diff options
author | netblue30 <netblue30@yahoo.com> | 2015-11-24 11:28:03 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-11-24 11:28:03 -0500 |
commit | 3fe00bab994c8ac9da482c7711aaadd38e2ea97d (patch) | |
tree | ebf3f1a663a972e0767f69959283bfb54b95ec8a /test | |
parent | feature test (diff) | |
download | firejail-3fe00bab994c8ac9da482c7711aaadd38e2ea97d.tar.gz firejail-3fe00bab994c8ac9da482c7711aaadd38e2ea97d.tar.zst firejail-3fe00bab994c8ac9da482c7711aaadd38e2ea97d.zip |
feature testing
Diffstat (limited to 'test')
-rwxr-xr-x | test/configure | 4 | ||||
-rwxr-xr-x | test/features/3.1.exp | 72 | ||||
-rwxr-xr-x | test/features/3.2.exp | 72 | ||||
-rw-r--r-- | test/features/features.txt | 1 |
4 files changed, 148 insertions, 1 deletions
diff --git a/test/configure b/test/configure index 73c808020..67122cfe1 100755 --- a/test/configure +++ b/test/configure | |||
@@ -28,12 +28,14 @@ ROOTDIR="/tmp/chroot" # default chroot directory | |||
28 | DEFAULT_FILES="/bin/bash /bin/sh " # basic chroot files | 28 | DEFAULT_FILES="/bin/bash /bin/sh " # basic chroot files |
29 | DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group " | 29 | DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group " |
30 | DEFAULT_FILES+=`find /lib -name libnss*` # files required by glibc | 30 | DEFAULT_FILES+=`find /lib -name libnss*` # files required by glibc |
31 | DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount" | 31 | DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /usr/bin/touch /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount" |
32 | 32 | ||
33 | rm -fr $ROOTDIR | 33 | rm -fr $ROOTDIR |
34 | mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc} | 34 | mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc} |
35 | mkdir -p $ROOTDIR/etc/firejail | 35 | mkdir -p $ROOTDIR/etc/firejail |
36 | mkdir -p $ROOTDIR/home/netblue/.config/firejail | 36 | mkdir -p $ROOTDIR/home/netblue/.config/firejail |
37 | chown netblue:netblue $ROOTDIR/home/netblue | ||
38 | chown netblue:netblue $ROOTDIR/home/netblue/.config | ||
37 | mkdir $ROOTDIR/home/someotheruser | 39 | mkdir $ROOTDIR/home/someotheruser |
38 | mkdir $ROOTDIR/boot | 40 | mkdir $ROOTDIR/boot |
39 | mkdir $ROOTDIR/selinux | 41 | mkdir $ROOTDIR/selinux |
diff --git a/test/features/3.1.exp b/test/features/3.1.exp new file mode 100755 index 000000000..6abbf94a5 --- /dev/null +++ b/test/features/3.1.exp | |||
@@ -0,0 +1,72 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # | ||
3 | # tmpfs | ||
4 | # | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # | ||
11 | # N | ||
12 | # | ||
13 | send -- "touch ~/.config/firejail-test-file\r" | ||
14 | sleep 1 | ||
15 | send -- "firejail --noprofile --tmpfs=/home/netblue/.config\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 0\n";exit} | ||
18 | "Child process initialized" | ||
19 | } | ||
20 | sleep 1 | ||
21 | |||
22 | send -- "ls ~/.config | wc -l\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 1\n";exit} | ||
25 | "0" | ||
26 | } | ||
27 | after 100 | ||
28 | send -- "exit\r" | ||
29 | sleep 1 | ||
30 | |||
31 | # | ||
32 | # O | ||
33 | # | ||
34 | send -- "firejail --noprofile --overlay --tmpfs=/home/netblue/.config\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 2\n";exit} | ||
37 | "Child process initialized" | ||
38 | } | ||
39 | sleep 1 | ||
40 | |||
41 | send -- "ls ~/.config | wc -l\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 3\n";exit} | ||
44 | "0" | ||
45 | } | ||
46 | after 100 | ||
47 | send -- "exit\r" | ||
48 | sleep 1 | ||
49 | |||
50 | # | ||
51 | # C | ||
52 | # | ||
53 | send -- "touch /tmp/chroot/home/netblue/.config/firejail-test-file\r" | ||
54 | sleep 1 | ||
55 | send -- "firejail --noprofile --chroot=/tmp/chroot --tmpfs=/home/netblue/.config\r" | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 4\n";exit} | ||
58 | "Child process initialized" | ||
59 | } | ||
60 | sleep 1 | ||
61 | |||
62 | send -- "ls ~/.config | wc -l\r" | ||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 5\n";exit} | ||
65 | "0" | ||
66 | } | ||
67 | after 100 | ||
68 | send -- "exit\r" | ||
69 | sleep 1 | ||
70 | |||
71 | |||
72 | puts "\nall done\n" | ||
diff --git a/test/features/3.2.exp b/test/features/3.2.exp new file mode 100755 index 000000000..f6ed01310 --- /dev/null +++ b/test/features/3.2.exp | |||
@@ -0,0 +1,72 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # | ||
3 | # disable /boot | ||
4 | # | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # | ||
11 | # N | ||
12 | # | ||
13 | send -- "rm -f ~/.config/firejail-test-file\r" | ||
14 | sleep 1 | ||
15 | send -- "firejail --noprofile --read-only=/home/netblue/.config\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 0\n";exit} | ||
18 | "Child process initialized" | ||
19 | } | ||
20 | sleep 1 | ||
21 | |||
22 | send -- "touch ~/.config/firejail-test-file\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 1\n";exit} | ||
25 | "Read-only file system" | ||
26 | } | ||
27 | after 100 | ||
28 | send -- "exit\r" | ||
29 | sleep 1 | ||
30 | |||
31 | # | ||
32 | # O | ||
33 | # | ||
34 | send -- "firejail --noprofile --overlay --read-only=/home/netblue/.config\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 2\n";exit} | ||
37 | "Child process initialized" | ||
38 | } | ||
39 | sleep 1 | ||
40 | |||
41 | send -- "touch ~/.config/firejail-test-file\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 3\n";exit} | ||
44 | "Read-only file system" | ||
45 | } | ||
46 | after 100 | ||
47 | send -- "exit\r" | ||
48 | sleep 1 | ||
49 | |||
50 | # | ||
51 | # C | ||
52 | # | ||
53 | send -- "rm -f /tmp/chroot/home/netblue/.config/firejail-test-file\r" | ||
54 | sleep 1 | ||
55 | send -- "firejail --noprofile --chroot=/tmp/chroot --read-only=/home/netblue/.config\r" | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 4\n";exit} | ||
58 | "Child process initialized" | ||
59 | } | ||
60 | sleep 1 | ||
61 | |||
62 | send -- "touch ~/.config/firejail-test-file\r" | ||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 5\n";exit} | ||
65 | "Read-only file system" | ||
66 | } | ||
67 | after 100 | ||
68 | send -- "exit\r" | ||
69 | sleep 1 | ||
70 | |||
71 | |||
72 | puts "\nall done\n" | ||
diff --git a/test/features/features.txt b/test/features/features.txt index 95e8cc5a0..492843adc 100644 --- a/test/features/features.txt +++ b/test/features/features.txt | |||
@@ -70,4 +70,5 @@ C - chroot filesystem | |||
70 | 3. Filesystem features (use --noprofile) | 70 | 3. Filesystem features (use --noprofile) |
71 | 71 | ||
72 | 3.1 tmpfs | 72 | 3.1 tmpfs |
73 | 3.2 read-only | ||
73 | \ No newline at end of file | 74 | \ No newline at end of file |