug --profile=seccomp-empty.profile --private\r" | 130 | send -- "firejail --debug --profile=seccomp-empty.profile --private\r" |
119 | expect { | 131 | expect { |
120 | timeout {puts "TESTING ERROR 3\n";exit} | 132 | timeout {puts "TESTING ERROR 3\n";exit} |
121 | "VALIDATE_ARCHITECTURE" | 133 | "seccomp entries in /run/firejail/mnt/seccomp" |
134 | } | ||
135 | expect { | ||
136 | timeout {puts "TESTING ERROR 3.0\n";exit} | ||
137 | "ld data.architecture" | ||
122 | } | 138 | } |
123 | expect { | 139 | expect { |
124 | timeout {puts "TESTING ERROR 3.1\n";exit} | 140 | timeout {puts "TESTING ERROR 3.1\n";exit} |
@@ -136,7 +152,7 @@ expect { | |||
136 | } | 152 | } |
137 | expect { | 153 | expect { |
138 | timeout {puts "TESTING ERROR 3.6\n";exit} | 154 | timeout {puts "TESTING ERROR 3.6\n";exit} |
139 | "RETURN_ALLOW" | 155 | "ret ALLOW" |
140 | } | 156 | } |
141 | expect { | 157 | expect { |
142 | timeout {puts "TESTING ERROR 3.7\n";exit} | 158 | timeout {puts "TESTING ERROR 3.7\n";exit} |
@@ -145,4 +161,4 @@ expect { | |||
145 | sleep 2 | 161 | sleep 2 |
146 | send -- "exit\r" | 162 | send -- "exit\r" |
147 | after 100 | 163 | after 100 |
148 | puts "\n" | 164 | puts "all done\n" |
diff --git a/test/filters/seccomp-errno.exp b/test/filters/seccomp-errno.exp index eeb0824f2..458fccc4e 100755 --- a/test/filters/seccomp-errno.exp +++ b/test/filters/seccomp-errno.exp | |||
@@ -20,19 +20,23 @@ sleep 1 | |||
20 | send -- "firejail --seccomp=unlinkat:ENOENT --debug rm seccomp-test-file\r" | 20 | send -- "firejail --seccomp=unlinkat:ENOENT --debug rm seccomp-test-file\r" |
21 | expect { | 21 | expect { |
22 | timeout {puts "TESTING ERROR 1\n";exit} | 22 | timeout {puts "TESTING ERROR 1\n";exit} |
23 | "unlinkat 2 ENOENT" | 23 | "seccomp entries in /run/firejail/mnt/seccomp" |
24 | } | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "ret ERRNO(2)" | ||
24 | } | 28 | } |
25 | sleep 1 | 29 | sleep 1 |
26 | 30 | ||
27 | send -- "firejail --seccomp=unlinkat:ENOENT,mkdir:ENOENT\r" | 31 | send -- "firejail --seccomp=unlinkat:ENOENT,mkdir:ENOENT\r" |
28 | expect { | 32 | expect { |
29 | timeout {puts "TESTING ERROR 2\n";exit} | 33 | timeout {puts "TESTING ERROR 3\n";exit} |
30 | "Child process initialized" | 34 | "Child process initialized" |
31 | } | 35 | } |
32 | sleep 1 | 36 | sleep 1 |
33 | send -- "rm seccomp-test-file\r" | 37 | send -- "rm seccomp-test-file\r" |
34 | expect { | 38 | expect { |
35 | timeout {puts "TESTING ERROR 3\n";exit} | 39 | timeout {puts "TESTING ERROR 4\n";exit} |
36 | "No such file or directory" | 40 | "No such file or directory" |
37 | } | 41 | } |
38 | after 100 | 42 | after 100 |
@@ -40,7 +44,7 @@ puts "\n" | |||
40 | 44 | ||
41 | send -- "mkdir seccomp-test-dir\r" | 45 | send -- "mkdir seccomp-test-dir\r" |
42 | expect { | 46 | expect { |
43 | timeout {puts "TESTING ERROR 4\n";exit} | 47 | timeout {puts "TESTING ERROR 5\n";exit} |
44 | "No such file or directory" | 48 | "No such file or directory" |
45 | } | 49 | } |
46 | after 100 | 50 | after 100 |
diff --git a/test/profiles/profile_syntax2.exp b/test/profiles/profile_syntax2.exp index 5726c0408..07d486637 100755 --- a/test/profiles/profile_syntax2.exp +++ b/test/profiles/profile_syntax2.exp | |||
@@ -31,15 +31,11 @@ expect { | |||
31 | } | 31 | } |
32 | expect { | 32 | expect { |
33 | timeout {puts "TESTING ERROR 5\n";exit} | 33 | timeout {puts "TESTING ERROR 5\n";exit} |
34 | "SECCOMP Filter" | 34 | "seccomp entries in /run/firejail/mnt/seccomp" |
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 6\n";exit} | ||
38 | "BLACKLIST" | ||
39 | } | 35 | } |
40 | expect { | 36 | expect { |
41 | timeout {puts "TESTING ERROR 7\n";exit} | 37 | timeout {puts "TESTING ERROR 7\n";exit} |
42 | "mount" | 38 | "jeq mount" |
43 | } | 39 | } |
44 | expect { | 40 | expect { |
45 | timeout {puts "TESTING ERROR 8\n";exit} | 41 | timeout {puts "TESTING ERROR 8\n";exit} |
diff --git a/test/utils/seccomp-print.exp b/test/utils/seccomp-print.exp index b3ab5e13c..930df1517 100755 --- a/test/utils/seccomp-print.exp +++ b/test/utils/seccomp-print.exp | |||
@@ -18,19 +18,19 @@ spawn $env(SHELL) | |||
18 | send -- "firejail --seccomp.print=test\r" | 18 | send -- "firejail --seccomp.print=test\r" |
19 | expect { | 19 | expect { |
20 | timeout {puts "TESTING ERROR 1\n";exit} | 20 | timeout {puts "TESTING ERROR 1\n";exit} |
21 | "EXAMINE_SYSCAL" | 21 | "ld data.syscall-number" |
22 | } | 22 | } |
23 | expect { | 23 | expect { |
24 | timeout {puts "TESTING ERROR 2\n";exit} | 24 | timeout {puts "TESTING ERROR 2\n";exit} |
25 | "delete_module" | 25 | "jeq delete_module" |
26 | } | 26 | } |
27 | expect { | 27 | expect { |
28 | timeout {puts "TESTING ERROR 3\n";exit} | 28 | timeout {puts "TESTING ERROR 3\n";exit} |
29 | "init_module" | 29 | "jeq init_module" |
30 | } | 30 | } |
31 | expect { | 31 | expect { |
32 | timeout {puts "TESTING ERROR 4\n";exit} | 32 | timeout {puts "TESTING ERROR 4\n";exit} |
33 | "RETURN_ALLOW" | 33 | "ret ALLOW" |
34 | } | 34 | } |
35 | after 100 | 35 | after 100 |
36 | puts "\nall done\n" | 36 | puts "\nall done\n" |