cleanup seccomp run files

author: netblue30 <netblue30@yahoo.com> 2018-04-12 12:45:43 -0400
committer: netblue30 <netblue30@yahoo.com> 2018-04-12 12:45:43 -0400
commit: 38276c9c64c8a0e086f2fb84402c5105c1483216 (patch)
tree: 98f2bbafeef4bb1bdad64795607e961109eb1880 /test
parent: AppArmor: disable MAC related capabilities (diff)
download: firejail-38276c9c64c8a0e086f2fb84402c5105c1483216.tar.gz
firejail-38276c9c64c8a0e086f2fb84402c5105c1483216.tar.zst
firejail-38276c9c64c8a0e086f2fb84402c5105c1483216.zip
2 files changed, 101 insertions, 0 deletions
diff --git a/test/filters/filters.sh b/test/filters/filters.sh
index 45b1d0459..12f13606b 100755
--- a/test/filters/filters.sh
+++ b/test/filters/filters.sh
@@ -28,6 +28,9 @@ fi
 echo "TESTING: debug options (test/filters/debug.exp)"
 ./debug.exp
+echo "TESTING: seccomp run files (test/filters/seccomp-run-files.exp)"
+./seccomp-run-files.exp
 echo "TESTING: noroot (test/filters/noroot.exp)"
 ./noroot.exp
diff --git a/test/filters/seccomp-run-files.exp b/test/filters/seccomp-run-files.exp
new file mode 100755
index 000000000..a72b9aef7
--- /dev/null
+++ b/test/filters/seccomp-run-files.exp
@@ -0,0 +1,98 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2018 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send --  "firejail --debug\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "/run/firejail/mnt/seccomp seccomp filter"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "/run/firejail/mnt/seccomp.32 seccomp filter"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "/run/firejail/mnt/seccomp.protocol seccomp filter"
+}
+after 100
+send -- "ls -l /run/firejail/mnt | grep seccomp | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "4"
+}
+send -- "exit\r"
+sleep 1
+send --  "firejail --ignore=seccomp --debug\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "/run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 5\n";exit}
+        "/run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 6\n";exit}
+        "/run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 7\n";exit}
+        "/run/firejail/mnt/seccomp.protocol seccomp filter"
+}
+after 100
+send -- "ls -l /run/firejail/mnt | grep seccomp | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "1"
+}
+send -- "exit\r"
+sleep 1
+send --  "firejail --ignore=protocol --debug\r"
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "/run/firejail/mnt/seccomp seccomp filter"
+}
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "/run/firejail/mnt/seccomp.32 seccomp filter"
+}
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "/run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 12\n";exit}
+        "monitoring"
+}
+after 100
+send -- "ls -l /run/firejail/mnt | grep seccomp | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 13\n";exit}
+        "3"
+}
+send -- "exit\r"
+sleep 1
+send --  "firejail --memory-deny-write-execute --debug\r"
+expect {
+        timeout {puts "TESTING ERROR 14\n";exit}
+        "/run/firejail/mnt/seccomp.mdwx seccomp filter"
+}
+expect {
+        timeout {puts "TESTING ERROR 15\n";exit}
+        "/run/firejail/mnt/seccomp seccomp filter"
+}
+expect {
+        timeout {puts "TESTING ERROR 16\n";exit}
+        "/run/firejail/mnt/seccomp.32 seccomp filter"
+}
+expect {
+        timeout {puts "TESTING ERROR 17\n";exit}
+        "/run/firejail/mnt/seccomp.protocol seccomp filter"
+}
+after 100
+send -- "ls -l /run/firejail/mnt | grep seccomp | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 18\n";exit}
+        "5"
+}
+send -- "exit\r"
+sleep 1
+puts "all done\n"
author	netblue30 <netblue30@yahoo.com>	2018-04-12 12:45:43 -0400
committer	netblue30 <netblue30@yahoo.com>	2018-04-12 12:45:43 -0400
commit	38276c9c64c8a0e086f2fb84402c5105c1483216 (patch)
tree	98f2bbafeef4bb1bdad64795607e961109eb1880 /test
parent	AppArmor: disable MAC related capabilities (diff)
download	firejail-38276c9c64c8a0e086f2fb84402c5105c1483216.tar.gz firejail-38276c9c64c8a0e086f2fb84402c5105c1483216.tar.zst firejail-38276c9c64c8a0e086f2fb84402c5105c1483216.zip

diff --git a/test/filters/filters.sh b/test/filters/filters.sh index 45b1d0459..12f13606b 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh
@@ -28,6 +28,9 @@ fi
28	echo "TESTING: debug options (test/filters/debug.exp)"	28	echo "TESTING: debug options (test/filters/debug.exp)"
29	./debug.exp	29	./debug.exp
30		30
		31	echo "TESTING: seccomp run files (test/filters/seccomp-run-files.exp)"
		32	./seccomp-run-files.exp
		33
31	echo "TESTING: noroot (test/filters/noroot.exp)"	34	echo "TESTING: noroot (test/filters/noroot.exp)"
32	./noroot.exp	35	./noroot.exp
33		36


diff --git a/test/filters/seccomp-run-files.exp b/test/filters/seccomp-run-files.exp new file mode 100755 index 000000000..a72b9aef7 --- /dev/null +++ b/test/filters/seccomp-run-files.exp
@@ -0,0 +1,98 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2018 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --debug\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	"/run/firejail/mnt/seccomp seccomp filter"
		14	}
		15	expect {
		16	timeout {puts "TESTING ERROR 1\n";exit}
		17	"/run/firejail/mnt/seccomp.32 seccomp filter"
		18	}
		19	expect {
		20	timeout {puts "TESTING ERROR 2\n";exit}
		21	"/run/firejail/mnt/seccomp.protocol seccomp filter"
		22	}
		23	after 100
		24	send -- "ls -l /run/firejail/mnt \| grep seccomp \| wc -l\r"
		25	expect {
		26	timeout {puts "TESTING ERROR 3\n";exit}
		27	"4"
		28	}
		29	send -- "exit\r"
		30	sleep 1
		31
		32	send -- "firejail --ignore=seccomp --debug\r"
		33	expect {
		34	timeout {puts "TESTING ERROR 4\n";exit}
		35	"/run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 5\n";exit}
		36	"/run/firejail/mnt/seccomp.32 seccomp filter" {puts "TESTING ERROR 6\n";exit}
		37	"/run/firejail/mnt/seccomp.64 seccomp filter" {puts "TESTING ERROR 7\n";exit}
		38	"/run/firejail/mnt/seccomp.protocol seccomp filter"
		39	}
		40	after 100
		41	send -- "ls -l /run/firejail/mnt \| grep seccomp \| wc -l\r"
		42	expect {
		43	timeout {puts "TESTING ERROR 8\n";exit}
		44	"1"
		45	}
		46	send -- "exit\r"
		47	sleep 1
		48
		49	send -- "firejail --ignore=protocol --debug\r"
		50	expect {
		51	timeout {puts "TESTING ERROR 9\n";exit}
		52	"/run/firejail/mnt/seccomp seccomp filter"
		53	}
		54	expect {
		55	timeout {puts "TESTING ERROR 10\n";exit}
		56	"/run/firejail/mnt/seccomp.32 seccomp filter"
		57	}
		58	expect {
		59	timeout {puts "TESTING ERROR 11\n";exit}
		60	"/run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 12\n";exit}
		61	"monitoring"
		62	}
		63	after 100
		64	send -- "ls -l /run/firejail/mnt \| grep seccomp \| wc -l\r"
		65	expect {
		66	timeout {puts "TESTING ERROR 13\n";exit}
		67	"3"
		68	}
		69	send -- "exit\r"
		70	sleep 1
		71
		72	send -- "firejail --memory-deny-write-execute --debug\r"
		73	expect {
		74	timeout {puts "TESTING ERROR 14\n";exit}
		75	"/run/firejail/mnt/seccomp.mdwx seccomp filter"
		76	}
		77	expect {
		78	timeout {puts "TESTING ERROR 15\n";exit}
		79	"/run/firejail/mnt/seccomp seccomp filter"
		80	}
		81	expect {
		82	timeout {puts "TESTING ERROR 16\n";exit}
		83	"/run/firejail/mnt/seccomp.32 seccomp filter"
		84	}
		85	expect {
		86	timeout {puts "TESTING ERROR 17\n";exit}
		87	"/run/firejail/mnt/seccomp.protocol seccomp filter"
		88	}
		89	after 100
		90	send -- "ls -l /run/firejail/mnt \| grep seccomp \| wc -l\r"
		91	expect {
		92	timeout {puts "TESTING ERROR 18\n";exit}
		93	"5"
		94	}
		95	send -- "exit\r"
		96	sleep 1
		97
		98	puts "all done\n"