testing

author: netblue30 <netblue30@protonmail.com> 2023-03-08 17:09:17 -0500
committer: netblue30 <netblue30@protonmail.com> 2023-03-08 17:09:17 -0500
commit: aa0194eae75871f3fb5e15d31a9060527711adae (patch)
tree: bb535822c1469d4a1d6a736b7b58616b37d19d7d /test
parent: testing (diff)
download: firejail-aa0194eae75871f3fb5e15d31a9060527711adae.tar.gz
firejail-aa0194eae75871f3fb5e15d31a9060527711adae.tar.zst
firejail-aa0194eae75871f3fb5e15d31a9060527711adae.zip
10 files changed, 66 insertions, 213 deletions
diff --git a/test/capabilities/capabilities.sh b/test/capabilities/capabilities.sh
index 50279cd4f..2d345025a 100755
--- a/test/capabilities/capabilities.sh
+++ b/test/capabilities/capabilities.sh
@@ -21,3 +21,6 @@ echo "TESTING: capabilities print (test/filters/caps-print.exp)"
 echo "TESTING: capabilities join (test/filters/caps-join.exp)"
 ./caps-join.exp
+echo "TESTING: firemon caps (test/utils/firemon-caps.exp)"
+./firemon-caps.exp
diff --git a/test/capabilities/caps-join.exp b/test/capabilities/caps-join.exp
index 1830143fb..ecb43d943 100755
--- a/test/capabilities/caps-join.exp
+++ b/test/capabilities/caps-join.exp
@@ -35,7 +35,7 @@ sleep 1
 set spawn_id $id1
 send -- "exit\r"
-after 100
+sleep 1
 #
 # no caps
@@ -67,7 +67,7 @@ sleep 1
 set spawn_id $id1
 send -- "exit\r"
-after 100
+after 500
 #
 # no caps
@@ -91,6 +91,6 @@ sleep 1
 set spawn_id $id1
 send -- "exit\r"
-after 100
+after 500
 puts "all done\n"
diff --git a/test/capabilities/caps-print.exp b/test/capabilities/caps-print.exp
index b403f9ffe..66a7e093b 100755
--- a/test/capabilities/caps-print.exp
+++ b/test/capabilities/caps-print.exp
@@ -68,7 +68,7 @@ expect {
        timeout {puts "TESTING ERROR 13\n";exit}
        "syslog              - disabled"
 }
-after 100
+after 500
 send -- "firejail --debug-caps\r"
 expect {
@@ -87,7 +87,7 @@ expect {
        timeout {puts "TESTING ERROR 9\n";exit}
        "24     - sys_resource"
 }
-after 100
+after 500
 send -- "firejail --caps.keep=\"bla bla bla\"\r"
 expect {
@@ -99,5 +99,5 @@ expect {
        "not found"
 }
-after 100
+after 500
 puts "\nall done\n"
diff --git a/test/capabilities/caps.exp b/test/capabilities/caps.exp
index dbd63efda..bd7ab04eb 100755
--- a/test/capabilities/caps.exp
+++ b/test/capabilities/caps.exp
@@ -7,14 +7,11 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
-send -- "firejail --caps.keep=chown,fowner --noprofile\r"
+send -- "firejail --caps.keep=chown,fowner --noprofile cat /proc/self/status\r"
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
-after 100
-send -- "cat /proc/self/status\r"
 expect {
        timeout {puts "TESTING ERROR 2\n";exit}
        "CapBnd:        0000000000000009"
@@ -23,17 +20,13 @@ expect {
        timeout {puts "TESTING ERROR 3\n";exit}
        "Seccomp:"
 }
-send -- "exit\r"
+after 500
-sleep 1
-send -- "firejail --caps.drop=all --noprofile\r"
+send -- "firejail --caps.drop=all --noprofile cat /proc/self/status\r"
 expect {
        timeout {puts "TESTING ERROR 4\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
-after 100
-send -- "cat /proc/self/status\r"
 expect {
        timeout {puts "TESTING ERROR 5\n";exit}
        "CapBnd:        0000000000000000"
@@ -42,17 +35,13 @@ expect {
        timeout {puts "TESTING ERROR 6\n";exit}
        "Seccomp:"
 }
-send -- "exit\r"
+after 500
-sleep 1
-send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r"
+send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile cat /proc/self/status\r"
 expect {
        timeout {puts "TESTING ERROR 7\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
-after 100
-send -- "cat /proc/self/status\r"
 expect {
        timeout {puts "TESTING ERROR 8\n";exit}
        "CapBnd:"
@@ -65,11 +54,9 @@ expect {
        timeout {puts "TESTING ERROR 10\n";exit}
        "Seccomp:"
 }
-send -- "exit\r"
+after 500
-sleep 1
+send -- "firejail --profile=caps1.profile --debug ls\r"
-send -- "firejail --profile=caps1.profile --debug\r"
 expect {
        timeout {puts "TESTING ERROR 11\n";exit}
        "Drop CAP_SYS_MODULE"
@@ -83,10 +70,7 @@ expect {
        "Drop CAP_" {puts "TESTING ERROR 14\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
-after 100
+after 500
-send -- "exit\r"
-sleep 1
 ## tofix: possible problem with caps.keep in profile files
 ##send -- "firejail --caps.keep=chown,fowner --noprofile\r"
@@ -110,14 +94,11 @@ sleep 1
 #sleep 1
 #send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r"
-send -- "firejail --profile=caps3.profile\r"
+send -- "firejail --profile=caps3.profile cat /proc/self/status\r"
 expect {
        timeout {puts "TESTING ERROR 18\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
-after 100
-send -- "cat /proc/self/status\r"
 expect {
        timeout {puts "TESTING ERROR 19\n";exit}
        "CapBnd:"
@@ -130,10 +111,5 @@ expect {
        timeout {puts "TESTING ERROR 21\n";exit}
        "Seccomp:"
 }
-send -- "exit\r"
+after 500
-sleep 1
-after 100
 puts "\nall done\n"
diff --git a/test/capabilities/firemon-caps.exp b/test/capabilities/firemon-caps.exp
new file mode 100755
index 000000000..905c8cba9
--- /dev/null
+++ b/test/capabilities/firemon-caps.exp
@@ -0,0 +1,47 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send --  "firejail --name=bingo1 --noprofile --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+sleep 1
+spawn $env(SHELL)
+send --  "firejail --name=bingo2 --noprofile\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+sleep 1
+spawn $env(SHELL)
+send -- "firemon --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit}
+        "bingo1"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "31cffff"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "bingo2"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "fffffff"
+}
+after 500
+puts "all done\n"
diff --git a/test/utils/caps-print.exp b/test/utils/caps-print.exp
deleted file mode 100755
index 381f27574..000000000
--- a/test/utils/caps-print.exp
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2023 Firejail Authors
-# License GPL v2
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send -- "firejail --name=test\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 2
-spawn $env(SHELL)
-send -- "firejail --caps.print=test\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "setgid              - disabled"
-}
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "setuid              - disabled"
-}
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "net_raw             - disabled"
-}
-after 100
-puts "\nall done\n"
diff --git a/test/utils/caps1.profile b/test/utils/caps1.profile
deleted file mode 100644
index 78c18fc64..000000000
--- a/test/utils/caps1.profile
+++ /dev/null
@@ -1 +0,0 @@
-caps.drop chown,kill
diff --git a/test/utils/caps2.profile b/test/utils/caps2.profile
deleted file mode 100644
index e760d4cb5..000000000
--- a/test/utils/caps2.profile
+++ /dev/null
@@ -1 +0,0 @@
-caps.keep chown,kill
diff --git a/test/utils/firemon-caps.exp b/test/utils/firemon-caps.exp
deleted file mode 100755
index 621447d45..000000000
--- a/test/utils/firemon-caps.exp
+++ /dev/null
@@ -1,129 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2023 Firejail Authors
-# License GPL v2
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send --  "firejail --name=bingo1 --noprofile --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 1
-spawn $env(SHELL)
-send --  "firejail --name=bingo2 --noprofile\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 1
-spawn $env(SHELL)
-send --  "firejail --name=bingo3 --noprofile --caps.drop=all\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 1
-spawn $env(SHELL)
-send --  "firejail --noprofile --name=bingo4 --caps.drop=chown,kill\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 1
-spawn $env(SHELL)
-send --  "firejail --noprofile --name=bingo5 --caps.keep=chown,kill\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 1
-spawn $env(SHELL)
-send --  "firejail --name=bingo6 --profile=caps1.profile\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 1
-spawn $env(SHELL)
-send --  "firejail --name=bingo7 --profile=caps2.profile\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 1
-spawn $env(SHELL)
-send -- "firemon --caps\r"
-expect {
-        timeout {puts "TESTING ERROR 8.1\n";exit}
-        "need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit}
-        "bingo1"
-}
-expect {
-        timeout {puts "TESTING ERROR 8.2\n";exit}
-        "31cffff"
-}
-expect {
-        timeout {puts "TESTING ERROR 8.3\n";exit}
-        "bingo2"
-}
-expect {
-        timeout {puts "TESTING ERROR 8.4\n";exit}
-        "fffffff"
-}
-expect {
-        timeout {puts "TESTING ERROR 8.5\n";exit}
-        "bingo3"
-}
-expect {
-        timeout {puts "TESTING ERROR 8.6\n";exit}
-        "000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 8.7\n";exit}
-        "bingo4"
-}
-expect {
-        timeout {puts "TESTING ERROR 8.8\n";exit}
-        "ffffffde"
-}
-expect {
-        timeout {puts "TESTING ERROR 8.9\n";exit}
-        "bingo5"
-}
-expect {
-        timeout {puts "TESTING ERROR 8.10\n";exit}
-        "0000000000000021"
-}
-expect {
-        timeout {puts "TESTING ERROR 8.11\n";exit}
-        "bingo6"
-}
-expect {
-        timeout {puts "TESTING ERROR 8.12\n";exit}
-        "ffffffde"
-}
-expect {
-        timeout {puts "TESTING ERROR 8.13\n";exit}
-        "bingo7"
-}
-expect {
-        timeout {puts "TESTING ERROR 8.14\n";exit}
-        "0000000000000021"
-}
-after 100
-puts "all done\n"
diff --git a/test/utils/utils.sh b/test/utils/utils.sh
index 9f04c2625..49ff8e6de 100755
--- a/test/utils/utils.sh
+++ b/test/utils/utils.sh
@@ -61,9 +61,6 @@ echo "TESTING: fs.print (test/utils/fs-print.exp)"
 echo "TESTING: dns.print (test/utils/dns-print.exp)"
 ./dns-print.exp
-echo "TESTING: caps.print (test/utils/caps-print.exp)"
-./caps-print.exp
 echo "TESTING: seccomp.print (test/utils/seccomp-print.exp)"
 ./seccomp-print.exp
@@ -112,13 +109,6 @@ else
        echo "TESTING SKIP: seccomp already active (test/utils/firemon-seccomp.exp)"
 fi
-if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then
-        echo "TESTING: firemon caps (test/utils/firemon-caps.exp)"
-        ./firemon-caps.exp
-else
-        echo "TESTING SKIP: other capabilities than expected (test/utils/firemon-caps.exp)"
-fi
 echo "TESTING: firemon cpu (test/utils/firemon-cpu.exp)"
 ./firemon-cpu.exp
author	netblue30 <netblue30@protonmail.com>	2023-03-08 17:09:17 -0500
committer	netblue30 <netblue30@protonmail.com>	2023-03-08 17:09:17 -0500
commit	aa0194eae75871f3fb5e15d31a9060527711adae (patch)
tree	bb535822c1469d4a1d6a736b7b58616b37d19d7d /test
parent	testing (diff)
download	firejail-aa0194eae75871f3fb5e15d31a9060527711adae.tar.gz firejail-aa0194eae75871f3fb5e15d31a9060527711adae.tar.zst firejail-aa0194eae75871f3fb5e15d31a9060527711adae.zip

diff --git a/test/capabilities/capabilities.sh b/test/capabilities/capabilities.sh index 50279cd4f..2d345025a 100755 --- a/test/capabilities/capabilities.sh +++ b/test/capabilities/capabilities.sh
@@ -21,3 +21,6 @@ echo "TESTING: capabilities print (test/filters/caps-print.exp)"
21	echo "TESTING: capabilities join (test/filters/caps-join.exp)"	21	echo "TESTING: capabilities join (test/filters/caps-join.exp)"
22	./caps-join.exp	22	./caps-join.exp
23		23
		24	echo "TESTING: firemon caps (test/utils/firemon-caps.exp)"
		25	./firemon-caps.exp
		26


diff --git a/test/capabilities/caps-join.exp b/test/capabilities/caps-join.exp index 1830143fb..ecb43d943 100755 --- a/test/capabilities/caps-join.exp +++ b/test/capabilities/caps-join.exp
@@ -35,7 +35,7 @@ sleep 1
35		35
36	set spawn_id $id1	36	set spawn_id $id1
37	send -- "exit\r"	37	send -- "exit\r"
38	after 100	38	sleep 1
39		39
40	#	40	#
41	# no caps	41	# no caps
@@ -67,7 +67,7 @@ sleep 1
67		67
68	set spawn_id $id1	68	set spawn_id $id1
69	send -- "exit\r"	69	send -- "exit\r"
70	after 100	70	after 500
71		71
72	#	72	#
73	# no caps	73	# no caps
@@ -91,6 +91,6 @@ sleep 1
91		91
92	set spawn_id $id1	92	set spawn_id $id1
93	send -- "exit\r"	93	send -- "exit\r"
94	after 100	94	after 500
95		95
96	puts "all done\n"	96	puts "all done\n"


diff --git a/test/capabilities/caps-print.exp b/test/capabilities/caps-print.exp index b403f9ffe..66a7e093b 100755 --- a/test/capabilities/caps-print.exp +++ b/test/capabilities/caps-print.exp
@@ -68,7 +68,7 @@ expect {
68	timeout {puts "TESTING ERROR 13\n";exit}	68	timeout {puts "TESTING ERROR 13\n";exit}
69	"syslog - disabled"	69	"syslog - disabled"
70	}	70	}
71	after 100	71	after 500
72		72
73	send -- "firejail --debug-caps\r"	73	send -- "firejail --debug-caps\r"
74	expect {	74	expect {
@@ -87,7 +87,7 @@ expect {
87	timeout {puts "TESTING ERROR 9\n";exit}	87	timeout {puts "TESTING ERROR 9\n";exit}
88	"24 - sys_resource"	88	"24 - sys_resource"
89	}	89	}
90	after 100	90	after 500
91		91
92	send -- "firejail --caps.keep=\"bla bla bla\"\r"	92	send -- "firejail --caps.keep=\"bla bla bla\"\r"
93	expect {	93	expect {
@@ -99,5 +99,5 @@ expect {
99	"not found"	99	"not found"
100	}	100	}
101		101
102	after 100	102	after 500
103	puts "\nall done\n"	103	puts "\nall done\n"


diff --git a/test/capabilities/caps.exp b/test/capabilities/caps.exp index dbd63efda..bd7ab04eb 100755 --- a/test/capabilities/caps.exp +++ b/test/capabilities/caps.exp
@@ -7,14 +7,11 @@ set timeout 10
7	spawn $env(SHELL)	7	spawn $env(SHELL)
8	match_max 100000	8	match_max 100000
9		9
10	send -- "firejail --caps.keep=chown,fowner --noprofile\r"	10	send -- "firejail --caps.keep=chown,fowner --noprofile cat /proc/self/status\r"
11	expect {	11	expect {
12	timeout {puts "TESTING ERROR 1\n";exit}	12	timeout {puts "TESTING ERROR 1\n";exit}
13	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"	13	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
14	}	14	}
15	after 100
16
17	send -- "cat /proc/self/status\r"
18	expect {	15	expect {
19	timeout {puts "TESTING ERROR 2\n";exit}	16	timeout {puts "TESTING ERROR 2\n";exit}
20	"CapBnd: 0000000000000009"	17	"CapBnd: 0000000000000009"
@@ -23,17 +20,13 @@ expect {
23	timeout {puts "TESTING ERROR 3\n";exit}	20	timeout {puts "TESTING ERROR 3\n";exit}
24	"Seccomp:"	21	"Seccomp:"
25	}	22	}
26	send -- "exit\r"	23	after 500
27	sleep 1
28		24
29	send -- "firejail --caps.drop=all --noprofile\r"	25	send -- "firejail --caps.drop=all --noprofile cat /proc/self/status\r"
30	expect {	26	expect {
31	timeout {puts "TESTING ERROR 4\n";exit}	27	timeout {puts "TESTING ERROR 4\n";exit}
32	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"	28	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
33	}	29	}
34	after 100
35
36	send -- "cat /proc/self/status\r"
37	expect {	30	expect {
38	timeout {puts "TESTING ERROR 5\n";exit}	31	timeout {puts "TESTING ERROR 5\n";exit}
39	"CapBnd: 0000000000000000"	32	"CapBnd: 0000000000000000"
@@ -42,17 +35,13 @@ expect {
42	timeout {puts "TESTING ERROR 6\n";exit}	35	timeout {puts "TESTING ERROR 6\n";exit}
43	"Seccomp:"	36	"Seccomp:"
44	}	37	}
45	send -- "exit\r"	38	after 500
46	sleep 1
47		39
48	send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r"	40	send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile cat /proc/self/status\r"
49	expect {	41	expect {
50	timeout {puts "TESTING ERROR 7\n";exit}	42	timeout {puts "TESTING ERROR 7\n";exit}
51	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"	43	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
52	}	44	}
53	after 100
54
55	send -- "cat /proc/self/status\r"
56	expect {	45	expect {
57	timeout {puts "TESTING ERROR 8\n";exit}	46	timeout {puts "TESTING ERROR 8\n";exit}
58	"CapBnd:"	47	"CapBnd:"
@@ -65,11 +54,9 @@ expect {
65	timeout {puts "TESTING ERROR 10\n";exit}	54	timeout {puts "TESTING ERROR 10\n";exit}
66	"Seccomp:"	55	"Seccomp:"
67	}	56	}
68	send -- "exit\r"	57	after 500
69	sleep 1
70		58
71		59	send -- "firejail --profile=caps1.profile --debug ls\r"
72	send -- "firejail --profile=caps1.profile --debug\r"
73	expect {	60	expect {
74	timeout {puts "TESTING ERROR 11\n";exit}	61	timeout {puts "TESTING ERROR 11\n";exit}
75	"Drop CAP_SYS_MODULE"	62	"Drop CAP_SYS_MODULE"
@@ -83,10 +70,7 @@ expect {
83	"Drop CAP_" {puts "TESTING ERROR 14\n";exit}	70	"Drop CAP_" {puts "TESTING ERROR 14\n";exit}
84	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"	71	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
85	}	72	}
86	after 100	73	after 500
87	send -- "exit\r"
88	sleep 1
89
90		74
91	## tofix: possible problem with caps.keep in profile files	75	## tofix: possible problem with caps.keep in profile files
92	##send -- "firejail --caps.keep=chown,fowner --noprofile\r"	76	##send -- "firejail --caps.keep=chown,fowner --noprofile\r"
@@ -110,14 +94,11 @@ sleep 1
110	#sleep 1	94	#sleep 1
111		95
112	#send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r"	96	#send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r"
113	send -- "firejail --profile=caps3.profile\r"	97	send -- "firejail --profile=caps3.profile cat /proc/self/status\r"
114	expect {	98	expect {
115	timeout {puts "TESTING ERROR 18\n";exit}	99	timeout {puts "TESTING ERROR 18\n";exit}
116	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"	100	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
117	}	101	}
118	after 100
119
120	send -- "cat /proc/self/status\r"
121	expect {	102	expect {
122	timeout {puts "TESTING ERROR 19\n";exit}	103	timeout {puts "TESTING ERROR 19\n";exit}
123	"CapBnd:"	104	"CapBnd:"
@@ -130,10 +111,5 @@ expect {
130	timeout {puts "TESTING ERROR 21\n";exit}	111	timeout {puts "TESTING ERROR 21\n";exit}
131	"Seccomp:"	112	"Seccomp:"
132	}	113	}
133	send -- "exit\r"	114	after 500
134	sleep 1
135
136
137
138	after 100
139	puts "\nall done\n"	115	puts "\nall done\n"


diff --git a/test/capabilities/firemon-caps.exp b/test/capabilities/firemon-caps.exp new file mode 100755 index 000000000..905c8cba9 --- /dev/null +++ b/test/capabilities/firemon-caps.exp
@@ -0,0 +1,47 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2023 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --name=bingo1 --noprofile --caps\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
		14	}
		15	sleep 1
		16
		17	spawn $env(SHELL)
		18	send -- "firejail --name=bingo2 --noprofile\r"
		19	expect {
		20	timeout {puts "TESTING ERROR 1\n";exit}
		21	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
		22	}
		23	sleep 1
		24
		25	spawn $env(SHELL)
		26	send -- "firemon --caps\r"
		27	expect {
		28	timeout {puts "TESTING ERROR 2\n";exit}
		29	"need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit}
		30	"bingo1"
		31	}
		32	expect {
		33	timeout {puts "TESTING ERROR 3\n";exit}
		34	"31cffff"
		35	}
		36	expect {
		37	timeout {puts "TESTING ERROR 4\n";exit}
		38	"bingo2"
		39	}
		40	expect {
		41	timeout {puts "TESTING ERROR 5\n";exit}
		42	"fffffff"
		43	}
		44
		45	after 500
		46
		47	puts "all done\n"


diff --git a/test/utils/caps-print.exp b/test/utils/caps-print.exp deleted file mode 100755 index 381f27574..000000000 --- a/test/utils/caps-print.exp +++ /dev/null
@@ -1,32 +0,0 @@
1	#!/usr/bin/expect -f
2	# This file is part of Firejail project
3	# Copyright (C) 2014-2023 Firejail Authors
4	# License GPL v2
5
6	set timeout 10
7	spawn $env(SHELL)
8	match_max 100000
9
10	send -- "firejail --name=test\r"
11	expect {
12	timeout {puts "TESTING ERROR 0\n";exit}
13	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
14	}
15	sleep 2
16
17	spawn $env(SHELL)
18	send -- "firejail --caps.print=test\r"
19	expect {
20	timeout {puts "TESTING ERROR 1\n";exit}
21	"setgid - disabled"
22	}
23	expect {
24	timeout {puts "TESTING ERROR 2\n";exit}
25	"setuid - disabled"
26	}
27	expect {
28	timeout {puts "TESTING ERROR 3\n";exit}
29	"net_raw - disabled"
30	}
31	after 100
32	puts "\nall done\n"


diff --git a/test/utils/caps1.profile b/test/utils/caps1.profile deleted file mode 100644 index 78c18fc64..000000000 --- a/test/utils/caps1.profile +++ /dev/null
@@ -1 +0,0 @@
1	caps.drop chown,kill


diff --git a/test/utils/caps2.profile b/test/utils/caps2.profile deleted file mode 100644 index e760d4cb5..000000000 --- a/test/utils/caps2.profile +++ /dev/null
@@ -1 +0,0 @@
1	caps.keep chown,kill


diff --git a/test/utils/firemon-caps.exp b/test/utils/firemon-caps.exp deleted file mode 100755 index 621447d45..000000000 --- a/test/utils/firemon-caps.exp +++ /dev/null
@@ -1,129 +0,0 @@
1	#!/usr/bin/expect -f
2	# This file is part of Firejail project
3	# Copyright (C) 2014-2023 Firejail Authors
4	# License GPL v2
5
6	set timeout 10
7	spawn $env(SHELL)
8	match_max 100000
9
10	send -- "firejail --name=bingo1 --noprofile --caps\r"
11	expect {
12	timeout {puts "TESTING ERROR 0\n";exit}
13	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
14	}
15	sleep 1
16
17	spawn $env(SHELL)
18	send -- "firejail --name=bingo2 --noprofile\r"
19	expect {
20	timeout {puts "TESTING ERROR 1\n";exit}
21	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
22	}
23	sleep 1
24
25	spawn $env(SHELL)
26	send -- "firejail --name=bingo3 --noprofile --caps.drop=all\r"
27	expect {
28	timeout {puts "TESTING ERROR 2\n";exit}
29	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
30	}
31	sleep 1
32
33	spawn $env(SHELL)
34	send -- "firejail --noprofile --name=bingo4 --caps.drop=chown,kill\r"
35	expect {
36	timeout {puts "TESTING ERROR 3\n";exit}
37	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
38	}
39	sleep 1
40
41	spawn $env(SHELL)
42	send -- "firejail --noprofile --name=bingo5 --caps.keep=chown,kill\r"
43	expect {
44	timeout {puts "TESTING ERROR 4\n";exit}
45	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
46	}
47	sleep 1
48
49	spawn $env(SHELL)
50	send -- "firejail --name=bingo6 --profile=caps1.profile\r"
51	expect {
52	timeout {puts "TESTING ERROR 5\n";exit}
53	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
54	}
55	sleep 1
56
57	spawn $env(SHELL)
58	send -- "firejail --name=bingo7 --profile=caps2.profile\r"
59	expect {
60	timeout {puts "TESTING ERROR 0\n";exit}
61	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
62	}
63	sleep 1
64
65	spawn $env(SHELL)
66	send -- "firemon --caps\r"
67	expect {
68	timeout {puts "TESTING ERROR 8.1\n";exit}
69	"need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit}
70	"bingo1"
71	}
72	expect {
73	timeout {puts "TESTING ERROR 8.2\n";exit}
74	"31cffff"
75	}
76	expect {
77	timeout {puts "TESTING ERROR 8.3\n";exit}
78	"bingo2"
79	}
80	expect {
81	timeout {puts "TESTING ERROR 8.4\n";exit}
82	"fffffff"
83	}
84	expect {
85	timeout {puts "TESTING ERROR 8.5\n";exit}
86	"bingo3"
87	}
88	expect {
89	timeout {puts "TESTING ERROR 8.6\n";exit}
90	"000000000000"
91	}
92
93	expect {
94	timeout {puts "TESTING ERROR 8.7\n";exit}
95	"bingo4"
96	}
97	expect {
98	timeout {puts "TESTING ERROR 8.8\n";exit}
99	"ffffffde"
100	}
101	expect {
102	timeout {puts "TESTING ERROR 8.9\n";exit}
103	"bingo5"
104	}
105	expect {
106	timeout {puts "TESTING ERROR 8.10\n";exit}
107	"0000000000000021"
108	}
109
110	expect {
111	timeout {puts "TESTING ERROR 8.11\n";exit}
112	"bingo6"
113	}
114	expect {
115	timeout {puts "TESTING ERROR 8.12\n";exit}
116	"ffffffde"
117	}
118	expect {
119	timeout {puts "TESTING ERROR 8.13\n";exit}
120	"bingo7"
121	}
122	expect {
123	timeout {puts "TESTING ERROR 8.14\n";exit}
124	"0000000000000021"
125	}
126
127	after 100
128
129	puts "all done\n"


diff --git a/test/utils/utils.sh b/test/utils/utils.sh index 9f04c2625..49ff8e6de 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh
@@ -61,9 +61,6 @@ echo "TESTING: fs.print (test/utils/fs-print.exp)"
61	echo "TESTING: dns.print (test/utils/dns-print.exp)"	61	echo "TESTING: dns.print (test/utils/dns-print.exp)"
62	./dns-print.exp	62	./dns-print.exp
63		63
64	echo "TESTING: caps.print (test/utils/caps-print.exp)"
65	./caps-print.exp
66
67	echo "TESTING: seccomp.print (test/utils/seccomp-print.exp)"	64	echo "TESTING: seccomp.print (test/utils/seccomp-print.exp)"
68	./seccomp-print.exp	65	./seccomp-print.exp
69		66
@@ -112,13 +109,6 @@ else
112	echo "TESTING SKIP: seccomp already active (test/utils/firemon-seccomp.exp)"	109	echo "TESTING SKIP: seccomp already active (test/utils/firemon-seccomp.exp)"
113	fi	110	fi
114		111
115	if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then
116	echo "TESTING: firemon caps (test/utils/firemon-caps.exp)"
117	./firemon-caps.exp
118	else
119	echo "TESTING SKIP: other capabilities than expected (test/utils/firemon-caps.exp)"
120	fi
121
122	echo "TESTING: firemon cpu (test/utils/firemon-cpu.exp)"	112	echo "TESTING: firemon cpu (test/utils/firemon-cpu.exp)"
123	./firemon-cpu.exp	113	./firemon-cpu.exp
124		114