diff options
| author |  netblue30 <netblue30@yahoo.com> | 2018-10-21 11:58:58 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2018-10-21 11:58:58 -0400 |
| commit | b54bc589bbaa3b158cad2e23a4e32158b1622e51 (patch) | |
| tree | d5538e3902c30ea4de57ab4195393a6365fba087 /test | |
| parent | Add QOwnNotes profile (diff) | |
| download | firejail-b54bc589bbaa3b158cad2e23a4e32158b1622e51.tar.gz firejail-b54bc589bbaa3b158cad2e23a4e32158b1622e51.tar.zst firejail-b54bc589bbaa3b158cad2e23a4e32158b1622e51.zip | |
apparmor test
Diffstat (limited to 'test')
| -rwxr-xr-x | test/filters/apparmor.exp | 59 | ||||
| -rwxr-xr-x | test/filters/filters.sh | 6 |
2 files changed, 65 insertions, 0 deletions
diff --git a/test/filters/apparmor.exp b/test/filters/apparmor.exp new file mode 100755 index 000000000..acc42a117 --- /dev/null +++ b/test/filters/apparmor.exp | |||
| @@ -0,0 +1,59 @@ | |||
| 1 | #!/usr/bin/expect -f | ||
| 2 | # This file is part of Firejail project | ||
| 3 | # Copyright (C) 2014-2018 Firejail Authors | ||
| 4 | # License GPL v2 | ||
| 5 | |||
| 6 | set timeout 10 | ||
| 7 | spawn $env(SHELL) | ||
| 8 | match_max 100000 | ||
| 9 | |||
| 10 | send -- "firejail --name=test1 --apparmor\r" | ||
| 11 | expect { | ||
| 12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
| 13 | "Child process initialized" | ||
| 14 | } | ||
| 15 | sleep 1 | ||
| 16 | |||
| 17 | spawn $env(SHELL) | ||
| 18 | send -- "firejail --name=test2 --apparmor\r" | ||
| 19 | expect { | ||
| 20 | timeout {puts "TESTING ERROR 1\n";exit} | ||
| 21 | "Child process initialized" | ||
| 22 | } | ||
| 23 | sleep 1 | ||
| 24 | |||
| 25 | spawn $env(SHELL) | ||
| 26 | send -- "firemon --apparmor\r" | ||
| 27 | expect { | ||
| 28 | timeout {puts "TESTING ERROR 2\n";exit} | ||
| 29 | "test1:firejail --name=test1 --apparmor" | ||
| 30 | } | ||
| 31 | expect { | ||
| 32 | timeout {puts "TESTING ERROR 3\n";exit} | ||
| 33 | "AppArmor: firejail-default enforce" | ||
| 34 | } | ||
| 35 | expect { | ||
| 36 | timeout {puts "TESTING ERROR 4\n";exit} | ||
| 37 | "test2:firejail --name=test2 --apparmor" | ||
| 38 | } | ||
| 39 | expect { | ||
| 40 | timeout {puts "TESTING ERROR 5\n";exit} | ||
| 41 | "AppArmor: firejail-default enforce" | ||
| 42 | } | ||
| 43 | after 100 | ||
| 44 | |||
| 45 | send -- "firejail --apparmor.print=test1\r" | ||
| 46 | expect { | ||
| 47 | timeout {puts "TESTING ERROR 6\n";exit} | ||
| 48 | "AppArmor: firejail-default enforce" | ||
| 49 | } | ||
| 50 | after 100 | ||
| 51 | |||
| 52 | send -- "firejail --apparmor.print=test2\r" | ||
| 53 | expect { | ||
| 54 | timeout {puts "TESTING ERROR 7\n";exit} | ||
| 55 | "AppArmor: firejail-default enforce" | ||
| 56 | } | ||
| 57 | after 100 | ||
| 58 | |||
| 59 | puts "\nall done\n" | ||
diff --git a/test/filters/filters.sh b/test/filters/filters.sh index 72d699415..917aa93b6 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh | |||
| @@ -12,6 +12,12 @@ if [ -f /etc/debian_version ]; then | |||
| 12 | fi | 12 | fi |
| 13 | export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail" | 13 | export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail" |
| 14 | 14 | ||
| 15 | if [ -f /sys/kernel/security/apparmor/profiles ]; then | ||
| 16 | echo "TESTING: apparmor (test/filters/apparmor.exp)" | ||
| 17 | ./apparmor.exp | ||
| 18 | else | ||
| 19 | echo "TESTING SKIP: no apparmor support in Linux kernel (test/filters/apparmor.exp)" | ||
| 20 | fi | ||
| 15 | 21 | ||
| 16 | if [ "$(uname -m)" = "x86_64" ]; then | 22 | if [ "$(uname -m)" = "x86_64" ]; then |
| 17 | echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)" | 23 | echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)" |