diff options
author | netblue30 <netblue30@yahoo.com> | 2016-11-02 07:49:01 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-11-02 07:49:01 -0400 |
commit | 72b93c5761b5e42c5742e192f46bac1696c36f4c (patch) | |
tree | 3951e01a771ea3e8f11b8364991bb47f752f011f /test | |
parent | fixed /run/firejail/mnt problem introduced recently (diff) | |
download | firejail-72b93c5761b5e42c5742e192f46bac1696c36f4c.tar.gz firejail-72b93c5761b5e42c5742e192f46bac1696c36f4c.tar.zst firejail-72b93c5761b5e42c5742e192f46bac1696c36f4c.zip |
major cleanup
Diffstat (limited to 'test')
-rwxr-xr-x | test/filters/filters.sh | 15 | ||||
-rwxr-xr-x | test/filters/fseccomp.exp | 138 |
2 files changed, 149 insertions, 4 deletions
diff --git a/test/filters/filters.sh b/test/filters/filters.sh index 5093c8614..5c7c98b3e 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh | |||
@@ -12,11 +12,21 @@ echo "TESTING: noroot (test/filters/noroot.exp)" | |||
12 | echo "TESTING: capabilities (test/filters/caps.exp)" | 12 | echo "TESTING: capabilities (test/filters/caps.exp)" |
13 | ./caps.exp | 13 | ./caps.exp |
14 | 14 | ||
15 | rm -f seccomp-test-file | ||
16 | if [ "$(uname -m)" = "x86_64" ]; then | ||
17 | echo "TESTING: fseccomp (test/filters/fseccomp.exp)" | ||
18 | ./fseccomp.exp | ||
19 | else | ||
20 | echo "TESTING SKIP: fseccomp test implemented only for x86_64" | ||
21 | fi | ||
22 | rm -f seccomp-test-file | ||
23 | |||
24 | |||
15 | if [ "$(uname -m)" = "x86_64" ]; then | 25 | if [ "$(uname -m)" = "x86_64" ]; then |
16 | echo "TESTING: protocol (test/filters/protocol.exp)" | 26 | echo "TESTING: protocol (test/filters/protocol.exp)" |
17 | ./protocol.exp | 27 | ./protocol.exp |
18 | else | 28 | else |
19 | echo "TESTING SKIP: protocol, not running on x86_64" | 29 | echo "TESTING SKIP: protocol, running only on x86_64" |
20 | fi | 30 | fi |
21 | 31 | ||
22 | echo "TESTING: seccomp bad empty (test/filters/seccomp-bad-empty.exp)" | 32 | echo "TESTING: seccomp bad empty (test/filters/seccomp-bad-empty.exp)" |
@@ -50,9 +60,6 @@ echo "TESTING: seccomp chmod profile - seccomp lists (test/filters/seccomp-chmod | |||
50 | echo "TESTING: seccomp empty (test/filters/seccomp-empty.exp)" | 60 | echo "TESTING: seccomp empty (test/filters/seccomp-empty.exp)" |
51 | ./seccomp-empty.exp | 61 | ./seccomp-empty.exp |
52 | 62 | ||
53 | echo "TESTING: seccomp bad empty (test/filters/seccomp-bad-empty.exp)" | ||
54 | ./seccomp-bad-empty.exp | ||
55 | |||
56 | if [ "$(uname -m)" = "x86_64" ]; then | 63 | if [ "$(uname -m)" = "x86_64" ]; then |
57 | echo "TESTING: seccomp dual filter (test/filters/seccomp-dualfilter.exp)" | 64 | echo "TESTING: seccomp dual filter (test/filters/seccomp-dualfilter.exp)" |
58 | ./seccomp-dualfilter.exp | 65 | ./seccomp-dualfilter.exp |
diff --git a/test/filters/fseccomp.exp b/test/filters/fseccomp.exp new file mode 100755 index 000000000..8a9a8f9dc --- /dev/null +++ b/test/filters/fseccomp.exp | |||
@@ -0,0 +1,138 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | after 100 | ||
11 | send -- "/usr/lib/firejail/fseccomp debug-syscalls\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "1 - write" | ||
15 | } | ||
16 | |||
17 | after 100 | ||
18 | send -- "/usr/lib/firejail/fseccomp debug-errnos\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "1 - EPERM" | ||
22 | } | ||
23 | |||
24 | after 100 | ||
25 | send -- "/usr/lib/firejail/fseccomp debug-protocols\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 3\n";exit} | ||
28 | "unix, inet, inet6, netlink, packet," | ||
29 | } | ||
30 | |||
31 | after 100 | ||
32 | send -- "/usr/lib/firejail/fseccomp protocol build unix,inet seccomp-test-file\r" | ||
33 | after 100 | ||
34 | send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
37 | "WHITELIST 41 socket" | ||
38 | } | ||
39 | |||
40 | after 100 | ||
41 | send -- "/usr/lib/firejail/fseccomp secondary 64 seccomp-test-file\r" | ||
42 | after 100 | ||
43 | send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r" | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
46 | "BLACKLIST 165 mount" | ||
47 | } | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 5.2\n";exit} | ||
50 | "BLACKLIST 166 umount2" | ||
51 | } | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 5.3\n";exit} | ||
54 | "RETURN_ALLOW" | ||
55 | } | ||
56 | |||
57 | after 100 | ||
58 | send -- "/usr/lib/firejail/fseccomp default seccomp-test-file\r" | ||
59 | after 100 | ||
60 | send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
63 | "BLACKLIST 165 mount" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
67 | "BLACKLIST 166 umount2" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
71 | "RETURN_ALLOW" | ||
72 | } | ||
73 | |||
74 | after 100 | ||
75 | send -- "/usr/lib/firejail/fseccomp drop seccomp-test-file chmod,chown\r" | ||
76 | after 100 | ||
77 | send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r" | ||
78 | expect { | ||
79 | timeout {puts "TESTING ERROR 7.1\n";exit} | ||
80 | "BLACKLIST 165 mount" {puts "TESTING ERROR 7.2\n";exit} | ||
81 | "BLACKLIST 166 umount2" {puts "TESTING ERROR 7.3\n";exit} | ||
82 | "BLACKLIST 90 chmod" | ||
83 | } | ||
84 | expect { | ||
85 | timeout {puts "TESTING ERROR 7.4\n";exit} | ||
86 | "BLACKLIST 92 chown" | ||
87 | } | ||
88 | expect { | ||
89 | timeout {puts "TESTING ERROR 7.5\n";exit} | ||
90 | "RETURN_ALLOW" | ||
91 | } | ||
92 | |||
93 | after 100 | ||
94 | send -- "/usr/lib/firejail/fseccomp default drop seccomp-test-file chmod,chown\r" | ||
95 | after 100 | ||
96 | send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r" | ||
97 | expect { | ||
98 | timeout {puts "TESTING ERROR 8.1\n";exit} | ||
99 | "BLACKLIST 165 mount" | ||
100 | } | ||
101 | expect { | ||
102 | timeout {puts "TESTING ERROR 8.2\n";exit} | ||
103 | "BLACKLIST 166 umount2" | ||
104 | } | ||
105 | expect { | ||
106 | timeout {puts "TESTING ERROR 8.3\n";exit} | ||
107 | "BLACKLIST 90 chmod" | ||
108 | } | ||
109 | expect { | ||
110 | timeout {puts "TESTING ERROR 8.4\n";exit} | ||
111 | "BLACKLIST 92 chown" | ||
112 | } | ||
113 | expect { | ||
114 | timeout {puts "TESTING ERROR 8.5\n";exit} | ||
115 | "RETURN_ALLOW" | ||
116 | } | ||
117 | after 100 | ||
118 | send -- "/usr/lib/firejail/fseccomp keep seccomp-test-file chmod,chown\r" | ||
119 | after 100 | ||
120 | send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r" | ||
121 | expect { | ||
122 | timeout {puts "TESTING ERROR 9.1\n";exit} | ||
123 | "WHITELIST 90 chmod" | ||
124 | } | ||
125 | expect { | ||
126 | timeout {puts "TESTING ERROR 9.2\n";exit} | ||
127 | "WHITELIST 92 chown" | ||
128 | } | ||
129 | expect { | ||
130 | timeout {puts "TESTING ERROR 9.3\n";exit} | ||
131 | "KILL_PROCESS" | ||
132 | } | ||
133 | |||
134 | |||
135 | |||
136 | after 100 | ||
137 | puts "\nall done\n" | ||
138 | |||