aboutsummaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2017-12-28 15:36:40 -0500
committerLibravatar netblue30 <netblue30@yahoo.com>2017-12-28 15:36:40 -0500
commit8706d0591301cffd3965695107c767dae54cceb3 (patch)
treeadca45f28613c65cd778aadd62be2df63c396733 /test
parentreplacing seccomp printing with a seccomp disassembler (diff)
downloadfirejail-8706d0591301cffd3965695107c767dae54cceb3.tar.gz
firejail-8706d0591301cffd3965695107c767dae54cceb3.tar.zst
firejail-8706d0591301cffd3965695107c767dae54cceb3.zip
testing
Diffstat (limited to 'test')
-rwxr-xr-xtest/filters/fseccomp.exp52
-rwxr-xr-xtest/filters/seccomp-debug.exp8
-rwxr-xr-xtest/filters/seccomp-empty.exp34
-rwxr-xr-xtest/filters/seccomp-errno.exp12
-rwxr-xr-xtest/profiles/profile_syntax2.exp8
-rwxr-xr-xtest/utils/seccomp-print.exp8
6 files changed, 67 insertions, 55 deletions
diff --git a/test/filters/fseccomp.exp b/test/filters/fseccomp.exp
index a71c35302..15959ff26 100755
--- a/test/filters/fseccomp.exp
+++ b/test/filters/fseccomp.exp
@@ -31,104 +31,104 @@ expect {
31after 100 31after 100
32send -- "fseccomp protocol build unix,inet seccomp-test-file\r" 32send -- "fseccomp protocol build unix,inet seccomp-test-file\r"
33after 100 33after 100
34send -- "fseccomp print seccomp-test-file\r" 34send -- "fsec-print seccomp-test-file\r"
35expect { 35expect {
36 timeout {puts "TESTING ERROR 4.1\n";exit} 36 timeout {puts "TESTING ERROR 4.1\n";exit}
37 "WHITELIST 41 socket" 37 "jeq socket"
38} 38}
39 39
40after 100 40after 100
41send -- "fseccomp secondary 64 seccomp-test-file\r" 41send -- "fseccomp secondary 64 seccomp-test-file\r"
42after 100 42after 100
43send -- "fseccomp print seccomp-test-file\r" 43send -- "fsec-print seccomp-test-file\r"
44expect { 44expect {
45 timeout {puts "TESTING ERROR 5.1\n";exit} 45 timeout {puts "TESTING ERROR 5.1\n";exit}
46 "BLACKLIST 165 mount" 46 "jeq mount"
47} 47}
48expect { 48expect {
49 timeout {puts "TESTING ERROR 5.2\n";exit} 49 timeout {puts "TESTING ERROR 5.2\n";exit}
50 "BLACKLIST 166 umount2" 50 "jeq umount2"
51} 51}
52expect { 52expect {
53 timeout {puts "TESTING ERROR 5.3\n";exit} 53 timeout {puts "TESTING ERROR 5.3\n";exit}
54 "RETURN_ALLOW" 54 "ret ALLOW"
55} 55}
56 56
57after 100 57after 100
58send -- "fseccomp default seccomp-test-file\r" 58send -- "fseccomp default seccomp-test-file\r"
59after 100 59after 100
60send -- "fseccomp print seccomp-test-file\r" 60send -- "fsec-print seccomp-test-file\r"
61expect { 61expect {
62 timeout {puts "TESTING ERROR 6.1\n";exit} 62 timeout {puts "TESTING ERROR 6.1\n";exit}
63 "BLACKLIST 165 mount" 63 "jeq mount"
64} 64}
65expect { 65expect {
66 timeout {puts "TESTING ERROR 6.2\n";exit} 66 timeout {puts "TESTING ERROR 6.2\n";exit}
67 "BLACKLIST 166 umount2" 67 "jeq umount2"
68} 68}
69expect { 69expect {
70 timeout {puts "TESTING ERROR 6.3\n";exit} 70 timeout {puts "TESTING ERROR 6.3\n";exit}
71 "RETURN_ALLOW" 71 "ret ALLOW"
72} 72}
73 73
74after 100 74after 100
75send -- "fseccomp drop seccomp-test-file tmpfile chmod,chown\r" 75send -- "fseccomp drop seccomp-test-file tmpfile chmod,chown\r"
76after 100 76after 100
77send -- "fseccomp print seccomp-test-file\r" 77send -- "fsec-print seccomp-test-file\r"
78expect { 78expect {
79 timeout {puts "TESTING ERROR 7.1\n";exit} 79 timeout {puts "TESTING ERROR 7.1\n";exit}
80 "BLACKLIST 165 mount" {puts "TESTING ERROR 7.2\n";exit} 80 "jeq mount" {puts "TESTING ERROR 7.2\n";exit}
81 "BLACKLIST 166 umount2" {puts "TESTING ERROR 7.3\n";exit} 81 "jeq umount2" {puts "TESTING ERROR 7.3\n";exit}
82 "BLACKLIST 90 chmod" 82 "jeq chmod"
83} 83}
84expect { 84expect {
85 timeout {puts "TESTING ERROR 7.4\n";exit} 85 timeout {puts "TESTING ERROR 7.4\n";exit}
86 "BLACKLIST 92 chown" 86 "jeq chown"
87} 87}
88expect { 88expect {
89 timeout {puts "TESTING ERROR 7.5\n";exit} 89 timeout {puts "TESTING ERROR 7.5\n";exit}
90 "RETURN_ALLOW" 90 "ret ALLOW"
91} 91}
92 92
93after 100 93after 100
94send -- "fseccomp default drop seccomp-test-file tmpfile chmod,chown\r" 94send -- "fseccomp default drop seccomp-test-file tmpfile chmod,chown\r"
95after 100 95after 100
96send -- "fseccomp print seccomp-test-file\r" 96send -- "fsec-print seccomp-test-file\r"
97expect { 97expect {
98 timeout {puts "TESTING ERROR 8.1\n";exit} 98 timeout {puts "TESTING ERROR 8.1\n";exit}
99 "BLACKLIST 165 mount" 99 "jeq mount"
100} 100}
101expect { 101expect {
102 timeout {puts "TESTING ERROR 8.2\n";exit} 102 timeout {puts "TESTING ERROR 8.2\n";exit}
103 "BLACKLIST 166 umount2" 103 "jeq umount2"
104} 104}
105expect { 105expect {
106 timeout {puts "TESTING ERROR 8.3\n";exit} 106 timeout {puts "TESTING ERROR 8.3\n";exit}
107 "BLACKLIST 90 chmod" 107 "jeq chmod"
108} 108}
109expect { 109expect {
110 timeout {puts "TESTING ERROR 8.4\n";exit} 110 timeout {puts "TESTING ERROR 8.4\n";exit}
111 "BLACKLIST 92 chown" 111 "jeq chown"
112} 112}
113expect { 113expect {
114 timeout {puts "TESTING ERROR 8.5\n";exit} 114 timeout {puts "TESTING ERROR 8.5\n";exit}
115 "RETURN_ALLOW" 115 "ret ALLOW"
116} 116}
117after 100 117after 100
118send -- "fseccomp keep seccomp-test-file tmpfile chmod,chown\r" 118send -- "fseccomp keep seccomp-test-file tmpfile chmod,chown\r"
119after 100 119after 100
120send -- "fseccomp print seccomp-test-file\r" 120send -- "fsec-print seccomp-test-file\r"
121expect { 121expect {
122 timeout {puts "TESTING ERROR 9.1\n";exit} 122 timeout {puts "TESTING ERROR 9.1\n";exit}
123 "WHITELIST 90 chmod" 123 "jeq chmod"
124} 124}
125expect { 125expect {
126 timeout {puts "TESTING ERROR 9.2\n";exit} 126 timeout {puts "TESTING ERROR 9.2\n";exit}
127 "WHITELIST 92 chown" 127 "jeq chown"
128} 128}
129expect { 129expect {
130 timeout {puts "TESTING ERROR 9.3\n";exit} 130 timeout {puts "TESTING ERROR 9.3\n";exit}
131 "KILL_PROCESS" 131 "ret KILL"
132} 132}
133 133
134 134
diff --git a/test/filters/seccomp-debug.exp b/test/filters/seccomp-debug.exp
index f90bbfa03..ee72e34ae 100755
--- a/test/filters/seccomp-debug.exp
+++ b/test/filters/seccomp-debug.exp
@@ -13,15 +13,11 @@ after 100
13send -- "firejail --debug sleep 1; echo done\r" 13send -- "firejail --debug sleep 1; echo done\r"
14expect { 14expect {
15 timeout {puts "TESTING ERROR 0\n";exit} 15 timeout {puts "TESTING ERROR 0\n";exit}
16 "SECCOMP Filter" 16 "seccomp entries in /run/firejail/mnt/seccomp"
17}
18expect {
19 timeout {puts "TESTING ERROR 1\n";exit}
20 "BLACKLIST"
21} 17}
22expect { 18expect {
23 timeout {puts "TESTING ERROR 2\n";exit} 19 timeout {puts "TESTING ERROR 2\n";exit}
24 "open_by_handle_at" 20 "jeq open_by_handle_at"
25} 21}
26expect { 22expect {
27 timeout {puts "TESTING ERROR 3\n";exit} 23 timeout {puts "TESTING ERROR 3\n";exit}
diff --git a/test/filters/seccomp-empty.exp b/test/filters/seccomp-empty.exp
index 03e081b34..77e8a2651 100755
--- a/test/filters/seccomp-empty.exp
+++ b/test/filters/seccomp-empty.exp
@@ -10,7 +10,11 @@ match_max 100000
10send -- "firejail --debug --seccomp=chmod,fchmod,fchmodat --private\r" 10send -- "firejail --debug --seccomp=chmod,fchmod,fchmodat --private\r"
11expect { 11expect {
12 timeout {puts "TESTING ERROR 0\n";exit} 12 timeout {puts "TESTING ERROR 0\n";exit}
13 "VALIDATE_ARCHITECTURE" 13 "seccomp entries in /run/firejail/mnt/seccomp"
14}
15expect {
16 timeout {puts "TESTING ERROR 0.0\n";exit}
17 "ld data.architecture"
14} 18}
15expect { 19expect {
16 timeout {puts "TESTING ERROR 0.1\n";exit} 20 timeout {puts "TESTING ERROR 0.1\n";exit}
@@ -34,7 +38,7 @@ expect {
34} 38}
35expect { 39expect {
36 timeout {puts "TESTING ERROR 0.6\n";exit} 40 timeout {puts "TESTING ERROR 0.6\n";exit}
37 "RETURN_ALLOW" 41 "ret ALLOW"
38} 42}
39expect { 43expect {
40 timeout {puts "TESTING ERROR 0.7\n";exit} 44 timeout {puts "TESTING ERROR 0.7\n";exit}
@@ -48,7 +52,11 @@ puts "\n"
48send -- "firejail --debug --seccomp.drop=chmod,fchmod,fchmodat --private\r" 52send -- "firejail --debug --seccomp.drop=chmod,fchmod,fchmodat --private\r"
49expect { 53expect {
50 timeout {puts "TESTING ERROR 1\n";exit} 54 timeout {puts "TESTING ERROR 1\n";exit}
51 "VALIDATE_ARCHITECTURE" 55 "seccomp entries in /run/firejail/mnt/seccomp"
56}
57expect {
58 timeout {puts "TESTING ERROR 1.0\n";exit}
59 "ld data.architecture"
52} 60}
53expect { 61expect {
54 timeout {puts "TESTING ERROR 1.1\n";exit} 62 timeout {puts "TESTING ERROR 1.1\n";exit}
@@ -66,7 +74,7 @@ expect {
66} 74}
67expect { 75expect {
68 timeout {puts "TESTING ERROR 1.6\n";exit} 76 timeout {puts "TESTING ERROR 1.6\n";exit}
69 "RETURN_ALLOW" 77 "ret ALLOW"
70} 78}
71expect { 79expect {
72 timeout {puts "TESTING ERROR 1.7\n";exit} 80 timeout {puts "TESTING ERROR 1.7\n";exit}
@@ -80,7 +88,11 @@ sleep 2
80send -- "firejail --debug --profile=seccomp.profile --private\r" 88send -- "firejail --debug --profile=seccomp.profile --private\r"
81expect { 89expect {
82 timeout {puts "TESTING ERROR 2\n";exit} 90 timeout {puts "TESTING ERROR 2\n";exit}
83 "VALIDATE_ARCHITECTURE" 91 "seccomp entries in /run/firejail/mnt/seccomp"
92}
93expect {
94 timeout {puts "TESTING ERROR 2.0\n";exit}
95 "ld data.architecture"
84} 96}
85expect { 97expect {
86 timeout {puts "TESTING ERROR 2.1\n";exit} 98 timeout {puts "TESTING ERROR 2.1\n";exit}
@@ -104,7 +116,7 @@ expect {
104} 116}
105expect { 117expect {
106 timeout {puts "TESTING ERROR 2.6\n";exit} 118 timeout {puts "TESTING ERROR 2.6\n";exit}
107 "RETURN_ALLOW" 119 "ret ALLOW"
108} 120}
109expect { 121expect {
110 timeout {puts "TESTING ERROR 2.7\n";exit} 122 timeout {puts "TESTING ERROR 2.7\n";exit}
@@ -118,7 +130,11 @@ puts "\n"
118send -- "firejail --debug --profile=seccomp-empty.profile --private\r" 130send -- "firejail --debug --profile=seccomp-empty.profile --private\r"
119expect { 131expect {
120 timeout {puts "TESTING ERROR 3\n";exit} 132 timeout {puts "TESTING ERROR 3\n";exit}
121 "VALIDATE_ARCHITECTURE" 133 "seccomp entries in /run/firejail/mnt/seccomp"
134}
135expect {
136 timeout {puts "TESTING ERROR 3.0\n";exit}
137 "ld data.architecture"
122} 138}
123expect { 139expect {
124 timeout {puts "TESTING ERROR 3.1\n";exit} 140 timeout {puts "TESTING ERROR 3.1\n";exit}
@@ -136,7 +152,7 @@ expect {
136} 152}
137expect { 153expect {
138 timeout {puts "TESTING ERROR 3.6\n";exit} 154 timeout {puts "TESTING ERROR 3.6\n";exit}
139 "RETURN_ALLOW" 155 "ret ALLOW"
140} 156}
141expect { 157expect {
142 timeout {puts "TESTING ERROR 3.7\n";exit} 158 timeout {puts "TESTING ERROR 3.7\n";exit}
@@ -145,4 +161,4 @@ expect {
145sleep 2 161sleep 2
146send -- "exit\r" 162send -- "exit\r"
147after 100 163after 100
148puts "\n" 164puts "all done\n"
diff --git a/test/filters/seccomp-errno.exp b/test/filters/seccomp-errno.exp
index eeb0824f2..458fccc4e 100755
--- a/test/filters/seccomp-errno.exp
+++ b/test/filters/seccomp-errno.exp
@@ -20,19 +20,23 @@ sleep 1
20send -- "firejail --seccomp=unlinkat:ENOENT --debug rm seccomp-test-file\r" 20send -- "firejail --seccomp=unlinkat:ENOENT --debug rm seccomp-test-file\r"
21expect { 21expect {
22 timeout {puts "TESTING ERROR 1\n";exit} 22 timeout {puts "TESTING ERROR 1\n";exit}
23 "unlinkat 2 ENOENT" 23 "seccomp entries in /run/firejail/mnt/seccomp"
24}
25expect {
26 timeout {puts "TESTING ERROR 2\n";exit}
27 "ret ERRNO(2)"
24} 28}
25sleep 1 29sleep 1
26 30
27send -- "firejail --seccomp=unlinkat:ENOENT,mkdir:ENOENT\r" 31send -- "firejail --seccomp=unlinkat:ENOENT,mkdir:ENOENT\r"
28expect { 32expect {
29 timeout {puts "TESTING ERROR 2\n";exit} 33 timeout {puts "TESTING ERROR 3\n";exit}
30 "Child process initialized" 34 "Child process initialized"
31} 35}
32sleep 1 36sleep 1
33send -- "rm seccomp-test-file\r" 37send -- "rm seccomp-test-file\r"
34expect { 38expect {
35 timeout {puts "TESTING ERROR 3\n";exit} 39 timeout {puts "TESTING ERROR 4\n";exit}
36 "No such file or directory" 40 "No such file or directory"
37} 41}
38after 100 42after 100
@@ -40,7 +44,7 @@ puts "\n"
40 44
41send -- "mkdir seccomp-test-dir\r" 45send -- "mkdir seccomp-test-dir\r"
42expect { 46expect {
43 timeout {puts "TESTING ERROR 4\n";exit} 47 timeout {puts "TESTING ERROR 5\n";exit}
44 "No such file or directory" 48 "No such file or directory"
45} 49}
46after 100 50after 100
diff --git a/test/profiles/profile_syntax2.exp b/test/profiles/profile_syntax2.exp
index 5726c0408..07d486637 100755
--- a/test/profiles/profile_syntax2.exp
+++ b/test/profiles/profile_syntax2.exp
@@ -31,15 +31,11 @@ expect {
31} 31}
32expect { 32expect {
33 timeout {puts "TESTING ERROR 5\n";exit} 33 timeout {puts "TESTING ERROR 5\n";exit}
34 "SECCOMP Filter" 34 "seccomp entries in /run/firejail/mnt/seccomp"
35}
36expect {
37 timeout {puts "TESTING ERROR 6\n";exit}
38 "BLACKLIST"
39} 35}
40expect { 36expect {
41 timeout {puts "TESTING ERROR 7\n";exit} 37 timeout {puts "TESTING ERROR 7\n";exit}
42 "mount" 38 "jeq mount"
43} 39}
44expect { 40expect {
45 timeout {puts "TESTING ERROR 8\n";exit} 41 timeout {puts "TESTING ERROR 8\n";exit}
diff --git a/test/utils/seccomp-print.exp b/test/utils/seccomp-print.exp
index b3ab5e13c..930df1517 100755
--- a/test/utils/seccomp-print.exp
+++ b/test/utils/seccomp-print.exp
@@ -18,19 +18,19 @@ spawn $env(SHELL)
18send -- "firejail --seccomp.print=test\r" 18send -- "firejail --seccomp.print=test\r"
19expect { 19expect {
20 timeout {puts "TESTING ERROR 1\n";exit} 20 timeout {puts "TESTING ERROR 1\n";exit}
21 "EXAMINE_SYSCAL" 21 "ld data.syscall-number"
22} 22}
23expect { 23expect {
24 timeout {puts "TESTING ERROR 2\n";exit} 24 timeout {puts "TESTING ERROR 2\n";exit}
25 "delete_module" 25 "jeq delete_module"
26} 26}
27expect { 27expect {
28 timeout {puts "TESTING ERROR 3\n";exit} 28 timeout {puts "TESTING ERROR 3\n";exit}
29 "init_module" 29 "jeq init_module"
30} 30}
31expect { 31expect {
32 timeout {puts "TESTING ERROR 4\n";exit} 32 timeout {puts "TESTING ERROR 4\n";exit}
33 "RETURN_ALLOW" 33 "ret ALLOW"
34} 34}
35after 100 35after 100
36puts "\nall done\n" 36puts "\nall done\n"
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-03 11:57:59 +0000