fix make test-filter

author: netblue30 <netblue30@protonmail.com> 2021-12-19 13:05:16 -0500
committer: netblue30 <netblue30@protonmail.com> 2021-12-19 13:05:16 -0500
commit: 96cec210f8bd86667722b09beb5a3a67b21ec50f (patch)
tree: aa3df5777eb784bec3f8535b92ee4eba00bdbef9 /test
parent: testing (diff)
download: firejail-96cec210f8bd86667722b09beb5a3a67b21ec50f.tar.gz
firejail-96cec210f8bd86667722b09beb5a3a67b21ec50f.tar.zst
firejail-96cec210f8bd86667722b09beb5a3a67b21ec50f.zip
10 files changed, 27 insertions, 316 deletions
diff --git a/test/filters/filters.sh b/test/filters/filters.sh
index a9f06b60a..eb4e4702c 100755
--- a/test/filters/filters.sh
+++ b/test/filters/filters.sh
@@ -115,13 +115,6 @@ echo "TESTING: seccomp numeric (test/filters/seccomp-numeric.exp)"
 ./seccomp-numeric.exp
 if [ "$(uname -m)" = "x86_64" ]; then
-        echo "TESTING: seccomp dual filter (test/filters/seccomp-dualfilter.exp)"
-        ./seccomp-dualfilter.exp
-else
-        echo "TESTING SKIP: seccomp dual, not running on x86_64"
-fi
-if [ "$(uname -m)" = "x86_64" ]; then
       echo "TESTING: seccomp join (test/filters/seccomp-join.exp)"
        ./seccomp-join.exp
 else
diff --git a/test/filters/fseccomp.exp b/test/filters/fseccomp.exp
index 59f812d6d..6becbff22 100755
--- a/test/filters/fseccomp.exp
+++ b/test/filters/fseccomp.exp
@@ -111,7 +111,7 @@ expect {
 }
 expect {
        timeout {puts "TESTING ERROR 9.3\n";exit}
-        "ret KILL"
+        "ret ERRNO"
 }
diff --git a/test/filters/noroot.exp b/test/filters/noroot.exp
index 64f72f610..5fc16c47f 100755
--- a/test/filters/noroot.exp
+++ b/test/filters/noroot.exp
@@ -72,7 +72,7 @@ expect {
 send -- "cat /proc/self/gid_map | wc -l\r"
 expect {
        timeout {puts "TESTING ERROR 12\n";exit}
-        "5"
+        "9"
 }
@@ -104,7 +104,7 @@ expect {
 send -- "cat /proc/self/gid_map | wc -l\r"
 expect {
        timeout {puts "TESTING ERROR 17\n";exit}
-        "5"
+        "9"
 }
 # check seccomp disabled and all caps enabled
diff --git a/test/filters/protocol.exp b/test/filters/protocol.exp
index 071460e4c..09c742378 100755
--- a/test/filters/protocol.exp
+++ b/test/filters/protocol.exp
@@ -7,179 +7,38 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
-send -- "firejail --noprofile --protocol=unix ./syscall_test socket\r"
+send -- "firejail --noprofile --protocol=unix --debug\r"
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
-        "Permission denied" {puts "TESTING SKIP: permission denied\n"; exit}
+        "0009: 20 00 00 00000000   ld  data.syscall-number"
-        "Child process initialized"
 }
 expect {
-        timeout {puts "TESTING ERROR 1.1\n";exit}
-        "Permission denied" {puts "TESTING SKIP: permission denied\n"; exit}
-        "socket AF_INET"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.2\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.3\n";exit}
-        "socket AF_INET6"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.4\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.5\n";exit}
-        "socket AF_NETLINK"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.6\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.7\n";exit}
-        "socket AF_UNIX"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.8\n";exit}
-        "socket AF_PACKETX"
-}
-expect {
-        timeout {puts "TESTING ERROR 1.9\n";exit}
-        "Operation not supported"
-}
-sleep 1
-send -- "firejail --noprofile --protocol=inet6,packet ./syscall_test socket\r"
-expect {
        timeout {puts "TESTING ERROR 2\n";exit}
-        "Child process initialized"
+        "000a: 15 01 00 00000029   jeq socket 000c (false 000b)"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.1\n";exit}
-        "socket AF_INET"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.2\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.3\n";exit}
-        "socket AF_INET6"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.4\n";exit}
-        "socket AF_NETLINK"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.5\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.6\n";exit}
-        "socket AF_UNIX"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.7\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.8\n";exit}
-        "socket AF_PACKETX"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.9\n";exit}
-        "after socket"
 }
-sleep 1
-# profile testing
-send -- "firejail --profile=protocol1.profile ./syscall_test socket\r"
 expect {
        timeout {puts "TESTING ERROR 3\n";exit}
-        "Child process initialized"
+        "000b: 06 00 00 7fff0000   ret ALLOW"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "socket AF_INET"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.2\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.3\n";exit}
-        "socket AF_INET6"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.4\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.5\n";exit}
-        "socket AF_NETLINK"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.6\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.7\n";exit}
-        "socket AF_UNIX"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.8\n";exit}
-        "socket AF_PACKETX"
 }
 expect {
-        timeout {puts "TESTING ERROR 3.9\n";exit}
-        "Operation not supported"
-}
-sleep 1
-send -- "firejail --profile=protocol2.profile ./syscall_test socket\r"
-expect {
        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
+        "000c: 20 00 00 00000010   ld  data.args"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.1\n";exit}
-        "socket AF_INET"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.2\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.3\n";exit}
-        "socket AF_INET6"
 }
 expect {
-        timeout {puts "TESTING ERROR 4.4\n";exit}
+        timeout {puts "TESTING ERROR 5\n";exit}
-        "socket AF_NETLINK"
+        "000d: 15 00 01 00000001   jeq 1 000e (false 000f)"
 }
 expect {
-        timeout {puts "TESTING ERROR 4.5\n";exit}
+        timeout {puts "TESTING ERROR 6\n";exit}
-        "Operation not supported"
+        "000e: 06 00 00 7fff0000   ret ALLOW"
+        ""
 }
 expect {
-        timeout {puts "TESTING ERROR 4.6\n";exit}
+        timeout {puts "TESTING ERROR 7\n";exit}
-        "socket AF_UNIX"
+        "000f: 06 00 00 0005005f   ret ERRNO(95)"
 }
-expect {
-        timeout {puts "TESTING ERROR 4.7\n";exit}
-        "Operation not supported"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.8\n";exit}
-        "socket AF_PACKETX"
-}
-expect {
-        timeout {puts "TESTING ERROR 4.9\n";exit}
-        "after socket"
-}
-after 100
+after 100
+send -- "exit\r"
+after 100
 puts "\nall done\n"
diff --git a/test/filters/seccomp-dualfilter.exp b/test/filters/seccomp-dualfilter.exp
deleted file mode 100755
index e655be848..000000000
--- a/test/filters/seccomp-dualfilter.exp
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2021 Firejail Authors
-# License GPL v2
-set timeout 1
-spawn $env(SHELL)
-match_max 100000
-send -- "./syscall_test\r"
-expect {
-        timeout {puts "\nTESTING SKIP: 64-bit support missing\n";exit}
-        "Usage"
-}
-send -- "./syscall_test32\r"
-expect {
-        timeout {puts "\nTESTING SKIP: 32-bit support missing\n";exit}
-        "Usage"
-}
-set timeout 10
-send -- "firejail ./syscall_test mount\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "Child process initialized"
-}
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "before mount"
-}
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "after mount" {puts "TESTING ERROR 3\n";exit}
-        "Parent is shutting down"
-}
-sleep 1
-send -- "firejail ./syscall_test32 mount\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Child process initialized"
-}
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "before mount"
-}
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        "after mount" {puts "TESTING ERROR 7\n";exit}
-        "Parent is shutting down"
-}
-after 100
-puts "\nall done\n"
diff --git a/test/filters/seccomp-postexec.exp b/test/filters/seccomp-postexec.exp
index 18263520a..fe0e40e60 100755
--- a/test/filters/seccomp-postexec.exp
+++ b/test/filters/seccomp-postexec.exp
@@ -14,20 +14,17 @@ expect {
 }
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
-        "data.architecture"
-}
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
        "monitoring pid"
 }
+sleep 1
+send -- "ls\r"
 expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
+        timeout {puts "TESTING ERROR 2\n";exit}
-        "Sandbox monitor: waitpid"
+        "not permitted"
-}
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        "Parent is shutting down"
 }
-sleep 1
+send -- "exit\r"
+after 100
 puts "all done\n"
diff --git a/test/filters/seccomp-ptrace.exp b/test/filters/seccomp-ptrace.exp
index ec8ab615c..05fd6eabb 100755
--- a/test/filters/seccomp-ptrace.exp
+++ b/test/filters/seccomp-ptrace.exp
@@ -17,8 +17,7 @@ sleep 2
 send -- "strace ls\r"
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
-        "Bad system call" {puts "version 1\n";}
+        "not permitted"
-        " unexpected signal 31" {puts "version 2\n"}
 }
 send -- "exit\r"
diff --git a/test/filters/syscall_test b/test/filters/syscall_test
deleted file mode 100755
index bf29c5b99..000000000
--- a/test/filters/syscall_test
+++ /dev/null
Binary files differ
diff --git a/test/filters/syscall_test.c b/test/filters/syscall_test.c
deleted file mode 100644
index 55ee31afb..000000000
--- a/test/filters/syscall_test.c
+++ /dev/null
@@ -1,82 +0,0 @@
-// This file is part of Firejail project
-// Copyright (C) 2014-2021 Firejail Authors
-// License GPL v2
-#include <stdlib.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <linux/netlink.h>
-#include <net/ethernet.h>
-#include <sys/mount.h>
-int main(int argc, char **argv) {
-        if (argc != 2) {
-                printf("Usage: test [sleep|socket|mkdir|mount]\n");
-                return 1;
-        }
-        if (strcmp(argv[1], "sleep") == 0) {
-                printf("before sleep\n");
-                sleep(1);
-                printf("after sleep\n");
-        }
-        else if (strcmp(argv[1], "socket") == 0) {
-                int sock;
-                printf("testing socket AF_INET\n");
-                if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
-                        perror("socket");
-                }
-                else
-                        close(sock);
-                printf("testing socket AF_INET6\n");
-                if ((sock = socket(AF_INET6, SOCK_STREAM, 0)) < 0) {
-                        perror("socket");
-                }
-                else
-                        close(sock);
-                printf("testing socket AF_NETLINK\n");
-                if ((sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE)) < 0) {
-                        perror("socket");
-                }
-                else
-                        close(sock);
-                printf("testing socket AF_UNIX\n");
-                if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
-                        perror("socket");
-                }
-                else
-                        close(sock);
-                // root needed to be able to handle this
-                printf("testing socket AF_PACKETX\n");
-                if ((sock = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ARP))) < 0) {
-                        perror("socket");
-                }
-                else
-                        close(sock);
-                printf("after socket\n");
-        }
-        else if (strcmp(argv[1], "mkdir") == 0) {
-                printf("before mkdir\n");
-                mkdir("tmp", 0777);
-                printf("after mkdir\n");
-        }
-        else if (strcmp(argv[1], "mount") == 0) {
-                printf("before mount\n");
-                if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME,  "mode=755,gid=0") < 0) {
-                        perror("mount");
-                }
-                printf("after mount\n");
-        }
-        else {
-                fprintf(stderr, "Error: invalid argument\n");
-                return 1;
-        }
-        return 0;
-}
diff --git a/test/filters/syscall_test32 b/test/filters/syscall_test32
deleted file mode 100755
index 8d72f58c4..000000000
--- a/test/filters/syscall_test32
+++ /dev/null
Binary files differ
author	netblue30 <netblue30@protonmail.com>	2021-12-19 13:05:16 -0500
committer	netblue30 <netblue30@protonmail.com>	2021-12-19 13:05:16 -0500
commit	96cec210f8bd86667722b09beb5a3a67b21ec50f (patch)
tree	aa3df5777eb784bec3f8535b92ee4eba00bdbef9 /test
parent	testing (diff)
download	firejail-96cec210f8bd86667722b09beb5a3a67b21ec50f.tar.gz firejail-96cec210f8bd86667722b09beb5a3a67b21ec50f.tar.zst firejail-96cec210f8bd86667722b09beb5a3a67b21ec50f.zip

diff --git a/test/filters/filters.sh b/test/filters/filters.sh index a9f06b60a..eb4e4702c 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh
@@ -115,13 +115,6 @@ echo "TESTING: seccomp numeric (test/filters/seccomp-numeric.exp)"
115	./seccomp-numeric.exp	115	./seccomp-numeric.exp
116		116
117	if [ "$(uname -m)" = "x86_64" ]; then	117	if [ "$(uname -m)" = "x86_64" ]; then
118	echo "TESTING: seccomp dual filter (test/filters/seccomp-dualfilter.exp)"
119	./seccomp-dualfilter.exp
120	else
121	echo "TESTING SKIP: seccomp dual, not running on x86_64"
122	fi
123
124	if [ "$(uname -m)" = "x86_64" ]; then
125	echo "TESTING: seccomp join (test/filters/seccomp-join.exp)"	118	echo "TESTING: seccomp join (test/filters/seccomp-join.exp)"
126	./seccomp-join.exp	119	./seccomp-join.exp
127	else	120	else


diff --git a/test/filters/fseccomp.exp b/test/filters/fseccomp.exp index 59f812d6d..6becbff22 100755 --- a/test/filters/fseccomp.exp +++ b/test/filters/fseccomp.exp
@@ -111,7 +111,7 @@ expect {
111	}	111	}
112	expect {	112	expect {
113	timeout {puts "TESTING ERROR 9.3\n";exit}	113	timeout {puts "TESTING ERROR 9.3\n";exit}
114	"ret KILL"	114	"ret ERRNO"
115	}	115	}
116		116
117		117


diff --git a/test/filters/noroot.exp b/test/filters/noroot.exp index 64f72f610..5fc16c47f 100755 --- a/test/filters/noroot.exp +++ b/test/filters/noroot.exp
@@ -72,7 +72,7 @@ expect {
72	send -- "cat /proc/self/gid_map \| wc -l\r"	72	send -- "cat /proc/self/gid_map \| wc -l\r"
73	expect {	73	expect {
74	timeout {puts "TESTING ERROR 12\n";exit}	74	timeout {puts "TESTING ERROR 12\n";exit}
75	"5"	75	"9"
76	}	76	}
77		77
78		78
@@ -104,7 +104,7 @@ expect {
104	send -- "cat /proc/self/gid_map \| wc -l\r"	104	send -- "cat /proc/self/gid_map \| wc -l\r"
105	expect {	105	expect {
106	timeout {puts "TESTING ERROR 17\n";exit}	106	timeout {puts "TESTING ERROR 17\n";exit}
107	"5"	107	"9"
108	}	108	}
109		109
110	# check seccomp disabled and all caps enabled	110	# check seccomp disabled and all caps enabled


diff --git a/test/filters/protocol.exp b/test/filters/protocol.exp index 071460e4c..09c742378 100755 --- a/test/filters/protocol.exp +++ b/test/filters/protocol.exp
@@ -7,179 +7,38 @@ set timeout 10
7	spawn $env(SHELL)	7	spawn $env(SHELL)
8	match_max 100000	8	match_max 100000
9		9
10	send -- "firejail --noprofile --protocol=unix ./syscall_test socket\r"	10	send -- "firejail --noprofile --protocol=unix --debug\r"
11	expect {	11	expect {
12	timeout {puts "TESTING ERROR 1\n";exit}	12	timeout {puts "TESTING ERROR 1\n";exit}
13	"Permission denied" {puts "TESTING SKIP: permission denied\n"; exit}	13	"0009: 20 00 00 00000000 ld data.syscall-number"
14	"Child process initialized"
15	}	14	}
16	expect {	15	expect {
17	timeout {puts "TESTING ERROR 1.1\n";exit}
18	"Permission denied" {puts "TESTING SKIP: permission denied\n"; exit}
19	"socket AF_INET"
20	}
21	expect {
22	timeout {puts "TESTING ERROR 1.2\n";exit}
23	"Operation not supported"
24	}
25	expect {
26	timeout {puts "TESTING ERROR 1.3\n";exit}
27	"socket AF_INET6"
28	}
29	expect {
30	timeout {puts "TESTING ERROR 1.4\n";exit}
31	"Operation not supported"
32	}
33	expect {
34	timeout {puts "TESTING ERROR 1.5\n";exit}
35	"socket AF_NETLINK"
36	}
37	expect {
38	timeout {puts "TESTING ERROR 1.6\n";exit}
39	"Operation not supported"
40	}
41	expect {
42	timeout {puts "TESTING ERROR 1.7\n";exit}
43	"socket AF_UNIX"
44	}
45	expect {
46	timeout {puts "TESTING ERROR 1.8\n";exit}
47	"socket AF_PACKETX"
48	}
49	expect {
50	timeout {puts "TESTING ERROR 1.9\n";exit}
51	"Operation not supported"
52	}
53	sleep 1
54
55	send -- "firejail --noprofile --protocol=inet6,packet ./syscall_test socket\r"
56	expect {
57	timeout {puts "TESTING ERROR 2\n";exit}	16	timeout {puts "TESTING ERROR 2\n";exit}
58	"Child process initialized"	17	"000a: 15 01 00 00000029 jeq socket 000c (false 000b)"
59	}
60	expect {
61	timeout {puts "TESTING ERROR 2.1\n";exit}
62	"socket AF_INET"
63	}
64	expect {
65	timeout {puts "TESTING ERROR 2.2\n";exit}
66	"Operation not supported"
67	}
68	expect {
69	timeout {puts "TESTING ERROR 2.3\n";exit}
70	"socket AF_INET6"
71	}
72	expect {
73	timeout {puts "TESTING ERROR 2.4\n";exit}
74	"socket AF_NETLINK"
75	}
76	expect {
77	timeout {puts "TESTING ERROR 2.5\n";exit}
78	"Operation not supported"
79	}
80	expect {
81	timeout {puts "TESTING ERROR 2.6\n";exit}
82	"socket AF_UNIX"
83	}
84	expect {
85	timeout {puts "TESTING ERROR 2.7\n";exit}
86	"Operation not supported"
87	}
88	expect {
89	timeout {puts "TESTING ERROR 2.8\n";exit}
90	"socket AF_PACKETX"
91	}
92	expect {
93	timeout {puts "TESTING ERROR 2.9\n";exit}
94	"after socket"
95	}	18	}
96	sleep 1
97
98	# profile testing
99	send -- "firejail --profile=protocol1.profile ./syscall_test socket\r"
100	expect {	19	expect {
101	timeout {puts "TESTING ERROR 3\n";exit}	20	timeout {puts "TESTING ERROR 3\n";exit}
102	"Child process initialized"	21	"000b: 06 00 00 7fff0000 ret ALLOW"
103	}
104	expect {
105	timeout {puts "TESTING ERROR 3.1\n";exit}
106	"socket AF_INET"
107	}
108	expect {
109	timeout {puts "TESTING ERROR 3.2\n";exit}
110	"Operation not supported"
111	}
112	expect {
113	timeout {puts "TESTING ERROR 3.3\n";exit}
114	"socket AF_INET6"
115	}
116	expect {
117	timeout {puts "TESTING ERROR 3.4\n";exit}
118	"Operation not supported"
119	}
120	expect {
121	timeout {puts "TESTING ERROR 3.5\n";exit}
122	"socket AF_NETLINK"
123	}
124	expect {
125	timeout {puts "TESTING ERROR 3.6\n";exit}
126	"Operation not supported"
127	}
128	expect {
129	timeout {puts "TESTING ERROR 3.7\n";exit}
130	"socket AF_UNIX"
131	}
132	expect {
133	timeout {puts "TESTING ERROR 3.8\n";exit}
134	"socket AF_PACKETX"
135	}	22	}
136	expect {	23	expect {
137	timeout {puts "TESTING ERROR 3.9\n";exit}
138	"Operation not supported"
139	}
140	sleep 1
141
142	send -- "firejail --profile=protocol2.profile ./syscall_test socket\r"
143	expect {
144	timeout {puts "TESTING ERROR 4\n";exit}	24	timeout {puts "TESTING ERROR 4\n";exit}
145	"Child process initialized"	25	"000c: 20 00 00 00000010 ld data.args"
146	}
147	expect {
148	timeout {puts "TESTING ERROR 4.1\n";exit}
149	"socket AF_INET"
150	}
151	expect {
152	timeout {puts "TESTING ERROR 4.2\n";exit}
153	"Operation not supported"
154	}
155	expect {
156	timeout {puts "TESTING ERROR 4.3\n";exit}
157	"socket AF_INET6"
158	}	26	}
159	expect {	27	expect {
160	timeout {puts "TESTING ERROR 4.4\n";exit}	28	timeout {puts "TESTING ERROR 5\n";exit}
161	"socket AF_NETLINK"	29	"000d: 15 00 01 00000001 jeq 1 000e (false 000f)"
162	}	30	}
163	expect {	31	expect {
164	timeout {puts "TESTING ERROR 4.5\n";exit}	32	timeout {puts "TESTING ERROR 6\n";exit}
165	"Operation not supported"	33	"000e: 06 00 00 7fff0000 ret ALLOW"
		34	""
166	}	35	}
167	expect {	36	expect {
168	timeout {puts "TESTING ERROR 4.6\n";exit}	37	timeout {puts "TESTING ERROR 7\n";exit}
169	"socket AF_UNIX"	38	"000f: 06 00 00 0005005f ret ERRNO(95)"
170	}	39	}
171	expect {
172	timeout {puts "TESTING ERROR 4.7\n";exit}
173	"Operation not supported"
174	}
175	expect {
176	timeout {puts "TESTING ERROR 4.8\n";exit}
177	"socket AF_PACKETX"
178	}
179	expect {
180	timeout {puts "TESTING ERROR 4.9\n";exit}
181	"after socket"
182	}
183	after 100
184		40
		41	after 100
		42	send -- "exit\r"
		43	after 100
185	puts "\nall done\n"	44	puts "\nall done\n"


diff --git a/test/filters/seccomp-dualfilter.exp b/test/filters/seccomp-dualfilter.exp deleted file mode 100755 index e655be848..000000000 --- a/test/filters/seccomp-dualfilter.exp +++ /dev/null
@@ -1,55 +0,0 @@
1	#!/usr/bin/expect -f
2	# This file is part of Firejail project
3	# Copyright (C) 2014-2021 Firejail Authors
4	# License GPL v2
5
6	set timeout 1
7	spawn $env(SHELL)
8	match_max 100000
9
10	send -- "./syscall_test\r"
11	expect {
12	timeout {puts "\nTESTING SKIP: 64-bit support missing\n";exit}
13	"Usage"
14	}
15
16	send -- "./syscall_test32\r"
17	expect {
18	timeout {puts "\nTESTING SKIP: 32-bit support missing\n";exit}
19	"Usage"
20	}
21
22	set timeout 10
23	send -- "firejail ./syscall_test mount\r"
24	expect {
25	timeout {puts "TESTING ERROR 0\n";exit}
26	"Child process initialized"
27	}
28	expect {
29	timeout {puts "TESTING ERROR 1\n";exit}
30	"before mount"
31	}
32	expect {
33	timeout {puts "TESTING ERROR 2\n";exit}
34	"after mount" {puts "TESTING ERROR 3\n";exit}
35	"Parent is shutting down"
36	}
37	sleep 1
38
39	send -- "firejail ./syscall_test32 mount\r"
40	expect {
41	timeout {puts "TESTING ERROR 4\n";exit}
42	"Child process initialized"
43	}
44	expect {
45	timeout {puts "TESTING ERROR 5\n";exit}
46	"before mount"
47	}
48	expect {
49	timeout {puts "TESTING ERROR 6\n";exit}
50	"after mount" {puts "TESTING ERROR 7\n";exit}
51	"Parent is shutting down"
52	}
53
54	after 100
55	puts "\nall done\n"


diff --git a/test/filters/seccomp-postexec.exp b/test/filters/seccomp-postexec.exp index 18263520a..fe0e40e60 100755 --- a/test/filters/seccomp-postexec.exp +++ b/test/filters/seccomp-postexec.exp
@@ -14,20 +14,17 @@ expect {
14	}	14	}
15	expect {	15	expect {
16	timeout {puts "TESTING ERROR 1\n";exit}	16	timeout {puts "TESTING ERROR 1\n";exit}
17	"data.architecture"
18	}
19	expect {
20	timeout {puts "TESTING ERROR 2\n";exit}
21	"monitoring pid"	17	"monitoring pid"
22	}	18	}
		19	sleep 1
		20
		21	send -- "ls\r"
23	expect {	22	expect {
24	timeout {puts "TESTING ERROR 3\n";exit}	23	timeout {puts "TESTING ERROR 2\n";exit}
25	"Sandbox monitor: waitpid"	24	"not permitted"
26	}
27	expect {
28	timeout {puts "TESTING ERROR 4\n";exit}
29	"Parent is shutting down"
30	}	25	}
31	sleep 1
32		26
		27
		28	send -- "exit\r"
		29	after 100
33	puts "all done\n"	30	puts "all done\n"


diff --git a/test/filters/seccomp-ptrace.exp b/test/filters/seccomp-ptrace.exp index ec8ab615c..05fd6eabb 100755 --- a/test/filters/seccomp-ptrace.exp +++ b/test/filters/seccomp-ptrace.exp
@@ -17,8 +17,7 @@ sleep 2
17	send -- "strace ls\r"	17	send -- "strace ls\r"
18	expect {	18	expect {
19	timeout {puts "TESTING ERROR 1\n";exit}	19	timeout {puts "TESTING ERROR 1\n";exit}
20	"Bad system call" {puts "version 1\n";}	20	"not permitted"
21	" unexpected signal 31" {puts "version 2\n"}
22	}	21	}
23		22
24	send -- "exit\r"	23	send -- "exit\r"


diff --git a/test/filters/syscall_test b/test/filters/syscall_test deleted file mode 100755 index bf29c5b99..000000000 --- a/test/filters/syscall_test +++ /dev/null
Binary files differ


diff --git a/test/filters/syscall_test.c b/test/filters/syscall_test.c deleted file mode 100644 index 55ee31afb..000000000 --- a/test/filters/syscall_test.c +++ /dev/null
@@ -1,82 +0,0 @@
1	// This file is part of Firejail project
2	// Copyright (C) 2014-2021 Firejail Authors
3	// License GPL v2
4
5	#include <stdlib.h>
6	#include <stdio.h>
7	#include <unistd.h>
8	#include <sys/types.h>
9	#include <sys/socket.h>
10	#include <linux/netlink.h>
11	#include <net/ethernet.h>
12	#include <sys/mount.h>
13
14	int main(int argc, char **argv) {
15	if (argc != 2) {
16	printf("Usage: test [sleep\|socket\|mkdir\|mount]\n");
17	return 1;
18	}
19
20	if (strcmp(argv[1], "sleep") == 0) {
21	printf("before sleep\n");
22	sleep(1);
23	printf("after sleep\n");
24	}
25	else if (strcmp(argv[1], "socket") == 0) {
26	int sock;
27
28	printf("testing socket AF_INET\n");
29	if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
30	perror("socket");
31	}
32	else
33	close(sock);
34
35	printf("testing socket AF_INET6\n");
36	if ((sock = socket(AF_INET6, SOCK_STREAM, 0)) < 0) {
37	perror("socket");
38	}
39	else
40	close(sock);
41
42	printf("testing socket AF_NETLINK\n");
43	if ((sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE)) < 0) {
44	perror("socket");
45	}
46	else
47	close(sock);
48
49	printf("testing socket AF_UNIX\n");
50	if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
51	perror("socket");
52	}
53	else
54	close(sock);
55
56	// root needed to be able to handle this
57	printf("testing socket AF_PACKETX\n");
58	if ((sock = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ARP))) < 0) {
59	perror("socket");
60	}
61	else
62	close(sock);
63	printf("after socket\n");
64	}
65	else if (strcmp(argv[1], "mkdir") == 0) {
66	printf("before mkdir\n");
67	mkdir("tmp", 0777);
68	printf("after mkdir\n");
69	}
70	else if (strcmp(argv[1], "mount") == 0) {
71	printf("before mount\n");
72	if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID \| MS_STRICTATIME, "mode=755,gid=0") < 0) {
73	perror("mount");
74	}
75	printf("after mount\n");
76	}
77	else {
78	fprintf(stderr, "Error: invalid argument\n");
79	return 1;
80	}
81	return 0;
82	}


diff --git a/test/filters/syscall_test32 b/test/filters/syscall_test32 deleted file mode 100755 index 8d72f58c4..000000000 --- a/test/filters/syscall_test32 +++ /dev/null
Binary files differ