diff options
author | netblue30 <netblue30@yahoo.com> | 2015-08-08 19:12:30 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-08-08 19:12:30 -0400 |
commit | 1379851360349d6617ad32944a25ee5e2bb74fc2 (patch) | |
tree | f69b48e90708bfa3c2723d5a27ed3e024c827b43 /test | |
parent | delete files (diff) | |
download | firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.tar.gz firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.tar.zst firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.zip |
Baseline firejail 0.9.28
Diffstat (limited to 'test')
127 files changed, 6300 insertions, 0 deletions
diff --git a/test/4bridges_arp.exp b/test/4bridges_arp.exp new file mode 100755 index 000000000..3004082e6 --- /dev/null +++ b/test/4bridges_arp.exp | |||
@@ -0,0 +1,175 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # check eth0 | ||
8 | send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0.0\n";exit} | ||
11 | "eth0" | ||
12 | } | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
15 | "10.10.20" | ||
16 | } | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 0.2\n";exit} | ||
19 | "255.255.255.248" | ||
20 | } | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 0.3\n";exit} | ||
23 | "UP" | ||
24 | } | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 0.4\n";exit} | ||
27 | "Child process initialized" | ||
28 | } | ||
29 | sleep 2 | ||
30 | send -- "exit\r" | ||
31 | sleep 2 | ||
32 | |||
33 | # check eth1 | ||
34 | send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 1.0\n";exit} | ||
37 | "eth1" | ||
38 | } | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
41 | "10.10.30" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
45 | "255.255.255.0" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 1.3\n";exit} | ||
49 | "UP" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 1.4\n";exit} | ||
53 | "Child process initialized" | ||
54 | } | ||
55 | sleep 2 | ||
56 | send -- "exit\r" | ||
57 | sleep 2 | ||
58 | |||
59 | |||
60 | # check eth2 | ||
61 | send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 2.0\n";exit} | ||
64 | "eth2" | ||
65 | } | ||
66 | expect { | ||
67 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
68 | "10.10.40" | ||
69 | } | ||
70 | expect { | ||
71 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
72 | "255.255.255.0" | ||
73 | } | ||
74 | expect { | ||
75 | timeout {puts "TESTING ERROR 2.3\n";exit} | ||
76 | "UP" | ||
77 | } | ||
78 | expect { | ||
79 | timeout {puts "TESTING ERROR 2.4\n";exit} | ||
80 | "Child process initialized" | ||
81 | } | ||
82 | sleep 2 | ||
83 | send -- "exit\r" | ||
84 | sleep 2 | ||
85 | |||
86 | |||
87 | |||
88 | # check eth3 | ||
89 | send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" | ||
90 | expect { | ||
91 | timeout {puts "TESTING ERROR 3.0\n";exit} | ||
92 | "eth3" | ||
93 | } | ||
94 | expect { | ||
95 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
96 | "10.10.50" | ||
97 | } | ||
98 | expect { | ||
99 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
100 | "255.255.255.0" | ||
101 | } | ||
102 | expect { | ||
103 | timeout {puts "TESTING ERROR 3.3\n";exit} | ||
104 | "UP" | ||
105 | } | ||
106 | expect { | ||
107 | timeout {puts "TESTING ERROR 4\n";exit} | ||
108 | "Child process initialized" | ||
109 | } | ||
110 | sleep 2 | ||
111 | send -- "exit\r" | ||
112 | sleep 2 | ||
113 | |||
114 | |||
115 | |||
116 | |||
117 | # check loopback | ||
118 | send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" | ||
119 | expect { | ||
120 | timeout {puts "TESTING ERROR 5\n";exit} | ||
121 | "lo" | ||
122 | } | ||
123 | expect { | ||
124 | timeout {puts "TESTING ERROR 6\n";exit} | ||
125 | "127.0.0.1" | ||
126 | } | ||
127 | expect { | ||
128 | timeout {puts "TESTING ERROR 7\n";exit} | ||
129 | "255.0.0.0" | ||
130 | } | ||
131 | expect { | ||
132 | timeout {puts "TESTING ERROR 8\n";exit} | ||
133 | "UP" | ||
134 | } | ||
135 | expect { | ||
136 | timeout {puts "TESTING ERROR 9\n";exit} | ||
137 | "Child process initialized" | ||
138 | } | ||
139 | |||
140 | # check default gateway | ||
141 | send -- "bash\r" | ||
142 | sleep 1 | ||
143 | send -- "netstat -rn;pwd\r" | ||
144 | expect { | ||
145 | timeout {puts "TESTING ERROR 10.1\n";exit} | ||
146 | "0.0.0.0" | ||
147 | } | ||
148 | expect { | ||
149 | timeout {puts "TESTING ERROR 10.2\n";exit} | ||
150 | "10.10.20.1" | ||
151 | } | ||
152 | expect { | ||
153 | timeout {puts "TESTING ERROR 10.3\n";exit} | ||
154 | "eth0" | ||
155 | } | ||
156 | expect { | ||
157 | timeout {puts "TESTING ERROR 10.4\n";exit} | ||
158 | "10.10.20.0" | ||
159 | } | ||
160 | expect { | ||
161 | timeout {puts "TESTING ERROR 10.5\n";exit} | ||
162 | "0.0.0.0" | ||
163 | } | ||
164 | expect { | ||
165 | timeout {puts "TESTING ERROR 10.6\n";exit} | ||
166 | "eth0" | ||
167 | } | ||
168 | expect { | ||
169 | timeout {puts "TESTING ERROR 10\n";exit} | ||
170 | "home" | ||
171 | } | ||
172 | sleep 1 | ||
173 | |||
174 | puts "\n" | ||
175 | |||
diff --git a/test/4bridges_ip.exp b/test/4bridges_ip.exp new file mode 100755 index 000000000..9e37b4ff4 --- /dev/null +++ b/test/4bridges_ip.exp | |||
@@ -0,0 +1,175 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # check eth0 | ||
8 | send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0.0\n";exit} | ||
11 | "eth0" | ||
12 | } | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
15 | "10.10.20" | ||
16 | } | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 0.2\n";exit} | ||
19 | "255.255.255.248" | ||
20 | } | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 0.3\n";exit} | ||
23 | "UP" | ||
24 | } | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 0.4\n";exit} | ||
27 | "Child process initialized" | ||
28 | } | ||
29 | sleep 2 | ||
30 | send -- "exit\r" | ||
31 | sleep 2 | ||
32 | |||
33 | # check eth1 | ||
34 | send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 1.0\n";exit} | ||
37 | "eth1" | ||
38 | } | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
41 | "10.10.30.50" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
45 | "255.255.255.0" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 1.3\n";exit} | ||
49 | "UP" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 1.4\n";exit} | ||
53 | "Child process initialized" | ||
54 | } | ||
55 | sleep 2 | ||
56 | send -- "exit\r" | ||
57 | sleep 2 | ||
58 | |||
59 | |||
60 | # check eth2 | ||
61 | send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 2.0\n";exit} | ||
64 | "eth2" | ||
65 | } | ||
66 | expect { | ||
67 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
68 | "10.10.40.100" | ||
69 | } | ||
70 | expect { | ||
71 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
72 | "255.255.255.0" | ||
73 | } | ||
74 | expect { | ||
75 | timeout {puts "TESTING ERROR 2.3\n";exit} | ||
76 | "UP" | ||
77 | } | ||
78 | expect { | ||
79 | timeout {puts "TESTING ERROR 2.4\n";exit} | ||
80 | "Child process initialized" | ||
81 | } | ||
82 | sleep 2 | ||
83 | send -- "exit\r" | ||
84 | sleep 2 | ||
85 | |||
86 | |||
87 | |||
88 | # check eth3 | ||
89 | send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" | ||
90 | expect { | ||
91 | timeout {puts "TESTING ERROR 3.0\n";exit} | ||
92 | "eth3" | ||
93 | } | ||
94 | expect { | ||
95 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
96 | "10.10.50" | ||
97 | } | ||
98 | expect { | ||
99 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
100 | "255.255.255.0" | ||
101 | } | ||
102 | expect { | ||
103 | timeout {puts "TESTING ERROR 3.3\n";exit} | ||
104 | "UP" | ||
105 | } | ||
106 | expect { | ||
107 | timeout {puts "TESTING ERROR 4\n";exit} | ||
108 | "Child process initialized" | ||
109 | } | ||
110 | sleep 2 | ||
111 | send -- "exit\r" | ||
112 | sleep 2 | ||
113 | |||
114 | |||
115 | |||
116 | |||
117 | # check loopback | ||
118 | send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" | ||
119 | expect { | ||
120 | timeout {puts "TESTING ERROR 5\n";exit} | ||
121 | "lo" | ||
122 | } | ||
123 | expect { | ||
124 | timeout {puts "TESTING ERROR 6\n";exit} | ||
125 | "127.0.0.1" | ||
126 | } | ||
127 | expect { | ||
128 | timeout {puts "TESTING ERROR 7\n";exit} | ||
129 | "255.0.0.0" | ||
130 | } | ||
131 | expect { | ||
132 | timeout {puts "TESTING ERROR 8\n";exit} | ||
133 | "UP" | ||
134 | } | ||
135 | expect { | ||
136 | timeout {puts "TESTING ERROR 9\n";exit} | ||
137 | "Child process initialized" | ||
138 | } | ||
139 | |||
140 | # check default gateway | ||
141 | send -- "bash\r" | ||
142 | sleep 1 | ||
143 | send -- "netstat -rn;pwd\r" | ||
144 | expect { | ||
145 | timeout {puts "TESTING ERROR 10.1\n";exit} | ||
146 | "0.0.0.0" | ||
147 | } | ||
148 | expect { | ||
149 | timeout {puts "TESTING ERROR 10.2\n";exit} | ||
150 | "10.10.20.1" | ||
151 | } | ||
152 | expect { | ||
153 | timeout {puts "TESTING ERROR 10.3\n";exit} | ||
154 | "eth0" | ||
155 | } | ||
156 | expect { | ||
157 | timeout {puts "TESTING ERROR 10.4\n";exit} | ||
158 | "10.10.20.0" | ||
159 | } | ||
160 | expect { | ||
161 | timeout {puts "TESTING ERROR 10.5\n";exit} | ||
162 | "0.0.0.0" | ||
163 | } | ||
164 | expect { | ||
165 | timeout {puts "TESTING ERROR 10.6\n";exit} | ||
166 | "eth0" | ||
167 | } | ||
168 | expect { | ||
169 | timeout {puts "TESTING ERROR 10\n";exit} | ||
170 | "home" | ||
171 | } | ||
172 | sleep 1 | ||
173 | |||
174 | puts "\n" | ||
175 | |||
diff --git a/test/auto/autotest.sh b/test/auto/autotest.sh new file mode 100755 index 000000000..0fb7565af --- /dev/null +++ b/test/auto/autotest.sh | |||
@@ -0,0 +1,202 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | arr[1]="TEST 1: svn and standard compilation" | ||
4 | arr[2]="TEST 2: cppcheck" | ||
5 | arr[3]="TEST 3: compile seccomp disabled, chroot disabled, bind disabled" | ||
6 | arr[4]="TEST 4: rvtest" | ||
7 | arr[5]="TEST 5: expect test as root, no malloc perturb" | ||
8 | arr[6]="TEST 6: expect test as user, no malloc perturb" | ||
9 | arr[7]="TEST 7: expect test as root, malloc perturb" | ||
10 | arr[8]="TEST 8: expect test as user, malloc perturb" | ||
11 | |||
12 | |||
13 | # remove previous reports and output file | ||
14 | cleanup() { | ||
15 | rm -f out-test | ||
16 | rm -f output* | ||
17 | rm -f report* | ||
18 | rm -fr firejail-trunk | ||
19 | } | ||
20 | |||
21 | print_title() { | ||
22 | echo | ||
23 | echo | ||
24 | echo | ||
25 | echo "**************************************************" | ||
26 | echo $1 | ||
27 | echo "**************************************************" | ||
28 | } | ||
29 | |||
30 | while [ $# -gt 0 ]; do # Until you run out of parameters . . . | ||
31 | case "$1" in | ||
32 | --clean) | ||
33 | cleanup | ||
34 | exit | ||
35 | ;; | ||
36 | --help) | ||
37 | echo "./autotest.sh [--clean|--help]" | ||
38 | exit | ||
39 | ;; | ||
40 | esac | ||
41 | shift # Check next set of parameters. | ||
42 | done | ||
43 | |||
44 | cleanup | ||
45 | # enable sudo | ||
46 | sudo ls -al | ||
47 | |||
48 | #***************************************************************** | ||
49 | # TEST 1 | ||
50 | #***************************************************************** | ||
51 | # - checkout source code | ||
52 | # - check compilation | ||
53 | # - install | ||
54 | #***************************************************************** | ||
55 | print_title "${arr[1]}" | ||
56 | svn checkout svn://svn.code.sf.net/p/firejail/code-0/trunk firejail-trunk | ||
57 | cd firejail-trunk | ||
58 | ./configure --prefix=/usr 2>&1 | tee ../output-configure | ||
59 | make -j4 2>&1 | tee ../output-make | ||
60 | sudo make install 2>&1 | tee ../output-install | ||
61 | cd src/tools | ||
62 | gcc -o rvtest rvtest.c | ||
63 | cd ../.. | ||
64 | cd test | ||
65 | sudo ./configure > /dev/null | ||
66 | cd ../.. | ||
67 | grep warning output-configure output-make output-install > ./report-test1 | ||
68 | grep error output-configure output-make output-install >> ./report-test1 | ||
69 | cat report-test1 > out-test1 | ||
70 | |||
71 | #***************************************************************** | ||
72 | # TEST 2 | ||
73 | #***************************************************************** | ||
74 | # - run cppcheck | ||
75 | #***************************************************************** | ||
76 | print_title "${arr[2]}" | ||
77 | cd firejail-trunk | ||
78 | cp /home/netblue/bin/cfg/std.cfg . | ||
79 | cppcheck --force . 2>&1 | tee ../output-cppcheck | ||
80 | cd .. | ||
81 | grep error output-cppcheck > report-test2 | ||
82 | cat report-test2 > out-test2 | ||
83 | |||
84 | #***************************************************************** | ||
85 | # TEST 3 | ||
86 | #***************************************************************** | ||
87 | # - disable seccomp configuration | ||
88 | # - check compilation | ||
89 | #***************************************************************** | ||
90 | print_title "${arr[3]}" | ||
91 | # seccomp | ||
92 | cd firejail-trunk | ||
93 | make distclean | ||
94 | ./configure --prefix=/usr --disable-seccomp 2>&1 | tee ../output-configure-noseccomp | ||
95 | make -j4 2>&1 | tee ../output-make-noseccomp | ||
96 | cd .. | ||
97 | grep warning output-configure-noseccomp output-make-noseccomp > ./report-test3 | ||
98 | grep error output-configure-noseccomp output-make-noseccomp >> ./report-test3 | ||
99 | # chroot | ||
100 | cd firejail-trunk | ||
101 | make distclean | ||
102 | ./configure --prefix=/usr --disable-chroot 2>&1 | tee ../output-configure-nochroot | ||
103 | make -j4 2>&1 | tee ../output-make-nochroot | ||
104 | cd .. | ||
105 | grep warning output-configure-nochroot output-make-nochroot >> ./report-test3 | ||
106 | grep error output-configure-nochroot output-make-nochroot >> ./report-test3 | ||
107 | # bind | ||
108 | cd firejail-trunk | ||
109 | make distclean | ||
110 | ./configure --prefix=/usr --disable-bind 2>&1 | tee ../output-configure-nobind | ||
111 | make -j4 2>&1 | tee ../output-make-nobind | ||
112 | cd .. | ||
113 | grep warning output-configure-nobind output-make-nobind >> ./report-test3 | ||
114 | grep error output-configure-nobind output-make-nobind >> ./report-test3 | ||
115 | # save result | ||
116 | cat report-test3 > out-test3 | ||
117 | |||
118 | #***************************************************************** | ||
119 | # TEST 4 | ||
120 | #***************************************************************** | ||
121 | # - rvtest | ||
122 | #***************************************************************** | ||
123 | print_title "${arr[4]}" | ||
124 | cd firejail-trunk | ||
125 | cd test | ||
126 | ../src/tools/rvtest test.rv 2>/dev/null | tee ../../output-test4 | grep TESTING | ||
127 | cd ../.. | ||
128 | grep TESTING output-test4 > ./report-test4 | ||
129 | grep ERROR report-test4 > out-test4 | ||
130 | |||
131 | |||
132 | #***************************************************************** | ||
133 | # TEST 5 | ||
134 | #***************************************************************** | ||
135 | # - expect test as root, no malloc perturb | ||
136 | #***************************************************************** | ||
137 | print_title "${arr[5]}" | ||
138 | cd firejail-trunk/test | ||
139 | sudo ./test-root.sh 2>&1 | tee ../../output-test5 | grep TESTING | ||
140 | cd ../.. | ||
141 | grep TESTING output-test5 > ./report-test5 | ||
142 | grep ERROR report-test5 > out-test5 | ||
143 | |||
144 | #***************************************************************** | ||
145 | # TEST 6 | ||
146 | #***************************************************************** | ||
147 | # - expect test as user, no malloc perturb | ||
148 | #***************************************************************** | ||
149 | print_title "${arr[6]}" | ||
150 | cd firejail-trunk/test | ||
151 | ./test.sh 2>&1 | tee ../../output-test6 | grep TESTING | ||
152 | cd ../.. | ||
153 | grep TESTING output-test6 > ./report-test6 | ||
154 | grep ERROR report-test6 > out-test6 | ||
155 | |||
156 | |||
157 | |||
158 | #***************************************************************** | ||
159 | # TEST 7 | ||
160 | #***************************************************************** | ||
161 | # - expect test as root, malloc perturb | ||
162 | #***************************************************************** | ||
163 | print_title "${arr[7]}" | ||
164 | export MALLOC_CHECK_=3 | ||
165 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
166 | cd firejail-trunk/test | ||
167 | sudo ./test-root.sh 2>&1 | tee ../../output-test7 | grep TESTING | ||
168 | cd ../.. | ||
169 | grep TESTING output-test7 > ./report-test7 | ||
170 | grep ERROR report-test7 > out-test7 | ||
171 | |||
172 | #***************************************************************** | ||
173 | # TEST 8 | ||
174 | #***************************************************************** | ||
175 | # - expect test as user, malloc perturb | ||
176 | #***************************************************************** | ||
177 | print_title "${arr[8]}" | ||
178 | cd firejail-trunk/test | ||
179 | ./test.sh 2>&1 | tee ../../output-test8| grep TESTING | ||
180 | cd ../.. | ||
181 | grep TESTING output-test8 > ./report-test8 | ||
182 | grep ERROR report-test8 > out-test8 | ||
183 | |||
184 | #***************************************************************** | ||
185 | # PRINT REPORTS | ||
186 | #***************************************************************** | ||
187 | echo | ||
188 | echo | ||
189 | echo | ||
190 | echo | ||
191 | echo "**********************************************************" | ||
192 | echo "TEST RESULTS" | ||
193 | echo "**********************************************************" | ||
194 | |||
195 | wc -l out-test* | ||
196 | rm out-test* | ||
197 | echo | ||
198 | |||
199 | |||
200 | |||
201 | |||
202 | exit | ||
diff --git a/test/caps1.profile b/test/caps1.profile new file mode 100644 index 000000000..e14655b2e --- /dev/null +++ b/test/caps1.profile | |||
@@ -0,0 +1 @@ | |||
caps.drop chown,kill \ No newline at end of file | |||
diff --git a/test/caps2.profile b/test/caps2.profile new file mode 100644 index 000000000..cb2258c52 --- /dev/null +++ b/test/caps2.profile | |||
@@ -0,0 +1 @@ | |||
caps.keep chown,kill \ No newline at end of file | |||
diff --git a/test/chk_config.exp b/test/chk_config.exp new file mode 100755 index 000000000..ada59d655 --- /dev/null +++ b/test/chk_config.exp | |||
@@ -0,0 +1,86 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # check br0 | ||
8 | send -- "/sbin/ifconfig;pwd\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0 - please run ./configure\n";exit} | ||
11 | "br0" | ||
12 | } | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 0 - please run ./configure\n";exit} | ||
15 | "10.10.20.1" | ||
16 | } | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 0 - please run ./configure\n";exit} | ||
19 | "home" | ||
20 | } | ||
21 | |||
22 | # check br1 | ||
23 | send -- "/sbin/ifconfig;pwd\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 1\n";exit} | ||
26 | "br1" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 1\n";exit} | ||
30 | "10.10.30.1" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 1\n";exit} | ||
34 | "home" | ||
35 | } | ||
36 | |||
37 | # check br2 | ||
38 | send -- "/sbin/ifconfig;pwd\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 2\n";exit} | ||
41 | "br2" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 2\n";exit} | ||
45 | "10.10.40.1" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 2\n";exit} | ||
49 | "home" | ||
50 | } | ||
51 | |||
52 | # check br3 | ||
53 | send -- "/sbin/ifconfig;pwd\r" | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 3\n";exit} | ||
56 | "br3" | ||
57 | } | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 3\n";exit} | ||
60 | "10.10.50.1" | ||
61 | } | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 3\n";exit} | ||
64 | "home" | ||
65 | } | ||
66 | |||
67 | # start a sandbox and check MALLOC_PERTURB | ||
68 | send -- "firejail\r" | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 4\n";exit} | ||
71 | "Child process initialized" | ||
72 | } | ||
73 | sleep 1 | ||
74 | |||
75 | set timeout 2 | ||
76 | send -- "env | grep MALLOC;pwd\r" | ||
77 | expect { | ||
78 | timeout {puts "\nTESTING: MALLOC_PERTURB_ disabled\n"} | ||
79 | "MALLOC_PERTURB_" {puts "\nTESTING: MALLOC_PERTURB_ enabled\n"} | ||
80 | } | ||
81 | expect { | ||
82 | timeout {puts "TESTING ERROR 5\n";exit} | ||
83 | "home" | ||
84 | } | ||
85 | |||
86 | |||
diff --git a/test/chromium.exp b/test/chromium.exp new file mode 100755 index 000000000..020826f3d --- /dev/null +++ b/test/chromium.exp | |||
@@ -0,0 +1,72 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail chromium-browser www.gentoo.org\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Reading profile /etc/firejail/chromium-browser.profile" | ||
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 10 | ||
17 | |||
18 | spawn $env(SHELL) | ||
19 | send -- "firejail --list\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 3\n";exit} | ||
22 | ":firejail" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
26 | "chromium-browser" | ||
27 | } | ||
28 | sleep 1 | ||
29 | |||
30 | send -- "firejail --name=blablabla\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 4\n";exit} | ||
33 | "Child process initialized" | ||
34 | } | ||
35 | sleep 2 | ||
36 | |||
37 | spawn $env(SHELL) | ||
38 | send -- "firemon --seccomp\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 5\n";exit} | ||
41 | ":firejail chromium-browser" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
45 | "Seccomp: 0" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
49 | "name=blablabla" | ||
50 | } | ||
51 | sleep 1 | ||
52 | send -- "firemon --caps\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 6\n";exit} | ||
55 | ":firejail chromium-browser" | ||
56 | } | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
59 | "CapBnd:" | ||
60 | } | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
63 | "fffffffff" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
67 | "name=blablabla" | ||
68 | } | ||
69 | sleep 1 | ||
70 | |||
71 | puts "\n" | ||
72 | |||
diff --git a/test/configure b/test/configure new file mode 100755 index 000000000..17bb22e1b --- /dev/null +++ b/test/configure | |||
@@ -0,0 +1,42 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | brctl addbr br0 | ||
4 | ifconfig br0 10.10.20.1/29 up | ||
5 | # NAT masquerade | ||
6 | iptables -t nat -A POSTROUTING -o eth0 -s 10.10.20.0/29 -j MASQUERADE | ||
7 | # port forwarding | ||
8 | # iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.10.20.2:80 | ||
9 | |||
10 | brctl addbr br1 | ||
11 | ifconfig br1 10.10.30.1/24 up | ||
12 | brctl addbr br2 | ||
13 | ifconfig br2 10.10.40.1/24 up | ||
14 | brctl addbr br3 | ||
15 | ifconfig br3 10.10.50.1/24 up | ||
16 | brctl addbr br4 | ||
17 | ifconfig br4 10.10.60.1/24 up | ||
18 | |||
19 | |||
20 | # build a very small chroot | ||
21 | ROOTDIR="/tmp/chroot" # default chroot directory | ||
22 | DEFAULT_FILES="/bin/bash /bin/sh " # basic chroot files | ||
23 | DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group " | ||
24 | DEFAULT_FILES+=`find /lib -name libnss*` # files required by glibc | ||
25 | DEFAULT_FILES+=" /bin/ls /bin/cat /bin/ps /usr/bin/id /usr/bin/whoami /usr/bin/wc /usr/bin/wget" | ||
26 | |||
27 | rm -fr $ROOTDIR | ||
28 | mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,proc} | ||
29 | SORTED=`for FILE in $* $DEFAULT_FILES; do echo " $FILE "; ldd $FILE | grep -v dynamic | cut -d " " -f 3; done | sort -u` | ||
30 | for FILE in $SORTED | ||
31 | do | ||
32 | cp --parents $FILE $ROOTDIR | ||
33 | done | ||
34 | cp --parents /lib64/ld-linux-x86-64.so.2 $ROOTDIR | ||
35 | cp --parents /lib/ld-linux.so.2 $ROOTDIR | ||
36 | |||
37 | cd $ROOTDIR; find . | ||
38 | mkdir -p usr/lib/firejail/ | ||
39 | cp /usr/lib/firejail/libtrace.so usr/lib/firejail/. | ||
40 | |||
41 | |||
42 | echo "To enter the chroot directory run: firejail --chroot=$ROOTDIR" | ||
diff --git a/test/dns.exp b/test/dns.exp new file mode 100755 index 000000000..96513f278 --- /dev/null +++ b/test/dns.exp | |||
@@ -0,0 +1,69 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 30 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # no chroot | ||
8 | send -- "firejail --trace --dns=208.67.222.222 wget -q debian.org\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
11 | "Child process initialized" | ||
12 | } | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
15 | "1:wget:connect 208.67.222.222:53" | ||
16 | } | ||
17 | sleep 1 | ||
18 | |||
19 | send -- "rm index.html\r" | ||
20 | sleep 1 | ||
21 | |||
22 | # with chroot | ||
23 | send -- "firejail --chroot=/tmp/chroot --trace --dns=208.67.222.222 wget -q debian.org\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
26 | "Child process initialized" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
30 | "1:wget:connect 208.67.222.222:53" | ||
31 | } | ||
32 | sleep 1 | ||
33 | |||
34 | send -- "rm index.html\r" | ||
35 | sleep 1 | ||
36 | |||
37 | # net eth0 | ||
38 | send -- "firejail --net=eth0 --trace --dns=208.67.222.222 wget -q debian.org\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
41 | "Child process initialized" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
45 | "1:wget:connect 208.67.222.222:53" | ||
46 | } | ||
47 | sleep 1 | ||
48 | |||
49 | send -- "rm index.html\r" | ||
50 | sleep 1 | ||
51 | |||
52 | # net eth0 and chroot | ||
53 | send -- "firejail --net=eth0 --chroot=/tmp/chroot --trace --dns=208.67.222.222 wget -q debian.org\r" | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
56 | "Child process initialized" | ||
57 | } | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 4.2\n";exit} | ||
60 | "1:wget:connect 208.67.222.222:53" | ||
61 | } | ||
62 | sleep 1 | ||
63 | |||
64 | send -- "rm index.html\r" | ||
65 | sleep 1 | ||
66 | |||
67 | |||
68 | puts "\n" | ||
69 | |||
diff --git a/test/doubledash.exp b/test/doubledash.exp new file mode 100755 index 000000000..3c8a42471 --- /dev/null +++ b/test/doubledash.exp | |||
@@ -0,0 +1,60 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail -- ls -- -testdir\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 1\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 2\n";exit} | ||
14 | "ttt" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 3\n";exit} | ||
18 | "parent is shutting down" | ||
19 | } | ||
20 | sleep 1 | ||
21 | |||
22 | |||
23 | send -- "firejail --name=testing -- -testdir/bash\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 4\n";exit} | ||
26 | "Child process initialized" | ||
27 | } | ||
28 | sleep 3 | ||
29 | |||
30 | spawn $env(SHELL) | ||
31 | send -- "firejail --join=testing -- -testdir/bash\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 5\n";exit} | ||
34 | "the first child process inside the sandbox" | ||
35 | } | ||
36 | sleep 3 | ||
37 | |||
38 | spawn $env(SHELL) | ||
39 | send -- "firejail --list;pwd\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 6\n";exit} | ||
42 | "name=testing" | ||
43 | } | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 7\n";exit} | ||
46 | "home" | ||
47 | } | ||
48 | send -- "firejail --list;pwd\r" | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 8 (join)\n";exit} | ||
51 | "join=testing" | ||
52 | } | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 9\n";exit} | ||
55 | "home" | ||
56 | } | ||
57 | |||
58 | sleep 1 | ||
59 | |||
60 | puts "\n" | ||
diff --git a/test/evince.exp b/test/evince.exp new file mode 100755 index 000000000..7b115144c --- /dev/null +++ b/test/evince.exp | |||
@@ -0,0 +1,72 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail evince\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Reading profile /etc/firejail/evince.profile" | ||
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 10 | ||
17 | |||
18 | spawn $env(SHELL) | ||
19 | send -- "firejail --list\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 3\n";exit} | ||
22 | ":firejail" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
26 | "evince" | ||
27 | } | ||
28 | sleep 1 | ||
29 | |||
30 | send -- "firejail --name=blablabla\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 4\n";exit} | ||
33 | "Child process initialized" | ||
34 | } | ||
35 | sleep 2 | ||
36 | |||
37 | spawn $env(SHELL) | ||
38 | send -- "firemon --seccomp\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 5\n";exit} | ||
41 | ":firejail evince" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
45 | "Seccomp: 2" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
49 | "name=blablabla" | ||
50 | } | ||
51 | sleep 1 | ||
52 | send -- "firemon --caps\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 6\n";exit} | ||
55 | ":firejail evince" | ||
56 | } | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
59 | "CapBnd:" | ||
60 | } | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
63 | "0000000000000000" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
67 | "name=blablabla" | ||
68 | } | ||
69 | sleep 1 | ||
70 | |||
71 | puts "\n" | ||
72 | |||
diff --git a/test/extract_command.exp b/test/extract_command.exp new file mode 100755 index 000000000..c49614b84 --- /dev/null +++ b/test/extract_command.exp | |||
@@ -0,0 +1,23 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --debug /usr/bin/firefox www.gentoo.org\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Reading profile /etc/firejail/firefox.profile" | ||
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "Starting /usr/bin/firefox" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "Child process initialized" | ||
19 | } | ||
20 | sleep 5 | ||
21 | |||
22 | puts "\n" | ||
23 | |||
diff --git a/test/firefox.exp b/test/firefox.exp new file mode 100755 index 000000000..c2e64e04f --- /dev/null +++ b/test/firefox.exp | |||
@@ -0,0 +1,74 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail firefox www.gentoo.org\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Reading profile /etc/firejail/firefox.profile" | ||
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 10 | ||
17 | |||
18 | spawn $env(SHELL) | ||
19 | send -- "firejail --list\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 3\n";exit} | ||
22 | ":firejail" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
26 | "firefox" {puts "firefox detected\n";} | ||
27 | "iceweasel" {puts "iceweasel detected\n";} | ||
28 | } | ||
29 | sleep 1 | ||
30 | send -- "firejail --name=blablabla\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 4\n";exit} | ||
33 | "Child process initialized" | ||
34 | } | ||
35 | sleep 2 | ||
36 | |||
37 | spawn $env(SHELL) | ||
38 | send -- "firemon --seccomp\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 5\n";exit} | ||
41 | " firefox" {puts "firefox detected\n";} | ||
42 | " iceweasel" {puts "iceweasel detected\n";} | ||
43 | } | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
46 | "Seccomp: 2" | ||
47 | } | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
50 | "name=blablabla" | ||
51 | } | ||
52 | sleep 1 | ||
53 | send -- "firemon --caps\r" | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 6\n";exit} | ||
56 | " firefox" {puts "firefox detected\n";} | ||
57 | " iceweasel" {puts "iceweasel detected\n";} | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
61 | "CapBnd:" | ||
62 | } | ||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
65 | "0000000000000000" | ||
66 | } | ||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
69 | "name=blablabla" | ||
70 | } | ||
71 | sleep 1 | ||
72 | |||
73 | puts "\n" | ||
74 | |||
diff --git a/test/firejail-in-firejail.exp b/test/firejail-in-firejail.exp new file mode 100755 index 000000000..404eb03bb --- /dev/null +++ b/test/firejail-in-firejail.exp | |||
@@ -0,0 +1,37 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 1\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "firejail\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 1 | ||
20 | |||
21 | send -- "firejail\r" | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 1\n";exit} | ||
24 | "Child process initialized" | ||
25 | } | ||
26 | sleep 1 | ||
27 | puts "\n" | ||
28 | |||
29 | send -- "exit\r" | ||
30 | sleep 1 | ||
31 | send -- "exit\r" | ||
32 | sleep 1 | ||
33 | send -- "exit\r" | ||
34 | sleep 1 | ||
35 | |||
36 | |||
37 | puts "\n" | ||
diff --git a/test/firemon-arp.exp b/test/firemon-arp.exp new file mode 100755 index 000000000..3fc8c2aee --- /dev/null +++ b/test/firemon-arp.exp | |||
@@ -0,0 +1,34 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "ping -c 3 192.168.1.1\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "3 packets transmitted" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "firejail\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 1 | ||
20 | |||
21 | spawn $env(SHELL) | ||
22 | send -- "firemon --arp\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 2\n";exit} | ||
25 | "192.168.1.1 dev eth0 lladdr" {puts "Debian testing\n";} | ||
26 | "192.168.1.1 dev enp0s3 lladdr" {puts "Centos 7 testing\n";} | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 3\n";exit} | ||
30 | "REACHABLE" | ||
31 | } | ||
32 | sleep 1 | ||
33 | |||
34 | puts "\n" | ||
diff --git a/test/firemon-caps.exp b/test/firemon-caps.exp new file mode 100755 index 000000000..547d04c02 --- /dev/null +++ b/test/firemon-caps.exp | |||
@@ -0,0 +1,135 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --name=bingo1 --caps\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "firejail --name=bingo2\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 0\n";exit} | ||
18 | "Child process initialized" | ||
19 | } | ||
20 | sleep 1 | ||
21 | |||
22 | spawn $env(SHELL) | ||
23 | send -- "firejail --name=bingo3 --caps.drop=all\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 0\n";exit} | ||
26 | "Child process initialized" | ||
27 | } | ||
28 | sleep 1 | ||
29 | |||
30 | spawn $env(SHELL) | ||
31 | send -- "firejail --name=bingo4 --caps.drop=chown,kill\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 0\n";exit} | ||
34 | "Child process initialized" | ||
35 | } | ||
36 | sleep 1 | ||
37 | |||
38 | spawn $env(SHELL) | ||
39 | send -- "firejail --name=bingo5 --caps.keep=chown,kill\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 0\n";exit} | ||
42 | "Child process initialized" | ||
43 | } | ||
44 | sleep 1 | ||
45 | |||
46 | spawn $env(SHELL) | ||
47 | send -- "firejail --name=bingo6 --profile=caps1.profile\r" | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 0\n";exit} | ||
50 | "Child process initialized" | ||
51 | } | ||
52 | sleep 1 | ||
53 | |||
54 | spawn $env(SHELL) | ||
55 | send -- "firejail --name=bingo7 --profile=caps2.profile\r" | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 0\n";exit} | ||
58 | "Child process initialized" | ||
59 | } | ||
60 | sleep 1 | ||
61 | |||
62 | |||
63 | |||
64 | |||
65 | spawn $env(SHELL) | ||
66 | send -- "firemon --caps\r" | ||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 1\n";exit} | ||
69 | "bingo1" | ||
70 | } | ||
71 | expect { | ||
72 | timeout {puts "TESTING ERROR 2\n";exit} | ||
73 | "31cffff" | ||
74 | } | ||
75 | expect { | ||
76 | timeout {puts "TESTING ERROR 3\n";exit} | ||
77 | "bingo2" | ||
78 | } | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 4\n";exit} | ||
81 | "fffffff" | ||
82 | } | ||
83 | expect { | ||
84 | timeout {puts "TESTING ERROR 5\n";exit} | ||
85 | "bingo3" | ||
86 | } | ||
87 | expect { | ||
88 | timeout {puts "TESTING ERROR 6\n";exit} | ||
89 | "000000000000" | ||
90 | } | ||
91 | |||
92 | expect { | ||
93 | timeout {puts "TESTING ERROR 7\n";exit} | ||
94 | "bingo4" | ||
95 | } | ||
96 | expect { | ||
97 | timeout {puts "TESTING ERROR 8\n";exit} | ||
98 | "ffffffde" | ||
99 | } | ||
100 | expect { | ||
101 | timeout {puts "TESTING ERROR 7\n";exit} | ||
102 | "bingo5" | ||
103 | } | ||
104 | expect { | ||
105 | timeout {puts "TESTING ERROR 9\n";exit} | ||
106 | "0000000000000021" | ||
107 | } | ||
108 | |||
109 | expect { | ||
110 | timeout {puts "TESTING ERROR 10\n";exit} | ||
111 | "bingo6" | ||
112 | } | ||
113 | expect { | ||
114 | timeout {puts "TESTING ERROR 11\n";exit} | ||
115 | "ffffffde" | ||
116 | } | ||
117 | expect { | ||
118 | timeout {puts "TESTING ERROR 12\n";exit} | ||
119 | "bingo7" | ||
120 | } | ||
121 | expect { | ||
122 | timeout {puts "TESTING ERROR 13\n";exit} | ||
123 | "0000000000000021" | ||
124 | } | ||
125 | |||
126 | |||
127 | |||
128 | |||
129 | |||
130 | |||
131 | |||
132 | sleep 1 | ||
133 | |||
134 | puts "\n" | ||
135 | |||
diff --git a/test/firemon-cgroup.exp b/test/firemon-cgroup.exp new file mode 100755 index 000000000..41a38b3b6 --- /dev/null +++ b/test/firemon-cgroup.exp | |||
@@ -0,0 +1,40 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --name=bingo1 --cgroup=/sys/fs/cgroup/g1/tasks\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "firejail --name=bingo2\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 0\n";exit} | ||
18 | "Child process initialized" | ||
19 | } | ||
20 | sleep 1 | ||
21 | |||
22 | |||
23 | spawn $env(SHELL) | ||
24 | send -- "firemon --cgroup\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 1\n";exit} | ||
27 | "bingo1" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 2\n";exit} | ||
31 | ":/g1" | ||
32 | } | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 3\n";exit} | ||
35 | "bingo2" | ||
36 | } | ||
37 | sleep 1 | ||
38 | |||
39 | puts "\n" | ||
40 | |||
diff --git a/test/firemon-interface.exp b/test/firemon-interface.exp new file mode 100755 index 000000000..6a82ae41e --- /dev/null +++ b/test/firemon-interface.exp | |||
@@ -0,0 +1,34 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "firemon --interface\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "lo UP" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 2\n";exit} | ||
22 | "10.10.20.1/29" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3\n";exit} | ||
26 | "10.10.50.1/24" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 3\n";exit} | ||
30 | "br3" | ||
31 | } | ||
32 | sleep 1 | ||
33 | |||
34 | puts "\n" | ||
diff --git a/test/firemon-route.exp b/test/firemon-route.exp new file mode 100755 index 000000000..76ebd70f6 --- /dev/null +++ b/test/firemon-route.exp | |||
@@ -0,0 +1,32 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "firemon --route\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "0.0.0.0/0 via 192.168.1.1, dev eth0, metric 0" {puts "Debian testing\n";} | ||
19 | "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 1024" {puts "Centos 7 testing\n";} | ||
20 | "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 0" {puts "OpenSUSE testing\n";} | ||
21 | } | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 2\n";exit} | ||
24 | "10.10.30.0/24, dev br1, scope link src 10.10.30.1" | ||
25 | } | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 3\n";exit} | ||
28 | "10.10.50.0/24, dev br3, scope link src 10.10.50.1" | ||
29 | } | ||
30 | sleep 1 | ||
31 | |||
32 | puts "\n" | ||
diff --git a/test/firemon-seccomp.exp b/test/firemon-seccomp.exp new file mode 100755 index 000000000..0cf53b690 --- /dev/null +++ b/test/firemon-seccomp.exp | |||
@@ -0,0 +1,45 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --name=bingo1 --seccomp\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "firejail --name=bingo2\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 0\n";exit} | ||
18 | "Child process initialized" | ||
19 | } | ||
20 | sleep 1 | ||
21 | |||
22 | |||
23 | |||
24 | |||
25 | spawn $env(SHELL) | ||
26 | send -- "firemon --seccomp\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 1\n";exit} | ||
29 | "bingo1" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 2\n";exit} | ||
33 | "Seccomp: 2" | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 3\n";exit} | ||
37 | "bingo2" | ||
38 | } | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 3\n";exit} | ||
41 | "Seccomp: 0" | ||
42 | } | ||
43 | sleep 1 | ||
44 | |||
45 | puts "\n" | ||
diff --git a/test/fs_chroot.exp b/test/fs_chroot.exp new file mode 100755 index 000000000..ba832337b --- /dev/null +++ b/test/fs_chroot.exp | |||
@@ -0,0 +1,54 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --chroot=/tmp/chroot\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "cd /home;pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | "home" | ||
18 | } | ||
19 | sleep 1 | ||
20 | send -- "bash\r" | ||
21 | sleep 1 | ||
22 | send -- "ps aux; pwd\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 1\n";exit} | ||
25 | "/bin/bash" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 2\n";exit} | ||
29 | "bash" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 3\n";exit} | ||
33 | "ps aux" | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 4\n";exit} | ||
37 | "home" | ||
38 | } | ||
39 | sleep 1 | ||
40 | |||
41 | |||
42 | send -- "ps aux |wc -l; pwd\r" | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 5\n";exit} | ||
45 | "5" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 6\n";exit} | ||
49 | "home" | ||
50 | } | ||
51 | sleep 1 | ||
52 | |||
53 | puts "\n" | ||
54 | |||
diff --git a/test/fs_dev_shm.exp b/test/fs_dev_shm.exp new file mode 100755 index 000000000..b54f24eb5 --- /dev/null +++ b/test/fs_dev_shm.exp | |||
@@ -0,0 +1,87 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # testing read-write /dev/shm | ||
8 | send -- "firejail\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "Child process initialized" | ||
12 | } | ||
13 | sleep 1 | ||
14 | |||
15 | send -- "echo mytest > /dev/shm/ttt;pwd\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "home" | ||
19 | } | ||
20 | |||
21 | send -- "cat /dev/shm/ttt;pwd\r" | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
24 | "mytest" | ||
25 | } | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 2\n";exit} | ||
28 | "home" | ||
29 | } | ||
30 | |||
31 | send -- "rm /dev/shm/ttt;pwd\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 3\n";exit} | ||
34 | "home" | ||
35 | } | ||
36 | |||
37 | send -- "cat /dev/shm/ttt;pwd\r" | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 4\n";exit} | ||
40 | "mytest" {puts "TESTING ERROR 4.1\n";exit} | ||
41 | "home" | ||
42 | } | ||
43 | |||
44 | sleep 1 | ||
45 | send -- "exit\r" | ||
46 | sleep 1 | ||
47 | |||
48 | # redo the test with --private | ||
49 | send -- "firejail\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 10\n";exit} | ||
52 | "Child process initialized" | ||
53 | } | ||
54 | sleep 1 | ||
55 | |||
56 | send -- "echo mytest > /dev/shm/ttt;pwd\r" | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 11\n";exit} | ||
59 | "home" | ||
60 | } | ||
61 | |||
62 | send -- "cat /dev/shm/ttt;pwd\r" | ||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 12.1\n";exit} | ||
65 | "mytest" | ||
66 | } | ||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 12\n";exit} | ||
69 | "home" | ||
70 | } | ||
71 | |||
72 | send -- "rm /dev/shm/ttt;pwd\r" | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 13\n";exit} | ||
75 | "home" | ||
76 | } | ||
77 | |||
78 | send -- "cat /dev/shm/ttt;pwd\r" | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 14\n";exit} | ||
81 | "mytest" {puts "TESTING ERROR 14.1\n";exit} | ||
82 | "home" | ||
83 | } | ||
84 | |||
85 | sleep 1 | ||
86 | |||
87 | puts "\n" | ||
diff --git a/test/fs_home_sanitize.exp b/test/fs_home_sanitize.exp new file mode 100755 index 000000000..300babd1c --- /dev/null +++ b/test/fs_home_sanitize.exp | |||
@@ -0,0 +1,33 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "ls /home;pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "bingo" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "home" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | send -- "ls /home/bingo;pwd\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 3\n";exit} | ||
28 | "cannot open directory" | ||
29 | } | ||
30 | sleep 1 | ||
31 | |||
32 | puts "\n" | ||
33 | |||
diff --git a/test/fs_overlay.exp b/test/fs_overlay.exp new file mode 100755 index 000000000..166970a5c --- /dev/null +++ b/test/fs_overlay.exp | |||
@@ -0,0 +1,64 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "rm -f /tmp/firejail-overlay-test;pwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "home" | ||
11 | } | ||
12 | |||
13 | send -- "ls > /tmp/firejail-overlay-test;pwd\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 1\n";exit} | ||
16 | "home" | ||
17 | } | ||
18 | |||
19 | send -- "firejail --overlay\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 2\n";exit} | ||
22 | "Child process initialized" | ||
23 | } | ||
24 | sleep 1 | ||
25 | |||
26 | send -- "echo xyzxyzxyz > /tmp/firejail-overlay-test;pwd\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3\n";exit} | ||
29 | "home" | ||
30 | } | ||
31 | sleep 1 | ||
32 | |||
33 | send -- "cat /tmp/firejail-overlay-test;pwd\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4\n";exit} | ||
36 | "xyzxyzxyz" | ||
37 | } | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
40 | "home" | ||
41 | } | ||
42 | sleep 1 | ||
43 | |||
44 | send -- "exit\r" | ||
45 | sleep 2 | ||
46 | |||
47 | send -- "cat /tmp/firejail-overlay-test;pwd\r" | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 5\n";exit} | ||
50 | "xyzxyzxyz" {puts "TESTING ERROR 5.1\n";exit} | ||
51 | "home" | ||
52 | } | ||
53 | |||
54 | sleep 1 | ||
55 | send -- "rm -f /tmp/firejail-overlay-test;pwd\r" | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 0\n";exit} | ||
58 | "home" | ||
59 | } | ||
60 | |||
61 | |||
62 | sleep 1 | ||
63 | puts "\n" | ||
64 | |||
diff --git a/test/fs_sys.exp b/test/fs_sys.exp new file mode 100755 index 000000000..69f080460 --- /dev/null +++ b/test/fs_sys.exp | |||
@@ -0,0 +1,34 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --net=br0\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 1\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "find /sys | grep --color=never eth0;pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 2\n";exit} | ||
17 | "/sys/class/net/eth0" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3\n";exit} | ||
21 | "home" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | send -- "find /sys | grep --color=never br0;pwd\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 4\n";exit} | ||
28 | "/sys/class/net/br0" {puts "TESTING ERROR 5\n";exit} | ||
29 | "home" | ||
30 | } | ||
31 | sleep 1 | ||
32 | |||
33 | puts "\n" | ||
34 | |||
diff --git a/test/fs_var_lock.exp b/test/fs_var_lock.exp new file mode 100755 index 000000000..dfcf571f4 --- /dev/null +++ b/test/fs_var_lock.exp | |||
@@ -0,0 +1,87 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # testing read-write /var/lock | ||
8 | send -- "firejail\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "Child process initialized" | ||
12 | } | ||
13 | sleep 1 | ||
14 | |||
15 | send -- "echo mytest > /var/lock/ttt;pwd\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "home" | ||
19 | } | ||
20 | |||
21 | send -- "cat /var/lock/ttt;pwd\r" | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
24 | "mytest" | ||
25 | } | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 2\n";exit} | ||
28 | "home" | ||
29 | } | ||
30 | |||
31 | send -- "rm /var/lock/ttt;pwd\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 3\n";exit} | ||
34 | "home" | ||
35 | } | ||
36 | |||
37 | send -- "cat /var/lock/ttt;pwd\r" | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 4\n";exit} | ||
40 | "mytest" {puts "TESTING ERROR 4.1\n";exit} | ||
41 | "home" | ||
42 | } | ||
43 | |||
44 | sleep 1 | ||
45 | send -- "exit\r" | ||
46 | sleep 1 | ||
47 | |||
48 | # redo the test with --private | ||
49 | send -- "firejail\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 10\n";exit} | ||
52 | "Child process initialized" | ||
53 | } | ||
54 | sleep 1 | ||
55 | |||
56 | send -- "echo mytest > /var/lock/ttt;pwd\r" | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 11\n";exit} | ||
59 | "home" | ||
60 | } | ||
61 | |||
62 | send -- "cat /var/lock/ttt;pwd\r" | ||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 12.1\n";exit} | ||
65 | "mytest" | ||
66 | } | ||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 12\n";exit} | ||
69 | "home" | ||
70 | } | ||
71 | |||
72 | send -- "rm /var/lock/ttt;pwd\r" | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 13\n";exit} | ||
75 | "home" | ||
76 | } | ||
77 | |||
78 | send -- "cat /var/lock/ttt;pwd\r" | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 14\n";exit} | ||
81 | "mytest" {puts "TESTING ERROR 14.1\n";exit} | ||
82 | "home" | ||
83 | } | ||
84 | |||
85 | sleep 1 | ||
86 | |||
87 | puts "\n" | ||
diff --git a/test/fs_var_tmp.exp b/test/fs_var_tmp.exp new file mode 100755 index 000000000..95ceeb2a4 --- /dev/null +++ b/test/fs_var_tmp.exp | |||
@@ -0,0 +1,87 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # testing read-write /var/tmp | ||
8 | send -- "firejail\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "Child process initialized" | ||
12 | } | ||
13 | sleep 1 | ||
14 | |||
15 | send -- "echo mytest > /var/tmp/ttt;pwd\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "home" | ||
19 | } | ||
20 | |||
21 | send -- "cat /var/tmp/ttt;pwd\r" | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
24 | "mytest" | ||
25 | } | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 2\n";exit} | ||
28 | "home" | ||
29 | } | ||
30 | |||
31 | send -- "rm /var/tmp/ttt;pwd\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 3\n";exit} | ||
34 | "home" | ||
35 | } | ||
36 | |||
37 | send -- "cat /var/tmp/ttt;pwd\r" | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 4\n";exit} | ||
40 | "mytest" {puts "TESTING ERROR 4.1\n";exit} | ||
41 | "home" | ||
42 | } | ||
43 | |||
44 | sleep 1 | ||
45 | send -- "exit\r" | ||
46 | sleep 1 | ||
47 | |||
48 | # redo the test with --private | ||
49 | send -- "firejail\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 10\n";exit} | ||
52 | "Child process initialized" | ||
53 | } | ||
54 | sleep 1 | ||
55 | |||
56 | send -- "echo mytest > /var/tmp/ttt;pwd\r" | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 11\n";exit} | ||
59 | "home" | ||
60 | } | ||
61 | |||
62 | send -- "cat /var/tmp/ttt;pwd\r" | ||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 12.1\n";exit} | ||
65 | "mytest" | ||
66 | } | ||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 12\n";exit} | ||
69 | "home" | ||
70 | } | ||
71 | |||
72 | send -- "rm /var/tmp/ttt;pwd\r" | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 13\n";exit} | ||
75 | "home" | ||
76 | } | ||
77 | |||
78 | send -- "cat /var/tmp/ttt;pwd\r" | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 14\n";exit} | ||
81 | "mytest" {puts "TESTING ERROR 14.1\n";exit} | ||
82 | "home" | ||
83 | } | ||
84 | |||
85 | sleep 1 | ||
86 | |||
87 | puts "\n" | ||
diff --git a/test/fscheck-bindnoroot.exp b/test/fscheck-bindnoroot.exp new file mode 100755 index 000000000..796a7d975 --- /dev/null +++ b/test/fscheck-bindnoroot.exp | |||
@@ -0,0 +1,14 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # dir | ||
8 | send -- "firejail --net=br0 --bind=fscheck-dir,/etc\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "Error" | ||
12 | } | ||
13 | after 100 | ||
14 | |||
diff --git a/test/fscheck-blacklist.exp b/test/fscheck-blacklist.exp new file mode 100755 index 000000000..5b6a9623c --- /dev/null +++ b/test/fscheck-blacklist.exp | |||
@@ -0,0 +1,14 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # dir | ||
8 | send -- "firejail --net=br0 --blacklist=../test/fscheck-dir\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "Error" | ||
12 | } | ||
13 | after 100 | ||
14 | |||
diff --git a/test/fscheck-chroot.exp b/test/fscheck-chroot.exp new file mode 100755 index 000000000..208ca6a43 --- /dev/null +++ b/test/fscheck-chroot.exp | |||
@@ -0,0 +1,77 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # dir | ||
8 | #send -- "firejail --net=br0 --chroot=fscheck-dir\r" | ||
9 | #expect { | ||
10 | # timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | # "Error" | ||
12 | #} | ||
13 | #after 100 | ||
14 | |||
15 | # .. | ||
16 | send -- "firejail --net=br0 --chroot=../test/fscheck-dir\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
19 | "Error" | ||
20 | } | ||
21 | after 100 | ||
22 | |||
23 | # dir link | ||
24 | send -- "firejail --net=br0 --chroot=fscheck-dir-link\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 1\n";exit} | ||
27 | "Error" | ||
28 | } | ||
29 | after 100 | ||
30 | |||
31 | # .. | ||
32 | send -- "firejail --net=br0 --chroot=../test/fscheck-dir-link\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
35 | "Error" | ||
36 | } | ||
37 | after 100 | ||
38 | |||
39 | # file link | ||
40 | send -- "firejail --net=br0 --chroot=fscheck-file-link\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 2\n";exit} | ||
43 | "Error" | ||
44 | } | ||
45 | after 100 | ||
46 | |||
47 | # file | ||
48 | send -- "firejail --net=br0 --chroot=fscheck-file\r" | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
51 | "Error" | ||
52 | } | ||
53 | after 100 | ||
54 | |||
55 | # .. | ||
56 | send -- "firejail --net=br0 --chroot=../test/fscheck-file\r" | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
59 | "Error" | ||
60 | } | ||
61 | after 100 | ||
62 | |||
63 | # no file | ||
64 | send -- "firejail --net=br0 --chroot=../test/nodir\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 3\n";exit} | ||
67 | "Error" | ||
68 | } | ||
69 | after 100 | ||
70 | |||
71 | # same owner | ||
72 | #send -- "firejail --net=br0 --chroot=/etc\r" | ||
73 | #expect { | ||
74 | # timeout {puts "TESTING ERROR 4\n";exit} | ||
75 | # "Error" | ||
76 | #} | ||
77 | #after 100 | ||
diff --git a/test/fscheck-netfilter.exp b/test/fscheck-netfilter.exp new file mode 100755 index 000000000..d2339c8b9 --- /dev/null +++ b/test/fscheck-netfilter.exp | |||
@@ -0,0 +1,69 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # dir | ||
8 | send -- "firejail --net=br0 --netfilter=fscheck-dir\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "Error" | ||
12 | } | ||
13 | after 100 | ||
14 | |||
15 | # .. | ||
16 | send -- "firejail --net=br0 --netfilter=../test/fscheck-dir\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
19 | "Error" | ||
20 | } | ||
21 | after 100 | ||
22 | |||
23 | # dir link | ||
24 | send -- "firejail --net=br0 --netfilter=fscheck-dir-link\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 1\n";exit} | ||
27 | "Error" | ||
28 | } | ||
29 | after 100 | ||
30 | |||
31 | # .. | ||
32 | send -- "firejail --net=br0 --netfilter=../test/fscheck-dir-link\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
35 | "Error" | ||
36 | } | ||
37 | after 100 | ||
38 | |||
39 | # file link | ||
40 | send -- "firejail --net=br0 --netfilter=fscheck-file-link\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 2\n";exit} | ||
43 | "Error" | ||
44 | } | ||
45 | after 100 | ||
46 | |||
47 | # .. | ||
48 | send -- "firejail --net=br0 --netfilter=../test/fscheck-file-link\r" | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 2\n";exit} | ||
51 | "Error" | ||
52 | } | ||
53 | after 100 | ||
54 | |||
55 | # no file | ||
56 | send -- "firejail --net=br0 --netfilter=../test/nofile\r" | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 3\n";exit} | ||
59 | "Error" | ||
60 | } | ||
61 | after 100 | ||
62 | |||
63 | # real GID/UID | ||
64 | send -- "firejail --net=br0 --netfilter=/etc/shadow\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 4\n";exit} | ||
67 | "Error" | ||
68 | } | ||
69 | after 100 | ||
diff --git a/test/fscheck-output.exp b/test/fscheck-output.exp new file mode 100755 index 000000000..0b444d6ba --- /dev/null +++ b/test/fscheck-output.exp | |||
@@ -0,0 +1,104 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # dir | ||
8 | send -- "firejail --net=br0 --output=fscheck-dir\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "Error" | ||
12 | } | ||
13 | after 100 | ||
14 | |||
15 | # .. | ||
16 | send -- "firejail --net=br0 --output=../test/fscheck-dir\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
19 | "Error" | ||
20 | } | ||
21 | after 100 | ||
22 | |||
23 | # dir link | ||
24 | send -- "firejail --net=br0 --output=fscheck-dir-link\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 1\n";exit} | ||
27 | "Error" | ||
28 | } | ||
29 | after 100 | ||
30 | |||
31 | # .. | ||
32 | send -- "firejail --net=br0 --output=../test/fscheck-dir-link\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
35 | "Error" | ||
36 | } | ||
37 | after 100 | ||
38 | |||
39 | # file link | ||
40 | send -- "firejail --net=br0 --output=fscheck-file-link\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 2\n";exit} | ||
43 | "Error" | ||
44 | } | ||
45 | after 100 | ||
46 | |||
47 | # .. | ||
48 | send -- "firejail --net=br0 --output=../test/fscheck-file-link\r" | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
51 | "Error" | ||
52 | } | ||
53 | after 100 | ||
54 | |||
55 | # hard link1 | ||
56 | send -- "firejail --net=br0 --output=fscheck-file-hard1\r" | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
59 | "Error" | ||
60 | } | ||
61 | after 100 | ||
62 | |||
63 | # hard link2 | ||
64 | send -- "firejail --net=br0 --output=fscheck-file-hard2\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 2.3\n";exit} | ||
67 | "Error" | ||
68 | } | ||
69 | after 100 | ||
70 | |||
71 | # .. | ||
72 | send -- "firejail --net=br0 --output=../test/fscheck-file-hard1\r" | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 2.4\n";exit} | ||
75 | "Error" | ||
76 | } | ||
77 | after 100 | ||
78 | |||
79 | # .. | ||
80 | send -- "firejail --net=br0 --output=../test/fscheck-file-hard2\r" | ||
81 | expect { | ||
82 | timeout {puts "TESTING ERROR 2.5\n";exit} | ||
83 | "Error" | ||
84 | } | ||
85 | after 100 | ||
86 | |||
87 | |||
88 | |||
89 | |||
90 | # no file | ||
91 | send -- "firejail --net=br0 --output=../test/nofile\r" | ||
92 | expect { | ||
93 | timeout {puts "TESTING ERROR 3\n";exit} | ||
94 | "Error" | ||
95 | } | ||
96 | after 100 | ||
97 | |||
98 | # real GID/UID | ||
99 | send -- "firejail --net=br0 --output=/etc/shadow\r" | ||
100 | expect { | ||
101 | timeout {puts "TESTING ERROR 4\n";exit} | ||
102 | "Error" | ||
103 | } | ||
104 | after 100 | ||
diff --git a/test/fscheck-private.exp b/test/fscheck-private.exp new file mode 100755 index 000000000..4c791423d --- /dev/null +++ b/test/fscheck-private.exp | |||
@@ -0,0 +1,77 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # dir | ||
8 | #send -- "firejail --net=br0 --private=fscheck-dir\r" | ||
9 | #expect { | ||
10 | # timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | # "Error" | ||
12 | #} | ||
13 | #after 100 | ||
14 | |||
15 | # .. | ||
16 | send -- "firejail --net=br0 --private=../test/fscheck-dir\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
19 | "Error" | ||
20 | } | ||
21 | after 100 | ||
22 | |||
23 | # dir link | ||
24 | send -- "firejail --net=br0 --private=fscheck-dir-link\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 1\n";exit} | ||
27 | "Error" | ||
28 | } | ||
29 | after 100 | ||
30 | |||
31 | # .. | ||
32 | send -- "firejail --net=br0 --private=../test/fscheck-dir-link\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
35 | "Error" | ||
36 | } | ||
37 | after 100 | ||
38 | |||
39 | # file link | ||
40 | send -- "firejail --net=br0 --private=fscheck-file-link\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 2\n";exit} | ||
43 | "Error" | ||
44 | } | ||
45 | after 100 | ||
46 | |||
47 | # file | ||
48 | send -- "firejail --net=br0 --private=fscheck-file\r" | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
51 | "Error" | ||
52 | } | ||
53 | after 100 | ||
54 | |||
55 | # .. | ||
56 | send -- "firejail --net=br0 --private=../test/fscheck-file\r" | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
59 | "Error" | ||
60 | } | ||
61 | after 100 | ||
62 | |||
63 | # no file | ||
64 | send -- "firejail --net=br0 --private=../test/nodir\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 3\n";exit} | ||
67 | "Error" | ||
68 | } | ||
69 | after 100 | ||
70 | |||
71 | # same owner | ||
72 | send -- "firejail --net=br0 --private=/etc\r" | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 4\n";exit} | ||
75 | "Error" | ||
76 | } | ||
77 | after 100 | ||
diff --git a/test/fscheck-privatekeep.exp b/test/fscheck-privatekeep.exp new file mode 100755 index 000000000..513dcc37a --- /dev/null +++ b/test/fscheck-privatekeep.exp | |||
@@ -0,0 +1,93 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # dir | ||
8 | #send -- "firejail --net=br0 --private.keep=fscheck-dir\r" | ||
9 | #expect { | ||
10 | # timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | # "Error" | ||
12 | #} | ||
13 | #after 100 | ||
14 | |||
15 | # .. | ||
16 | send -- "firejail --net=br0 --private.keep=../test/fscheck-dir\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
19 | "Error" | ||
20 | } | ||
21 | after 100 | ||
22 | |||
23 | # dir link | ||
24 | send -- "firejail --net=br0 --private.keep=fscheck-dir-link\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 1\n";exit} | ||
27 | "Error" | ||
28 | } | ||
29 | after 100 | ||
30 | |||
31 | # .. | ||
32 | send -- "firejail --net=br0 --private.keep=../test/fscheck-dir-link\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
35 | "Error" | ||
36 | } | ||
37 | after 100 | ||
38 | |||
39 | # file link | ||
40 | send -- "firejail --net=br0 --private.keep=fscheck-file-link\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 2\n";exit} | ||
43 | "Error" | ||
44 | } | ||
45 | after 100 | ||
46 | |||
47 | # file | ||
48 | #send -- "firejail --net=br0 --private.keep=fscheck-file\r" | ||
49 | #expect { | ||
50 | # timeout {puts "TESTING ERROR 2.1\n";exit} | ||
51 | # "Error" | ||
52 | #} | ||
53 | #after 100 | ||
54 | |||
55 | # .. | ||
56 | send -- "firejail --net=br0 --private.keep=../test/fscheck-file\r" | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
59 | "Error" | ||
60 | } | ||
61 | after 100 | ||
62 | |||
63 | # no dir | ||
64 | send -- "firejail --net=br0 --private.keep=../test/nodir\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 3\n";exit} | ||
67 | "Error" | ||
68 | } | ||
69 | after 100 | ||
70 | |||
71 | # no file | ||
72 | send -- "firejail --net=br0 --private.keep=../test/nofile\r" | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
75 | "Error" | ||
76 | } | ||
77 | after 100 | ||
78 | |||
79 | # same owner | ||
80 | send -- "firejail --net=br0 --private=/etc\r" | ||
81 | expect { | ||
82 | timeout {puts "TESTING ERROR 4\n";exit} | ||
83 | "Error" | ||
84 | } | ||
85 | after 100 | ||
86 | |||
87 | # same owner | ||
88 | send -- "firejail --net=br0 --private=/etc/shadow\r" | ||
89 | expect { | ||
90 | timeout {puts "TESTING ERROR 4\n";exit} | ||
91 | "Error" | ||
92 | } | ||
93 | after 100 | ||
diff --git a/test/fscheck-profile.exp b/test/fscheck-profile.exp new file mode 100755 index 000000000..d7d7c7cd1 --- /dev/null +++ b/test/fscheck-profile.exp | |||
@@ -0,0 +1,69 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # dir | ||
8 | send -- "firejail --net=br0 --profile=fscheck-dir\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "Error" | ||
12 | } | ||
13 | after 100 | ||
14 | |||
15 | # .. | ||
16 | send -- "firejail --net=br0 --profile=../test/fscheck-dir\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
19 | "Error" | ||
20 | } | ||
21 | after 100 | ||
22 | |||
23 | # dir link | ||
24 | send -- "firejail --net=br0 --profile=fscheck-dir-link\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 1\n";exit} | ||
27 | "Error" | ||
28 | } | ||
29 | after 100 | ||
30 | |||
31 | # .. | ||
32 | send -- "firejail --net=br0 --profile=../test/fscheck-dir-link\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
35 | "Error" | ||
36 | } | ||
37 | after 100 | ||
38 | |||
39 | # file link | ||
40 | send -- "firejail --net=br0 --profile=fscheck-file-link\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 2\n";exit} | ||
43 | "Error" | ||
44 | } | ||
45 | after 100 | ||
46 | |||
47 | # .. | ||
48 | send -- "firejail --net=br0 --profile=../test/fscheck-file-link\r" | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 2\n";exit} | ||
51 | "Error" | ||
52 | } | ||
53 | after 100 | ||
54 | |||
55 | # no file | ||
56 | send -- "firejail --net=br0 --profile=../test/nofile\r" | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 3\n";exit} | ||
59 | "Error" | ||
60 | } | ||
61 | after 100 | ||
62 | |||
63 | # real GID/UID | ||
64 | send -- "firejail --net=br0 --profile=/etc/shadow\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 4\n";exit} | ||
67 | "Error" | ||
68 | } | ||
69 | after 100 | ||
diff --git a/test/fscheck-readonly.exp b/test/fscheck-readonly.exp new file mode 100755 index 000000000..e0f0a8a1d --- /dev/null +++ b/test/fscheck-readonly.exp | |||
@@ -0,0 +1,14 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # dir | ||
8 | send -- "firejail --net=br0 --read-only=../test/fscheck-dir\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "Error" | ||
12 | } | ||
13 | after 100 | ||
14 | |||
diff --git a/test/fscheck-shell.exp b/test/fscheck-shell.exp new file mode 100755 index 000000000..d2320a4c3 --- /dev/null +++ b/test/fscheck-shell.exp | |||
@@ -0,0 +1,69 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # dir | ||
8 | send -- "firejail --net=br0 --shell=fscheck-dir\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "Error" | ||
12 | } | ||
13 | after 100 | ||
14 | |||
15 | # .. | ||
16 | send -- "firejail --net=br0 --shell=../test/fscheck-dir\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
19 | "Error" | ||
20 | } | ||
21 | after 100 | ||
22 | |||
23 | # dir link | ||
24 | send -- "firejail --net=br0 --shell=fscheck-dir-link\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 1\n";exit} | ||
27 | "Error" | ||
28 | } | ||
29 | after 100 | ||
30 | |||
31 | # .. | ||
32 | send -- "firejail --net=br0 --shell=../test/fscheck-dir-link\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
35 | "Error" | ||
36 | } | ||
37 | after 100 | ||
38 | |||
39 | # file link | ||
40 | send -- "firejail --net=br0 --shell=fscheck-file-link\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 2\n";exit} | ||
43 | "Error" | ||
44 | } | ||
45 | after 100 | ||
46 | |||
47 | # .. | ||
48 | send -- "firejail --net=br0 --shell=../test/fscheck-file-link\r" | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 2\n";exit} | ||
51 | "Error" | ||
52 | } | ||
53 | after 100 | ||
54 | |||
55 | # no file | ||
56 | send -- "firejail --net=br0 --shell=../test/nofile\r" | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 3\n";exit} | ||
59 | "Error" | ||
60 | } | ||
61 | after 100 | ||
62 | |||
63 | # real GID/UID | ||
64 | send -- "firejail --net=br0 --shell=/etc/shadow\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 4\n";exit} | ||
67 | "Error" | ||
68 | } | ||
69 | after 100 | ||
diff --git a/test/fscheck-tmpfs.exp b/test/fscheck-tmpfs.exp new file mode 100755 index 000000000..d5bbccd96 --- /dev/null +++ b/test/fscheck-tmpfs.exp | |||
@@ -0,0 +1,14 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # .. | ||
8 | send -- "firejail --net=br0 --tmpfs=../test/fscheck-dir\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
11 | "Error" | ||
12 | } | ||
13 | after 100 | ||
14 | |||
diff --git a/test/fscheck.sh b/test/fscheck.sh new file mode 100755 index 000000000..25756d5be --- /dev/null +++ b/test/fscheck.sh | |||
@@ -0,0 +1,39 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | mkdir fscheck-dir | ||
4 | ln -s fscheck-dir fscheck-dir-link | ||
5 | touch fscheck-file | ||
6 | ln -s fscheck-file fscheck-file-link | ||
7 | touch fscheck-file-hard1 | ||
8 | ln fscheck-file-hard1 fscheck-file-hard2 | ||
9 | |||
10 | echo "TESTING: fscheck netfilter" | ||
11 | ./fscheck-netfilter.exp | ||
12 | echo "TESTING: fscheck shell" | ||
13 | ./fscheck-shell.exp | ||
14 | echo "TESTING: fscheck private" | ||
15 | ./fscheck-private.exp | ||
16 | echo "TESTING: fscheck private keep" | ||
17 | ./fscheck-privatekeep.exp | ||
18 | echo "TESTING: fscheck profile" | ||
19 | ./fscheck-profile.exp | ||
20 | echo "TESTING: fscheck chroot" | ||
21 | ./fscheck-chroot.exp | ||
22 | echo "TESTING: fscheck output" | ||
23 | ./fscheck-output.exp | ||
24 | echo "TESTING: fscheck bind nonroot" | ||
25 | ./fscheck-bindnoroot.exp | ||
26 | echo "TESTING: fscheck tmpfs" | ||
27 | ./fscheck-tmpfs.exp | ||
28 | echo "TESTING: fscheck readonly" | ||
29 | ./fscheck-readonly.exp | ||
30 | echo "TESTING: fscheck blacklist" | ||
31 | ./fscheck-blacklist.exp | ||
32 | |||
33 | |||
34 | rm -fr fscheck-dir | ||
35 | rm -fr fscheck-dir-link | ||
36 | rm -fr fscheck-file-link | ||
37 | rm -fr fscheck-file | ||
38 | rm -fr fscheck-file-hard1 | ||
39 | rm -fr fscheck-file-hard2 | ||
diff --git a/test/login_ssh.exp b/test/login_ssh.exp new file mode 100755 index 000000000..dff6dc655 --- /dev/null +++ b/test/login_ssh.exp | |||
@@ -0,0 +1,59 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "ssh bingo@0\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "password:" { | ||
11 | puts "\nTESTING: please enter SSH password" | ||
12 | set oldmode [stty -echo -raw] | ||
13 | expect_user -re "(.*)\n" | ||
14 | send_user "\n" | ||
15 | eval stty $oldmode | ||
16 | # stty echo | ||
17 | set pass $expect_out(1,string) | ||
18 | send -- "$pass\r" | ||
19 | puts "TESTING: password sent to the server" | ||
20 | } | ||
21 | "Child process initialized" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | # test default gw | ||
26 | send -- "bash\r" | ||
27 | sleep 1 | ||
28 | send -- "ps aux; pwd\r" | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 1\n";exit} | ||
31 | "/bin/bash" | ||
32 | } | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 2\n";exit} | ||
35 | "bash" | ||
36 | } | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 3\n";exit} | ||
39 | "ps aux" | ||
40 | } | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 4\n";exit} | ||
43 | "home" | ||
44 | } | ||
45 | sleep 1 | ||
46 | |||
47 | |||
48 | send -- "ps aux |wc -l; pwd\r" | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 5\n";exit} | ||
51 | "5" | ||
52 | } | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 6\n";exit} | ||
55 | "home" | ||
56 | } | ||
57 | sleep 1 | ||
58 | |||
59 | puts "\n" | ||
diff --git a/test/midori.exp b/test/midori.exp new file mode 100755 index 000000000..ec33816dd --- /dev/null +++ b/test/midori.exp | |||
@@ -0,0 +1,73 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail midori www.gentoo.org\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Reading profile /etc/firejail/midori.profile" | ||
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 10 | ||
17 | |||
18 | spawn $env(SHELL) | ||
19 | send -- "firejail --list\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 3\n";exit} | ||
22 | ":firejail" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
26 | "midori" | ||
27 | } | ||
28 | sleep 1 | ||
29 | |||
30 | send -- "firejail --name=blablabla\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 4\n";exit} | ||
33 | "Child process initialized" | ||
34 | } | ||
35 | sleep 2 | ||
36 | |||
37 | spawn $env(SHELL) | ||
38 | send -- "firemon --seccomp\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 5\n";exit} | ||
41 | ":firejail midori" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
45 | "Seccomp: 2" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
49 | "name=blablabla" | ||
50 | } | ||
51 | sleep 1 | ||
52 | send -- "firemon --caps\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 6\n";exit} | ||
55 | ":firejail midori" | ||
56 | } | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
59 | "CapBnd" | ||
60 | } | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
63 | "0000000000000000" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.3n";exit} | ||
67 | "name=blablabla" | ||
68 | } | ||
69 | sleep 1 | ||
70 | |||
71 | |||
72 | puts "\n" | ||
73 | |||
diff --git a/test/name.exp b/test/name.exp new file mode 100755 index 000000000..704b8315e --- /dev/null +++ b/test/name.exp | |||
@@ -0,0 +1,25 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --name=baluba\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 1\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "ping -c 3 baluba;pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 2\n";exit} | ||
17 | "3 packets transmitted, 3 received" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3\n";exit} | ||
21 | "home" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | puts "\n" | ||
diff --git a/test/net_arp.exp b/test/net_arp.exp new file mode 100755 index 000000000..9e07744f3 --- /dev/null +++ b/test/net_arp.exp | |||
@@ -0,0 +1,71 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --net=br0 sleep 20 &\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | send -- "firejail --net=br0 sleep 20 &\r" | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 1\n";exit} | ||
15 | "Child process initialized" | ||
16 | } | ||
17 | send -- "firejail --net=br0 sleep 20 &\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 2\n";exit} | ||
20 | "Child process initialized" | ||
21 | } | ||
22 | send -- "firejail --net=br0 sleep 20 &\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | "Child process initialized" | ||
26 | } | ||
27 | send -- "firejail --net=br0 sleep 20 &\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 4\n";exit} | ||
30 | "Child process initialized" | ||
31 | } | ||
32 | |||
33 | # will fail | ||
34 | send -- "firejail --net=br0 sleep 20 &\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 5n";exit} | ||
37 | "cannot assign an IP address" | ||
38 | } | ||
39 | |||
40 | send -- "firejail --net=br0 sleep 20 &\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 6\n";exit} | ||
43 | "cannot assign an IP address" | ||
44 | } | ||
45 | |||
46 | # check firejail --list | ||
47 | send -- "firejail --list\r" | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 7.1\n";exit} | ||
50 | "sleep 20" | ||
51 | } | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 7.2\n";exit} | ||
54 | "sleep 20" | ||
55 | } | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 7.3\n";exit} | ||
58 | "sleep 20" | ||
59 | } | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 7.4\n";exit} | ||
62 | "sleep 20" | ||
63 | } | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 7.5\n";exit} | ||
66 | "sleep 20" | ||
67 | } | ||
68 | |||
69 | # wait for snadboxes to be shutdown | ||
70 | sleep 30 | ||
71 | puts "\n" | ||
diff --git a/test/net_badip.exp b/test/net_badip.exp new file mode 100755 index 000000000..71b69e104 --- /dev/null +++ b/test/net_badip.exp | |||
@@ -0,0 +1,16 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # check eth0 | ||
8 | send -- "firejail --net=br0 --net=br1 --ip=10.100.10.47\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0.0\n";exit} | ||
11 | "the IP address is not" | ||
12 | } | ||
13 | sleep 1 | ||
14 | |||
15 | puts "\n" | ||
16 | |||
diff --git a/test/net_defaultgw.exp b/test/net_defaultgw.exp new file mode 100755 index 000000000..9820660b7 --- /dev/null +++ b/test/net_defaultgw.exp | |||
@@ -0,0 +1,65 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # check ip address | ||
8 | send -- "firejail --net=br0 --ip=10.10.20.5 --defaultgw=10.10.20.2\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "eth0" | ||
12 | } | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 1\n";exit} | ||
15 | "10.10.20.5" | ||
16 | } | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 2\n";exit} | ||
19 | "255.255.255.248" | ||
20 | } | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 3\n";exit} | ||
23 | "UP" | ||
24 | } | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 4\n";exit} | ||
27 | "Child process initialized" | ||
28 | } | ||
29 | |||
30 | # check default gateway | ||
31 | send -- "bash\r" | ||
32 | sleep 1 | ||
33 | send -- "netstat -rn;pwd\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 10.1\n";exit} | ||
36 | "0.0.0.0" | ||
37 | } | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 10.2\n";exit} | ||
40 | "10.10.20.2" | ||
41 | } | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 10.3\n";exit} | ||
44 | "eth0" | ||
45 | } | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 10.4\n";exit} | ||
48 | "10.10.20.0" | ||
49 | } | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 10.5\n";exit} | ||
52 | "0.0.0.0" | ||
53 | } | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 10.6\n";exit} | ||
56 | "eth0" | ||
57 | } | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 10\n";exit} | ||
60 | "home" | ||
61 | } | ||
62 | sleep 1 | ||
63 | |||
64 | puts "\n" | ||
65 | |||
diff --git a/test/net_defaultgw2.exp b/test/net_defaultgw2.exp new file mode 100755 index 000000000..be9b4882a --- /dev/null +++ b/test/net_defaultgw2.exp | |||
@@ -0,0 +1,65 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # check ip address | ||
8 | send -- "firejail --net=br0 --net=br1 --defaultgw=10.10.30.89\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "eth1" | ||
12 | } | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 4\n";exit} | ||
15 | "Child process initialized" | ||
16 | } | ||
17 | |||
18 | # check default gateway | ||
19 | send -- "bash\r" | ||
20 | sleep 1 | ||
21 | send -- "netstat -rn;pwd\r" | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 10.1\n";exit} | ||
24 | "0.0.0.0" | ||
25 | } | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 10.2\n";exit} | ||
28 | "10.10.30.89" | ||
29 | } | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 10.3\n";exit} | ||
32 | "eth1" | ||
33 | } | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 10.4\n";exit} | ||
36 | "10.10.20.0" | ||
37 | } | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 10.5\n";exit} | ||
40 | "0.0.0.0" | ||
41 | } | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 10.6\n";exit} | ||
44 | "eth0" | ||
45 | } | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 10.4\n";exit} | ||
48 | "10.10.30.0" | ||
49 | } | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 10.5\n";exit} | ||
52 | "0.0.0.0" | ||
53 | } | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 10.6\n";exit} | ||
56 | "eth1" | ||
57 | } | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 10\n";exit} | ||
60 | "home" | ||
61 | } | ||
62 | sleep 1 | ||
63 | |||
64 | puts "\n" | ||
65 | |||
diff --git a/test/net_defaultgw3.exp b/test/net_defaultgw3.exp new file mode 100755 index 000000000..64da9dfca --- /dev/null +++ b/test/net_defaultgw3.exp | |||
@@ -0,0 +1,17 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # check ip address | ||
8 | send -- "firejail --net=br0 --net=br1 --defaultgw=10.10.95.89\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "default gateway 10.10.95.89 is not in the range of any network" | ||
12 | } | ||
13 | |||
14 | sleep 1 | ||
15 | |||
16 | puts "\n" | ||
17 | |||
diff --git a/test/net_ip.exp b/test/net_ip.exp new file mode 100755 index 000000000..5995296c7 --- /dev/null +++ b/test/net_ip.exp | |||
@@ -0,0 +1,91 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # check ip address | ||
8 | send -- "firejail --net=br0 --ip=10.10.20.5\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "eth0" | ||
12 | } | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 1\n";exit} | ||
15 | "10.10.20.5" | ||
16 | } | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 2\n";exit} | ||
19 | "255.255.255.248" | ||
20 | } | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 3\n";exit} | ||
23 | "UP" | ||
24 | } | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 4\n";exit} | ||
27 | "Child process initialized" | ||
28 | } | ||
29 | sleep 2 | ||
30 | send -- "exit\r" | ||
31 | sleep 2 | ||
32 | |||
33 | # check loopback | ||
34 | send -- "firejail --net=br0 --ip=10.10.20.5\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 5\n";exit} | ||
37 | "lo" | ||
38 | } | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 6\n";exit} | ||
41 | "127.0.0.1" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 7\n";exit} | ||
45 | "255.0.0.0" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 8\n";exit} | ||
49 | "UP" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 9\n";exit} | ||
53 | "Child process initialized" | ||
54 | } | ||
55 | |||
56 | # check default gateway | ||
57 | send -- "bash\r" | ||
58 | sleep 1 | ||
59 | send -- "netstat -rn;pwd\r" | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 10.1\n";exit} | ||
62 | "0.0.0.0" | ||
63 | } | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 10.2\n";exit} | ||
66 | "10.10.20.1" | ||
67 | } | ||
68 | expect { | ||
69 | timeout {puts "TESTING ERROR 10.3\n";exit} | ||
70 | "eth0" | ||
71 | } | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 10.4\n";exit} | ||
74 | "10.10.20.0" | ||
75 | } | ||
76 | expect { | ||
77 | timeout {puts "TESTING ERROR 10.5\n";exit} | ||
78 | "0.0.0.0" | ||
79 | } | ||
80 | expect { | ||
81 | timeout {puts "TESTING ERROR 10.6\n";exit} | ||
82 | "eth0" | ||
83 | } | ||
84 | expect { | ||
85 | timeout {puts "TESTING ERROR 10\n";exit} | ||
86 | "home" | ||
87 | } | ||
88 | sleep 1 | ||
89 | |||
90 | puts "\n" | ||
91 | |||
diff --git a/test/net_local.exp b/test/net_local.exp new file mode 100755 index 000000000..9302ec4ef --- /dev/null +++ b/test/net_local.exp | |||
@@ -0,0 +1,49 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # check ip address | ||
8 | send -- "firejail --debug\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "Using the local network stack" | ||
12 | } | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 4\n";exit} | ||
15 | "Child process initialized" | ||
16 | } | ||
17 | sleep 2 | ||
18 | send -- "exit\r" | ||
19 | sleep 2 | ||
20 | |||
21 | # check loopback | ||
22 | send -- "firejail\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 9\n";exit} | ||
25 | "Child process initialized" | ||
26 | } | ||
27 | sleep 1 | ||
28 | |||
29 | |||
30 | send -- "/sbin/ifconfig\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 5\n";exit} | ||
33 | "lo" | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 6\n";exit} | ||
37 | "127.0.0.1" | ||
38 | } | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 7\n";exit} | ||
41 | "255.0.0.0" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 8\n";exit} | ||
45 | "UP" | ||
46 | } | ||
47 | |||
48 | puts "\n" | ||
49 | |||
diff --git a/test/net_mac.exp b/test/net_mac.exp new file mode 100755 index 000000000..555d86b74 --- /dev/null +++ b/test/net_mac.exp | |||
@@ -0,0 +1,36 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # check ip address | ||
8 | send -- "firejail --net=br0 --ip=10.10.20.5 --mac=00:11:22:33:44:55\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "eth0" | ||
12 | } | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
15 | "00:11:22:33:44:55" | ||
16 | } | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 1\n";exit} | ||
19 | "10.10.20.5" | ||
20 | } | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 2\n";exit} | ||
23 | "255.255.255.248" | ||
24 | } | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 3\n";exit} | ||
27 | "UP" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 4\n";exit} | ||
31 | "Child process initialized" | ||
32 | } | ||
33 | sleep 1 | ||
34 | |||
35 | puts "\n" | ||
36 | |||
diff --git a/test/net_macvlan.exp b/test/net_macvlan.exp new file mode 100755 index 000000000..20d022de9 --- /dev/null +++ b/test/net_macvlan.exp | |||
@@ -0,0 +1,88 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # check the existing address | ||
8 | spawn $env(SHELL) | ||
9 | send -- "firejail --net=eth0 --ip=192.168.1.60\r" | ||
10 | expect { | ||
11 | timeout {puts "TESTING ERROR 1.1\n";puts "Please open a sandbox on 192.168.1.60\n";exit} | ||
12 | "the address 192.168.1.60 is already in use" | ||
13 | } | ||
14 | |||
15 | |||
16 | |||
17 | # grab 30 ip addresses | ||
18 | set MAXi 229 | ||
19 | set i 200 | ||
20 | while { $i <= $MAXi } { | ||
21 | spawn $env(SHELL) | ||
22 | send -- "firejail --net=eth0 --ip=192.168.1.$i\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 0\n";exit} | ||
25 | "Child process initialized" | ||
26 | } | ||
27 | incr i | ||
28 | after 100 | ||
29 | } | ||
30 | |||
31 | |||
32 | # check an existing address | ||
33 | spawn $env(SHELL) | ||
34 | send -- "firejail --net=eth0 --ip=192.168.1.200\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 1\n";exit} | ||
37 | "the address 192.168.1.200 is already in use" | ||
38 | } | ||
39 | |||
40 | |||
41 | set MAXi 254 | ||
42 | set i 2 | ||
43 | while { $i <= $MAXi } { | ||
44 | spawn $env(SHELL) | ||
45 | send -- "firejail --net=eth0\r" | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
48 | "192.168.1.60" {puts "TESTING ERROR 2.2\n";exit} | ||
49 | "192.168.1.200" {puts "TESTING ERROR 3\n";exit} | ||
50 | "192.168.1.201" {puts "TESTING ERROR 3\n";exit} | ||
51 | "192.168.1.202" {puts "TESTING ERROR 3\n";exit} | ||
52 | "192.168.1.203" {puts "TESTING ERROR 3\n";exit} | ||
53 | "192.168.1.204" {puts "TESTING ERROR 3\n";exit} | ||
54 | "192.168.1.205" {puts "TESTING ERROR 3\n";exit} | ||
55 | "192.168.1.206" {puts "TESTING ERROR 3\n";exit} | ||
56 | "192.168.1.207" {puts "TESTING ERROR 3\n";exit} | ||
57 | "192.168.1.208" {puts "TESTING ERROR 3\n";exit} | ||
58 | "192.168.1.209" {puts "TESTING ERROR 3\n";exit} | ||
59 | "192.168.1.210" {puts "TESTING ERROR 3\n";exit} | ||
60 | "192.168.1.211" {puts "TESTING ERROR 3\n";exit} | ||
61 | "192.168.1.212" {puts "TESTING ERROR 3\n";exit} | ||
62 | "192.168.1.213" {puts "TESTING ERROR 3\n";exit} | ||
63 | "192.168.1.214" {puts "TESTING ERROR 3\n";exit} | ||
64 | "192.168.1.215" {puts "TESTING ERROR 3\n";exit} | ||
65 | "192.168.1.216" {puts "TESTING ERROR 3\n";exit} | ||
66 | "192.168.1.217" {puts "TESTING ERROR 3\n";exit} | ||
67 | "192.168.1.218" {puts "TESTING ERROR 3\n";exit} | ||
68 | "192.168.1.219" {puts "TESTING ERROR 3\n";exit} | ||
69 | "192.168.1.220" {puts "TESTING ERROR 3\n";exit} | ||
70 | "192.168.1.221" {puts "TESTING ERROR 3\n";exit} | ||
71 | "192.168.1.222" {puts "TESTING ERROR 3\n";exit} | ||
72 | "192.168.1.223" {puts "TESTING ERROR 3\n";exit} | ||
73 | "192.168.1.224" {puts "TESTING ERROR 3\n";exit} | ||
74 | "192.168.1.225" {puts "TESTING ERROR 3\n";exit} | ||
75 | "192.168.1.226" {puts "TESTING ERROR 3\n";exit} | ||
76 | "192.168.1.227" {puts "TESTING ERROR 3\n";exit} | ||
77 | "192.168.1.228" {puts "TESTING ERROR 3\n";exit} | ||
78 | "192.168.1.229" {puts "TESTING ERROR 3\n";exit} | ||
79 | "Child process initialized" | ||
80 | } | ||
81 | puts "************ $i ******************\n" | ||
82 | incr i | ||
83 | after 100 | ||
84 | # sleep 1 | ||
85 | } | ||
86 | |||
87 | puts "\n" | ||
88 | |||
diff --git a/test/net_netfilter.exp b/test/net_netfilter.exp new file mode 100755 index 000000000..8583d4625 --- /dev/null +++ b/test/net_netfilter.exp | |||
@@ -0,0 +1,88 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # check default netfilter on br0 | ||
8 | send -- "firejail --debug --net=br0 --ip=10.10.20.5 --netfilter\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "Installing network filter" | ||
12 | } | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 1\n";exit} | ||
15 | "Chain INPUT (policy DROP" | ||
16 | } | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 2\n";exit} | ||
19 | "ACCEPT all -- any any anywhere" | ||
20 | } | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 3\n";exit} | ||
23 | "ACCEPT icmp -- any any anywhere" | ||
24 | } | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 4\n";exit} | ||
27 | "Child process initialized" | ||
28 | } | ||
29 | sleep 2 | ||
30 | send -- "exit\r" | ||
31 | sleep 1 | ||
32 | |||
33 | # check default netfilter no new network | ||
34 | send -- "firejail --debug --netfilter\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 5\n";exit} | ||
37 | "Installing network filter" {puts "TESTING ERROR 5.1\n";exit} | ||
38 | "Chain INPUT (policy DROP" {puts "TESTING ERROR 5.1\n";exit} | ||
39 | "ACCEPT all -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} | ||
40 | "ACCEPT icmp -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} | ||
41 | "Child process initialized" | ||
42 | } | ||
43 | sleep 2 | ||
44 | send -- "exit\r" | ||
45 | sleep 1 | ||
46 | |||
47 | # check file filter netfilter on br0 | ||
48 | send -- "firejail --debug --net=br0 --ip=10.10.20.5 --netfilter=netfilter.filter\r" | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 6\n";exit} | ||
51 | "Installing network filter" | ||
52 | } | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
55 | "Child process initialized" | ||
56 | } | ||
57 | sleep 2 | ||
58 | send -- "ping -c 1 -w 3 10.10.20.1\r" | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
61 | "0 received, 100% packet loss" | ||
62 | } | ||
63 | |||
64 | send -- "exit\r" | ||
65 | sleep 1 | ||
66 | |||
67 | # check profile netfilter on br0 | ||
68 | send -- "firejail --debug --net=br0 --ip=10.10.20.5 --profile=netfilter.profile\r" | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 7\n";exit} | ||
71 | "Installing network filter" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 7.1\n";exit} | ||
75 | "Child process initialized" | ||
76 | } | ||
77 | sleep 2 | ||
78 | send -- "ping -c 1 -w 3 10.10.20.1\r" | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 7.2\n";exit} | ||
81 | "0 received, 100% packet loss" | ||
82 | } | ||
83 | |||
84 | send -- "exit\r" | ||
85 | sleep 1 | ||
86 | |||
87 | puts "\n" | ||
88 | |||
diff --git a/test/net_noip.exp b/test/net_noip.exp new file mode 100755 index 000000000..3db67885d --- /dev/null +++ b/test/net_noip.exp | |||
@@ -0,0 +1,41 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # check ip address | ||
8 | send -- "firejail --net=br0 --ip=none\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "eth0" {puts "TESTING ERROR 1\n";exit} | ||
12 | "Child process initialized" | ||
13 | } | ||
14 | sleep 1 | ||
15 | send -- "bash\r" | ||
16 | sleep 1 | ||
17 | |||
18 | # no default gateway configured | ||
19 | send -- "netstat -rn;pwd\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 2\n";exit} | ||
22 | "0.0.0.0" {puts "TESTING ERROR 3\n";exit} | ||
23 | "eth0" {puts "TESTING ERROR 4\n";exit} | ||
24 | "home" | ||
25 | } | ||
26 | sleep 1 | ||
27 | |||
28 | # eth0 configured | ||
29 | send -- "/sbin/ifconfig;pwd\r" | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 5\n";exit} | ||
32 | "eth0" | ||
33 | } | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 6\n";exit} | ||
36 | "home" | ||
37 | } | ||
38 | sleep 1 | ||
39 | |||
40 | puts "\n" | ||
41 | |||
diff --git a/test/net_noip2.exp b/test/net_noip2.exp new file mode 100755 index 000000000..234aec8a8 --- /dev/null +++ b/test/net_noip2.exp | |||
@@ -0,0 +1,41 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # check ip address | ||
8 | send -- "firejail --net=br1 --ip=none --defaultgw=10.10.30.78\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "eth0" {puts "TESTING ERROR 1\n";exit} | ||
12 | "Child process initialized" | ||
13 | } | ||
14 | sleep 1 | ||
15 | send -- "bash\r" | ||
16 | sleep 1 | ||
17 | |||
18 | # no default gateway configured | ||
19 | send -- "netstat -rn;pwd\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 2\n";exit} | ||
22 | "0.0.0.0" {puts "TESTING ERROR 3\n";exit} | ||
23 | "eth0" {puts "TESTING ERROR 4\n";exit} | ||
24 | "home" | ||
25 | } | ||
26 | sleep 1 | ||
27 | |||
28 | # eth0 configured | ||
29 | send -- "/sbin/ifconfig;pwd\r" | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 5\n";exit} | ||
32 | "eth0" | ||
33 | } | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 6\n";exit} | ||
36 | "home" | ||
37 | } | ||
38 | sleep 1 | ||
39 | |||
40 | puts "\n" | ||
41 | |||
diff --git a/test/net_none.exp b/test/net_none.exp new file mode 100755 index 000000000..dfa14a211 --- /dev/null +++ b/test/net_none.exp | |||
@@ -0,0 +1,36 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --net=none\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "eth0" {puts "TESTING ERROR 0.1\n";exit} | ||
11 | "Child process initialized" | ||
12 | } | ||
13 | sleep 1 | ||
14 | |||
15 | # test default gw | ||
16 | send -- "bash\r" | ||
17 | sleep 1 | ||
18 | send -- "netstat -rn; pwd\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1\n";exit} | ||
21 | "0.0.0.0" {puts "TESTING ERROR 1.1\n";exit} | ||
22 | "home" | ||
23 | } | ||
24 | sleep 1 | ||
25 | |||
26 | # check again devices | ||
27 | send -- "cat /proc/1/net/dev;pwd\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 2\n";exit} | ||
30 | "eth0" {puts "TESTING ERROR 2.1\n";exit} | ||
31 | "home" | ||
32 | } | ||
33 | sleep 1 | ||
34 | |||
35 | |||
36 | puts "\n" | ||
diff --git a/test/netfilter.filter b/test/netfilter.filter new file mode 100644 index 000000000..3e232065c --- /dev/null +++ b/test/netfilter.filter | |||
@@ -0,0 +1,6 @@ | |||
1 | *filter | ||
2 | :INPUT DROP [0:0] | ||
3 | :FORWARD DROP [0:0] | ||
4 | :OUTPUT ACCEPT [0:0] | ||
5 | -A INPUT -i lo -j ACCEPT | ||
6 | COMMIT | ||
diff --git a/test/netfilter.profile b/test/netfilter.profile new file mode 100644 index 000000000..824c6cd0f --- /dev/null +++ b/test/netfilter.profile | |||
@@ -0,0 +1 @@ | |||
netfilter netfilter.filter | |||
diff --git a/test/noroot.exp b/test/noroot.exp new file mode 100755 index 000000000..78991d4a9 --- /dev/null +++ b/test/noroot.exp | |||
@@ -0,0 +1,124 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --debug --noroot --caps.drop=all --seccomp --cpu=0,1 --name=noroot-sandbox\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "cat /proc/self/status\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "CapBnd:" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
21 | "0000000000000000" | ||
22 | } | ||
23 | |||
24 | send -- "cat /proc/self/status\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "Cpus_allowed:" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
31 | "3" | ||
32 | } | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
35 | "Cpus_allowed_list:" | ||
36 | } | ||
37 | puts "\n" | ||
38 | |||
39 | send -- "cat /proc/self/status\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 2\n";exit} | ||
42 | "Seccomp:" | ||
43 | } | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
46 | "2" | ||
47 | } | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
50 | "Cpus_allowed:" | ||
51 | } | ||
52 | puts "\n" | ||
53 | |||
54 | send -- "cat /etc/hostname\r" | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 3\n";exit} | ||
57 | "noroot-sandbox" | ||
58 | } | ||
59 | puts "\n" | ||
60 | |||
61 | send -- "ping 0\r" | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 4\n";exit} | ||
64 | "Operation not permitted" | ||
65 | } | ||
66 | puts "\n" | ||
67 | |||
68 | send -- "whoami\r" | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 55\\n";exit} | ||
71 | "netblue" | ||
72 | } | ||
73 | puts "\n" | ||
74 | send -- "exit\r" | ||
75 | sleep 2 | ||
76 | |||
77 | |||
78 | send -- "firejail --noroot\r" | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 6\n";exit} | ||
81 | "Child process initialized" | ||
82 | } | ||
83 | sleep 1 | ||
84 | send -- "whoami\r" | ||
85 | expect { | ||
86 | timeout {puts "TESTING ERROR 7\n";exit} | ||
87 | "netblue" | ||
88 | } | ||
89 | send -- "sudo -s\r" | ||
90 | expect { | ||
91 | timeout {puts "TESTING ERROR 8\n";exit} | ||
92 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | ||
93 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
94 | } | ||
95 | puts "\n" | ||
96 | send -- "exit\r" | ||
97 | sleep 2 | ||
98 | |||
99 | send -- "firejail --name=test --noroot\r" | ||
100 | expect { | ||
101 | timeout {puts "TESTING ERROR 9\n";exit} | ||
102 | "Child process initialized" | ||
103 | } | ||
104 | sleep 1 | ||
105 | |||
106 | spawn $env(SHELL) | ||
107 | send -- "firejail --debug --join=test\r" | ||
108 | expect { | ||
109 | timeout {puts "TESTING ERROR 9\n";exit} | ||
110 | "User namespace detected" | ||
111 | } | ||
112 | expect { | ||
113 | timeout {puts "TESTING ERROR 9\n";exit} | ||
114 | "Joining user namespace" | ||
115 | } | ||
116 | sleep 1 | ||
117 | |||
118 | send -- "sudo -s\r" | ||
119 | expect { | ||
120 | timeout {puts "TESTING ERROR 8\n";exit} | ||
121 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | ||
122 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
123 | } | ||
124 | puts "\n" | ||
diff --git a/test/opera.exp b/test/opera.exp new file mode 100755 index 000000000..f536ae866 --- /dev/null +++ b/test/opera.exp | |||
@@ -0,0 +1,72 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail opera www.gentoo.org\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Reading profile /etc/firejail/opera.profile" | ||
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 10 | ||
17 | |||
18 | spawn $env(SHELL) | ||
19 | send -- "firejail --list\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 3\n";exit} | ||
22 | ":firejail" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
26 | "opera" | ||
27 | } | ||
28 | sleep 1 | ||
29 | |||
30 | send -- "firejail --name=blablabla\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 4\n";exit} | ||
33 | "Child process initialized" | ||
34 | } | ||
35 | sleep 2 | ||
36 | |||
37 | spawn $env(SHELL) | ||
38 | send -- "firemon --seccomp\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 5\n";exit} | ||
41 | ":firejail opera" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
45 | "Seccomp: 0" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
49 | "name=blablabla" | ||
50 | } | ||
51 | sleep 1 | ||
52 | send -- "firemon --caps\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 6\n";exit} | ||
55 | ":firejail opera" | ||
56 | } | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
59 | "CapBnd:" | ||
60 | } | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
63 | "fffffffff" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
67 | "name=blablabla" | ||
68 | } | ||
69 | sleep 1 | ||
70 | |||
71 | puts "\n" | ||
72 | |||
diff --git a/test/option-join.exp b/test/option-join.exp new file mode 100755 index 000000000..ad8ba73e0 --- /dev/null +++ b/test/option-join.exp | |||
@@ -0,0 +1,43 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --name=svntesting\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 3 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "firejail --join=svntesting;pwd\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "Switching to pid" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 2 (join) \n";exit} | ||
22 | "@svntesting" | ||
23 | } | ||
24 | sleep 1 | ||
25 | |||
26 | |||
27 | spawn $env(SHELL) | ||
28 | send -- "firejail --shutdown=svntesting;pwd\r" | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 3\n";exit} | ||
31 | "home" | ||
32 | } | ||
33 | sleep 1 | ||
34 | |||
35 | send -- "firejail --list;pwd\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 4\n";exit} | ||
38 | "svntesting" {puts "TESTING ERROR 5\n";exit} | ||
39 | "home" | ||
40 | } | ||
41 | sleep 1 | ||
42 | |||
43 | puts "\n" | ||
diff --git a/test/option-shutdown.exp b/test/option-shutdown.exp new file mode 100755 index 000000000..260a5b84f --- /dev/null +++ b/test/option-shutdown.exp | |||
@@ -0,0 +1,30 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --name=svntesting\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 3 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "firejail --shutdown=svntesting;pwd\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 4\n";exit} | ||
18 | "home" | ||
19 | } | ||
20 | sleep 1 | ||
21 | |||
22 | send -- "firejail --list;pwd\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 5\n";exit} | ||
25 | "svntesting" {puts "TESTING ERROR 6\n";exit} | ||
26 | "home" | ||
27 | } | ||
28 | sleep 1 | ||
29 | |||
30 | puts "\n" | ||
diff --git a/test/option-trace.exp b/test/option-trace.exp new file mode 100755 index 000000000..b8f723fb8 --- /dev/null +++ b/test/option-trace.exp | |||
@@ -0,0 +1,31 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --trace firefox --name=testing\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "command not found" {puts "\nTESTING: not tested, firefox not found\n"; exit} | ||
15 | "1:firefox:open" {puts "\n"} | ||
16 | "1:iceweasel:open" | ||
17 | } | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 2\n";exit} | ||
20 | "1:firefox:access" {puts "\n"} | ||
21 | "1:iceweasel:access" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | "1:firefox:connect" {puts "\n"} | ||
26 | "1:iceweasel:connect" | ||
27 | } | ||
28 | |||
29 | sleep 1 | ||
30 | |||
31 | puts "\n" | ||
diff --git a/test/option_bind_directory.exp b/test/option_bind_directory.exp new file mode 100755 index 000000000..1c1acc814 --- /dev/null +++ b/test/option_bind_directory.exp | |||
@@ -0,0 +1,26 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --bind=/tmp/chroot,mntpoint\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "ls mntpoint;pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "root" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "home" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | puts "\n" | ||
26 | |||
diff --git a/test/option_bind_file.exp b/test/option_bind_file.exp new file mode 100755 index 000000000..0380b68b5 --- /dev/null +++ b/test/option_bind_file.exp | |||
@@ -0,0 +1,26 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --bind=tmpfile,/etc/passwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "cat /etc/passwd;pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "hello" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "home" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | puts "\n" | ||
26 | |||
diff --git a/test/option_bind_user.exp b/test/option_bind_user.exp new file mode 100755 index 000000000..9d2d17d7f --- /dev/null +++ b/test/option_bind_user.exp | |||
@@ -0,0 +1,15 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --bind=/tmp/chroot,mntpoint\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "bind option is available only if running as root" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | puts "\n" | ||
15 | |||
diff --git a/test/option_blacklist.exp b/test/option_blacklist.exp new file mode 100755 index 000000000..b80d0cc60 --- /dev/null +++ b/test/option_blacklist.exp | |||
@@ -0,0 +1,35 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --blacklist=/var\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "ls -l /var;pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Permission denied" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "home" | ||
22 | } | ||
23 | send -- "cd /var;pwd\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3\n";exit} | ||
26 | "Permission denied" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 4\n";exit} | ||
30 | "home" | ||
31 | } | ||
32 | sleep 1 | ||
33 | |||
34 | puts "\n" | ||
35 | |||
diff --git a/test/option_blacklist_file.exp b/test/option_blacklist_file.exp new file mode 100755 index 000000000..ecdfe3b82 --- /dev/null +++ b/test/option_blacklist_file.exp | |||
@@ -0,0 +1,26 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --blacklist=/etc/passwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "cat /etc/passwd;pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Permission denied" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "home" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | puts "\n" | ||
26 | |||
diff --git a/test/option_chroot_overlay.exp b/test/option_chroot_overlay.exp new file mode 100755 index 000000000..b39bc0c8e --- /dev/null +++ b/test/option_chroot_overlay.exp | |||
@@ -0,0 +1,21 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --chroot=/tmp/chroot --overlay\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "mutually exclusive" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "firejail --overlay --chroot=/tmp/chroot\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 0\n";exit} | ||
17 | "mutually exclusive" | ||
18 | } | ||
19 | sleep 1 | ||
20 | |||
21 | puts "\n" | ||
diff --git a/test/option_help.exp b/test/option_help.exp new file mode 100755 index 000000000..f4518219c --- /dev/null +++ b/test/option_help.exp | |||
@@ -0,0 +1,22 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --help\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "License GPL version 2 or later" | ||
11 | } | ||
12 | after 100 | ||
13 | |||
14 | send -- "firejail -?\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 0\n";exit} | ||
17 | "License GPL version 2 or later" | ||
18 | } | ||
19 | after 100 | ||
20 | |||
21 | puts "\n" | ||
22 | |||
diff --git a/test/option_list.exp b/test/option_list.exp new file mode 100755 index 000000000..b9c73e52b --- /dev/null +++ b/test/option_list.exp | |||
@@ -0,0 +1,48 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | after 100 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "firejail\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "Child process initialized" | ||
19 | } | ||
20 | after 100 | ||
21 | |||
22 | spawn $env(SHELL) | ||
23 | send -- "firejail\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 2\n";exit} | ||
26 | "Child process initialized" | ||
27 | } | ||
28 | sleep 1 | ||
29 | |||
30 | spawn $env(SHELL) | ||
31 | send -- "firejail --list\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 3\n";exit} | ||
34 | ":firejail" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 4\n";exit} | ||
38 | ":firejail" | ||
39 | } | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 5\n";exit} | ||
42 | ":firejail" | ||
43 | } | ||
44 | after 100 | ||
45 | |||
46 | |||
47 | puts "\n" | ||
48 | |||
diff --git a/test/option_man.exp b/test/option_man.exp new file mode 100755 index 000000000..d941a2432 --- /dev/null +++ b/test/option_man.exp | |||
@@ -0,0 +1,17 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "man firejail\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Linux namespaces sandbox program" | ||
11 | } | ||
12 | after 100 | ||
13 | |||
14 | send -- "q\r" | ||
15 | after 100 | ||
16 | puts "\n" | ||
17 | |||
diff --git a/test/option_readonly.exp b/test/option_readonly.exp new file mode 100755 index 000000000..4abbef617 --- /dev/null +++ b/test/option_readonly.exp | |||
@@ -0,0 +1,26 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --read-only=tmpreadonly\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "touch tmpreadonly;pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Read-only file system" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "home" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | puts "\n" | ||
26 | |||
diff --git a/test/option_rlimit.exp b/test/option_rlimit.exp new file mode 100755 index 000000000..17d2bd9d1 --- /dev/null +++ b/test/option_rlimit.exp | |||
@@ -0,0 +1,36 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --rlimit-fsize=1024 --rlimit-nproc=1000 --rlimit-nofile=500 --rlimit-sigpending=200\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "cat /proc/self/limits; pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
17 | "Max file size 1024 1024" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
21 | "Max processes 1000 1000" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 1.3\n";exit} | ||
25 | "Max open files 500 500" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 1.4\n";exit} | ||
29 | "Max pending signals 200 200" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 1.5\n";exit} | ||
33 | "home" | ||
34 | } | ||
35 | sleep 1 | ||
36 | puts "\n" | ||
diff --git a/test/option_tmpfs.exp b/test/option_tmpfs.exp new file mode 100755 index 000000000..1ff47ab13 --- /dev/null +++ b/test/option_tmpfs.exp | |||
@@ -0,0 +1,26 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --tmpfs=/var\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "ls -l /var;pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "total 0" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "home" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | puts "\n" | ||
26 | |||
diff --git a/test/option_tree.exp b/test/option_tree.exp new file mode 100755 index 000000000..1841907d1 --- /dev/null +++ b/test/option_tree.exp | |||
@@ -0,0 +1,60 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | after 100 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "firejail\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "Child process initialized" | ||
19 | } | ||
20 | after 100 | ||
21 | |||
22 | spawn $env(SHELL) | ||
23 | send -- "firejail\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 2\n";exit} | ||
26 | "Child process initialized" | ||
27 | } | ||
28 | sleep 1 | ||
29 | |||
30 | spawn $env(SHELL) | ||
31 | send -- "firejail --tree\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 3\n";exit} | ||
34 | ":firejail" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
38 | ":/bin/bash" | ||
39 | } | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 4\n";exit} | ||
42 | ":firejail" | ||
43 | } | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
46 | ":/bin/bash" | ||
47 | } | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 5\n";exit} | ||
50 | ":firejail" | ||
51 | } | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
54 | ":/bin/bash" | ||
55 | } | ||
56 | after 100 | ||
57 | |||
58 | |||
59 | puts "\n" | ||
60 | |||
diff --git a/test/option_version.exp b/test/option_version.exp new file mode 100755 index 000000000..44c0c217f --- /dev/null +++ b/test/option_version.exp | |||
@@ -0,0 +1,15 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --version\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "firejail version " | ||
11 | } | ||
12 | after 100 | ||
13 | |||
14 | puts "\n" | ||
15 | |||
diff --git a/test/output.exp b/test/output.exp new file mode 100755 index 000000000..90a9d64b6 --- /dev/null +++ b/test/output.exp | |||
@@ -0,0 +1,66 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "rm -f logfile*\r" | ||
8 | sleep 1 | ||
9 | puts "\n" | ||
10 | |||
11 | send -- "firejail --output=logfile -- ./output.sh\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "20000" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
18 | "60000" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
22 | "100000" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 1.3\n";exit} | ||
26 | "120000" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 1.4\n";exit} | ||
30 | "14999" | ||
31 | } | ||
32 | sleep 2 | ||
33 | puts "\n" | ||
34 | |||
35 | |||
36 | set timeout 2 | ||
37 | send -- "ls -al logfile*\r" | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 2\n";exit} | ||
40 | "logfile" | ||
41 | } | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 3\n";exit} | ||
44 | "logfile.1" | ||
45 | } | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 4\n";exit} | ||
48 | "logfile.2" | ||
49 | } | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5\n";exit} | ||
52 | "logfile.3" | ||
53 | } | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 6\n";exit} | ||
56 | "logfile.4" | ||
57 | } | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 7\n";exit} | ||
60 | "logfile.5" | ||
61 | } | ||
62 | sleep 1 | ||
63 | send -- "rm -f logfile*\r" | ||
64 | sleep 1 | ||
65 | |||
66 | puts "\n" | ||
diff --git a/test/output.sh b/test/output.sh new file mode 100755 index 000000000..2be188e3a --- /dev/null +++ b/test/output.sh | |||
@@ -0,0 +1,9 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | i="0" | ||
4 | |||
5 | while [ $i -lt 150000 ] | ||
6 | do | ||
7 | echo message number $i | ||
8 | i=$[$i+1] | ||
9 | done | ||
diff --git a/test/pid.exp b/test/pid.exp new file mode 100755 index 000000000..0baf3af0e --- /dev/null +++ b/test/pid.exp | |||
@@ -0,0 +1,48 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | # test processes | ||
15 | send -- "bash\r" | ||
16 | sleep 1 | ||
17 | send -- "ps aux; pwd\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "/bin/bash" | ||
21 | } | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 2\n";exit} | ||
24 | "bash" | ||
25 | } | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 3\n";exit} | ||
28 | "ps aux" | ||
29 | } | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 4\n";exit} | ||
32 | "home" | ||
33 | } | ||
34 | sleep 1 | ||
35 | |||
36 | |||
37 | send -- "ps aux |wc -l; pwd\r" | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 5\n";exit} | ||
40 | "5" | ||
41 | } | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 6\n";exit} | ||
44 | "home" | ||
45 | } | ||
46 | sleep 1 | ||
47 | |||
48 | puts "\n" | ||
diff --git a/test/private-keep.exp b/test/private-keep.exp new file mode 100755 index 000000000..cdae12ac3 --- /dev/null +++ b/test/private-keep.exp | |||
@@ -0,0 +1,66 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --private.keep=.mozilla,.config/firejail\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "ls -al\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
17 | ".config" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 0.2\n";exit} | ||
21 | ".mozilla" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | send -- "find .config\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 0.3\n";exit} | ||
28 | ".config" | ||
29 | } | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 0.4\n";exit} | ||
32 | ".config/firejail" | ||
33 | } | ||
34 | sleep 1 | ||
35 | puts "\n" | ||
36 | send -- "exit\r" | ||
37 | sleep 2 | ||
38 | |||
39 | |||
40 | send -- "firejail --profile=private-keep.profile\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 1.0\n";exit} | ||
43 | "Child process initialized" | ||
44 | } | ||
45 | sleep 1 | ||
46 | |||
47 | send -- "ls -al\r" | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
50 | ".config" | ||
51 | } | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
54 | ".mozilla" | ||
55 | } | ||
56 | sleep 1 | ||
57 | |||
58 | send -- "find .config\r" | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 1.3\n";exit} | ||
61 | ".config" | ||
62 | } | ||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 1.4\n";exit} | ||
65 | ".config/firejail" | ||
66 | } | ||
diff --git a/test/private-keep.profile b/test/private-keep.profile new file mode 100644 index 000000000..7f842cc04 --- /dev/null +++ b/test/private-keep.profile | |||
@@ -0,0 +1 @@ | |||
private.keep .mozilla,.config/firejail | |||
diff --git a/test/private.exp b/test/private.exp new file mode 100755 index 000000000..e2ae80b33 --- /dev/null +++ b/test/private.exp | |||
@@ -0,0 +1,95 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | if { $argc != 1 } { | ||
8 | puts "TESTING ERROR: argument missing" | ||
9 | puts "Usage: private.exp username" | ||
10 | puts "where username is the name of the current user" | ||
11 | exit | ||
12 | } | ||
13 | |||
14 | # testing profile and private | ||
15 | send -- "firejail --private --profile=/etc/firejail/firefox.profile\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 0\n";exit} | ||
18 | "Child process initialized" | ||
19 | } | ||
20 | sleep 1 | ||
21 | send -- "exit\r" | ||
22 | sleep 1 | ||
23 | |||
24 | send -- "firejail --private\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 0\n";exit} | ||
27 | "Child process initialized" | ||
28 | } | ||
29 | |||
30 | sleep 1 | ||
31 | send -- "ls -al; pwd\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
34 | ".bashrc" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 0.2\n";exit} | ||
38 | [lindex $argv 0] | ||
39 | } | ||
40 | send -- "ls -al; pwd\r" | ||
41 | expect { | ||
42 | timeout { | ||
43 | # OpenSUSE doesn't use .Xauthority from user home directory | ||
44 | send -- "env | grep XAUTHORITY\r" | ||
45 | |||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 0.3\n";exit} | ||
48 | "/run/lightdm/netblue/xauthority" | ||
49 | } | ||
50 | } | ||
51 | ".Xauthority" | ||
52 | } | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 0.4\n";exit} | ||
55 | [lindex $argv 0] | ||
56 | } | ||
57 | |||
58 | |||
59 | # testing private only | ||
60 | send -- "bash\r" | ||
61 | sleep 1 | ||
62 | # owner /home/netblue | ||
63 | send -- "ls -l /home;pwd\r" | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 1\n";exit} | ||
66 | [lindex $argv 0] | ||
67 | } | ||
68 | expect { | ||
69 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
70 | [lindex $argv 0] | ||
71 | } | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
74 | [lindex $argv 0] | ||
75 | } | ||
76 | expect { | ||
77 | timeout {puts "TESTING ERROR 1.3\n";exit} | ||
78 | "home" | ||
79 | } | ||
80 | sleep 1 | ||
81 | |||
82 | # owner /tmp | ||
83 | send -- "stat -c %U%a /tmp;pwd\r" | ||
84 | expect { | ||
85 | timeout {puts "TESTING ERROR 2\n";exit} | ||
86 | "root777" {puts "version 1\n";} | ||
87 | "root1777" {puts "version 2\n";} | ||
88 | } | ||
89 | expect { | ||
90 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
91 | "home" | ||
92 | } | ||
93 | sleep 1 | ||
94 | |||
95 | puts "\n" | ||
diff --git a/test/private.profile b/test/private.profile new file mode 100644 index 000000000..1b947b6f7 --- /dev/null +++ b/test/private.profile | |||
@@ -0,0 +1 @@ | |||
private ./dirprivate | |||
diff --git a/test/private_dir.exp b/test/private_dir.exp new file mode 100755 index 000000000..95f89362a --- /dev/null +++ b/test/private_dir.exp | |||
@@ -0,0 +1,53 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # testing private | ||
8 | send -- "firejail --private=./dirprivate\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "Child process initialized" | ||
12 | } | ||
13 | sleep 1 | ||
14 | |||
15 | send -- "ls -al;pwd\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
18 | "bashrc" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 0.2\n";exit} | ||
22 | "home" | ||
23 | } | ||
24 | send -- "ls -al;pwd\r" | ||
25 | expect { | ||
26 | timeout { | ||
27 | # OpenSUSE doesn't use .Xauthority from user home directory | ||
28 | send -- "env | grep XAUTHORITY\r" | ||
29 | |||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 0.3\n";exit} | ||
32 | "/run/lightdm/netblue/xauthority" | ||
33 | } | ||
34 | } | ||
35 | ".Xauthority" | ||
36 | } | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 0.4\n";exit} | ||
39 | [lindex $argv 0] | ||
40 | } | ||
41 | |||
42 | send -- "ls -al | wc -l;pwd\r" | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 1\n";exit} | ||
45 | "5" {puts "normal system\n";} | ||
46 | "4" {puts "OpenSUSE\n";} | ||
47 | } | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 2\n";exit} | ||
50 | "home" | ||
51 | } | ||
52 | |||
53 | puts "\n" | ||
diff --git a/test/private_dir_profile.exp b/test/private_dir_profile.exp new file mode 100755 index 000000000..e6c01798e --- /dev/null +++ b/test/private_dir_profile.exp | |||
@@ -0,0 +1,54 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # testing private | ||
8 | send -- "firejail --profile=private.profile\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "Child process initialized" | ||
12 | } | ||
13 | sleep 1 | ||
14 | |||
15 | send -- "ls -al;pwd\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
18 | "bashrc" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 0.2\n";exit} | ||
22 | "home" | ||
23 | } | ||
24 | send -- "ls -al;pwd\r" | ||
25 | expect { | ||
26 | timeout { | ||
27 | # OpenSUSE doesn't use .Xauthority from user home directory | ||
28 | send -- "env | grep XAUTHORITY\r" | ||
29 | |||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 0.3\n";exit} | ||
32 | "/run/lightdm/netblue/xauthority" | ||
33 | } | ||
34 | } | ||
35 | ".Xauthority" | ||
36 | } | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 0.4\n";exit} | ||
39 | [lindex $argv 0] | ||
40 | } | ||
41 | |||
42 | send -- "ls -al | wc -l;pwd\r" | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 1\n";exit} | ||
45 | "5" {puts "normal system\n";} | ||
46 | "4" {puts "OpenSUSE\n";} | ||
47 | } | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 2\n";exit} | ||
50 | "home" | ||
51 | } | ||
52 | |||
53 | puts "\n" | ||
54 | |||
diff --git a/test/profile_apps.exp b/test/profile_apps.exp new file mode 100755 index 000000000..c57b31489 --- /dev/null +++ b/test/profile_apps.exp | |||
@@ -0,0 +1,48 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # firefox | ||
8 | send -- "firejail --profile=/etc/firejail/firefox.profile\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "Child process initialized" | ||
12 | } | ||
13 | sleep 1 | ||
14 | send -- "exit\r" | ||
15 | sleep 1 | ||
16 | |||
17 | # iceweasel | ||
18 | send -- "firejail --profile=/etc/firejail/iceweasel.profile\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1\n";exit} | ||
21 | "Child process initialized" | ||
22 | } | ||
23 | sleep 1 | ||
24 | send -- "exit\r" | ||
25 | sleep 1 | ||
26 | |||
27 | # evince | ||
28 | send -- "firejail --profile=/etc/firejail/evince.profile\r" | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 2\n";exit} | ||
31 | "Child process initialized" | ||
32 | } | ||
33 | sleep 1 | ||
34 | send -- "exit\r" | ||
35 | sleep 1 | ||
36 | |||
37 | # midori | ||
38 | send -- "firejail --profile=/etc/firejail/midori.profile\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 3\n";exit} | ||
41 | "Child process initialized" | ||
42 | } | ||
43 | sleep 1 | ||
44 | send -- "exit\r" | ||
45 | sleep 1 | ||
46 | |||
47 | |||
48 | puts "\n" | ||
diff --git a/test/profile_followlnk.exp b/test/profile_followlnk.exp new file mode 100755 index 000000000..e2ede2865 --- /dev/null +++ b/test/profile_followlnk.exp | |||
@@ -0,0 +1,68 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "mkdir /tmp/firejailtestdir\r" | ||
8 | sleep 1 | ||
9 | send -- "ln -s /tmp/firejailtestdir /tmp/firejailtestdirlnk\r" | ||
10 | sleep 1 | ||
11 | send -- "touch /tmp/firejailtestfile\r" | ||
12 | sleep 1 | ||
13 | send -- "ln -s /tmp/firejailtestfile /tmp/firejailtestfilelnk\r" | ||
14 | sleep 1 | ||
15 | |||
16 | send -- "firejail --profile=readonly-lnk.profile --debug\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 0\n";exit} | ||
19 | "Child process initialized" | ||
20 | } | ||
21 | |||
22 | # testing private only | ||
23 | send -- "bash\r" | ||
24 | sleep 1 | ||
25 | |||
26 | |||
27 | send -- "ls > /tmp/firejailtestdirlnk/ttt;pwd\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 1\n";exit} | ||
30 | "Read-only file system" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
34 | "home" | ||
35 | } | ||
36 | sleep 1 | ||
37 | |||
38 | send -- "ls > /tmp/firejailtestfilelnk;pwd\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 2\n";exit} | ||
41 | "Read-only file system" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
45 | "home" | ||
46 | } | ||
47 | sleep 1 | ||
48 | |||
49 | send -- "exit\r" | ||
50 | sleep 1 | ||
51 | send -- "pwd\r" | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 3\n";exit} | ||
54 | "home" | ||
55 | } | ||
56 | sleep 1 | ||
57 | send -- "exit\r" | ||
58 | sleep 1 | ||
59 | send -- "pwd\r" | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 4\n";exit} | ||
62 | "home" | ||
63 | } | ||
64 | sleep 2 | ||
65 | send -- "rm -fr /tmp/firejailtest*\r" | ||
66 | sleep 1 | ||
67 | |||
68 | puts "\n" | ||
diff --git a/test/profile_noperm.exp b/test/profile_noperm.exp new file mode 100755 index 000000000..b3ed558bc --- /dev/null +++ b/test/profile_noperm.exp | |||
@@ -0,0 +1,13 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --profile=/etc/shadow\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "cannot access profile" | ||
11 | } | ||
12 | sleep 1 | ||
13 | puts "\n" | ||
diff --git a/test/profile_readonly.exp b/test/profile_readonly.exp new file mode 100755 index 000000000..046b0d738 --- /dev/null +++ b/test/profile_readonly.exp | |||
@@ -0,0 +1,64 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "mkdir /tmp/firejailtestdir\r" | ||
8 | sleep 1 | ||
9 | send -- "touch /tmp/firejailtestfile\r" | ||
10 | sleep 1 | ||
11 | |||
12 | send -- "firejail --profile=readonly.profile\r" | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 0\n";exit} | ||
15 | "Child process initialized" | ||
16 | } | ||
17 | |||
18 | # testing private only | ||
19 | send -- "bash\r" | ||
20 | sleep 1 | ||
21 | |||
22 | |||
23 | send -- "ls > /tmp/firejailtestdir/ttt;pwd\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 1\n";exit} | ||
26 | "Read-only file system" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
30 | "home" | ||
31 | } | ||
32 | sleep 1 | ||
33 | |||
34 | send -- "ls > /tmp/firejailtestfile;pwd\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 2\n";exit} | ||
37 | "Read-only file system" | ||
38 | } | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
41 | "home" | ||
42 | } | ||
43 | sleep 1 | ||
44 | |||
45 | send -- "exit\r" | ||
46 | sleep 1 | ||
47 | send -- "pwd\r" | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 3\n";exit} | ||
50 | "home" | ||
51 | } | ||
52 | sleep 1 | ||
53 | send -- "exit\r" | ||
54 | sleep 1 | ||
55 | send -- "pwd\r" | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 4\n";exit} | ||
58 | "home" | ||
59 | } | ||
60 | sleep 2 | ||
61 | send -- "rm -fr /tmp/firejailtest*\r" | ||
62 | sleep 1 | ||
63 | |||
64 | puts "\n" | ||
diff --git a/test/profile_rlimit.exp b/test/profile_rlimit.exp new file mode 100755 index 000000000..7d2637444 --- /dev/null +++ b/test/profile_rlimit.exp | |||
@@ -0,0 +1,36 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --profile=rlimit.profile\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "cat /proc/self/limits; pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
17 | "Max file size 1024 1024" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
21 | "Max processes 1000 1000" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 1.3\n";exit} | ||
25 | "Max open files 500 500" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 1.4\n";exit} | ||
29 | "Max pending signals 200 200" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 1.5\n";exit} | ||
33 | "home" | ||
34 | } | ||
35 | sleep 1 | ||
36 | puts "\n" | ||
diff --git a/test/profile_syntax.exp b/test/profile_syntax.exp new file mode 100755 index 000000000..3218177c3 --- /dev/null +++ b/test/profile_syntax.exp | |||
@@ -0,0 +1,69 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --profile=test.profile\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | |||
13 | sleep 2 | ||
14 | send -- "ls /sbin\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "cannot open" | ||
18 | } | ||
19 | |||
20 | sleep 1 | ||
21 | send -- "ls /usr/sbin\r" | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 2\n";exit} | ||
24 | "cannot open" | ||
25 | } | ||
26 | |||
27 | sleep 1 | ||
28 | send -- "ls -l /etc/shadow\r" | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 3\n";exit} | ||
31 | "root root 0" | ||
32 | } | ||
33 | |||
34 | sleep 1 | ||
35 | send -- "rmdir;pwd\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 4\n";exit} | ||
38 | "Permission denied" | ||
39 | } | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 5\n";exit} | ||
42 | "home" | ||
43 | } | ||
44 | |||
45 | sleep 1 | ||
46 | send -- "mount;pwd\r" | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 6\n";exit} | ||
49 | "Permission denied" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 7\n";exit} | ||
53 | "home" | ||
54 | } | ||
55 | |||
56 | sleep 1 | ||
57 | send -- "umount;pwd\r" | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 8\n";exit} | ||
60 | "Permission denied" | ||
61 | } | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 9\n";exit} | ||
64 | "home" | ||
65 | } | ||
66 | send -- "exit\r" | ||
67 | |||
68 | sleep 1 | ||
69 | puts "\n" | ||
diff --git a/test/profile_syntax2.exp b/test/profile_syntax2.exp new file mode 100755 index 000000000..cd514aa0e --- /dev/null +++ b/test/profile_syntax2.exp | |||
@@ -0,0 +1,47 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --debug --profile=test2.profile\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Reading profile test2.profile" | ||
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "Reading profile test.profile" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 2\n";exit} | ||
18 | "Disable /bin/rmdir" {puts "Most Linux platforms\n"} | ||
19 | "Disable /usr/bin/rmdir" { puts "OpenSUSE platform\n"} | ||
20 | } | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 3\n";exit} | ||
23 | "Mounting a new /home directory" | ||
24 | } | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 4\n";exit} | ||
27 | "Drop CAP_SYS_MODULE" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 5\n";exit} | ||
31 | "Initialize seccomp filter" | ||
32 | } | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 6\n";exit} | ||
35 | "Blacklisting syscall" | ||
36 | } | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 7\n";exit} | ||
39 | "mount" | ||
40 | } | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 8\n";exit} | ||
43 | "Child process initialized" | ||
44 | } | ||
45 | |||
46 | sleep 1 | ||
47 | puts "\n" | ||
diff --git a/test/profile_tmpfs.exp b/test/profile_tmpfs.exp new file mode 100755 index 000000000..a2faa32f7 --- /dev/null +++ b/test/profile_tmpfs.exp | |||
@@ -0,0 +1,37 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "mkdir /tmp/firejailtestdir\r" | ||
8 | sleep 1 | ||
9 | send -- "ls > /tmp/firejailtestdir/tmpfile\r" | ||
10 | sleep 1 | ||
11 | |||
12 | send -- "firejail --profile=tmpfs.profile\r" | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 0\n";exit} | ||
15 | "Child process initialized" | ||
16 | } | ||
17 | |||
18 | # testing private only | ||
19 | send -- "bash\r" | ||
20 | sleep 1 | ||
21 | |||
22 | send -- "ls -l /tmp/firejailtestdir;pwd\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
25 | "tmpfile" {puts "TESTING ERROR 1\n";exit} | ||
26 | "home" | ||
27 | } | ||
28 | sleep 1 | ||
29 | send -- "exit\r" | ||
30 | sleep 1 | ||
31 | send -- "exit\r" | ||
32 | sleep 1 | ||
33 | send -- "rm -fr /tmp/firejailtestdir\r" | ||
34 | |||
35 | sleep 1 | ||
36 | |||
37 | puts "\n" | ||
diff --git a/test/readonly-lnk.profile b/test/readonly-lnk.profile new file mode 100644 index 000000000..71ffb1a26 --- /dev/null +++ b/test/readonly-lnk.profile | |||
@@ -0,0 +1,2 @@ | |||
1 | read-only /tmp/firejailtestdirlnk | ||
2 | read-only /tmp/firejailtestfilelnk | ||
diff --git a/test/readonly.profile b/test/readonly.profile new file mode 100644 index 000000000..55d89e3d7 --- /dev/null +++ b/test/readonly.profile | |||
@@ -0,0 +1,2 @@ | |||
1 | read-only /tmp/firejailtestdir | ||
2 | read-only /tmp/firejailtestfile \ No newline at end of file | ||
diff --git a/test/rlimit.profile b/test/rlimit.profile new file mode 100644 index 000000000..271891c03 --- /dev/null +++ b/test/rlimit.profile | |||
@@ -0,0 +1,4 @@ | |||
1 | rlimit-fsize 1024 | ||
2 | rlimit-nproc 1000 | ||
3 | rlimit-nofile 500 | ||
4 | rlimit-sigpending 200 \ No newline at end of file | ||
diff --git a/test/seccomp-bad-empty.exp b/test/seccomp-bad-empty.exp new file mode 100755 index 000000000..53b5c2e21 --- /dev/null +++ b/test/seccomp-bad-empty.exp | |||
@@ -0,0 +1,38 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --seccomp=\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Error: empty syscall lists are not allowed" | ||
11 | } | ||
12 | |||
13 | send -- "firejail --seccomp.drop=\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 2\n";exit} | ||
16 | "Error: empty syscall lists are not allowed" | ||
17 | } | ||
18 | |||
19 | send -- "firejail --seccomp.keep=\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 4\n";exit} | ||
22 | "Error: empty syscall lists are not allowed" | ||
23 | } | ||
24 | |||
25 | send -- "firejail --profile=seccomp-bad-empty.profile\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 6\n";exit} | ||
28 | "Error: line 1 in the custom profile is invalid" | ||
29 | } | ||
30 | |||
31 | send -- "firejail --profile=seccomp-bad-empty2.profile\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 7\n";exit} | ||
34 | "Error: line 1 in the custom profile is invalid" | ||
35 | } | ||
36 | sleep 1 | ||
37 | puts "\n" | ||
38 | |||
diff --git a/test/seccomp-bad-empty.profile b/test/seccomp-bad-empty.profile new file mode 100644 index 000000000..2d4fcde7c --- /dev/null +++ b/test/seccomp-bad-empty.profile | |||
@@ -0,0 +1 @@ | |||
seccomp.drop | |||
diff --git a/test/seccomp-bad-empty2.profile b/test/seccomp-bad-empty2.profile new file mode 100644 index 000000000..c4e6c9f74 --- /dev/null +++ b/test/seccomp-bad-empty2.profile | |||
@@ -0,0 +1 @@ | |||
seccomp.keep | |||
diff --git a/test/seccomp-chmod-profile.exp b/test/seccomp-chmod-profile.exp new file mode 100755 index 000000000..098328cea --- /dev/null +++ b/test/seccomp-chmod-profile.exp | |||
@@ -0,0 +1,46 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --profile=seccomp.profile --private\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 2 | ||
13 | |||
14 | send -- "touch testfile;pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "/root" {puts "running as root"} | ||
18 | "/home" | ||
19 | } | ||
20 | |||
21 | send -- "ls -l testfile;pwd\r" | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 2\n";exit} | ||
24 | "testfile" | ||
25 | } | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 3\n";exit} | ||
28 | "/root" {puts "running as root"} | ||
29 | "/home" | ||
30 | } | ||
31 | |||
32 | send -- "chmod +x testfile;pwd\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 2\n";exit} | ||
35 | "Bad system call" | ||
36 | } | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 3\n";exit} | ||
39 | "/root" {puts "running as root"} | ||
40 | "/home" | ||
41 | } | ||
42 | |||
43 | |||
44 | send -- "exit\r" | ||
45 | sleep 1 | ||
46 | puts "\n" | ||
diff --git a/test/seccomp-chmod.exp b/test/seccomp-chmod.exp new file mode 100755 index 000000000..b4a213206 --- /dev/null +++ b/test/seccomp-chmod.exp | |||
@@ -0,0 +1,46 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --seccomp=chmod,fchmod,fchmodat --private\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 2 | ||
13 | |||
14 | send -- "touch testfile;pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "/root" {puts "running as root"} | ||
18 | "/home" | ||
19 | } | ||
20 | |||
21 | send -- "ls -l testfile;pwd\r" | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 2\n";exit} | ||
24 | "testfile" | ||
25 | } | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 3\n";exit} | ||
28 | "/root" {puts "running as root"} | ||
29 | "/home" | ||
30 | } | ||
31 | |||
32 | send -- "chmod +x testfile;pwd\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 2\n";exit} | ||
35 | "Bad system call" | ||
36 | } | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 3\n";exit} | ||
39 | "/root" {puts "running as root"} | ||
40 | "/home" | ||
41 | } | ||
42 | |||
43 | |||
44 | send -- "exit\r" | ||
45 | sleep 1 | ||
46 | puts "\n" | ||
diff --git a/test/seccomp-chown.exp b/test/seccomp-chown.exp new file mode 100755 index 000000000..69b896700 --- /dev/null +++ b/test/seccomp-chown.exp | |||
@@ -0,0 +1,46 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --seccomp=chown,fchown,fchownat,lchown --private\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 2 | ||
13 | |||
14 | send -- "touch testfile;pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "/root" {puts "running as root"} | ||
18 | "/home" | ||
19 | } | ||
20 | |||
21 | send -- "ls -l testfile;pwd\r" | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 2\n";exit} | ||
24 | "testfile" | ||
25 | } | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 3\n";exit} | ||
28 | "/root" {puts "running as root"} | ||
29 | "/home" | ||
30 | } | ||
31 | |||
32 | send -- "chown netblue:netblue testfile;pwd\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 2\n";exit} | ||
35 | "Bad system call" | ||
36 | } | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 3\n";exit} | ||
39 | "/root" {puts "running as root"} | ||
40 | "/home" | ||
41 | } | ||
42 | |||
43 | |||
44 | send -- "exit\r" | ||
45 | sleep 1 | ||
46 | puts "\n" | ||
diff --git a/test/seccomp-debug.exp b/test/seccomp-debug.exp new file mode 100755 index 000000000..a7b89912a --- /dev/null +++ b/test/seccomp-debug.exp | |||
@@ -0,0 +1,32 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --seccomp --debug\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Blacklisting syscall" | ||
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "open_by_handle_at" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 2\n";exit} | ||
18 | "BLACKLIST" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 3\n";exit} | ||
22 | "open_by_handle_at" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 4\n";exit} | ||
26 | "Child process initialized" | ||
27 | } | ||
28 | sleep 2 | ||
29 | |||
30 | send -- "exit\r" | ||
31 | sleep 1 | ||
32 | puts "\n" | ||
diff --git a/test/seccomp-empty.exp b/test/seccomp-empty.exp new file mode 100755 index 000000000..11abf2e00 --- /dev/null +++ b/test/seccomp-empty.exp | |||
@@ -0,0 +1,145 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --debug --seccomp=chmod,fchmod,fchmodat --private\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "VALIDATE_ARCHITECTURE" | ||
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
14 | "mount" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 0.2\n";exit} | ||
18 | "ptrace" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 0.3\n";exit} | ||
22 | "chmod" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 0.4\n";exit} | ||
26 | "fchmod" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 0.5\n";exit} | ||
30 | "fchmodat" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 0.6\n";exit} | ||
34 | "RETURN_ALLOW" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 0.7\n";exit} | ||
38 | "Child process initialized" | ||
39 | } | ||
40 | sleep 2 | ||
41 | send -- "exit\r" | ||
42 | sleep 3 | ||
43 | puts "\n" | ||
44 | |||
45 | send -- "firejail --debug --seccomp.drop=chmod,fchmod,fchmodat --private\r" | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 1\n";exit} | ||
48 | "VALIDATE_ARCHITECTURE" | ||
49 | } | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
52 | "mount" {puts "TESTING ERROR 1.2\n";exit} | ||
53 | "ptrace" {puts "TESTING ERROR 1.3\n";exit} | ||
54 | "chmod" | ||
55 | } | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 1.4\n";exit} | ||
58 | "fchmod" | ||
59 | } | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 1.5\n";exit} | ||
62 | "fchmodat" | ||
63 | } | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 1.6\n";exit} | ||
66 | "RETURN_ALLOW" | ||
67 | } | ||
68 | expect { | ||
69 | timeout {puts "TESTING ERROR 1.7\n";exit} | ||
70 | "Child process initialized" | ||
71 | } | ||
72 | sleep 2 | ||
73 | send -- "exit\r" | ||
74 | puts "\n" | ||
75 | |||
76 | sleep 2 | ||
77 | send -- "firejail --debug --profile=seccomp.profile --private\r" | ||
78 | expect { | ||
79 | timeout {puts "TESTING ERROR 2\n";exit} | ||
80 | "VALIDATE_ARCHITECTURE" | ||
81 | } | ||
82 | expect { | ||
83 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
84 | "mount" | ||
85 | } | ||
86 | expect { | ||
87 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
88 | "ptrace" | ||
89 | } | ||
90 | expect { | ||
91 | timeout {puts "TESTING ERROR 2.3\n";exit} | ||
92 | "chmod" | ||
93 | } | ||
94 | expect { | ||
95 | timeout {puts "TESTING ERROR 2.4\n";exit} | ||
96 | "fchmod" | ||
97 | } | ||
98 | expect { | ||
99 | timeout {puts "TESTING ERROR 2.5\n";exit} | ||
100 | "fchmodat" | ||
101 | } | ||
102 | expect { | ||
103 | timeout {puts "TESTING ERROR 2.6\n";exit} | ||
104 | "RETURN_ALLOW" | ||
105 | } | ||
106 | expect { | ||
107 | timeout {puts "TESTING ERROR 2.7\n";exit} | ||
108 | "Child process initialized" | ||
109 | } | ||
110 | sleep 2 | ||
111 | send -- "exit\r" | ||
112 | sleep 3 | ||
113 | puts "\n" | ||
114 | |||
115 | send -- "firejail --debug --profile=seccomp-empty.profile --private\r" | ||
116 | expect { | ||
117 | timeout {puts "TESTING ERROR 3\n";exit} | ||
118 | "VALIDATE_ARCHITECTURE" | ||
119 | } | ||
120 | expect { | ||
121 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
122 | "mount" {puts "TESTING ERROR 3.2\n";exit} | ||
123 | "ptrace" {puts "TESTING ERROR 3.3\n";exit} | ||
124 | "chmod" | ||
125 | } | ||
126 | expect { | ||
127 | timeout {puts "TESTING ERROR 3.4\n";exit} | ||
128 | "fchmod" | ||
129 | } | ||
130 | expect { | ||
131 | timeout {puts "TESTING ERROR 3.5\n";exit} | ||
132 | "fchmodat" | ||
133 | } | ||
134 | expect { | ||
135 | timeout {puts "TESTING ERROR 3.6\n";exit} | ||
136 | "RETURN_ALLOW" | ||
137 | } | ||
138 | expect { | ||
139 | timeout {puts "TESTING ERROR 3.7\n";exit} | ||
140 | "Child process initialized" | ||
141 | } | ||
142 | sleep 2 | ||
143 | send -- "exit\r" | ||
144 | puts "\n" | ||
145 | |||
diff --git a/test/seccomp-empty.profile b/test/seccomp-empty.profile new file mode 100644 index 000000000..8f71f55a5 --- /dev/null +++ b/test/seccomp-empty.profile | |||
@@ -0,0 +1 @@ | |||
seccomp.drop chmod,fchmod,fchmodat | |||
diff --git a/test/seccomp-ptrace.exp b/test/seccomp-ptrace.exp new file mode 100755 index 000000000..c5411c249 --- /dev/null +++ b/test/seccomp-ptrace.exp | |||
@@ -0,0 +1,23 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --seccomp\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 2 | ||
13 | |||
14 | send -- "strace ls\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Bad system call" {puts "version 1\n";} | ||
18 | " unexpected signal 31" {puts "version 2\n"} | ||
19 | } | ||
20 | |||
21 | send -- "exit\r" | ||
22 | sleep 1 | ||
23 | puts "\n" | ||
diff --git a/test/seccomp-su.exp b/test/seccomp-su.exp new file mode 100755 index 000000000..dca6f15ee --- /dev/null +++ b/test/seccomp-su.exp | |||
@@ -0,0 +1,34 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --seccomp\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 2 | ||
13 | |||
14 | send -- "sudo su -\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "effective uid is not 0" | ||
18 | } | ||
19 | |||
20 | send -- "sudo ls\r" | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 2\n";exit} | ||
23 | "effective uid is not 0" | ||
24 | } | ||
25 | |||
26 | send -- "ping google.com\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 2\n";exit} | ||
29 | "Operation not permitted" | ||
30 | } | ||
31 | |||
32 | send -- "exit\r" | ||
33 | sleep 1 | ||
34 | puts "\n" | ||
diff --git a/test/seccomp-umount.exp b/test/seccomp-umount.exp new file mode 100755 index 000000000..e037d3264 --- /dev/null +++ b/test/seccomp-umount.exp | |||
@@ -0,0 +1,28 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "sudo ls; sudo whoami; sudo pwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
10 | "root" | ||
11 | } | ||
12 | |||
13 | send -- "firejail --net=br0 --ip=10.10.20.5 --seccomp\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 0\n";exit} | ||
16 | "Child process initialized" | ||
17 | } | ||
18 | sleep 2 | ||
19 | |||
20 | send -- "umount /proc\r" | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 1\n";exit} | ||
23 | "Bad system call" | ||
24 | } | ||
25 | |||
26 | send -- "exit\r" | ||
27 | sleep 1 | ||
28 | puts "\n" | ||
diff --git a/test/seccomp.profile b/test/seccomp.profile new file mode 100644 index 000000000..cb0b15aee --- /dev/null +++ b/test/seccomp.profile | |||
@@ -0,0 +1 @@ | |||
seccomp chmod,fchmod,fchmodat | |||
diff --git a/test/servers.exp b/test/servers.exp new file mode 100755 index 000000000..a36814a69 --- /dev/null +++ b/test/servers.exp | |||
@@ -0,0 +1,40 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "sudo ls; sudo whoami; sudo pwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
10 | "root" | ||
11 | } | ||
12 | |||
13 | send -- "firejail --net=br0 --ip=10.10.20.5 --seccomp\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 0\n";exit} | ||
16 | "Child process initialized" | ||
17 | } | ||
18 | sleep 2 | ||
19 | |||
20 | |||
21 | send -- "/etc/init.d/rsyslog start;sleep 1;/etc/init.d/ssh start;sleep 1;/etc/init.d/nginx start\r" | ||
22 | sleep 3 | ||
23 | |||
24 | send -- "ps aux; pwd\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 1\n";exit} | ||
27 | "rsyslogd" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 2\n";exit} | ||
31 | "sshd" | ||
32 | } | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 3\n";exit} | ||
35 | "nginx" | ||
36 | } | ||
37 | |||
38 | send -- "exit\r" | ||
39 | sleep 1 | ||
40 | puts "\n" | ||
diff --git a/test/servers2.exp b/test/servers2.exp new file mode 100755 index 000000000..28bcae207 --- /dev/null +++ b/test/servers2.exp | |||
@@ -0,0 +1,31 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "sudo ls; sudo whoami; sudo pwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
10 | "root" | ||
11 | } | ||
12 | |||
13 | send -- "firejail --net=br0 --ip=10.10.20.5--seccomp\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 0\n";exit} | ||
16 | "Child process initialized" | ||
17 | } | ||
18 | sleep 2 | ||
19 | |||
20 | send -- "/etc/init.d/snmpd start" | ||
21 | sleep 2 | ||
22 | |||
23 | send -- "ps aux; pwd\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 1\n";exit} | ||
26 | "snmpd" | ||
27 | } | ||
28 | |||
29 | send -- "exit\r" | ||
30 | sleep 1 | ||
31 | puts "\n" | ||
diff --git a/test/servers3.exp b/test/servers3.exp new file mode 100755 index 000000000..f23ffba46 --- /dev/null +++ b/test/servers3.exp | |||
@@ -0,0 +1,31 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "sudo ls; sudo whoami; sudo pwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
10 | "root" | ||
11 | } | ||
12 | |||
13 | send -- "firejail --net=br0 --ip=10.10.20.5 --seccomp\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 0\n";exit} | ||
16 | "Child process initialized" | ||
17 | } | ||
18 | sleep 2 | ||
19 | |||
20 | send -- "/etc/init.d/apache2 start\r" | ||
21 | sleep 2 | ||
22 | |||
23 | send -- "ps aux; pwd\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 1\n";exit} | ||
26 | "apache" | ||
27 | } | ||
28 | |||
29 | send -- "exit\r" | ||
30 | sleep 1 | ||
31 | puts "\n" | ||
diff --git a/test/servers4.exp b/test/servers4.exp new file mode 100755 index 000000000..9feeecf61 --- /dev/null +++ b/test/servers4.exp | |||
@@ -0,0 +1,32 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "sudo ls; sudo whoami; sudo pwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
10 | "root" | ||
11 | } | ||
12 | |||
13 | send -- "firejail --net=br0 --ip=10.10.20.5 --seccomp\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 0\n";exit} | ||
16 | "Child process initialized" | ||
17 | } | ||
18 | sleep 2 | ||
19 | |||
20 | send -- "/etc/init.d/isc-dhcp-server start\r" | ||
21 | sleep 5 | ||
22 | |||
23 | |||
24 | send -- "ps aux; pwd\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 1\n";exit} | ||
27 | "dhcpd" | ||
28 | } | ||
29 | |||
30 | send -- "exit\r" | ||
31 | sleep 1 | ||
32 | puts "\n" | ||
diff --git a/test/shell_csh.exp b/test/shell_csh.exp new file mode 100755 index 000000000..8fa1ef166 --- /dev/null +++ b/test/shell_csh.exp | |||
@@ -0,0 +1,40 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --private --csh\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "ls -al;pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | ".cshrc" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
21 | "home" | ||
22 | } | ||
23 | send -- "env | grep SHELL;pwd\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 2\n";exit} | ||
26 | "SHELL" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
30 | "/bin/csh" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
34 | "home" | ||
35 | } | ||
36 | send -- "exit\r" | ||
37 | sleep 1 | ||
38 | |||
39 | puts "\n" | ||
40 | |||
diff --git a/test/shell_dash.exp b/test/shell_dash.exp new file mode 100755 index 000000000..298b65a0d --- /dev/null +++ b/test/shell_dash.exp | |||
@@ -0,0 +1,41 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --private --shell=/bin/dash\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | #send -- "ls -al;pwd\r" | ||
15 | #expect { | ||
16 | # timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | # ".zshrc" | ||
18 | #} | ||
19 | #expect { | ||
20 | # timeout {puts "TESTING ERROR 1.1\n";exit} | ||
21 | # "home" | ||
22 | #} | ||
23 | |||
24 | send -- "env | grep SHELL;pwd\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "SHELL" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
31 | "/bin/dash" | ||
32 | } | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
35 | "home" | ||
36 | } | ||
37 | send -- "exit\r" | ||
38 | sleep 1 | ||
39 | |||
40 | puts "\n" | ||
41 | |||
diff --git a/test/shell_zsh.exp b/test/shell_zsh.exp new file mode 100755 index 000000000..79cd78a3e --- /dev/null +++ b/test/shell_zsh.exp | |||
@@ -0,0 +1,40 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --private --zsh\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "ls -al;pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | ".zshrc" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
21 | "home" | ||
22 | } | ||
23 | send -- "env | grep SHELL;pwd\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 2\n";exit} | ||
26 | "SHELL" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
30 | "/usr/bin/zsh" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
34 | "home" | ||
35 | } | ||
36 | send -- "exit\r" | ||
37 | sleep 1 | ||
38 | |||
39 | puts "\n" | ||
40 | |||
diff --git a/test/sysrq-trigger.exp b/test/sysrq-trigger.exp new file mode 100755 index 000000000..18fb4a01a --- /dev/null +++ b/test/sysrq-trigger.exp | |||
@@ -0,0 +1,21 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "echo b > /proc/sysrq-trigger\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Read-only file system" | ||
18 | } | ||
19 | sleep 1 | ||
20 | |||
21 | puts "\n" | ||
diff --git a/test/test-nonet.sh b/test/test-nonet.sh new file mode 100755 index 000000000..3df8b2d4e --- /dev/null +++ b/test/test-nonet.sh | |||
@@ -0,0 +1,44 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | echo "TESTING: version" | ||
4 | ./option_version.exp | ||
5 | |||
6 | echo "TESTING: help" | ||
7 | ./option_help.exp | ||
8 | |||
9 | echo "TESTING: man" | ||
10 | ./option_man.exp | ||
11 | |||
12 | echo "TESTING: list" | ||
13 | ./option_list.exp | ||
14 | |||
15 | echo "TESTING: PID" | ||
16 | ./pid.exp | ||
17 | |||
18 | echo "TESTING: profile no permissions" | ||
19 | ./profile_noperm.exp | ||
20 | |||
21 | echo "TESTING: profile syntax" | ||
22 | ./profile_syntax.exp | ||
23 | |||
24 | echo "TESTING: profile read-only" | ||
25 | ./profile_readonly.exp | ||
26 | |||
27 | echo "TESTING: profile tmpfs" | ||
28 | ./profile_tmpfs.exp | ||
29 | |||
30 | echo "TESTING: private" | ||
31 | ./private.exp `whoami` | ||
32 | |||
33 | echo "TESTING: read/write /var/tmp" | ||
34 | ./fs_var_tmp.exp | ||
35 | |||
36 | echo "TESTING: read/write /var/run" | ||
37 | ./fs_var_run.exp | ||
38 | |||
39 | echo "TESTING: read/write /var/lock" | ||
40 | ./fs_var_lock.exp | ||
41 | |||
42 | echo "TESTING: read/write /dev/shm" | ||
43 | ./fs_dev_shm.exp | ||
44 | |||
diff --git a/test/test-root.sh b/test/test-root.sh new file mode 100755 index 000000000..cd607b75b --- /dev/null +++ b/test/test-root.sh | |||
@@ -0,0 +1,56 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | ./chk_config.exp | ||
4 | |||
5 | echo "TESTING: servers rsyslogd, sshd, nginx" | ||
6 | ./servers.exp | ||
7 | |||
8 | if [ -f /etc/init.d/snmpd ] | ||
9 | then | ||
10 | echo "TESTING: servers snmpd" | ||
11 | ./servers2.exp | ||
12 | fi | ||
13 | |||
14 | if [ -f /etc/init.d/apache2 ] | ||
15 | then | ||
16 | echo "TESTING: servers apache2" | ||
17 | ./servers3.exp | ||
18 | fi | ||
19 | |||
20 | if [ -f /etc/init.d/isc-dhcp-server ] | ||
21 | then | ||
22 | echo "TESTING: servers isc dhcp server" | ||
23 | ./servers4.exp | ||
24 | fi | ||
25 | |||
26 | echo "TESTING: /proc/sysrq-trigger reset disabled" | ||
27 | ./sysrq-trigger.exp | ||
28 | |||
29 | echo "TESTING: seccomp umount" | ||
30 | ./seccomp-umount.exp | ||
31 | |||
32 | echo "TESTING: seccomp chmod (seccomp lists)" | ||
33 | ./seccomp-chmod.exp | ||
34 | |||
35 | echo "TESTING: seccomp chown (seccomp lists)" | ||
36 | ./seccomp-chown.exp | ||
37 | |||
38 | echo "TESTING: bind directory" | ||
39 | ./option_bind_directory.exp | ||
40 | |||
41 | echo "TESTING: bind file" | ||
42 | echo hello > tmpfile | ||
43 | ./option_bind_file.exp | ||
44 | rm -f tmpfile | ||
45 | |||
46 | echo "TESTING: chroot" | ||
47 | ./fs_chroot.exp | ||
48 | |||
49 | echo "TESTING: firemon --interface" | ||
50 | ./firemon-interface.exp | ||
51 | |||
52 | if [ -f /sys/fs/cgroup/g1/tasks ] | ||
53 | then | ||
54 | echo "TESTING: firemon --cgroup" | ||
55 | ./firemon-cgroup.exp | ||
56 | fi | ||
diff --git a/test/test.profile b/test/test.profile new file mode 100644 index 000000000..716419fd0 --- /dev/null +++ b/test/test.profile | |||
@@ -0,0 +1,6 @@ | |||
1 | blacklist /sbin | ||
2 | blacklist /usr/sbin | ||
3 | blacklist /etc/shadow | ||
4 | blacklist /bin/rmdir | ||
5 | blacklist ${PATH}/umount | ||
6 | blacklist ${PATH}/mount | ||
diff --git a/test/test.rv b/test/test.rv new file mode 100644 index 000000000..98a04fba2 --- /dev/null +++ b/test/test.rv | |||
@@ -0,0 +1,49 @@ | |||
1 | # run it as: | ||
2 | # ../src/tools/rvtest test.rv 2>/dev/null | grep TESTING | ||
3 | # | ||
4 | |||
5 | |||
6 | # invalid options | ||
7 | 1 firejail -blablabla | ||
8 | 1 firejail --blablabla | ||
9 | 1 firejail --debug --blablabla | ||
10 | |||
11 | # misc options | ||
12 | 0 firejail --help | ||
13 | 0 firejail --list | ||
14 | |||
15 | # network testing | ||
16 | 0 firejail --net=none exit | ||
17 | 1 firejail --ip=none --net=none exit # noip requires at least one network | ||
18 | 0 firejail --net=br0 exit | ||
19 | 1 firejail --net=none --net=br0 exit # --net and --net=none are mutually exclusive | ||
20 | 1 firejail --ip=none exit # noip requires at least one network | ||
21 | 1 firejail --defaultgw=10.10.20.1 # no bridge configured | ||
22 | 0 firejail --net=br0 --ip=10.10.20.6 exit | ||
23 | 1 firejail --net=br0 --ip=192.168.5.6 exit # interface range | ||
24 | 1 firejail --net=br0 --ip=10.10 # bad ip | ||
25 | 1 firejail --net=br0 --ip=asdf #bad ip | ||
26 | 1 firejail --ip=asdf # no bridge configured | ||
27 | 0 firejail --net=br0 --defaultgw=10.10.20.1 exit | ||
28 | 1 firejail --net=br0 --defaultgw=10.10.20 exit # invalid ip address | ||
29 | 1 firejail --net=br0 --defaultgw=asdf exit # invalid ip address | ||
30 | 0 firejail --net=br0 --ip=10.10.20.2 --defaultgw=10.10.20.1 exit | ||
31 | 0 firejail --net=br0 --net=br1 --net=br2 --net=br3 exit | ||
32 | 1 firejail --net | ||
33 | 1 firejail --net= | ||
34 | 1 firejail --net=bingo | ||
35 | 1 firejail --net=loopback | ||
36 | 1 firejail --net=lo #invalid network device | ||
37 | 1 firejail --net=/br0 exit | ||
38 | 1 firejail --net=br0 --net=br1 --net=br2 --net=br3 --net=br4 exit # only 4 networks allowed | ||
39 | 0 firejail --net=eth0 exit | ||
40 | 1 firejail --net=/dev/eth0 exit | ||
41 | 1 firejail --net=br0 --net=br1 --net=/dev/eth0 exit | ||
42 | 0 firejail --net=br0 --net=br0 exit # same device twice | ||
43 | 0 firejail --net=eth0 --net=br2 --net=br3 --net=eth0 exit # same device twice | ||
44 | 0 firejail --net=eth0 --net=br0 exit | ||
45 | |||
46 | # private mode | ||
47 | 0 firejail --private exit | ||
48 | 1 firejail --private=/etc sleep 1 | ||
49 | 1 firejail --private=bingo sleep 1 | ||
diff --git a/test/test.sh b/test/test.sh new file mode 100755 index 000000000..5fe01eb2a --- /dev/null +++ b/test/test.sh | |||
@@ -0,0 +1,329 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | ./chk_config.exp | ||
4 | |||
5 | ./fscheck.sh | ||
6 | |||
7 | echo "TESTING: version" | ||
8 | ./option_version.exp | ||
9 | |||
10 | echo "TESTING: help" | ||
11 | ./option_help.exp | ||
12 | |||
13 | echo "TESTING: man" | ||
14 | ./option_man.exp | ||
15 | |||
16 | echo "TESTING: list" | ||
17 | ./option_list.exp | ||
18 | |||
19 | echo "TESTING: tree" | ||
20 | ./option_tree.exp | ||
21 | |||
22 | if [ -f /proc/self/uid_map ]; | ||
23 | then | ||
24 | echo "TESTING: noroot" | ||
25 | ./noroot.exp | ||
26 | else | ||
27 | echo "TESTING: user namespaces not available" | ||
28 | fi | ||
29 | |||
30 | echo "TESTING: doubledash" | ||
31 | mkdir -- -testdir | ||
32 | touch -- -testdir/ttt | ||
33 | cp -- /bin/bash -testdir/. | ||
34 | ./doubledash.exp | ||
35 | rm -fr -- -testdir | ||
36 | |||
37 | echo "TESTING: trace1" | ||
38 | ./option-trace.exp | ||
39 | |||
40 | echo "TESTING: trace2" | ||
41 | rm -f index.html* | ||
42 | ./trace.exp | ||
43 | rm -f index.html* | ||
44 | |||
45 | echo "TESTING: extract command" | ||
46 | ./extract_command.exp | ||
47 | |||
48 | echo "TESTING: rlimit" | ||
49 | ./option_rlimit.exp | ||
50 | |||
51 | echo "TESTING: shutdown" | ||
52 | ./option-shutdown.exp | ||
53 | |||
54 | echo "TESTING: join" | ||
55 | ./option-join.exp | ||
56 | |||
57 | echo "TESTING: firejail in firejail" | ||
58 | ./firejail-in-firejail.exp | ||
59 | |||
60 | echo "TESTING: chroot overlay" | ||
61 | ./option_chroot_overlay.exp | ||
62 | |||
63 | echo "TESTING: tmpfs" | ||
64 | ./option_tmpfs.exp | ||
65 | |||
66 | echo "TESTING: blacklist directory" | ||
67 | ./option_blacklist.exp | ||
68 | |||
69 | echo "TESTING: blacklist file" | ||
70 | ./option_blacklist_file.exp | ||
71 | |||
72 | echo "TESTING: bind as user" | ||
73 | ./option_bind_user.exp | ||
74 | |||
75 | if [ -d /home/bingo ]; | ||
76 | then | ||
77 | echo "TESTING: home sanitize" | ||
78 | ./option_version.exp | ||
79 | fi | ||
80 | |||
81 | echo "TESTING: chroot as user" | ||
82 | ./fs_chroot.exp | ||
83 | |||
84 | echo "TESTING: /sys" | ||
85 | ./fs_sys.exp | ||
86 | |||
87 | echo "TESTING: readonly" | ||
88 | ls -al > tmpreadonly | ||
89 | ./option_readonly.exp | ||
90 | sleep 5 | ||
91 | rm -f tmpreadonly | ||
92 | |||
93 | echo "TESTING: name" | ||
94 | ./name.exp | ||
95 | |||
96 | echo "TESTING: zsh" | ||
97 | ./shell_zsh.exp | ||
98 | |||
99 | echo "TESTING: csh" | ||
100 | ./shell_csh.exp | ||
101 | |||
102 | which dash | ||
103 | if [ "$?" -eq 0 ]; | ||
104 | then | ||
105 | echo "TESTING: dash" | ||
106 | ./shell_dash.exp | ||
107 | else | ||
108 | echo "TESTING: dash not found" | ||
109 | fi | ||
110 | |||
111 | which firefox | ||
112 | if [ "$?" -eq 0 ]; | ||
113 | then | ||
114 | echo "TESTING: firefox" | ||
115 | ./firefox.exp | ||
116 | else | ||
117 | echo "TESTING: firefox not found" | ||
118 | fi | ||
119 | |||
120 | which midori | ||
121 | if [ "$?" -eq 0 ]; | ||
122 | then | ||
123 | echo "TESTING: midori" | ||
124 | ./midori.exp | ||
125 | else | ||
126 | echo "TESTING: midori not found" | ||
127 | fi | ||
128 | |||
129 | which chromium-browser | ||
130 | if [ "$?" -eq 0 ]; | ||
131 | then | ||
132 | echo "TESTING: chromium" | ||
133 | ./chromium.exp | ||
134 | else | ||
135 | echo "TESTING: chromium not found" | ||
136 | fi | ||
137 | |||
138 | which opera | ||
139 | if [ "$?" -eq 0 ]; | ||
140 | then | ||
141 | echo "TESTING: opera" | ||
142 | ./opera.exp | ||
143 | else | ||
144 | echo "TESTING: opera not found" | ||
145 | fi | ||
146 | |||
147 | which transmission-gtk | ||
148 | if [ "$?" -eq 0 ]; | ||
149 | then | ||
150 | echo "TESTING: transmission-gtk" | ||
151 | ./transmission-gtk.exp | ||
152 | else | ||
153 | echo "TESTING: transmission-gtk not found" | ||
154 | fi | ||
155 | |||
156 | which transmission-qt | ||
157 | if [ "$?" -eq 0 ]; | ||
158 | then | ||
159 | echo "TESTING: transmission-qt" | ||
160 | ./transmission-qt.exp | ||
161 | else | ||
162 | echo "TESTING: transmission-qt not found" | ||
163 | fi | ||
164 | |||
165 | which evince | ||
166 | if [ "$?" -eq 0 ]; | ||
167 | then | ||
168 | echo "TESTING: evince" | ||
169 | ./evince.exp | ||
170 | else | ||
171 | echo "TESTING: evince not found" | ||
172 | fi | ||
173 | |||
174 | echo "TESTING: PID" | ||
175 | ./pid.exp | ||
176 | |||
177 | echo "TESTING: output" | ||
178 | ./output.exp | ||
179 | |||
180 | echo "TESTING: profile no permissions" | ||
181 | ./profile_noperm.exp | ||
182 | |||
183 | echo "TESTING: profile syntax" | ||
184 | ./profile_syntax.exp | ||
185 | |||
186 | echo "TESTING: profile syntax 2" | ||
187 | ./profile_syntax2.exp | ||
188 | |||
189 | echo "TESTING: profile rlimit" | ||
190 | ./profile_rlimit.exp | ||
191 | |||
192 | echo "TESTING: profile read-only" | ||
193 | ./profile_readonly.exp | ||
194 | |||
195 | echo "TESTING: profile tmpfs" | ||
196 | ./profile_tmpfs.exp | ||
197 | |||
198 | echo "TESTING: profile applications" | ||
199 | ./profile_apps.exp | ||
200 | |||
201 | echo "TESTING: private" | ||
202 | ./private.exp `whoami` | ||
203 | |||
204 | echo "TESTING: private directory" | ||
205 | rm -fr dirprivate | ||
206 | mkdir dirprivate | ||
207 | ./private_dir.exp | ||
208 | rm -fr dirprivate | ||
209 | |||
210 | echo "TESTING: private directory profile" | ||
211 | rm -fr dirprivate | ||
212 | mkdir dirprivate | ||
213 | ./private_dir_profile.exp | ||
214 | rm -fr dirprivate | ||
215 | |||
216 | echo "TESTING: private keep" | ||
217 | ./private-keep.exp | ||
218 | |||
219 | uname -r | grep "3.18" | ||
220 | if [ "$?" -eq 0 ]; | ||
221 | then | ||
222 | echo "TESTING: overlayfs on 3.18 kernel" | ||
223 | ./fs_overlay.exp | ||
224 | fi | ||
225 | |||
226 | grep "openSUSE" /etc/os-release | ||
227 | if [ "$?" -eq 0 ]; | ||
228 | then | ||
229 | echo "TESTING: overlayfs" | ||
230 | ./fs_overlay.exp | ||
231 | fi | ||
232 | |||
233 | grep "Ubuntu" /etc/os-release | ||
234 | if [ "$?" -eq 0 ]; | ||
235 | then | ||
236 | echo "TESTING: overlayfs" | ||
237 | ./fs_overlay.exp | ||
238 | fi | ||
239 | |||
240 | echo "TESTING: seccomp debug" | ||
241 | ./seccomp-debug.exp | ||
242 | |||
243 | echo "TESTING: seccomp su" | ||
244 | ./seccomp-su.exp | ||
245 | |||
246 | echo "TESTING: seccomp ptrace" | ||
247 | ./seccomp-ptrace.exp | ||
248 | |||
249 | echo "TESTING: seccomp chmod (seccomp lists)" | ||
250 | ./seccomp-chmod.exp | ||
251 | |||
252 | echo "TESTING: seccomp chmod profile (seccomp lists)" | ||
253 | ./seccomp-chmod-profile.exp | ||
254 | |||
255 | echo "TESTING: seccomp empty" | ||
256 | ./seccomp-empty.exp | ||
257 | |||
258 | echo "TESTING: seccomp bad empty" | ||
259 | ./seccomp-bad-empty.exp | ||
260 | |||
261 | echo "TESTING: read/write /var/tmp" | ||
262 | ./fs_var_tmp.exp | ||
263 | |||
264 | echo "TESTING: read/write /var/lock" | ||
265 | ./fs_var_lock.exp | ||
266 | |||
267 | echo "TESTING: read/write /dev/shm" | ||
268 | ./fs_dev_shm.exp | ||
269 | |||
270 | echo "TESTING: local network" | ||
271 | ./net_local.exp | ||
272 | |||
273 | echo "TESTING: no network" | ||
274 | ./net_none.exp | ||
275 | |||
276 | echo "TESTING: network IP" | ||
277 | ./net_ip.exp | ||
278 | |||
279 | echo "TESTING: network MAC" | ||
280 | ./net_mac.exp | ||
281 | |||
282 | echo "TESTING: network bad IP" | ||
283 | ./net_badip.exp | ||
284 | |||
285 | echo "TESTING: network no IP test 1" | ||
286 | ./net_noip.exp | ||
287 | |||
288 | echo "TESTING: network no IP test 2" | ||
289 | ./net_noip2.exp | ||
290 | |||
291 | echo "TESTING: network default gateway test 1" | ||
292 | ./net_defaultgw.exp | ||
293 | |||
294 | echo "TESTING: network default gateway test 2" | ||
295 | ./net_defaultgw2.exp | ||
296 | |||
297 | echo "TESTING: network default gateway test 3" | ||
298 | ./net_defaultgw3.exp | ||
299 | |||
300 | echo "TESTING: netfilter" | ||
301 | ./net_netfilter.exp | ||
302 | |||
303 | echo "TESTING: 4 bridges ARP" | ||
304 | ./4bridges_arp.exp | ||
305 | |||
306 | echo "TESTING: 4 bridges IP" | ||
307 | ./4bridges_ip.exp | ||
308 | |||
309 | echo "TESTING: login SSH" | ||
310 | ./login_ssh.exp | ||
311 | |||
312 | echo "TESTING: ARP" | ||
313 | ./net_arp.exp | ||
314 | |||
315 | echo "TESTING: DNS" | ||
316 | ./dns.exp | ||
317 | |||
318 | echo "TESTING: firemon --arp" | ||
319 | ./firemon-arp.exp | ||
320 | |||
321 | echo "TESTING: firemon --route" | ||
322 | ./firemon-route.exp | ||
323 | |||
324 | echo "TESTING: firemon --seccomp" | ||
325 | ./firemon-seccomp.exp | ||
326 | |||
327 | echo "TESTING: firemon --caps" | ||
328 | ./firemon-caps.exp | ||
329 | |||
diff --git a/test/test2.profile b/test/test2.profile new file mode 100644 index 000000000..d7e1a1f21 --- /dev/null +++ b/test/test2.profile | |||
@@ -0,0 +1,4 @@ | |||
1 | caps | ||
2 | seccomp | ||
3 | private | ||
4 | include test.profile | ||
diff --git a/test/tmpfs.profile b/test/tmpfs.profile new file mode 100644 index 000000000..0680f4d69 --- /dev/null +++ b/test/tmpfs.profile | |||
@@ -0,0 +1 @@ | |||
tmpfs /tmp/firejailtestdir \ No newline at end of file | |||
diff --git a/test/trace.exp b/test/trace.exp new file mode 100755 index 000000000..bca3ac3b3 --- /dev/null +++ b/test/trace.exp | |||
@@ -0,0 +1,95 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 30 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --trace mkdir ttt\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "1:mkdir:mkdir ttt" | ||
15 | } | ||
16 | sleep 1 | ||
17 | |||
18 | send -- "firejail --trace rmdir ttt\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "Child process initialized" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | "1:rmdir:rmdir ttt" | ||
26 | } | ||
27 | sleep 1 | ||
28 | |||
29 | send -- "firejail --trace touch ttt\r" | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 4\n";exit} | ||
32 | "Child process initialized" | ||
33 | } | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 5\n";exit} | ||
36 | "1:touch:open ttt" {puts "OK\n";} | ||
37 | "1:touch:open64 ttt" {puts "OK\n";} | ||
38 | } | ||
39 | sleep 1 | ||
40 | |||
41 | send -- "firejail --trace rm ttt\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 6\n";exit} | ||
44 | "Child process initialized" | ||
45 | } | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 7\n";exit} | ||
48 | "1:rm:unlinkat ttt" | ||
49 | } | ||
50 | sleep 1 | ||
51 | |||
52 | send -- "firejail --trace wget -q debian.org\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 8.1\n";exit} | ||
55 | "Child process initialized" | ||
56 | } | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 8.2\n";exit} | ||
59 | "1:bash:open /dev/tty" {puts "OK\n";} | ||
60 | "1:bash:open64 /dev/tty" {puts "OK\n";} | ||
61 | } | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 8.3\n";exit} | ||
64 | "1:wget:fopen64 /etc/wgetrc" {puts "OK\n";} | ||
65 | "1:wget:fopen /etc/wgetrc" {puts "OK\n";} | ||
66 | } | ||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 8.4\n";exit} | ||
69 | "1:wget:fopen /etc/hosts" | ||
70 | } | ||
71 | expect { | ||
72 | timeout {puts "TESTING ERROR 8.5\n";exit} | ||
73 | "1:wget:connect" | ||
74 | } | ||
75 | expect { | ||
76 | timeout {puts "TESTING ERROR 8.6\n";exit} | ||
77 | "1:wget:fopen64 index.html" {puts "OK\n";} | ||
78 | "1:wget:fopen index.html" {puts "OK\n";} | ||
79 | } | ||
80 | sleep 1 | ||
81 | |||
82 | send -- "firejail --trace rm index.html\r" | ||
83 | expect { | ||
84 | timeout {puts "TESTING ERROR 9\n";exit} | ||
85 | "Child process initialized" | ||
86 | } | ||
87 | expect { | ||
88 | timeout {puts "TESTING ERROR 10\n";exit} | ||
89 | "1:rm:unlinkat index.html" | ||
90 | } | ||
91 | sleep 1 | ||
92 | |||
93 | |||
94 | puts "\n" | ||
95 | |||
diff --git a/test/transmission-gtk.exp b/test/transmission-gtk.exp new file mode 100755 index 000000000..7760ae3ad --- /dev/null +++ b/test/transmission-gtk.exp | |||
@@ -0,0 +1,68 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail transmission-gtk\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 1\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 10 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "firejail --list\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 3\n";exit} | ||
18 | ":firejail" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
22 | "transmission-gtk" | ||
23 | } | ||
24 | sleep 1 | ||
25 | |||
26 | send -- "firejail --name=blablabla\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 4\n";exit} | ||
29 | "Child process initialized" | ||
30 | } | ||
31 | sleep 2 | ||
32 | |||
33 | spawn $env(SHELL) | ||
34 | send -- "firemon --seccomp\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 5\n";exit} | ||
37 | ":firejail transmission-gtk" | ||
38 | } | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
41 | "Seccomp: 2" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
45 | "name=blablabla" | ||
46 | } | ||
47 | sleep 1 | ||
48 | send -- "firemon --caps\r" | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 6\n";exit} | ||
51 | ":firejail transmission-gtk" | ||
52 | } | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
55 | "CapBnd" | ||
56 | } | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
59 | "0000000000000000" | ||
60 | } | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
63 | "name=blablabla" | ||
64 | } | ||
65 | sleep 1 | ||
66 | |||
67 | puts "\n" | ||
68 | |||
diff --git a/test/transmission-qt.exp b/test/transmission-qt.exp new file mode 100755 index 000000000..85457aeb8 --- /dev/null +++ b/test/transmission-qt.exp | |||
@@ -0,0 +1,72 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail transmission-qt\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Reading profile /etc/firejail/transmission-qt.profile" | ||
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 10 | ||
17 | |||
18 | spawn $env(SHELL) | ||
19 | send -- "firejail --list\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 3\n";exit} | ||
22 | ":firejail" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
26 | "transmission-qt" | ||
27 | } | ||
28 | sleep 1 | ||
29 | |||
30 | send -- "firejail --name=blablabla\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 4\n";exit} | ||
33 | "Child process initialized" | ||
34 | } | ||
35 | sleep 2 | ||
36 | |||
37 | spawn $env(SHELL) | ||
38 | send -- "firemon --seccomp\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 5\n";exit} | ||
41 | ":firejail transmission-qt" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
45 | "Seccomp: 2" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
49 | "name=blablabla" | ||
50 | } | ||
51 | sleep 1 | ||
52 | send -- "firemon --caps\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 6\n";exit} | ||
55 | ":firejail transmission-qt" | ||
56 | } | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
59 | "CapBnd" | ||
60 | } | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
63 | "0000000000000000" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
67 | "name=blablabla" | ||
68 | } | ||
69 | sleep 1 | ||
70 | |||
71 | puts "\n" | ||
72 | |||