diff options
author | 2018-07-27 12:56:41 -0400 | |
---|---|---|
committer | 2018-07-27 12:56:41 -0400 | |
commit | 3cf75fe9a34c0bb579502b106649a1fc58d39f35 (patch) | |
tree | 3c696691a48205e6c73987f562bcc7a80aac69e4 /test | |
parent | compile time marker for LTS code (diff) | |
download | firejail-3cf75fe9a34c0bb579502b106649a1fc58d39f35.tar.gz firejail-3cf75fe9a34c0bb579502b106649a1fc58d39f35.tar.zst firejail-3cf75fe9a34c0bb579502b106649a1fc58d39f35.zip |
phase 1
Diffstat (limited to 'test')
43 files changed, 0 insertions, 3193 deletions
diff --git a/test/apps-x11-xorg/apps-x11-xorg.sh b/test/apps-x11-xorg/apps-x11-xorg.sh deleted file mode 100755 index ea07d3713..000000000 --- a/test/apps-x11-xorg/apps-x11-xorg.sh +++ /dev/null | |||
@@ -1,34 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | which firefox 2>/dev/null | ||
10 | if [ "$?" -eq 0 ]; | ||
11 | then | ||
12 | echo "TESTING: firefox x11 xorg" | ||
13 | ./firefox.exp | ||
14 | else | ||
15 | echo "TESTING SKIP: firefox not found" | ||
16 | fi | ||
17 | |||
18 | which transmission-gtk 2>/dev/null | ||
19 | if [ "$?" -eq 0 ]; | ||
20 | then | ||
21 | echo "TESTING: transmission-gtk x11 xorg" | ||
22 | ./transmission-gtk.exp | ||
23 | else | ||
24 | echo "TESTING SKIP: transmission-gtk not found" | ||
25 | fi | ||
26 | |||
27 | which thunderbird 2>/dev/null | ||
28 | if [ "$?" -eq 0 ]; | ||
29 | then | ||
30 | echo "TESTING: thunderbird x11 xorg" | ||
31 | ./thunderbird.exp | ||
32 | else | ||
33 | echo "TESTING SKIP: thunderbird not found" | ||
34 | fi | ||
diff --git a/test/apps-x11-xorg/firefox.exp b/test/apps-x11-xorg/firefox.exp deleted file mode 100755 index 10575b277..000000000 --- a/test/apps-x11-xorg/firefox.exp +++ /dev/null | |||
@@ -1,90 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11=xorg --ignore=net --ignore=netfilter --ignore=iprange firefox -no-remote www.gentoo.org\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "firefox" {puts "firefox detected\n";} | ||
22 | "iceweasel" {puts "iceweasel detected\n";} | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
26 | "no-remote" | ||
27 | } | ||
28 | sleep 1 | ||
29 | # grsecurity exit | ||
30 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
33 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
34 | "cannot open" {puts "grsecurity not present\n"} | ||
35 | } | ||
36 | send -- "firejail --name=blablabla\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 4\n";exit} | ||
39 | "Child process initialized" | ||
40 | } | ||
41 | sleep 2 | ||
42 | |||
43 | spawn $env(SHELL) | ||
44 | send -- "firemon --seccomp --nowrap\r" | ||
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 5\n";exit} | ||
47 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
48 | " firefox" {puts "firefox detected\n";} | ||
49 | " iceweasel" {puts "iceweasel detected\n";} | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
53 | "no-remote" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
57 | "Seccomp: 2" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
61 | "name=blablabla" | ||
62 | } | ||
63 | sleep 1 | ||
64 | send -- "firemon --caps --nowrap\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6\n";exit} | ||
67 | " firefox" {puts "firefox detected\n";} | ||
68 | " iceweasel" {puts "iceweasel detected\n";} | ||
69 | } | ||
70 | expect { | ||
71 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
72 | "no-remote" | ||
73 | } | ||
74 | expect { | ||
75 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
76 | "CapBnd:" | ||
77 | } | ||
78 | expect { | ||
79 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
80 | "0000000000000000" | ||
81 | } | ||
82 | expect { | ||
83 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
84 | "name=blablabla" | ||
85 | } | ||
86 | sleep 1 | ||
87 | send -- "firejail --shutdown=test\r" | ||
88 | sleep 3 | ||
89 | |||
90 | puts "\nall done\n" | ||
diff --git a/test/apps-x11-xorg/thunderbird.exp b/test/apps-x11-xorg/thunderbird.exp deleted file mode 100755 index 6706cc321..000000000 --- a/test/apps-x11-xorg/thunderbird.exp +++ /dev/null | |||
@@ -1,85 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11=xorg --ignore=net --ignore=netfilter --ignore=iprange thunderbird\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "thunderbird" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | # grsecurity exit | ||
26 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
29 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
30 | "cannot open" {puts "grsecurity not present\n"} | ||
31 | } | ||
32 | |||
33 | send -- "firejail --name=blablabla\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4\n";exit} | ||
36 | "Child process initialized" | ||
37 | } | ||
38 | sleep 2 | ||
39 | |||
40 | spawn $env(SHELL) | ||
41 | send -- "firemon --seccomp --nowrap\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 5\n";exit} | ||
44 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
45 | ":firejail" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
49 | "thunderbird" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
53 | "Seccomp: 2" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
57 | "name=blablabla" | ||
58 | } | ||
59 | sleep 2 | ||
60 | send -- "firemon --caps --nowrap\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6\n";exit} | ||
63 | ":firejail" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
67 | "thunderbird" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | sleep 1 | ||
82 | send -- "firejail --shutdown=test\r" | ||
83 | sleep 3 | ||
84 | |||
85 | puts "\nall done\n" | ||
diff --git a/test/apps-x11-xorg/transmission-gtk.exp b/test/apps-x11-xorg/transmission-gtk.exp deleted file mode 100755 index 75c302764..000000000 --- a/test/apps-x11-xorg/transmission-gtk.exp +++ /dev/null | |||
@@ -1,85 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11=xorg --ignore=net --ignore=netfilter --ignore=iprange transmission-gtk\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "transmission-gtk" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | # grsecurity exit | ||
26 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
29 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
30 | "cannot open" {puts "grsecurity not present\n"} | ||
31 | } | ||
32 | |||
33 | send -- "firejail --name=blablabla\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4\n";exit} | ||
36 | "Child process initialized" | ||
37 | } | ||
38 | sleep 2 | ||
39 | |||
40 | spawn $env(SHELL) | ||
41 | send -- "firemon --seccomp --nowrap\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 5\n";exit} | ||
44 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
45 | ":firejail" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
49 | "transmission-gtk" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
53 | "Seccomp: 2" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
57 | "name=blablabla" | ||
58 | } | ||
59 | sleep 1 | ||
60 | send -- "firemon --caps --nowrap\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6\n";exit} | ||
63 | ":firejail" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
67 | "transmission-gtk" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | sleep 1 | ||
82 | send -- "firejail --shutdown=test\r" | ||
83 | sleep 3 | ||
84 | |||
85 | puts "\nall done\n" | ||
diff --git a/test/apps-x11/apps-x11.sh b/test/apps-x11/apps-x11.sh deleted file mode 100755 index c12b11f3e..000000000 --- a/test/apps-x11/apps-x11.sh +++ /dev/null | |||
@@ -1,87 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | echo "TESTING: no x11 (test/apps-x11/x11-none.exp)" | ||
10 | ./x11-none.exp | ||
11 | |||
12 | |||
13 | which xterm 2>/dev/null | ||
14 | if [ "$?" -eq 0 ]; | ||
15 | then | ||
16 | echo "TESTING: xterm x11 xorg" | ||
17 | ./xterm-xorg.exp | ||
18 | |||
19 | which xpra 2>/dev/null | ||
20 | if [ "$?" -eq 0 ]; | ||
21 | then | ||
22 | echo "TESTING: xterm x11 xpra" | ||
23 | ./xterm-xpra.exp | ||
24 | fi | ||
25 | |||
26 | which Xephyr 2>/dev/null | ||
27 | if [ "$?" -eq 0 ]; | ||
28 | then | ||
29 | echo "TESTING: xterm x11 xephyr" | ||
30 | ./xterm-xephyr.exp | ||
31 | fi | ||
32 | else | ||
33 | echo "TESTING SKIP: xterm not found" | ||
34 | fi | ||
35 | |||
36 | # check xpra/xephyr | ||
37 | which xpra 2>/dev/null | ||
38 | if [ "$?" -eq 0 ]; | ||
39 | then | ||
40 | echo "xpra found" | ||
41 | else | ||
42 | echo "xpra not found" | ||
43 | which Xephyr 2>/dev/null | ||
44 | if [ "$?" -eq 0 ]; | ||
45 | then | ||
46 | echo "Xephyr found" | ||
47 | else | ||
48 | echo "TESTING SKIP: xpra and/or Xephyr not found" | ||
49 | exit | ||
50 | fi | ||
51 | fi | ||
52 | |||
53 | which firefox 2>/dev/null | ||
54 | if [ "$?" -eq 0 ]; | ||
55 | then | ||
56 | echo "TESTING: firefox x11" | ||
57 | ./firefox.exp | ||
58 | else | ||
59 | echo "TESTING SKIP: firefox not found" | ||
60 | fi | ||
61 | |||
62 | which chromium 2>/dev/null | ||
63 | if [ "$?" -eq 0 ]; | ||
64 | then | ||
65 | echo "TESTING: chromium x11" | ||
66 | ./chromium.exp | ||
67 | else | ||
68 | echo "TESTING SKIP: chromium not found" | ||
69 | fi | ||
70 | |||
71 | which transmission-gtk 2>/dev/null | ||
72 | if [ "$?" -eq 0 ]; | ||
73 | then | ||
74 | echo "TESTING: transmission-gtk x11" | ||
75 | ./transmission-gtk.exp | ||
76 | else | ||
77 | echo "TESTING SKIP: transmission-gtk not found" | ||
78 | fi | ||
79 | |||
80 | which thunderbird 2>/dev/null | ||
81 | if [ "$?" -eq 0 ]; | ||
82 | then | ||
83 | echo "TESTING: thunderbird x11" | ||
84 | ./thunderbird.exp | ||
85 | else | ||
86 | echo "TESTING SKIP: thunderbird not found" | ||
87 | fi | ||
diff --git a/test/apps-x11/chromium.exp b/test/apps-x11/chromium.exp deleted file mode 100755 index f72b86dde..000000000 --- a/test/apps-x11/chromium.exp +++ /dev/null | |||
@@ -1,85 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11 chromium www.gentoo.org\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "chromium" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | # grsecurity exit | ||
26 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
29 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
30 | "cannot open" {puts "grsecurity not present\n"} | ||
31 | } | ||
32 | send -- "firejail --name=blablabla\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 4\n";exit} | ||
35 | "Child process initialized" | ||
36 | } | ||
37 | sleep 2 | ||
38 | |||
39 | spawn $env(SHELL) | ||
40 | send -- "firemon --seccomp\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 5\n";exit} | ||
43 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
44 | ":firejail" | ||
45 | } | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
48 | "chromium" | ||
49 | } | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
52 | "Seccomp: 0" | ||
53 | } | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
56 | "name=blablabla" | ||
57 | } | ||
58 | sleep 1 | ||
59 | send -- "firemon --caps\r" | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 6\n";exit} | ||
62 | ":firejail" | ||
63 | } | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
66 | "chromium" | ||
67 | } | ||
68 | expect { | ||
69 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
70 | "CapBnd:" | ||
71 | } | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
74 | "00240000" | ||
75 | } | ||
76 | expect { | ||
77 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
78 | "name=blablabla" | ||
79 | } | ||
80 | sleep 1 | ||
81 | send -- "firejail --shutdown=test\r" | ||
82 | sleep 3 | ||
83 | |||
84 | |||
85 | puts "\nall done\n" | ||
diff --git a/test/apps-x11/firefox.exp b/test/apps-x11/firefox.exp deleted file mode 100755 index 8021042e5..000000000 --- a/test/apps-x11/firefox.exp +++ /dev/null | |||
@@ -1,90 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11 firefox -no-remote www.gentoo.org\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "firefox" {puts "firefox detected\n";} | ||
22 | "iceweasel" {puts "iceweasel detected\n";} | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
26 | "no-remote" | ||
27 | } | ||
28 | sleep 1 | ||
29 | # grsecurity exit | ||
30 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
33 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
34 | "cannot open" {puts "grsecurity not present\n"} | ||
35 | } | ||
36 | send -- "firejail --name=blablabla\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 4\n";exit} | ||
39 | "Child process initialized" | ||
40 | } | ||
41 | sleep 2 | ||
42 | |||
43 | spawn $env(SHELL) | ||
44 | send -- "firemon --seccomp\r" | ||
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 5\n";exit} | ||
47 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
48 | " firefox" {puts "firefox detected\n";} | ||
49 | " iceweasel" {puts "iceweasel detected\n";} | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
53 | "no-remote" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
57 | "Seccomp: 2" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
61 | "name=blablabla" | ||
62 | } | ||
63 | sleep 1 | ||
64 | send -- "firemon --caps\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6\n";exit} | ||
67 | " firefox" {puts "firefox detected\n";} | ||
68 | " iceweasel" {puts "iceweasel detected\n";} | ||
69 | } | ||
70 | expect { | ||
71 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
72 | "no-remote" | ||
73 | } | ||
74 | expect { | ||
75 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
76 | "CapBnd:" | ||
77 | } | ||
78 | expect { | ||
79 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
80 | "0000000000000000" | ||
81 | } | ||
82 | expect { | ||
83 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
84 | "name=blablabla" | ||
85 | } | ||
86 | sleep 1 | ||
87 | send -- "firejail --shutdown=test\r" | ||
88 | sleep 3 | ||
89 | |||
90 | puts "\nall done\n" | ||
diff --git a/test/apps-x11/thunderbird.exp b/test/apps-x11/thunderbird.exp deleted file mode 100755 index 5994ab15e..000000000 --- a/test/apps-x11/thunderbird.exp +++ /dev/null | |||
@@ -1,85 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11 thunderbird\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "thunderbird" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | # grsecurity exit | ||
26 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
29 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
30 | "cannot open" {puts "grsecurity not present\n"} | ||
31 | } | ||
32 | |||
33 | send -- "firejail --name=blablabla\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4\n";exit} | ||
36 | "Child process initialized" | ||
37 | } | ||
38 | sleep 2 | ||
39 | |||
40 | spawn $env(SHELL) | ||
41 | send -- "firemon --seccomp\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 5\n";exit} | ||
44 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
45 | ":firejail" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
49 | "thunderbird" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
53 | "Seccomp: 2" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
57 | "name=blablabla" | ||
58 | } | ||
59 | sleep 2 | ||
60 | send -- "firemon --caps\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6\n";exit} | ||
63 | ":firejail" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
67 | "thunderbird" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | sleep 1 | ||
82 | send -- "firejail --shutdown=test\r" | ||
83 | sleep 3 | ||
84 | |||
85 | puts "\nall done\n" | ||
diff --git a/test/apps-x11/transmission-gtk.exp b/test/apps-x11/transmission-gtk.exp deleted file mode 100755 index 48c685cf0..000000000 --- a/test/apps-x11/transmission-gtk.exp +++ /dev/null | |||
@@ -1,85 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11 transmission-gtk\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "transmission-gtk" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | # grsecurity exit | ||
26 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
29 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
30 | "cannot open" {puts "grsecurity not present\n"} | ||
31 | } | ||
32 | |||
33 | send -- "firejail --name=blablabla\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4\n";exit} | ||
36 | "Child process initialized" | ||
37 | } | ||
38 | sleep 2 | ||
39 | |||
40 | spawn $env(SHELL) | ||
41 | send -- "firemon --seccomp\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 5\n";exit} | ||
44 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
45 | ":firejail" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
49 | "transmission-gtk" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
53 | "Seccomp: 2" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
57 | "name=blablabla" | ||
58 | } | ||
59 | sleep 1 | ||
60 | send -- "firemon --caps\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6\n";exit} | ||
63 | ":firejail" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
67 | "transmission-gtk" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | sleep 1 | ||
82 | send -- "firejail --shutdown=test\r" | ||
83 | sleep 3 | ||
84 | |||
85 | puts "\nall done\n" | ||
diff --git a/test/apps-x11/x11-none.exp b/test/apps-x11/x11-none.exp deleted file mode 100755 index e6e515966..000000000 --- a/test/apps-x11/x11-none.exp +++ /dev/null | |||
@@ -1,47 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11=none\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "use network namespace in firejail" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "firejail --name=test --net=none --x11=none\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "Child process initialized" | ||
21 | } | ||
22 | sleep 1 | ||
23 | |||
24 | send -- "ls -al /tmp/.X11-unix\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "cannot open directory" | ||
28 | } | ||
29 | after 100 | ||
30 | |||
31 | send -- "xterm\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 3\n";exit} | ||
34 | "DISPLAY is not set" | ||
35 | } | ||
36 | after 100 | ||
37 | |||
38 | send -- "export DISPLAY=:0.0\r" | ||
39 | after 100 | ||
40 | send -- "xterm\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 4\n";exit} | ||
43 | "Xt error" | ||
44 | } | ||
45 | after 100 | ||
46 | |||
47 | puts "\nall done\n" | ||
diff --git a/test/apps-x11/x11-xephyr.exp b/test/apps-x11/x11-xephyr.exp deleted file mode 100755 index 68f981096..000000000 --- a/test/apps-x11/x11-xephyr.exp +++ /dev/null | |||
@@ -1,58 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11=xephyr xterm\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | |||
16 | exit | ||
17 | |||
18 | |||
19 | sleep 5 | ||
20 | |||
21 | |||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 0\n";exit} | ||
24 | "use network namespace in firejail" | ||
25 | } | ||
26 | sleep 1 | ||
27 | |||
28 | send -- "firejail --name=test --net=none --x11=none\r" | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 1\n";exit} | ||
31 | "Child process initialized" | ||
32 | } | ||
33 | sleep 1 | ||
34 | |||
35 | send -- "ls -al /tmp/.X11-unix\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 2\n";exit} | ||
38 | "cannot open directory" | ||
39 | } | ||
40 | after 100 | ||
41 | |||
42 | send -- "xterm\r" | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 3\n";exit} | ||
45 | "DISPLAY is not set" | ||
46 | } | ||
47 | after 100 | ||
48 | |||
49 | send -- "export DISPLAY=:0.0\r" | ||
50 | after 100 | ||
51 | send -- "xterm\r" | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 4\n";exit} | ||
54 | "Xt error" | ||
55 | } | ||
56 | after 100 | ||
57 | |||
58 | puts "\nall done\n" | ||
diff --git a/test/apps-x11/xterm-xephyr.exp b/test/apps-x11/xterm-xephyr.exp deleted file mode 100755 index 63fa03fbb..000000000 --- a/test/apps-x11/xterm-xephyr.exp +++ /dev/null | |||
@@ -1,85 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11=xephyr xterm\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "xterm" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | # grsecurity exit | ||
26 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
29 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
30 | "cannot open" {puts "grsecurity not present\n"} | ||
31 | } | ||
32 | |||
33 | send -- "firejail --name=blablabla\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4\n";exit} | ||
36 | "Child process initialized" | ||
37 | } | ||
38 | sleep 2 | ||
39 | |||
40 | spawn $env(SHELL) | ||
41 | send -- "firemon --seccomp\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 5\n";exit} | ||
44 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
45 | ":firejail" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
49 | "xterm" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
53 | "Seccomp: 2" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
57 | "name=blablabla" | ||
58 | } | ||
59 | sleep 1 | ||
60 | send -- "firemon --caps\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6\n";exit} | ||
63 | ":firejail" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
67 | "xterm" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | sleep 1 | ||
82 | send -- "firejail --shutdown=test\r" | ||
83 | sleep 3 | ||
84 | |||
85 | puts "\nall done\n" | ||
diff --git a/test/apps-x11/xterm-xorg.exp b/test/apps-x11/xterm-xorg.exp deleted file mode 100755 index a31925383..000000000 --- a/test/apps-x11/xterm-xorg.exp +++ /dev/null | |||
@@ -1,85 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11=xorg xterm\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "xterm" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | # grsecurity exit | ||
26 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
29 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
30 | "cannot open" {puts "grsecurity not present\n"} | ||
31 | } | ||
32 | |||
33 | send -- "firejail --name=blablabla\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4\n";exit} | ||
36 | "Child process initialized" | ||
37 | } | ||
38 | sleep 2 | ||
39 | |||
40 | spawn $env(SHELL) | ||
41 | send -- "firemon --seccomp\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 5\n";exit} | ||
44 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
45 | ":firejail" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
49 | "xterm" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
53 | "Seccomp: 2" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
57 | "name=blablabla" | ||
58 | } | ||
59 | sleep 1 | ||
60 | send -- "firemon --caps\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6\n";exit} | ||
63 | ":firejail" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
67 | "xterm" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | sleep 1 | ||
82 | send -- "firejail --shutdown=test\r" | ||
83 | sleep 3 | ||
84 | |||
85 | puts "\nall done\n" | ||
diff --git a/test/apps-x11/xterm-xpra.exp b/test/apps-x11/xterm-xpra.exp deleted file mode 100755 index 8830bb003..000000000 --- a/test/apps-x11/xterm-xpra.exp +++ /dev/null | |||
@@ -1,97 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11=xpra xterm\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "xterm" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | # grsecurity exit | ||
26 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
29 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
30 | "cannot open" {puts "grsecurity not present\n"} | ||
31 | } | ||
32 | |||
33 | send -- "firejail --name=blablabla\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4\n";exit} | ||
36 | "Child process initialized" | ||
37 | } | ||
38 | sleep 2 | ||
39 | |||
40 | spawn $env(SHELL) | ||
41 | send -- "firemon --seccomp\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 5\n";exit} | ||
44 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
45 | ":firejail" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
49 | "xterm" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
53 | "Seccomp: 2" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
57 | "name=blablabla" | ||
58 | } | ||
59 | sleep 1 | ||
60 | send -- "firemon --caps\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6\n";exit} | ||
63 | ":firejail" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
67 | "xterm" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | sleep 1 | ||
82 | |||
83 | send -- "firemon --x11\r" | ||
84 | expect { | ||
85 | timeout {puts "TESTING ERROR 7\n";exit} | ||
86 | "name=test xterm" | ||
87 | } | ||
88 | expect { | ||
89 | timeout {puts "TESTING ERROR 7.1\n";exit} | ||
90 | "DISPLAY" | ||
91 | } | ||
92 | sleep 1 | ||
93 | |||
94 | send -- "firejail --shutdown=test\r" | ||
95 | sleep 3 | ||
96 | |||
97 | puts "\nall done\n" | ||
diff --git a/test/chroot/chroot.sh b/test/chroot/chroot.sh deleted file mode 100755 index 0f0fdab22..000000000 --- a/test/chroot/chroot.sh +++ /dev/null | |||
@@ -1,21 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | rm -f unchroot | ||
10 | gcc -o unchroot unchroot.c | ||
11 | sudo ./configure | ||
12 | |||
13 | echo "TESTING: chroot (test/chroot/fs_chroot.exp)" | ||
14 | ./fs_chroot.exp | ||
15 | |||
16 | echo "TESTING: unchroot as root (test/chroot/unchroot-as-root.exp)" | ||
17 | sudo ./unchroot-as-root.exp | ||
18 | |||
19 | |||
20 | |||
21 | rm -f unchroot | ||
diff --git a/test/chroot/configure b/test/chroot/configure deleted file mode 100755 index 26a516931..000000000 --- a/test/chroot/configure +++ /dev/null | |||
@@ -1,46 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | # build a very small chroot | ||
4 | ROOTDIR="/tmp/chroot" # default chroot directory | ||
5 | DEFAULT_FILES="/bin/bash /bin/sh " # basic chroot files | ||
6 | DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group " | ||
7 | DEFAULT_FILES+=`find /lib -name libnss*` # files required by glibc | ||
8 | DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /usr/bin/touch /bin/ip /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount" | ||
9 | |||
10 | rm -fr $ROOTDIR | ||
11 | mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc,sys} | ||
12 | chmod 777 $ROOTDIR/tmp | ||
13 | mkdir -p $ROOTDIR/etc/firejail | ||
14 | mkdir -p $ROOTDIR/home/netblue/.config/firejail | ||
15 | chown netblue:netblue $ROOTDIR/home/netblue | ||
16 | chown netblue:netblue $ROOTDIR/home/netblue/.config | ||
17 | cp /home/netblue/.Xauthority $ROOTDIR/home/netblue/. | ||
18 | cp -a /etc/skel $ROOTDIR/etc/. | ||
19 | mkdir $ROOTDIR/home/someotheruser | ||
20 | mkdir $ROOTDIR/boot | ||
21 | mkdir $ROOTDIR/selinux | ||
22 | cp /etc/passwd $ROOTDIR/etc/. | ||
23 | cp /etc/group $ROOTDIR/etc/. | ||
24 | cp /etc/hosts $ROOTDIR/etc/. | ||
25 | cp /etc/hostname $ROOTDIR/etc/. | ||
26 | mkdir -p $ROOTDIR/usr/lib/x86_64-linux-gnu | ||
27 | cp -a /usr/lib/x86_64-linux-gnu/openssl-1.0.0 $ROOTDIR/usr/lib/x86_64-linux-gnu/. | ||
28 | cp -a /usr/lib/ssl $ROOTDIR/usr/lib/. | ||
29 | touch $ROOTDIR/var/log/syslog | ||
30 | touch $ROOTDIR/var/tmp/somefile | ||
31 | SORTED=`for FILE in $* $DEFAULT_FILES; do echo " $FILE "; ldd $FILE | grep -v dynamic | cut -d " " -f 3; done | sort -u` | ||
32 | for FILE in $SORTED | ||
33 | do | ||
34 | cp --parents $FILE $ROOTDIR | ||
35 | done | ||
36 | cp --parents /lib64/ld-linux-x86-64.so.2 $ROOTDIR | ||
37 | cp --parents /lib/ld-linux.so.2 $ROOTDIR | ||
38 | cp unchroot $ROOTDIR/. | ||
39 | touch $ROOTDIR/this-is-my-chroot | ||
40 | |||
41 | cd $ROOTDIR; find . | ||
42 | mkdir -p usr/lib/firejail/ | ||
43 | cp /usr/lib/firejail/libtrace.so usr/lib/firejail/. | ||
44 | |||
45 | |||
46 | echo "To enter the chroot directory run: firejail --chroot=$ROOTDIR" | ||
diff --git a/test/chroot/fs_chroot.exp b/test/chroot/fs_chroot.exp deleted file mode 100755 index a071027e5..000000000 --- a/test/chroot/fs_chroot.exp +++ /dev/null | |||
@@ -1,61 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --chroot=/tmp/chroot\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Error: --chroot option is not available on Grsecurity systems" {puts "\nall done\n"; exit} | ||
11 | "Child process initialized" {puts "chroot available\n"}; | ||
12 | } | ||
13 | sleep 1 | ||
14 | |||
15 | send -- "cd /home;pwd\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
18 | "home" | ||
19 | } | ||
20 | sleep 1 | ||
21 | send -- "bash\r" | ||
22 | sleep 1 | ||
23 | send -- "ls /\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 0.2\n";exit} | ||
26 | "this-is-my-chroot" | ||
27 | } | ||
28 | after 100 | ||
29 | |||
30 | send -- "ps aux\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 1\n";exit} | ||
33 | "/bin/bash" | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 2\n";exit} | ||
37 | "bash" | ||
38 | } | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 3\n";exit} | ||
41 | "ps aux" | ||
42 | } | ||
43 | after 100 | ||
44 | |||
45 | send -- "ps aux | wc -l; pwd\r" | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 5\n";exit} | ||
48 | "6" | ||
49 | } | ||
50 | after 100 | ||
51 | |||
52 | # check /sys directory | ||
53 | send -- "ls /sys\r" | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 6\n";exit} | ||
56 | "block" | ||
57 | } | ||
58 | after 100 | ||
59 | |||
60 | |||
61 | puts "all done\n" | ||
diff --git a/test/chroot/unchroot-as-root.exp b/test/chroot/unchroot-as-root.exp deleted file mode 100755 index e4bedd539..000000000 --- a/test/chroot/unchroot-as-root.exp +++ /dev/null | |||
@@ -1,26 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --chroot=/tmp/chroot\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Error: --chroot option is not available on Grsecurity systems" {puts "\nall done\n"; exit} | ||
11 | "Child process initialized" {puts "chroot available\n"}; | ||
12 | } | ||
13 | sleep 1 | ||
14 | |||
15 | send -- "cd /\r" | ||
16 | after 100 | ||
17 | |||
18 | |||
19 | send -- "./unchroot\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "Bad system call" | ||
23 | } | ||
24 | after 100 | ||
25 | |||
26 | puts "all done\n" | ||
diff --git a/test/chroot/unchroot.c b/test/chroot/unchroot.c deleted file mode 100644 index 4919637d6..000000000 --- a/test/chroot/unchroot.c +++ /dev/null | |||
@@ -1,40 +0,0 @@ | |||
1 | // simple unchroot example from http://linux-vserver.org/Secure_chroot_Barrier | ||
2 | #include <unistd.h> | ||
3 | #include <stdlib.h> | ||
4 | #include <stdio.h> | ||
5 | #include <sys/types.h> | ||
6 | #include <sys/stat.h> | ||
7 | |||
8 | void die(char *msg) { | ||
9 | perror(msg); | ||
10 | exit(1); | ||
11 | } | ||
12 | |||
13 | int main(int argc, char *argv[]) | ||
14 | { | ||
15 | int i; | ||
16 | |||
17 | if (chdir("/") != 0) | ||
18 | die("chdir(/)"); | ||
19 | |||
20 | if (mkdir("baz", 0777) != 0) | ||
21 | ; //die("mkdir(baz)"); | ||
22 | |||
23 | if (chroot("baz") != 0) | ||
24 | die("chroot(baz)"); | ||
25 | |||
26 | for (i=0; i<50; i++) { | ||
27 | if (chdir("..") != 0) | ||
28 | die("chdir(..)"); | ||
29 | } | ||
30 | |||
31 | if (chroot(".") != 0) | ||
32 | die("chroot(.)"); | ||
33 | |||
34 | printf("Exploit seems to work. =)\n"); | ||
35 | |||
36 | execl("/bin/bash", "bash", "-i", (char *)0); | ||
37 | die("exec bash"); | ||
38 | |||
39 | exit(0); | ||
40 | } | ||
diff --git a/test/overlay/firefox-x11-xorg.exp b/test/overlay/firefox-x11-xorg.exp deleted file mode 100755 index ec24b23af..000000000 --- a/test/overlay/firefox-x11-xorg.exp +++ /dev/null | |||
@@ -1,89 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --overlay --name=test --x11=xorg firefox -no-remote www.gentoo.org\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "firefox" {puts "firefox detected\n";} | ||
22 | "iceweasel" {puts "iceweasel detected\n";} | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
26 | "no-remote" | ||
27 | } | ||
28 | sleep 1 | ||
29 | # grsecurity exit | ||
30 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
33 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
34 | "cannot open" {puts "grsecurity not present\n"} | ||
35 | } | ||
36 | send -- "firejail --overlay --name=blablabla\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 4\n";exit} | ||
39 | "Child process initialized" | ||
40 | } | ||
41 | sleep 2 | ||
42 | |||
43 | spawn $env(SHELL) | ||
44 | send -- "firemon --seccomp\r" | ||
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 5\n";exit} | ||
47 | " firefox" {puts "firefox detected\n";} | ||
48 | " iceweasel" {puts "iceweasel detected\n";} | ||
49 | } | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
52 | "no-remote" | ||
53 | } | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
56 | "Seccomp: 2" | ||
57 | } | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
60 | "name=blablabla" | ||
61 | } | ||
62 | sleep 1 | ||
63 | send -- "firemon --caps\r" | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 6\n";exit} | ||
66 | " firefox" {puts "firefox detected\n";} | ||
67 | " iceweasel" {puts "iceweasel detected\n";} | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
71 | "no-remote" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
75 | "CapBnd:" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
79 | "0000000000000000" | ||
80 | } | ||
81 | expect { | ||
82 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
83 | "name=blablabla" | ||
84 | } | ||
85 | sleep 1 | ||
86 | send -- "firejail --shutdown=test\r" | ||
87 | sleep 3 | ||
88 | |||
89 | puts "\nall done\n" | ||
diff --git a/test/overlay/firefox-x11.exp b/test/overlay/firefox-x11.exp deleted file mode 100755 index 1b7034af0..000000000 --- a/test/overlay/firefox-x11.exp +++ /dev/null | |||
@@ -1,89 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --overlay --name=test --x11 firefox -no-remote www.gentoo.org\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "firefox" {puts "firefox detected\n";} | ||
22 | "iceweasel" {puts "iceweasel detected\n";} | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
26 | "no-remote" | ||
27 | } | ||
28 | sleep 1 | ||
29 | # grsecurity exit | ||
30 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
33 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
34 | "cannot open" {puts "grsecurity not present\n"} | ||
35 | } | ||
36 | send -- "firejail --name=blablabla --overlay\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 4\n";exit} | ||
39 | "Child process initialized" | ||
40 | } | ||
41 | sleep 2 | ||
42 | |||
43 | spawn $env(SHELL) | ||
44 | send -- "firemon --seccomp\r" | ||
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 5\n";exit} | ||
47 | " firefox" {puts "firefox detected\n";} | ||
48 | " iceweasel" {puts "iceweasel detected\n";} | ||
49 | } | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
52 | "no-remote" | ||
53 | } | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
56 | "Seccomp: 2" | ||
57 | } | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
60 | "name=blablabla" | ||
61 | } | ||
62 | sleep 1 | ||
63 | send -- "firemon --caps\r" | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 6\n";exit} | ||
66 | " firefox" {puts "firefox detected\n";} | ||
67 | " iceweasel" {puts "iceweasel detected\n";} | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
71 | "no-remote" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
75 | "CapBnd:" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
79 | "0000000000000000" | ||
80 | } | ||
81 | expect { | ||
82 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
83 | "name=blablabla" | ||
84 | } | ||
85 | sleep 1 | ||
86 | send -- "firejail --shutdown=test\r" | ||
87 | sleep 3 | ||
88 | |||
89 | puts "\nall done\n" | ||
diff --git a/test/overlay/firefox.exp b/test/overlay/firefox.exp deleted file mode 100755 index 5bdd6751f..000000000 --- a/test/overlay/firefox.exp +++ /dev/null | |||
@@ -1,98 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --overlay firefox -no-remote www.gentoo.org\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Reading profile /etc/firejail/firefox.profile" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 10 | ||
20 | |||
21 | spawn $env(SHELL) | ||
22 | send -- "firejail --list\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | ":firejail" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
29 | "firefox" {puts "firefox detected\n";} | ||
30 | "iceweasel" {puts "iceweasel detected\n";} | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
34 | "no-remote" | ||
35 | } | ||
36 | after 100 | ||
37 | |||
38 | # grsecurity exit | ||
39 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
42 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
43 | "cannot open" {puts "grsecurity not present\n"} | ||
44 | } | ||
45 | |||
46 | |||
47 | send -- "firejail --name=blablabla --overlay\r" | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 4\n";exit} | ||
50 | "Child process initialized" | ||
51 | } | ||
52 | sleep 2 | ||
53 | |||
54 | spawn $env(SHELL) | ||
55 | send -- "firemon --seccomp\r" | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 5\n";exit} | ||
58 | " firefox" {puts "firefox detected\n";} | ||
59 | " iceweasel" {puts "iceweasel detected\n";} | ||
60 | } | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
63 | "no-remote" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
67 | "Seccomp: 2" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
71 | "name=blablabla" | ||
72 | } | ||
73 | after 100 | ||
74 | send -- "firemon --caps\r" | ||
75 | expect { | ||
76 | timeout {puts "TESTING ERROR 6\n";exit} | ||
77 | " firefox" {puts "firefox detected\n";} | ||
78 | " iceweasel" {puts "iceweasel detected\n";} | ||
79 | } | ||
80 | expect { | ||
81 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
82 | "no-remote" | ||
83 | } | ||
84 | expect { | ||
85 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
86 | "CapBnd:" | ||
87 | } | ||
88 | expect { | ||
89 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
90 | "0000000000000000" | ||
91 | } | ||
92 | expect { | ||
93 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
94 | "name=blablabla" | ||
95 | } | ||
96 | after 100 | ||
97 | |||
98 | puts "\nall done\n" | ||
diff --git a/test/overlay/fs-named.exp b/test/overlay/fs-named.exp deleted file mode 100755 index 0356720bc..000000000 --- a/test/overlay/fs-named.exp +++ /dev/null | |||
@@ -1,69 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --overlay-named=firejail-test\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 2\n";exit} | ||
10 | "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit} | ||
11 | "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit} | ||
12 | "Child process initialized" {puts "found\n"} | ||
13 | } | ||
14 | sleep 1 | ||
15 | send -- "stty -echo\r" | ||
16 | after 100 | ||
17 | |||
18 | send -- "echo xyzxyzxyz > ~/_firejail_test_file; echo done\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3\n";exit} | ||
21 | "done" | ||
22 | } | ||
23 | after 100 | ||
24 | |||
25 | send -- "cat ~/_firejail_test_file; echo done\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 4\n";exit} | ||
28 | "xyzxyzxyz" | ||
29 | } | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
32 | "done" | ||
33 | } | ||
34 | after 100 | ||
35 | |||
36 | send -- "exit\r" | ||
37 | sleep 2 | ||
38 | |||
39 | send -- "cat ~/_firejail_test_file; echo done\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 5\n";exit} | ||
42 | "xyzxyzxyz" {puts "TESTING ERROR 5.1\n";exit} | ||
43 | "done" | ||
44 | } | ||
45 | after 100 | ||
46 | |||
47 | send -- "firejail --overlay-named=firejail-test\r" | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 2\n";exit} | ||
50 | "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit} | ||
51 | "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit} | ||
52 | "Child process initialized" {puts "found\n"} | ||
53 | } | ||
54 | sleep 1 | ||
55 | |||
56 | send -- "stty -echo\r" | ||
57 | after 100 | ||
58 | send -- "cat ~/_firejail_test_file; echo done\r" | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 4\n";exit} | ||
61 | "xyzxyzxyz" | ||
62 | } | ||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
65 | "done" | ||
66 | } | ||
67 | after 100 | ||
68 | |||
69 | puts "\nall done\n" | ||
diff --git a/test/overlay/fs-tmpfs.exp b/test/overlay/fs-tmpfs.exp deleted file mode 100755 index 20fa315b6..000000000 --- a/test/overlay/fs-tmpfs.exp +++ /dev/null | |||
@@ -1,67 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --overlay-clean\r" | ||
8 | after 100 | ||
9 | send -- "file ~/.firejail\r" | ||
10 | expect { | ||
11 | timeout {puts "TESTING ERROR 0\n";exit} | ||
12 | "cannot open" | ||
13 | } | ||
14 | after 100 | ||
15 | |||
16 | send -- "firejail --overlay-tmpfs\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 1\n";exit} | ||
19 | "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit} | ||
20 | "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit} | ||
21 | "Child process initialized" {puts "found\n"} | ||
22 | } | ||
23 | sleep 1 | ||
24 | send -- "stty -echo\r" | ||
25 | after 100 | ||
26 | |||
27 | send -- "echo xyzxyzxyz > ~/_firejail_test_file; echo done\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 2\n";exit} | ||
30 | "done" | ||
31 | } | ||
32 | after 100 | ||
33 | |||
34 | send -- "stty -echo\r" | ||
35 | after 100 | ||
36 | send -- "cat ~/_firejail_test_file; echo done\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 3\n";exit} | ||
39 | "xyzxyzxyz" | ||
40 | } | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 4\n";exit} | ||
43 | "done" | ||
44 | } | ||
45 | after 100 | ||
46 | |||
47 | send -- "exit\r" | ||
48 | sleep 1 | ||
49 | |||
50 | send -- "stty -echo\r" | ||
51 | after 100 | ||
52 | send -- "cat ~/_firejail_test_file; echo done\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 5\n";exit} | ||
55 | "xyzxyzxyz" {puts "TESTING ERROR 6\n";exit} | ||
56 | "done" | ||
57 | } | ||
58 | after 100 | ||
59 | |||
60 | send -- "file ~/.firejail\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 7\n";exit} | ||
63 | "cannot open" | ||
64 | } | ||
65 | after 100 | ||
66 | |||
67 | puts "\nall done\n" | ||
diff --git a/test/overlay/fs.exp b/test/overlay/fs.exp deleted file mode 100755 index 9debe6536..000000000 --- a/test/overlay/fs.exp +++ /dev/null | |||
@@ -1,59 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --overlay\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 2\n";exit} | ||
10 | "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit} | ||
11 | "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit} | ||
12 | "Child process initialized" {puts "found\n"} | ||
13 | } | ||
14 | sleep 1 | ||
15 | |||
16 | send -- "stty -echo\r" | ||
17 | after 100 | ||
18 | send -- "echo xyzxyzxyz > ~/_firejail_test_file; echo done\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3\n";exit} | ||
21 | "done" | ||
22 | } | ||
23 | after 100 | ||
24 | |||
25 | send -- "stty -echo\r" | ||
26 | after 100 | ||
27 | send -- "cat ~/_firejail_test_file; echo done\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 4\n";exit} | ||
30 | "xyzxyzxyz" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
34 | "done" | ||
35 | } | ||
36 | after 100 | ||
37 | |||
38 | send -- "exit\r" | ||
39 | sleep 2 | ||
40 | |||
41 | send -- "stty -echo\r" | ||
42 | after 100 | ||
43 | send -- "cat ~/_firejail_test_file; echo done\r" | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 5\n";exit} | ||
46 | "xyzxyzxyz" {puts "TESTING ERROR 5.1\n";exit} | ||
47 | "done" | ||
48 | } | ||
49 | after 100 | ||
50 | |||
51 | # check /sys directory | ||
52 | send -- "ls /sys\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 6\n";exit} | ||
55 | "block" | ||
56 | } | ||
57 | after 100 | ||
58 | |||
59 | puts "\nall done\n" | ||
diff --git a/test/overlay/overlay.sh b/test/overlay/overlay.sh deleted file mode 100755 index 9daf1f5f6..000000000 --- a/test/overlay/overlay.sh +++ /dev/null | |||
@@ -1,67 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | echo "TESTING: overlay fs (test/overlay/fs.exp)" | ||
10 | rm -fr ~/_firejail_test_* | ||
11 | ./fs.exp | ||
12 | rm -fr ~/_firejail_test_* | ||
13 | |||
14 | echo "TESTING: overlay named fs (test/overlay/fs-named.exp)" | ||
15 | rm -fr ~/_firejail_test_* | ||
16 | ./fs-named.exp | ||
17 | rm -fr ~/_firejail_test_* | ||
18 | |||
19 | echo "TESTING: overlay tmpfs fs (test/overlay/fs-tmpfs.exp)" | ||
20 | rm -fr ~/_firejail_test_* | ||
21 | ./fs-tmpfs.exp | ||
22 | rm -fr ~/_firejail_test_* | ||
23 | |||
24 | which firefox 2>/dev/null | ||
25 | if [ "$?" -eq 0 ]; | ||
26 | then | ||
27 | echo "TESTING: overlay firefox" | ||
28 | ./firefox.exp | ||
29 | else | ||
30 | echo "TESTING SKIP: firefox not found" | ||
31 | fi | ||
32 | |||
33 | which firefox 2>/dev/null | ||
34 | if [ "$?" -eq 0 ]; | ||
35 | then | ||
36 | echo "TESTING: overlay firefox x11 xorg" | ||
37 | ./firefox.exp | ||
38 | else | ||
39 | echo "TESTING SKIP: firefox not found" | ||
40 | fi | ||
41 | |||
42 | |||
43 | # check xpra/xephyr | ||
44 | which xpra 2>/dev/null | ||
45 | if [ "$?" -eq 0 ]; | ||
46 | then | ||
47 | echo "xpra found" | ||
48 | else | ||
49 | echo "xpra not found" | ||
50 | which Xephyr 2>/dev/null | ||
51 | if [ "$?" -eq 0 ]; | ||
52 | then | ||
53 | echo "Xephyr found" | ||
54 | else | ||
55 | echo "TESTING SKIP: xpra and/or Xephyr not found" | ||
56 | exit | ||
57 | fi | ||
58 | fi | ||
59 | |||
60 | which firefox 2>/dev/null | ||
61 | if [ "$?" -eq 0 ]; | ||
62 | then | ||
63 | echo "TESTING: overlay firefox x11" | ||
64 | ./firefox-x11.exp | ||
65 | else | ||
66 | echo "TESTING SKIP: firefox not found" | ||
67 | fi | ||
diff --git a/test/private-lib/atril.exp b/test/private-lib/atril.exp deleted file mode 100755 index 04b11a646..000000000 --- a/test/private-lib/atril.exp +++ /dev/null | |||
@@ -1,83 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail atril\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Reading profile /etc/firejail/atril.profile" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 3 | ||
20 | |||
21 | spawn $env(SHELL) | ||
22 | send -- "firejail --list\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | ":firejail" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
29 | "atril" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | # grsecurity exit | ||
34 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
37 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
38 | "cannot open" {puts "grsecurity not present\n"} | ||
39 | } | ||
40 | |||
41 | send -- "firejail --name=blablabla\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "Child process initialized" | ||
45 | } | ||
46 | sleep 2 | ||
47 | |||
48 | spawn $env(SHELL) | ||
49 | send -- "firemon --seccomp\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5\n";exit} | ||
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
53 | ":firejail atril" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
57 | "Seccomp: 2" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
61 | "name=blablabla" | ||
62 | } | ||
63 | after 100 | ||
64 | send -- "firemon --caps\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6\n";exit} | ||
67 | ":firejail atril" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd:" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | after 100 | ||
82 | |||
83 | puts "\nall done\n" | ||
diff --git a/test/private-lib/eog.exp b/test/private-lib/eog.exp deleted file mode 100755 index 1b5406add..000000000 --- a/test/private-lib/eog.exp +++ /dev/null | |||
@@ -1,83 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail eog\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Reading profile /etc/firejail/eog.profile" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 3 | ||
20 | |||
21 | spawn $env(SHELL) | ||
22 | send -- "firejail --list\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | ":firejail" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
29 | "eog" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | # grsecurity exit | ||
34 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
37 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
38 | "cannot open" {puts "grsecurity not present\n"} | ||
39 | } | ||
40 | |||
41 | send -- "firejail --name=blablabla\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "Child process initialized" | ||
45 | } | ||
46 | sleep 2 | ||
47 | |||
48 | spawn $env(SHELL) | ||
49 | send -- "firemon --seccomp\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5\n";exit} | ||
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
53 | ":firejail eog" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
57 | "Seccomp: 2" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
61 | "name=blablabla" | ||
62 | } | ||
63 | after 100 | ||
64 | send -- "firemon --caps\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6\n";exit} | ||
67 | ":firejail eog" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd:" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | after 100 | ||
82 | |||
83 | puts "\nall done\n" | ||
diff --git a/test/private-lib/eom.exp b/test/private-lib/eom.exp deleted file mode 100755 index a8b74de98..000000000 --- a/test/private-lib/eom.exp +++ /dev/null | |||
@@ -1,83 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail eom\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Reading profile /etc/firejail/eom.profile" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 3 | ||
20 | |||
21 | spawn $env(SHELL) | ||
22 | send -- "firejail --list\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | ":firejail" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
29 | "eom" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | # grsecurity exit | ||
34 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
37 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
38 | "cannot open" {puts "grsecurity not present\n"} | ||
39 | } | ||
40 | |||
41 | send -- "firejail --name=blablabla\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "Child process initialized" | ||
45 | } | ||
46 | sleep 2 | ||
47 | |||
48 | spawn $env(SHELL) | ||
49 | send -- "firemon --seccomp\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5\n";exit} | ||
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
53 | ":firejail eom" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
57 | "Seccomp: 2" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
61 | "name=blablabla" | ||
62 | } | ||
63 | after 100 | ||
64 | send -- "firemon --caps\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6\n";exit} | ||
67 | ":firejail eom" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd:" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | after 100 | ||
82 | |||
83 | puts "\nall done\n" | ||
diff --git a/test/private-lib/evince.exp b/test/private-lib/evince.exp deleted file mode 100755 index 94ed826db..000000000 --- a/test/private-lib/evince.exp +++ /dev/null | |||
@@ -1,83 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail evince\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Reading profile /etc/firejail/evince.profile" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 3 | ||
20 | |||
21 | spawn $env(SHELL) | ||
22 | send -- "firejail --list\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | ":firejail" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
29 | "evince" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | # grsecurity exit | ||
34 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
37 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
38 | "cannot open" {puts "grsecurity not present\n"} | ||
39 | } | ||
40 | |||
41 | send -- "firejail --name=blablabla\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "Child process initialized" | ||
45 | } | ||
46 | sleep 2 | ||
47 | |||
48 | spawn $env(SHELL) | ||
49 | send -- "firemon --seccomp\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5\n";exit} | ||
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
53 | ":firejail evince" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
57 | "Seccomp: 2" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
61 | "name=blablabla" | ||
62 | } | ||
63 | after 100 | ||
64 | send -- "firemon --caps\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6\n";exit} | ||
67 | ":firejail evince" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd:" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | after 100 | ||
82 | |||
83 | puts "\nall done\n" | ||
diff --git a/test/private-lib/galculator.exp b/test/private-lib/galculator.exp deleted file mode 100755 index c18c07571..000000000 --- a/test/private-lib/galculator.exp +++ /dev/null | |||
@@ -1,83 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail galculator\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Reading profile /etc/firejail/galculator.profile" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 3 | ||
20 | |||
21 | spawn $env(SHELL) | ||
22 | send -- "firejail --list\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | ":firejail" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
29 | "galculator" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | # grsecurity exit | ||
34 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
37 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
38 | "cannot open" {puts "grsecurity not present\n"} | ||
39 | } | ||
40 | |||
41 | send -- "firejail --name=blablabla\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "Child process initialized" | ||
45 | } | ||
46 | sleep 2 | ||
47 | |||
48 | spawn $env(SHELL) | ||
49 | send -- "firemon --seccomp\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5\n";exit} | ||
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
53 | ":firejail galculator" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
57 | "Seccomp: 2" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
61 | "name=blablabla" | ||
62 | } | ||
63 | after 100 | ||
64 | send -- "firemon --caps\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6\n";exit} | ||
67 | ":firejail galculator" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd:" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | after 100 | ||
82 | |||
83 | puts "\nall done\n" | ||
diff --git a/test/private-lib/gedit.exp b/test/private-lib/gedit.exp deleted file mode 100755 index 00fa934e7..000000000 --- a/test/private-lib/gedit.exp +++ /dev/null | |||
@@ -1,83 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail /usr/bin/gedit\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Reading profile /etc/firejail/gedit.profile" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 3 | ||
20 | |||
21 | spawn $env(SHELL) | ||
22 | send -- "firejail --list\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | ":firejail" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
29 | "gedit" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | # grsecurity exit | ||
34 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
37 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
38 | "cannot open" {puts "grsecurity not present\n"} | ||
39 | } | ||
40 | |||
41 | send -- "firejail --name=blablabla\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "Child process initialized" | ||
45 | } | ||
46 | sleep 2 | ||
47 | |||
48 | spawn $env(SHELL) | ||
49 | send -- "firemon --seccomp\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5\n";exit} | ||
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
53 | ":firejail /usr/bin/gedit" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
57 | "Seccomp: 2" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
61 | "name=blablabla" | ||
62 | } | ||
63 | after 100 | ||
64 | send -- "firemon --caps\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6\n";exit} | ||
67 | ":firejail /usr/bin/gedit" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd:" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | after 100 | ||
82 | |||
83 | puts "\nall done\n" | ||
diff --git a/test/private-lib/gnome-calculator.exp b/test/private-lib/gnome-calculator.exp deleted file mode 100755 index e9d2c8208..000000000 --- a/test/private-lib/gnome-calculator.exp +++ /dev/null | |||
@@ -1,85 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # gnome-calculator uses quiet at the top of the profile | ||
11 | # we need to use --ignore | ||
12 | send -- "firejail --ignore=quiet gnome-calculator\r" | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 0\n";exit} | ||
15 | "Reading profile /etc/firejail/gnome-calculator.profile" | ||
16 | } | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 1\n";exit} | ||
19 | "Child process initialized" | ||
20 | } | ||
21 | sleep 3 | ||
22 | |||
23 | spawn $env(SHELL) | ||
24 | send -- "firejail --list\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 3\n";exit} | ||
27 | ":firejail" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
31 | "gnome-calculator" | ||
32 | } | ||
33 | after 100 | ||
34 | |||
35 | # grsecurity exit | ||
36 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
39 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
40 | "cannot open" {puts "grsecurity not present\n"} | ||
41 | } | ||
42 | |||
43 | send -- "firejail --name=blablabla\r" | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 4\n";exit} | ||
46 | "Child process initialized" | ||
47 | } | ||
48 | sleep 2 | ||
49 | |||
50 | spawn $env(SHELL) | ||
51 | send -- "firemon --seccomp\r" | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 5\n";exit} | ||
54 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
55 | ":firejail --ignore=quiet gnome-calculator" | ||
56 | } | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
59 | "Seccomp: 2" | ||
60 | } | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
63 | "name=blablabla" | ||
64 | } | ||
65 | after 100 | ||
66 | send -- "firemon --caps\r" | ||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 6\n";exit} | ||
69 | ":firejail --ignore=quiet gnome-calculator" | ||
70 | } | ||
71 | expect { | ||
72 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
73 | "CapBnd:" | ||
74 | } | ||
75 | expect { | ||
76 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
77 | "0000000000000000" | ||
78 | } | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
81 | "name=blablabla" | ||
82 | } | ||
83 | after 100 | ||
84 | |||
85 | puts "\nall done\n" | ||
diff --git a/test/private-lib/gpicview.exp b/test/private-lib/gpicview.exp deleted file mode 100755 index 8d36a9d11..000000000 --- a/test/private-lib/gpicview.exp +++ /dev/null | |||
@@ -1,83 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail gpicview\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Reading profile /etc/firejail/gpicview.profile" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 3 | ||
20 | |||
21 | spawn $env(SHELL) | ||
22 | send -- "firejail --list\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | ":firejail" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
29 | "gpicview" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | # grsecurity exit | ||
34 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
37 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
38 | "cannot open" {puts "grsecurity not present\n"} | ||
39 | } | ||
40 | |||
41 | send -- "firejail --name=blablabla\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "Child process initialized" | ||
45 | } | ||
46 | sleep 2 | ||
47 | |||
48 | spawn $env(SHELL) | ||
49 | send -- "firemon --seccomp\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5\n";exit} | ||
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
53 | ":firejail gpicview" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
57 | "Seccomp: 2" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
61 | "name=blablabla" | ||
62 | } | ||
63 | after 100 | ||
64 | send -- "firemon --caps\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6\n";exit} | ||
67 | ":firejail gpicview" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd:" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | after 100 | ||
82 | |||
83 | puts "\nall done\n" | ||
diff --git a/test/private-lib/leafpad.exp b/test/private-lib/leafpad.exp deleted file mode 100755 index 2a1b07f94..000000000 --- a/test/private-lib/leafpad.exp +++ /dev/null | |||
@@ -1,83 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail leafpad\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Reading profile /etc/firejail/leafpad.profile" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 3 | ||
20 | |||
21 | spawn $env(SHELL) | ||
22 | send -- "firejail --list\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | ":firejail" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
29 | "leafpad" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | # grsecurity exit | ||
34 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
37 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
38 | "cannot open" {puts "grsecurity not present\n"} | ||
39 | } | ||
40 | |||
41 | send -- "firejail --name=blablabla\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "Child process initialized" | ||
45 | } | ||
46 | sleep 2 | ||
47 | |||
48 | spawn $env(SHELL) | ||
49 | send -- "firemon --seccomp\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5\n";exit} | ||
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
53 | ":firejail leafpad" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
57 | "Seccomp: 2" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
61 | "name=blablabla" | ||
62 | } | ||
63 | after 100 | ||
64 | send -- "firemon --caps\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6\n";exit} | ||
67 | ":firejail leafpad" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd:" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | after 100 | ||
82 | |||
83 | puts "\nall done\n" | ||
diff --git a/test/private-lib/mousepad.exp b/test/private-lib/mousepad.exp deleted file mode 100755 index 2e8f5e92b..000000000 --- a/test/private-lib/mousepad.exp +++ /dev/null | |||
@@ -1,83 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail mousepad\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Reading profile /etc/firejail/mousepad.profile" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 3 | ||
20 | |||
21 | spawn $env(SHELL) | ||
22 | send -- "firejail --list\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | ":firejail" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
29 | "mousepad" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | # grsecurity exit | ||
34 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
37 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
38 | "cannot open" {puts "grsecurity not present\n"} | ||
39 | } | ||
40 | |||
41 | send -- "firejail --name=blablabla\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "Child process initialized" | ||
45 | } | ||
46 | sleep 2 | ||
47 | |||
48 | spawn $env(SHELL) | ||
49 | send -- "firemon --seccomp\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5\n";exit} | ||
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
53 | ":firejail mousepad" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
57 | "Seccomp: 2" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
61 | "name=blablabla" | ||
62 | } | ||
63 | after 100 | ||
64 | send -- "firemon --caps\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6\n";exit} | ||
67 | ":firejail mousepad" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd:" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | after 100 | ||
82 | |||
83 | puts "\nall done\n" | ||
diff --git a/test/private-lib/pluma.exp b/test/private-lib/pluma.exp deleted file mode 100755 index 92ae0a345..000000000 --- a/test/private-lib/pluma.exp +++ /dev/null | |||
@@ -1,83 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail pluma\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Reading profile /etc/firejail/pluma.profile" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 3 | ||
20 | |||
21 | spawn $env(SHELL) | ||
22 | send -- "firejail --list\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | ":firejail" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
29 | "pluma" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | # grsecurity exit | ||
34 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
37 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
38 | "cannot open" {puts "grsecurity not present\n"} | ||
39 | } | ||
40 | |||
41 | send -- "firejail --name=blablabla\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "Child process initialized" | ||
45 | } | ||
46 | sleep 2 | ||
47 | |||
48 | spawn $env(SHELL) | ||
49 | send -- "firemon --seccomp\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5\n";exit} | ||
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
53 | ":firejail pluma" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
57 | "Seccomp: 2" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
61 | "name=blablabla" | ||
62 | } | ||
63 | after 100 | ||
64 | send -- "firemon --caps\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6\n";exit} | ||
67 | ":firejail pluma" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd:" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | after 100 | ||
82 | |||
83 | puts "\nall done\n" | ||
diff --git a/test/private-lib/private-lib.sh b/test/private-lib/private-lib.sh deleted file mode 100755 index edf81917a..000000000 --- a/test/private-lib/private-lib.sh +++ /dev/null | |||
@@ -1,20 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | LIST="evince galculator gnome-calculator gedit leafpad mousepad pluma transmission-gtk xcalc atril gpicview eom eog" | ||
9 | |||
10 | |||
11 | for app in $LIST; do | ||
12 | which $app 2>/dev/null | ||
13 | if [ "$?" -eq 0 ]; | ||
14 | then | ||
15 | echo "TESTING: private-lib $app" | ||
16 | ./$app.exp | ||
17 | else | ||
18 | echo "TESTING SKIP: $app not found" | ||
19 | fi | ||
20 | done | ||
diff --git a/test/private-lib/transmission-gtk.exp b/test/private-lib/transmission-gtk.exp deleted file mode 100755 index 06559293b..000000000 --- a/test/private-lib/transmission-gtk.exp +++ /dev/null | |||
@@ -1,83 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail transmission-gtk\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Reading profile /etc/firejail/transmission-gtk.profile" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 3 | ||
20 | |||
21 | spawn $env(SHELL) | ||
22 | send -- "firejail --list\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | ":firejail" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
29 | "transmission-gtk" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | # grsecurity exit | ||
34 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
37 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
38 | "cannot open" {puts "grsecurity not present\n"} | ||
39 | } | ||
40 | |||
41 | send -- "firejail --name=blablabla\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "Child process initialized" | ||
45 | } | ||
46 | sleep 2 | ||
47 | |||
48 | spawn $env(SHELL) | ||
49 | send -- "firemon --seccomp\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5\n";exit} | ||
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
53 | ":firejail transmission-gtk" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
57 | "Seccomp: 2" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
61 | "name=blablabla" | ||
62 | } | ||
63 | after 100 | ||
64 | send -- "firemon --caps\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6\n";exit} | ||
67 | ":firejail transmission-gtk" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd:" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | after 100 | ||
82 | |||
83 | puts "\nall done\n" | ||
diff --git a/test/private-lib/xcalc.exp b/test/private-lib/xcalc.exp deleted file mode 100755 index 12bd73b51..000000000 --- a/test/private-lib/xcalc.exp +++ /dev/null | |||
@@ -1,83 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail xcalc\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Reading profile /etc/firejail/xcalc.profile" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 3 | ||
20 | |||
21 | spawn $env(SHELL) | ||
22 | send -- "firejail --list\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | ":firejail" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
29 | "xcalc" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | # grsecurity exit | ||
34 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
37 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
38 | "cannot open" {puts "grsecurity not present\n"} | ||
39 | } | ||
40 | |||
41 | send -- "firejail --name=blablabla\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "Child process initialized" | ||
45 | } | ||
46 | sleep 2 | ||
47 | |||
48 | spawn $env(SHELL) | ||
49 | send -- "firemon --seccomp\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5\n";exit} | ||
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
53 | ":firejail xcalc" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
57 | "Seccomp: 2" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
61 | "name=blablabla" | ||
62 | } | ||
63 | after 100 | ||
64 | send -- "firemon --caps\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6\n";exit} | ||
67 | ":firejail xcalc" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd:" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | after 100 | ||
82 | |||
83 | puts "\nall done\n" | ||
diff --git a/test/utils/audit.exp b/test/utils/audit.exp deleted file mode 100755 index 6352dc62d..000000000 --- a/test/utils/audit.exp +++ /dev/null | |||
@@ -1,159 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --audit\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Firejail Audit" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "is running in a PID namespace" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "container/sandbox firejail" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | "seccomp BPF enabled" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 4\n";exit} | ||
29 | "all capabilities are disabled" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 5\n";exit} | ||
33 | "dev directory seems to be fully populated" | ||
34 | } | ||
35 | after 100 | ||
36 | |||
37 | |||
38 | send -- "firejail --audit\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 6\n";exit} | ||
41 | "Firejail Audit" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 7\n";exit} | ||
45 | "is running in a PID namespace" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 8\n";exit} | ||
49 | "container/sandbox firejail" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 9\n";exit} | ||
53 | "seccomp BPF enabled" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 10\n";exit} | ||
57 | "all capabilities are disabled" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 11\n";exit} | ||
61 | "dev directory seems to be fully populated" | ||
62 | } | ||
63 | after 100 | ||
64 | |||
65 | send -- "firejail --audit=blablabla\r" | ||
66 | expect { | ||
67 | timeout {puts "TESTING ERROR 12\n";exit} | ||
68 | "cannot find the audit program" | ||
69 | } | ||
70 | after 100 | ||
71 | |||
72 | send -- "firejail --audit=\r" | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 12\n";exit} | ||
75 | "invalid audit program" | ||
76 | } | ||
77 | after 100 | ||
78 | |||
79 | # run audit executable without a sandbox | ||
80 | send -- "faudit\r" | ||
81 | expect { | ||
82 | timeout {puts "TESTING ERROR 13\n";exit} | ||
83 | "is not running in a PID namespace" | ||
84 | } | ||
85 | expect { | ||
86 | timeout {puts "TESTING ERROR 14\n";exit} | ||
87 | "BAD: seccomp disabled" | ||
88 | } | ||
89 | expect { | ||
90 | timeout {puts "TESTING ERROR 15\n";exit} | ||
91 | "BAD: the capability map is" | ||
92 | } | ||
93 | expect { | ||
94 | timeout {puts "TESTING ERROR 16\n";exit} | ||
95 | "MAYBE: /dev directory seems to be fully populated" | ||
96 | } | ||
97 | after 100 | ||
98 | |||
99 | # test seccomp | ||
100 | send -- "firejail --seccomp.drop=mkdir --audit\r" | ||
101 | expect { | ||
102 | timeout {puts "TESTING ERROR 17\n";exit} | ||
103 | "Firejail Audit" | ||
104 | } | ||
105 | expect { | ||
106 | timeout {puts "TESTING ERROR 18\n";exit} | ||
107 | "GOOD: seccomp BPF enabled" | ||
108 | } | ||
109 | expect { | ||
110 | timeout {puts "TESTING ERROR 19\n";exit} | ||
111 | "UGLY: mount syscall permitted" | ||
112 | } | ||
113 | expect { | ||
114 | timeout {puts "TESTING ERROR 20\n";exit} | ||
115 | "UGLY: umount2 syscall permitted" | ||
116 | } | ||
117 | expect { | ||
118 | timeout {puts "TESTING ERROR 21\n";exit} | ||
119 | "UGLY: ptrace syscall permitted" | ||
120 | } | ||
121 | expect { | ||
122 | timeout {puts "TESTING ERROR 22\n";exit} | ||
123 | "UGLY: swapon syscall permitted" | ||
124 | } | ||
125 | expect { | ||
126 | timeout {puts "TESTING ERROR 23\n";exit} | ||
127 | "UGLY: swapoff syscall permitted" | ||
128 | } | ||
129 | expect { | ||
130 | timeout {puts "TESTING ERROR 24\n";exit} | ||
131 | "UGLY: init_module syscall permitted" | ||
132 | } | ||
133 | expect { | ||
134 | timeout {puts "TESTING ERROR 25\n";exit} | ||
135 | "UGLY: delete_module syscall permitted" | ||
136 | } | ||
137 | expect { | ||
138 | timeout {puts "TESTING ERROR 26\n";exit} | ||
139 | "UGLY: chroot syscall permitted" | ||
140 | } | ||
141 | expect { | ||
142 | timeout {puts "TESTING ERROR 27\n";exit} | ||
143 | "UGLY: pivot_root syscall permitted" | ||
144 | } | ||
145 | expect { | ||
146 | timeout {puts "TESTING ERROR 28\n";exit} | ||
147 | "UGLY: iopl syscall permitted" | ||
148 | } | ||
149 | expect { | ||
150 | timeout {puts "TESTING ERROR 29\n";exit} | ||
151 | "UGLY: ioperm syscall permitted" | ||
152 | } | ||
153 | expect { | ||
154 | timeout {puts "TESTING ERROR 30\n";exit} | ||
155 | "GOOD: all capabilities are disabled" | ||
156 | } | ||
157 | after 100 | ||
158 | |||
159 | puts "\nall done\n" | ||
diff --git a/test/utils/build.exp b/test/utils/build.exp deleted file mode 100755 index 5e883e4ba..000000000 --- a/test/utils/build.exp +++ /dev/null | |||
@@ -1,91 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --build cat ~/firejail-test-file-7699\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "whitelist ~/firejail-test-file-7699" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
17 | "include /etc/firejail/whitelist-common.inc" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1\n";exit} | ||
21 | "private-tmp" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 2\n";exit} | ||
25 | "private-dev" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3\n";exit} | ||
29 | "blacklist /var" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 4\n";exit} | ||
33 | "private-bin cat," | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 5\n";exit} | ||
37 | "caps.drop all" | ||
38 | } | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 6\n";exit} | ||
41 | "nonewprivs" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 7\n";exit} | ||
45 | "seccomp" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 8\n";exit} | ||
49 | "net none" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 9\n";exit} | ||
53 | "shell none" | ||
54 | } | ||
55 | after 100 | ||
56 | |||
57 | send -- "firejail --build cat /etc/passwd\r" | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 10\n";exit} | ||
60 | "private-etc passwd," | ||
61 | } | ||
62 | after 100 | ||
63 | |||
64 | send -- "firejail --build cat /var/tmp/firejail-test-file-7699\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 11\n";exit} | ||
67 | "whitelist /var/tmp/firejail-test-file-7699" | ||
68 | } | ||
69 | after 100 | ||
70 | |||
71 | send -- "firejail --build man firejail\r" | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 12\n";exit} | ||
74 | "whitelist /usr/share/man" | ||
75 | } | ||
76 | after 100 | ||
77 | |||
78 | send -- "firejail --build wget blablabla\r" | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 13\n";exit} | ||
81 | "protocol inet" | ||
82 | } | ||
83 | after 100 | ||
84 | |||
85 | |||
86 | send -- "firejail --build cat /tmp/firejail-test-file-7699\r" | ||
87 | #todo - bug: it comes back with private-tmp | ||
88 | sleep 1 | ||
89 | |||
90 | |||
91 | puts "all done\n" | ||
diff --git a/test/utils/utils.sh b/test/utils/utils.sh index d98e4c2e4..82d00007b 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh | |||
@@ -12,18 +12,6 @@ if [ -f /etc/debian_version ]; then | |||
12 | fi | 12 | fi |
13 | export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail" | 13 | export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail" |
14 | 14 | ||
15 | echo "testing" > ~/firejail-test-file-7699 | ||
16 | echo "testing" > /tmp/firejail-test-file-7699 | ||
17 | echo "testing" > /var/tmp/firejail-test-file-7699 | ||
18 | echo "TESTING: build (test/utils/build.exp)" | ||
19 | ./build.exp | ||
20 | rm -f ~/firejail-test-file-7699 | ||
21 | rm -f /tmp/firejail-test-file-7699 | ||
22 | rm -f /var/tmp/firejail-test-file-7699 | ||
23 | |||
24 | echo "TESTING: audit (test/utils/audit.exp)" | ||
25 | ./audit.exp | ||
26 | |||
27 | echo "TESTING: name (test/utils/name.exp)" | 15 | echo "TESTING: name (test/utils/name.exp)" |
28 | ./name.exp | 16 | ./name.exp |
29 | 17 | ||