diff options
author | netblue30 <netblue30@yahoo.com> | 2016-04-30 07:31:21 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-04-30 07:31:21 -0400 |
commit | ea774178f6d8f613c96c0d001fed200155b704b7 (patch) | |
tree | ee2de7fcce0499dcb21cf475a068fe8957ab07bb /test | |
parent | added make test-filters (diff) | |
download | firejail-ea774178f6d8f613c96c0d001fed200155b704b7.tar.gz firejail-ea774178f6d8f613c96c0d001fed200155b704b7.tar.zst firejail-ea774178f6d8f613c96c0d001fed200155b704b7.zip |
added make test-filters
Diffstat (limited to 'test')
-rwxr-xr-x | test/filters/filters.sh | 48 | ||||
-rwxr-xr-x | test/filters/seccomp-chmod-profile.exp | 49 | ||||
-rwxr-xr-x | test/filters/seccomp-chmod.exp | 49 | ||||
-rwxr-xr-x | test/filters/seccomp-chown.exp | 49 | ||||
-rwxr-xr-x | test/filters/seccomp-debug.exp | 31 | ||||
-rwxr-xr-x | test/filters/seccomp-dualfilter.exp | 41 | ||||
-rwxr-xr-x | test/filters/seccomp-empty.exp | 148 | ||||
-rw-r--r-- | test/filters/seccomp-empty.profile | 1 | ||||
-rwxr-xr-x | test/filters/seccomp-errno.exp | 90 | ||||
-rwxr-xr-x | test/filters/seccomp-ptrace.exp | 26 | ||||
-rwxr-xr-x | test/filters/seccomp-su.exp | 37 | ||||
-rwxr-xr-x | test/filters/seccomp-umount.exp | 31 |
12 files changed, 600 insertions, 0 deletions
diff --git a/test/filters/filters.sh b/test/filters/filters.sh new file mode 100755 index 000000000..c21243a0f --- /dev/null +++ b/test/filters/filters.sh | |||
@@ -0,0 +1,48 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | echo "TESTING: noroot (test/filters/noroot.exp)" | ||
10 | ./noroot.exp | ||
11 | |||
12 | echo "TESTING: capabilities (test/filters/caps.exp)" | ||
13 | ./caps.exp | ||
14 | |||
15 | echo "TESTING: protocol (test/filters/protocol.exp)" | ||
16 | ./protocol.exp | ||
17 | |||
18 | echo "TESTING: seccomp bad empty (test/filters/seccomp-bad-empty.exp)" | ||
19 | ./seccomp-bad-empty.exp | ||
20 | |||
21 | echo "TESTING: seccomp debug (test/filters/seccomp-debug.exp)" | ||
22 | ./seccomp-debug.exp | ||
23 | |||
24 | echo "TESTING: seccomp errno (test/filters/seccomp-errno.exp)" | ||
25 | ./seccomp-errno.exp | ||
26 | |||
27 | echo "TESTING: seccomp su (test/filters/seccomp-su.exp)" | ||
28 | ./seccomp-su.exp | ||
29 | |||
30 | echo "TESTING: seccomp ptrace (seccomp-ptrace.exp)" | ||
31 | ./seccomp-ptrace.exp | ||
32 | |||
33 | echo "TESTING: seccomp chmod - seccomp lists (test/filters/seccomp-chmod.exp)" | ||
34 | ./seccomp-chmod.exp | ||
35 | |||
36 | echo "TESTING: seccomp chmod profile - seccomp lists (test/filters/seccomp-chmod-profile.exp)" | ||
37 | ./seccomp-chmod-profile.exp | ||
38 | |||
39 | echo "TESTING: seccomp empty (test/filters/seccomp-empty.exp)" | ||
40 | ./seccomp-empty.exp | ||
41 | |||
42 | echo "TESTING: seccomp bad empty (test/filters/seccomp-bad-empty.exp)" | ||
43 | ./seccomp-bad-empty.exp | ||
44 | |||
45 | echo "TESTING: seccomp dual filter (test/filters/seccomp-dualfilter.exp)" | ||
46 | ./seccomp-dualfilter.exp | ||
47 | |||
48 | |||
diff --git a/test/filters/seccomp-chmod-profile.exp b/test/filters/seccomp-chmod-profile.exp new file mode 100755 index 000000000..9683fad90 --- /dev/null +++ b/test/filters/seccomp-chmod-profile.exp | |||
@@ -0,0 +1,49 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --profile=seccomp.profile --private\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 2 | ||
16 | |||
17 | send -- "touch testfile;pwd\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "/root" {puts "running as root"} | ||
21 | "/home" | ||
22 | } | ||
23 | |||
24 | send -- "ls -l testfile;pwd\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "testfile" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 3\n";exit} | ||
31 | "/root" {puts "running as root"} | ||
32 | "/home" | ||
33 | } | ||
34 | |||
35 | send -- "chmod +x testfile;pwd\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 2\n";exit} | ||
38 | "Bad system call" | ||
39 | } | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 3\n";exit} | ||
42 | "/root" {puts "running as root"} | ||
43 | "/home" | ||
44 | } | ||
45 | |||
46 | |||
47 | send -- "exit\r" | ||
48 | sleep 1 | ||
49 | puts "\n" | ||
diff --git a/test/filters/seccomp-chmod.exp b/test/filters/seccomp-chmod.exp new file mode 100755 index 000000000..0d52122d3 --- /dev/null +++ b/test/filters/seccomp-chmod.exp | |||
@@ -0,0 +1,49 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --seccomp=chmod,fchmod,fchmodat --private\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 2 | ||
16 | |||
17 | send -- "touch testfile;pwd\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "/root" {puts "running as root"} | ||
21 | "/home" | ||
22 | } | ||
23 | |||
24 | send -- "ls -l testfile;pwd\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "testfile" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 3\n";exit} | ||
31 | "/root" {puts "running as root"} | ||
32 | "/home" | ||
33 | } | ||
34 | |||
35 | send -- "chmod +x testfile;pwd\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 2\n";exit} | ||
38 | "Bad system call" | ||
39 | } | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 3\n";exit} | ||
42 | "/root" {puts "running as root"} | ||
43 | "/home" | ||
44 | } | ||
45 | |||
46 | |||
47 | send -- "exit\r" | ||
48 | sleep 1 | ||
49 | puts "\n" | ||
diff --git a/test/filters/seccomp-chown.exp b/test/filters/seccomp-chown.exp new file mode 100755 index 000000000..4e393fea2 --- /dev/null +++ b/test/filters/seccomp-chown.exp | |||
@@ -0,0 +1,49 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --seccomp=chown,fchown,fchownat,lchown --private\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 2 | ||
16 | |||
17 | send -- "touch testfile;pwd\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "/root" {puts "running as root"} | ||
21 | "/home" | ||
22 | } | ||
23 | |||
24 | send -- "ls -l testfile;pwd\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "testfile" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 3\n";exit} | ||
31 | "/root" {puts "running as root"} | ||
32 | "/home" | ||
33 | } | ||
34 | |||
35 | send -- "chown netblue:netblue testfile;pwd\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 2\n";exit} | ||
38 | "Bad system call" | ||
39 | } | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 3\n";exit} | ||
42 | "/root" {puts "running as root"} | ||
43 | "/home" | ||
44 | } | ||
45 | |||
46 | |||
47 | send -- "exit\r" | ||
48 | sleep 1 | ||
49 | puts "\n" | ||
diff --git a/test/filters/seccomp-debug.exp b/test/filters/seccomp-debug.exp new file mode 100755 index 000000000..dbc0d37a9 --- /dev/null +++ b/test/filters/seccomp-debug.exp | |||
@@ -0,0 +1,31 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --seccomp --debug\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "SECCOMP Filter" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 2\n";exit} | ||
17 | "BLACKLIST" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3\n";exit} | ||
21 | "open_by_handle_at" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 4\n";exit} | ||
25 | "Child process initialized" | ||
26 | } | ||
27 | sleep 2 | ||
28 | |||
29 | send -- "exit\r" | ||
30 | after 100 | ||
31 | puts "all done\n" | ||
diff --git a/test/filters/seccomp-dualfilter.exp b/test/filters/seccomp-dualfilter.exp new file mode 100755 index 000000000..26b36236a --- /dev/null +++ b/test/filters/seccomp-dualfilter.exp | |||
@@ -0,0 +1,41 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail ./syscall_test mount\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "before mount" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "after mount" {puts "TESTING ERROR 2.1\n";exit} | ||
22 | "Parent is shutting down" | ||
23 | } | ||
24 | sleep 1 | ||
25 | |||
26 | send -- "firejail ./syscall_test32 mount\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3\n";exit} | ||
29 | "Child process initialized" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 4\n";exit} | ||
33 | "before mount" | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 5\n";exit} | ||
37 | "after mount" {puts "TESTING ERROR 5.1\n";exit} | ||
38 | "Parent is shutting down" | ||
39 | } | ||
40 | |||
41 | puts "\nall done\n" | ||
diff --git a/test/filters/seccomp-empty.exp b/test/filters/seccomp-empty.exp new file mode 100755 index 000000000..11b275c7d --- /dev/null +++ b/test/filters/seccomp-empty.exp | |||
@@ -0,0 +1,148 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --debug --seccomp=chmod,fchmod,fchmodat --private\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "VALIDATE_ARCHITECTURE" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
17 | "mount" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 0.2\n";exit} | ||
21 | "ptrace" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 0.3\n";exit} | ||
25 | "chmod" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 0.4\n";exit} | ||
29 | "fchmod" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 0.5\n";exit} | ||
33 | "fchmodat" | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 0.6\n";exit} | ||
37 | "RETURN_ALLOW" | ||
38 | } | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 0.7\n";exit} | ||
41 | "Child process initialized" | ||
42 | } | ||
43 | sleep 2 | ||
44 | send -- "exit\r" | ||
45 | sleep 3 | ||
46 | puts "\n" | ||
47 | |||
48 | send -- "firejail --debug --seccomp.drop=chmod,fchmod,fchmodat --private\r" | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 1\n";exit} | ||
51 | "VALIDATE_ARCHITECTURE" | ||
52 | } | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
55 | "mount" {puts "TESTING ERROR 1.2\n";exit} | ||
56 | "ptrace" {puts "TESTING ERROR 1.3\n";exit} | ||
57 | "chmod" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 1.4\n";exit} | ||
61 | "fchmod" | ||
62 | } | ||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 1.5\n";exit} | ||
65 | "fchmodat" | ||
66 | } | ||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 1.6\n";exit} | ||
69 | "RETURN_ALLOW" | ||
70 | } | ||
71 | expect { | ||
72 | timeout {puts "TESTING ERROR 1.7\n";exit} | ||
73 | "Child process initialized" | ||
74 | } | ||
75 | sleep 2 | ||
76 | send -- "exit\r" | ||
77 | puts "\n" | ||
78 | |||
79 | sleep 2 | ||
80 | send -- "firejail --debug --profile=seccomp.profile --private\r" | ||
81 | expect { | ||
82 | timeout {puts "TESTING ERROR 2\n";exit} | ||
83 | "VALIDATE_ARCHITECTURE" | ||
84 | } | ||
85 | expect { | ||
86 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
87 | "mount" | ||
88 | } | ||
89 | expect { | ||
90 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
91 | "ptrace" | ||
92 | } | ||
93 | expect { | ||
94 | timeout {puts "TESTING ERROR 2.3\n";exit} | ||
95 | "chmod" | ||
96 | } | ||
97 | expect { | ||
98 | timeout {puts "TESTING ERROR 2.4\n";exit} | ||
99 | "fchmod" | ||
100 | } | ||
101 | expect { | ||
102 | timeout {puts "TESTING ERROR 2.5\n";exit} | ||
103 | "fchmodat" | ||
104 | } | ||
105 | expect { | ||
106 | timeout {puts "TESTING ERROR 2.6\n";exit} | ||
107 | "RETURN_ALLOW" | ||
108 | } | ||
109 | expect { | ||
110 | timeout {puts "TESTING ERROR 2.7\n";exit} | ||
111 | "Child process initialized" | ||
112 | } | ||
113 | sleep 2 | ||
114 | send -- "exit\r" | ||
115 | sleep 3 | ||
116 | puts "\n" | ||
117 | |||
118 | send -- "firejail --debug --profile=seccomp-empty.profile --private\r" | ||
119 | expect { | ||
120 | timeout {puts "TESTING ERROR 3\n";exit} | ||
121 | "VALIDATE_ARCHITECTURE" | ||
122 | } | ||
123 | expect { | ||
124 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
125 | "mount" {puts "TESTING ERROR 3.2\n";exit} | ||
126 | "ptrace" {puts "TESTING ERROR 3.3\n";exit} | ||
127 | "chmod" | ||
128 | } | ||
129 | expect { | ||
130 | timeout {puts "TESTING ERROR 3.4\n";exit} | ||
131 | "fchmod" | ||
132 | } | ||
133 | expect { | ||
134 | timeout {puts "TESTING ERROR 3.5\n";exit} | ||
135 | "fchmodat" | ||
136 | } | ||
137 | expect { | ||
138 | timeout {puts "TESTING ERROR 3.6\n";exit} | ||
139 | "RETURN_ALLOW" | ||
140 | } | ||
141 | expect { | ||
142 | timeout {puts "TESTING ERROR 3.7\n";exit} | ||
143 | "Child process initialized" | ||
144 | } | ||
145 | sleep 2 | ||
146 | send -- "exit\r" | ||
147 | puts "\n" | ||
148 | |||
diff --git a/test/filters/seccomp-empty.profile b/test/filters/seccomp-empty.profile new file mode 100644 index 000000000..8f71f55a5 --- /dev/null +++ b/test/filters/seccomp-empty.profile | |||
@@ -0,0 +1 @@ | |||
seccomp.drop chmod,fchmod,fchmodat | |||
diff --git a/test/filters/seccomp-errno.exp b/test/filters/seccomp-errno.exp new file mode 100755 index 000000000..aefe816e1 --- /dev/null +++ b/test/filters/seccomp-errno.exp | |||
@@ -0,0 +1,90 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "touch seccomp-test-file\r" | ||
11 | sleep 1 | ||
12 | |||
13 | send -- "firejail --seccomp.enoent=unlinkat rm seccomp-test-file\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 0\n";exit} | ||
16 | "No such file or directory" | ||
17 | } | ||
18 | sleep 1 | ||
19 | |||
20 | send -- "firejail --seccomp.enoent=unlinkat --debug rm seccomp-test-file\r" | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 1\n";exit} | ||
23 | "unlinkat 2 ENOENT" | ||
24 | } | ||
25 | sleep 1 | ||
26 | |||
27 | send -- "firejail --seccomp.enoent=unlinkat,mkdir\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 2\n";exit} | ||
30 | "Child process initialized" | ||
31 | } | ||
32 | sleep 1 | ||
33 | send -- "rm seccomp-test-file\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 3\n";exit} | ||
36 | "No such file or directory" | ||
37 | } | ||
38 | after 100 | ||
39 | puts "\n" | ||
40 | |||
41 | send -- "mkdir seccomp-test-dir\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "No such file or directory" | ||
45 | } | ||
46 | after 100 | ||
47 | puts "\n" | ||
48 | |||
49 | send -- "exit\r" | ||
50 | sleep 1 | ||
51 | |||
52 | |||
53 | send -- "firejail --seccomp.enoent=unlinkat --seccomp.enoent=mkdir\r" | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 5\n";exit} | ||
56 | "errno enoent already configured" | ||
57 | } | ||
58 | sleep 1 | ||
59 | |||
60 | send -- "firejail --seccomp.enoent=unlinkat --seccomp.eperm=mkdir\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6\n";exit} | ||
63 | "Child process initialized" | ||
64 | } | ||
65 | sleep 1 | ||
66 | send -- "rm seccomp-test-file\r" | ||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 7\n";exit} | ||
69 | "No such file or directory" | ||
70 | } | ||
71 | after 100 | ||
72 | puts "\n" | ||
73 | |||
74 | send -- "mkdir seccomp-test-dir\r" | ||
75 | expect { | ||
76 | timeout {puts "TESTING ERROR 8\n";exit} | ||
77 | "Operation not permitted" | ||
78 | } | ||
79 | after 100 | ||
80 | puts "\n" | ||
81 | |||
82 | send -- "exit\r" | ||
83 | sleep 1 | ||
84 | |||
85 | |||
86 | |||
87 | |||
88 | send -- "rm seccomp-test-file\r" | ||
89 | sleep 1 | ||
90 | puts "all done\n" | ||
diff --git a/test/filters/seccomp-ptrace.exp b/test/filters/seccomp-ptrace.exp new file mode 100755 index 000000000..fba9ea92f --- /dev/null +++ b/test/filters/seccomp-ptrace.exp | |||
@@ -0,0 +1,26 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --noprofile --seccomp\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 2 | ||
16 | |||
17 | send -- "strace ls\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "Bad system call" {puts "version 1\n";} | ||
21 | " unexpected signal 31" {puts "version 2\n"} | ||
22 | } | ||
23 | |||
24 | send -- "exit\r" | ||
25 | sleep 1 | ||
26 | puts "all done\n" | ||
diff --git a/test/filters/seccomp-su.exp b/test/filters/seccomp-su.exp new file mode 100755 index 000000000..003f3df99 --- /dev/null +++ b/test/filters/seccomp-su.exp | |||
@@ -0,0 +1,37 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --noprofile --seccomp\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 2 | ||
16 | |||
17 | send -- "sudo su -\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "effective uid is not 0" | ||
21 | } | ||
22 | |||
23 | send -- "sudo ls\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 2\n";exit} | ||
26 | "effective uid is not 0" | ||
27 | } | ||
28 | |||
29 | send -- "ping google.com\r" | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 2\n";exit} | ||
32 | "Operation not permitted" | ||
33 | } | ||
34 | |||
35 | send -- "exit\r" | ||
36 | sleep 1 | ||
37 | puts "all done\n" | ||
diff --git a/test/filters/seccomp-umount.exp b/test/filters/seccomp-umount.exp new file mode 100755 index 000000000..6e2f8c6c2 --- /dev/null +++ b/test/filters/seccomp-umount.exp | |||
@@ -0,0 +1,31 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "sudo ls; sudo whoami; sudo pwd\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
13 | "root" | ||
14 | } | ||
15 | |||
16 | send -- "firejail --net=br0 --ip=10.10.20.5 --seccomp --noprofile\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 0\n";exit} | ||
19 | "Child process initialized" | ||
20 | } | ||
21 | sleep 2 | ||
22 | |||
23 | send -- "umount /proc\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 1\n";exit} | ||
26 | "Bad system call" | ||
27 | } | ||
28 | |||
29 | send -- "exit\r" | ||
30 | sleep 1 | ||
31 | puts "\n" | ||