aboutsummaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2015-10-11 11:24:02 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2015-10-11 11:24:02 -0400
commitf4171a91412f89d509e6d1371fd81b4ecd89c11d (patch)
tree89882fc26af43bc4149109c029380209792698d9 /test
parentMerge pull request #81 from pyther/rpm (diff)
downloadfirejail-f4171a91412f89d509e6d1371fd81b4ecd89c11d.tar.gz
firejail-f4171a91412f89d509e6d1371fd81b4ecd89c11d.tar.zst
firejail-f4171a91412f89d509e6d1371fd81b4ecd89c11d.zip
--private-bin
Diffstat (limited to 'test')
-rwxr-xr-xtest/chromium.exp10
-rwxr-xr-xtest/fscheck-shell.exp14
-rwxr-xr-xtest/private-bin.exp71
-rw-r--r--test/private-bin.profile1
-rwxr-xr-xtest/test.sh12
5 files changed, 93 insertions, 15 deletions
diff --git a/test/chromium.exp b/test/chromium.exp
index 020826f3d..77325d070 100755
--- a/test/chromium.exp
+++ b/test/chromium.exp
@@ -4,10 +4,10 @@ set timeout 10
4spawn $env(SHELL) 4spawn $env(SHELL)
5match_max 100000 5match_max 100000
6 6
7send -- "firejail chromium-browser www.gentoo.org\r" 7send -- "firejail chromium www.gentoo.org\r"
8expect { 8expect {
9 timeout {puts "TESTING ERROR 0\n";exit} 9 timeout {puts "TESTING ERROR 0\n";exit}
10 "Reading profile /etc/firejail/chromium-browser.profile" 10 "Reading profile /etc/firejail/chromium.profile"
11} 11}
12expect { 12expect {
13 timeout {puts "TESTING ERROR 1\n";exit} 13 timeout {puts "TESTING ERROR 1\n";exit}
@@ -23,7 +23,7 @@ expect {
23} 23}
24expect { 24expect {
25 timeout {puts "TESTING ERROR 3.1\n";exit} 25 timeout {puts "TESTING ERROR 3.1\n";exit}
26 "chromium-browser" 26 "chromium"
27} 27}
28sleep 1 28sleep 1
29 29
@@ -38,7 +38,7 @@ spawn $env(SHELL)
38send -- "firemon --seccomp\r" 38send -- "firemon --seccomp\r"
39expect { 39expect {
40 timeout {puts "TESTING ERROR 5\n";exit} 40 timeout {puts "TESTING ERROR 5\n";exit}
41 ":firejail chromium-browser" 41 ":firejail chromium"
42} 42}
43expect { 43expect {
44 timeout {puts "TESTING ERROR 5.1\n";exit} 44 timeout {puts "TESTING ERROR 5.1\n";exit}
@@ -52,7 +52,7 @@ sleep 1
52send -- "firemon --caps\r" 52send -- "firemon --caps\r"
53expect { 53expect {
54 timeout {puts "TESTING ERROR 6\n";exit} 54 timeout {puts "TESTING ERROR 6\n";exit}
55 ":firejail chromium-browser" 55 ":firejail chromium"
56} 56}
57expect { 57expect {
58 timeout {puts "TESTING ERROR 6.1\n";exit} 58 timeout {puts "TESTING ERROR 6.1\n";exit}
diff --git a/test/fscheck-shell.exp b/test/fscheck-shell.exp
index d2320a4c3..548955e60 100755
--- a/test/fscheck-shell.exp
+++ b/test/fscheck-shell.exp
@@ -15,7 +15,7 @@ after 100
15# .. 15# ..
16send -- "firejail --net=br0 --shell=../test/fscheck-dir\r" 16send -- "firejail --net=br0 --shell=../test/fscheck-dir\r"
17expect { 17expect {
18 timeout {puts "TESTING ERROR 0.1\n";exit} 18 timeout {puts "TESTING ERROR 1\n";exit}
19 "Error" 19 "Error"
20} 20}
21after 100 21after 100
@@ -23,7 +23,7 @@ after 100
23# dir link 23# dir link
24send -- "firejail --net=br0 --shell=fscheck-dir-link\r" 24send -- "firejail --net=br0 --shell=fscheck-dir-link\r"
25expect { 25expect {
26 timeout {puts "TESTING ERROR 1\n";exit} 26 timeout {puts "TESTING ERROR 2\n";exit}
27 "Error" 27 "Error"
28} 28}
29after 100 29after 100
@@ -31,7 +31,7 @@ after 100
31# .. 31# ..
32send -- "firejail --net=br0 --shell=../test/fscheck-dir-link\r" 32send -- "firejail --net=br0 --shell=../test/fscheck-dir-link\r"
33expect { 33expect {
34 timeout {puts "TESTING ERROR 1.1\n";exit} 34 timeout {puts "TESTING ERROR 3\n";exit}
35 "Error" 35 "Error"
36} 36}
37after 100 37after 100
@@ -39,7 +39,7 @@ after 100
39# file link 39# file link
40send -- "firejail --net=br0 --shell=fscheck-file-link\r" 40send -- "firejail --net=br0 --shell=fscheck-file-link\r"
41expect { 41expect {
42 timeout {puts "TESTING ERROR 2\n";exit} 42 timeout {puts "TESTING ERROR 4\n";exit}
43 "Error" 43 "Error"
44} 44}
45after 100 45after 100
@@ -47,7 +47,7 @@ after 100
47# .. 47# ..
48send -- "firejail --net=br0 --shell=../test/fscheck-file-link\r" 48send -- "firejail --net=br0 --shell=../test/fscheck-file-link\r"
49expect { 49expect {
50 timeout {puts "TESTING ERROR 2\n";exit} 50 timeout {puts "TESTING ERROR 5\n";exit}
51 "Error" 51 "Error"
52} 52}
53after 100 53after 100
@@ -55,7 +55,7 @@ after 100
55# no file 55# no file
56send -- "firejail --net=br0 --shell=../test/nofile\r" 56send -- "firejail --net=br0 --shell=../test/nofile\r"
57expect { 57expect {
58 timeout {puts "TESTING ERROR 3\n";exit} 58 timeout {puts "TESTING ERROR 6\n";exit}
59 "Error" 59 "Error"
60} 60}
61after 100 61after 100
@@ -63,7 +63,7 @@ after 100
63# real GID/UID 63# real GID/UID
64send -- "firejail --net=br0 --shell=/etc/shadow\r" 64send -- "firejail --net=br0 --shell=/etc/shadow\r"
65expect { 65expect {
66 timeout {puts "TESTING ERROR 4\n";exit} 66 timeout {puts "TESTING ERROR 7\n";exit}
67 "Error" 67 "Error"
68} 68}
69after 100 69after 100
diff --git a/test/private-bin.exp b/test/private-bin.exp
new file mode 100755
index 000000000..cc5ea99c7
--- /dev/null
+++ b/test/private-bin.exp
@@ -0,0 +1,71 @@
1#!/usr/bin/expect -f
2
3set timeout 10
4spawn $env(SHELL)
5match_max 100000
6
7send -- "firejail --private-bin=bash,ls,sh\r"
8expect {
9 timeout {puts "TESTING ERROR 1\n";exit}
10 "Child process initialized"
11}
12sleep 1
13
14send -- "ls -al /bin\r"
15expect {
16 timeout {puts "TESTING ERROR 2\n";exit}
17 "bash"
18}
19expect {
20 timeout {puts "TESTING ERROR 3\n";exit}
21 "ls"
22}
23expect {
24 timeout {puts "TESTING ERROR 4\n";exit}
25 "sh"
26}
27
28send -- "ls -al /bin\r"
29expect {
30 timeout {puts "TESTING ERROR 5\n";exit}
31 "ping" {puts "TESTING ERROR 6\n";exit}
32 "sh"
33}
34send -- "exit\r"
35sleep 1
36
37send -- "firejail --profile=private-bin.profile\r"
38expect {
39 timeout {puts "TESTING ERROR 7\n";exit}
40 "Child process initialized"
41}
42sleep 1
43
44send -- "ls -al /bin\r"
45expect {
46 timeout {puts "TESTING ERROR 8\n";exit}
47 "bash"
48}
49expect {
50 timeout {puts "TESTING ERROR 9\n";exit}
51 "ls"
52}
53expect {
54 timeout {puts "TESTING ERROR 10\n";exit}
55 "sh"
56}
57
58send -- "ls -al /bin\r"
59expect {
60 timeout {puts "TESTING ERROR 5\n";exit}
61 "ping" {puts "TESTING ERROR 6\n";exit}
62 "sh"
63}
64send -- "exit\r"
65
66
67
68
69sleep 1
70puts "\nall done\n"
71
diff --git a/test/private-bin.profile b/test/private-bin.profile
new file mode 100644
index 000000000..24cf5929a
--- /dev/null
+++ b/test/private-bin.profile
@@ -0,0 +1 @@
private-bin bash,ls,sh
diff --git a/test/test.sh b/test/test.sh
index 6f198cd52..2e7b1e2bc 100755
--- a/test/test.sh
+++ b/test/test.sh
@@ -18,9 +18,15 @@ echo "TESTING: environment variables"
18echo "TESTING: private-etc" 18echo "TESTING: private-etc"
19./private-etc.exp 19./private-etc.exp
20 20
21echo "TESTING: private-bin"
22./private-bin.exp
23
24sleep 1
25rm -fr dir\ with\ space
21mkdir dir\ with\ space 26mkdir dir\ with\ space
22echo "TESTING: blacklist" 27echo "TESTING: blacklist"
23./blacklist.exp 28./blacklist.exp
29sleep 1
24rm -fr dir\ with\ space 30rm -fr dir\ with\ space
25 31
26ln -s auto auto2 32ln -s auto auto2
@@ -155,7 +161,7 @@ else
155 echo "TESTING: midori not found" 161 echo "TESTING: midori not found"
156fi 162fi
157 163
158which chromium-browser 164which chromium
159if [ "$?" -eq 0 ]; 165if [ "$?" -eq 0 ];
160then 166then
161 echo "TESTING: chromium" 167 echo "TESTING: chromium"
@@ -278,10 +284,10 @@ echo "TESTING: seccomp su"
278echo "TESTING: seccomp ptrace" 284echo "TESTING: seccomp ptrace"
279./seccomp-ptrace.exp 285./seccomp-ptrace.exp
280 286
281echo "TESTING: seccomp chmod (seccomp lists)" 287echo "TESTING: seccomp chmod - seccomp lists"
282./seccomp-chmod.exp 288./seccomp-chmod.exp
283 289
284echo "TESTING: seccomp chmod profile (seccomp lists)" 290echo "TESTING: seccomp chmod profile - seccomp lists"
285./seccomp-chmod-profile.exp 291./seccomp-chmod-profile.exp
286 292
287echo "TESTING: seccomp empty" 293echo "TESTING: seccomp empty"
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 17:27:24 +0000