appimage testing

author: netblue30 <netblue30@protonmail.com> 2023-03-01 08:52:53 -0500
committer: netblue30 <netblue30@protonmail.com> 2023-03-01 08:52:53 -0500
commit: b50812ff5ef5009b7c6babb19fd9caa315f31515 (patch)
tree: 0535438678837dffb9ba5ba988efa482d53c1fc3 /test
parent: chroot testing (diff)
download: firejail-b50812ff5ef5009b7c6babb19fd9caa315f31515.tar.gz
firejail-b50812ff5ef5009b7c6babb19fd9caa315f31515.tar.zst
firejail-b50812ff5ef5009b7c6babb19fd9caa315f31515.zip
9 files changed, 60 insertions, 235 deletions
diff --git a/test/appimage/Leafpad-0.8.17-x86_64.AppImage b/test/appimage/Leafpad-0.8.17-x86_64.AppImage
deleted file mode 100644
index 865f6b44c..000000000
--- a/test/appimage/Leafpad-0.8.17-x86_64.AppImage
+++ /dev/null
Binary files differ
diff --git a/test/appimage/Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage b/test/appimage/Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage
deleted file mode 100644
index d167431f3..000000000
--- a/test/appimage/Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage
+++ /dev/null
Binary files differ
diff --git a/test/appimage/appimage-args.exp b/test/appimage/appimage-args.exp
index e85e8a46a..ef64e862f 100755
--- a/test/appimage/appimage-args.exp
+++ b/test/appimage/appimage-args.exp
@@ -8,97 +8,15 @@ spawn $env(SHELL)
 match_max 100000
 set appimage_id $spawn_id
-send -- "firejail --name=test --debug --appimage Leafpad-0.8.17-x86_64.AppImage testfile\r"
+send -- "firejail --name=test --appimage hello-x86_64.AppImage testfile\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "execvp argument 2"
-}
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "AppRun"
-}
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "testfile"
-}
 expect {
        timeout {puts "TESTING ERROR 4\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
-sleep 2
-spawn $env(SHELL)
-send -- "firejail --list\r"
 expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
+        timeout {puts "TESTING ERROR 4\n";exit}
-        ":firejail"
+        "1 - testfile"
-}
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        "appimage Leafpad"
-}
-after 100
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 7\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 2
-spawn $env(SHELL)
-send -- "firemon --seccomp --wrap\r"
-expect {
-        timeout {puts "TESTING ERROR 8\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        "appimage Leafpad"
-}
-expect {
-        timeout {puts "TESTING ERROR 9 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 10\n";exit}
-        "name=blablabla"
-}
-after 100
-send -- "firemon --caps --wrap\r"
-expect {
-        timeout {puts "TESTING ERROR 11\n";exit}
-        "appimage Leafpad"
-}
-expect {
-        timeout {puts "TESTING ERROR 12\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 13\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 14\n";exit}
-        "name=blablabla"
-}
-after 100
-spawn $env(SHELL)
-send -- "firejail --shutdown=test\r"
-set spawn_id $appimage_id
-expect {
-        timeout {puts "shutdown\n";exit}
-        "AppImage detached"
 }
-after 100
+after 500
 puts "\nall done\n"
diff --git a/test/appimage/appimage-trace.exp b/test/appimage/appimage-trace.exp
index f98826138..c1e481a67 100755
--- a/test/appimage/appimage-trace.exp
+++ b/test/appimage/appimage-trace.exp
@@ -8,61 +8,28 @@ spawn $env(SHELL)
 match_max 100000
 set appimage_id $spawn_id
-send -- "firejail --trace --timeout=00:00:05 --appimage Leafpad-0.8.17-x86_64.AppImage\r"
+send -- "firejail --trace --timeout=00:00:05 --appimage hello-x86_64.AppImage\r"
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
 expect {
        timeout {puts "TESTING ERROR 2\n";exit}
-        "leafpad:socket"
+        "AppRun:exec"
 }
 expect {
        timeout {puts "TESTING ERROR 3\n";exit}
-        "leafpad:connect"
+        "AppRun:opendir"
 }
 expect {
        timeout {puts "TESTING ERROR 4\n";exit}
-        "X11-unix/X0"
+        "Hello, World!"
 }
 expect {
        timeout {puts "TESTING ERROR 5\n";exit}
-        "Parent is shutting down, bye"
+        "ping:exec"
 }
-expect {
-        timeout {puts "shutdown\n"}
-        "AppImage detached"
-}
-sleep 1
-send -- "firejail --trace --timeout=00:00:05 --appimage Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage\r"
-expect {
-        timeout {puts "TESTING ERROR 11\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-expect {
-        timeout {puts "TESTING ERROR 12\n";exit}
-        "leafpad:socket"
-}
-expect {
-        timeout {puts "TESTING ERROR 13\n";exit}
-        "leafpad:connect"
-}
-expect {
-        timeout {puts "TESTING ERROR 14\n";exit}
-        "X11-unix/X0"
-}
-expect {
-        timeout {puts "TESTING ERROR 15\n";exit}
-        "Parent is shutting down, bye"
-}
-expect {
-        timeout {puts "shutdown\n"}
-        "AppImage detached"
-}
-sleep 1
-after 100
+after 500
 puts "\nall done\n"
diff --git a/test/appimage/appimage-v1.exp b/test/appimage/appimage-v1.exp
deleted file mode 100755
index bb360cd18..000000000
--- a/test/appimage/appimage-v1.exp
+++ /dev/null
@@ -1,92 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2023 Firejail Authors
-# License GPL v2
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-set appimage_id $spawn_id
-send -- "firejail --name=test --debug --appimage Leafpad-0.8.17-x86_64.AppImage\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 2
-spawn $env(SHELL)
-send -- "firejail --list\r"
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        ":firejail"
-}
-expect {
-        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "appimage Leafpad"
-}
-after 100
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
-send -- "firejail --name=blablabla\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 2
-spawn $env(SHELL)
-send -- "firemon --seccomp --wrap\r"
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        "appimage Leafpad"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
-        "Seccomp:       2"
-}
-expect {
-        timeout {puts "TESTING ERROR 5.1\n";exit}
-        "name=blablabla"
-}
-after 100
-send -- "firemon --caps --wrap\r"
-expect {
-        timeout {puts "TESTING ERROR 6\n";exit}
-        "appimage Leafpad"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.1\n";exit}
-        "CapBnd:"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.2\n";exit}
-        "0000000000000000"
-}
-expect {
-        timeout {puts "TESTING ERROR 6.3\n";exit}
-        "name=blablabla"
-}
-after 100
-spawn $env(SHELL)
-send -- "firejail --shutdown=test\r"
-set spawn_id $appimage_id
-expect {
-        timeout {puts "shutdown\n"}
-        "AppImage detached"
-}
-after 100
-puts "\nall done\n"
diff --git a/test/appimage/appimage-v2.exp b/test/appimage/appimage-v2.exp
index 748ac3d79..2d86de240 100755
--- a/test/appimage/appimage-v2.exp
+++ b/test/appimage/appimage-v2.exp
@@ -8,12 +8,24 @@ spawn $env(SHELL)
 match_max 100000
 set appimage_id $spawn_id
-send -- "firejail --name=test --appimage Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage\r"
+send -- "firejail --name=test --appimage hello-x86_64.AppImage\r"
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
-sleep 2
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Hello, World!"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Operation not permitted"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Hello, again!"
+}
+sleep 5
 spawn $env(SHELL)
 send -- "firejail --list\r"
@@ -23,19 +35,10 @@ expect {
 }
 expect {
        timeout {puts "TESTING ERROR 3.1\n";exit}
-        "appimage Leafpad"
+        "appimage hello-x86_64"
 }
 after 100
-# grsecurity exit
-send -- "file /proc/sys/kernel/grsecurity\r"
-expect {
-        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
-        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
-        "cannot open" {puts "grsecurity not present\n"}
-}
 send -- "firejail --name=blablabla\r"
 expect {
        timeout {puts "TESTING ERROR 4\n";exit}
@@ -48,7 +51,7 @@ send -- "firemon --seccomp\r"
 expect {
        timeout {puts "TESTING ERROR 5\n";exit}
        "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
-        "appimage Leafpad"
+        "appimage hello-x86_64"
 }
 expect {
        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
@@ -62,7 +65,7 @@ after 100
 send -- "firemon --caps\r"
 expect {
        timeout {puts "TESTING ERROR 6\n";exit}
-        "appimage Leafpad"
+        "appimage hello-x86_64"
 }
 expect {
        timeout {puts "TESTING ERROR 6.1\n";exit}
diff --git a/test/appimage/appimage.sh b/test/appimage/appimage.sh
index 0c50434ac..57e389249 100755
--- a/test/appimage/appimage.sh
+++ b/test/appimage/appimage.sh
@@ -7,16 +7,13 @@ export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
 export LC_ALL=C
-echo "TESTING: AppImage v1 (test/appimage/appimage-v1.exp)"
-./appimage-v1.exp
 echo "TESTING: AppImage v2 (test/appimage/appimage-v2.exp)"
 ./appimage-v2.exp
 echo "TESTING: AppImage file name (test/appimage/filename.exp)"
 ./filename.exp
-echo "TESTING: AppImage argsv1 (test/appimage/appimage-args.exp)"
+echo "TESTING: AppImage args (test/appimage/appimage-args.exp)"
 ./appimage-args.exp
 echo "TESTING: AppImage trace (test/appimage/appimage-trace.exp)"
diff --git a/test/appimage/hello-x86_64.AppImage b/test/appimage/hello-x86_64.AppImage
new file mode 100755
index 000000000..b5d68fc5c
--- /dev/null
+++ b/test/appimage/hello-x86_64.AppImage
Binary files differ
diff --git a/test/appimage/main.c b/test/appimage/main.c
new file mode 100644
index 000000000..83c495183
--- /dev/null
+++ b/test/appimage/main.c
@@ -0,0 +1,32 @@
+// This is a simple hello program compiled on Debian 11 (glibc 2.31)
+// and packaged as an appimage using appimagetool from
+// https://github.com/AppImage/AppImageKit. The tool in installed
+// in the current directory.
+//
+// Building the appimage:
+//      mkdir -p AppDir/usr/bin
+//      gcc -o AppDir/usr/bin/hello main.c && strip AppDir/usr/bin/hello
+//      ./appimagetool AppDir
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+int main(int argc, char **argv) {
+        // test args
+        int i;
+        for (i = 1; i < argc; i++)
+                printf("%d - %s\n", i, argv[i]);
+        printf("Hello, World!\n");
+        // elevate privileges - firejail should block it
+        system("ping -c 3 127.0.0.1\n");
+        printf("Hello, again!\n");
+        sleep(30);
+        return 0;
+}
author	netblue30 <netblue30@protonmail.com>	2023-03-01 08:52:53 -0500
committer	netblue30 <netblue30@protonmail.com>	2023-03-01 08:52:53 -0500
commit	b50812ff5ef5009b7c6babb19fd9caa315f31515 (patch)
tree	0535438678837dffb9ba5ba988efa482d53c1fc3 /test
parent	chroot testing (diff)
download	firejail-b50812ff5ef5009b7c6babb19fd9caa315f31515.tar.gz firejail-b50812ff5ef5009b7c6babb19fd9caa315f31515.tar.zst firejail-b50812ff5ef5009b7c6babb19fd9caa315f31515.zip

diff --git a/test/appimage/Leafpad-0.8.17-x86_64.AppImage b/test/appimage/Leafpad-0.8.17-x86_64.AppImage deleted file mode 100644 index 865f6b44c..000000000 --- a/test/appimage/Leafpad-0.8.17-x86_64.AppImage +++ /dev/null
Binary files differ


diff --git a/test/appimage/Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage b/test/appimage/Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage deleted file mode 100644 index d167431f3..000000000 --- a/test/appimage/Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage +++ /dev/null
Binary files differ


diff --git a/test/appimage/appimage-args.exp b/test/appimage/appimage-args.exp index e85e8a46a..ef64e862f 100755 --- a/test/appimage/appimage-args.exp +++ b/test/appimage/appimage-args.exp
@@ -8,97 +8,15 @@ spawn $env(SHELL)
8	match_max 100000	8	match_max 100000
9		9
10	set appimage_id $spawn_id	10	set appimage_id $spawn_id
11	send -- "firejail --name=test --debug --appimage Leafpad-0.8.17-x86_64.AppImage testfile\r"	11	send -- "firejail --name=test --appimage hello-x86_64.AppImage testfile\r"
12	expect {
13	timeout {puts "TESTING ERROR 1\n";exit}
14	"execvp argument 2"
15	}
16	expect {
17	timeout {puts "TESTING ERROR 2\n";exit}
18	"AppRun"
19	}
20	expect {
21	timeout {puts "TESTING ERROR 3\n";exit}
22	"testfile"
23	}
24	expect {	12	expect {
25	timeout {puts "TESTING ERROR 4\n";exit}	13	timeout {puts "TESTING ERROR 4\n";exit}
26	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"	14	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
27	}	15	}
28	sleep 2
29
30	spawn $env(SHELL)
31	send -- "firejail --list\r"
32	expect {	16	expect {
33	timeout {puts "TESTING ERROR 5\n";exit}	17	timeout {puts "TESTING ERROR 4\n";exit}
34	":firejail"	18	"1 - testfile"
35	}
36	expect {
37	timeout {puts "TESTING ERROR 6\n";exit}
38	"appimage Leafpad"
39	}
40	after 100
41
42	# grsecurity exit
43	send -- "file /proc/sys/kernel/grsecurity\r"
44	expect {
45	timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
46	"grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
47	"cannot open" {puts "grsecurity not present\n"}
48	}
49
50
51	send -- "firejail --name=blablabla\r"
52	expect {
53	timeout {puts "TESTING ERROR 7\n";exit}
54	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
55	}
56	sleep 2
57
58	spawn $env(SHELL)
59	send -- "firemon --seccomp --wrap\r"
60	expect {
61	timeout {puts "TESTING ERROR 8\n";exit}
62	"need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
63	"appimage Leafpad"
64	}
65	expect {
66	timeout {puts "TESTING ERROR 9 (seccomp)\n";exit}
67	"Seccomp: 2"
68	}
69	expect {
70	timeout {puts "TESTING ERROR 10\n";exit}
71	"name=blablabla"
72	}
73	after 100
74	send -- "firemon --caps --wrap\r"
75	expect {
76	timeout {puts "TESTING ERROR 11\n";exit}
77	"appimage Leafpad"
78	}
79	expect {
80	timeout {puts "TESTING ERROR 12\n";exit}
81	"CapBnd:"
82	}
83	expect {
84	timeout {puts "TESTING ERROR 13\n";exit}
85	"0000000000000000"
86	}
87	expect {
88	timeout {puts "TESTING ERROR 14\n";exit}
89	"name=blablabla"
90	}
91	after 100
92
93	spawn $env(SHELL)
94	send -- "firejail --shutdown=test\r"
95
96	set spawn_id $appimage_id
97	expect {
98	timeout {puts "shutdown\n";exit}
99	"AppImage detached"
100	}	19	}
101		20
102	after 100	21	after 500
103
104	puts "\nall done\n"	22	puts "\nall done\n"


diff --git a/test/appimage/appimage-trace.exp b/test/appimage/appimage-trace.exp index f98826138..c1e481a67 100755 --- a/test/appimage/appimage-trace.exp +++ b/test/appimage/appimage-trace.exp
@@ -8,61 +8,28 @@ spawn $env(SHELL)
8	match_max 100000	8	match_max 100000
9	set appimage_id $spawn_id	9	set appimage_id $spawn_id
10		10
11	send -- "firejail --trace --timeout=00:00:05 --appimage Leafpad-0.8.17-x86_64.AppImage\r"	11	send -- "firejail --trace --timeout=00:00:05 --appimage hello-x86_64.AppImage\r"
12	expect {	12	expect {
13	timeout {puts "TESTING ERROR 1\n";exit}	13	timeout {puts "TESTING ERROR 1\n";exit}
14	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"	14	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
15	}	15	}
16	expect {	16	expect {
17	timeout {puts "TESTING ERROR 2\n";exit}	17	timeout {puts "TESTING ERROR 2\n";exit}
18	"leafpad:socket"	18	"AppRun:exec"
19	}	19	}
20	expect {	20	expect {
21	timeout {puts "TESTING ERROR 3\n";exit}	21	timeout {puts "TESTING ERROR 3\n";exit}
22	"leafpad:connect"	22	"AppRun:opendir"
23	}	23	}
24	expect {	24	expect {
25	timeout {puts "TESTING ERROR 4\n";exit}	25	timeout {puts "TESTING ERROR 4\n";exit}
26	"X11-unix/X0"	26	"Hello, World!"
27	}	27	}
28	expect {	28	expect {
29	timeout {puts "TESTING ERROR 5\n";exit}	29	timeout {puts "TESTING ERROR 5\n";exit}
30	"Parent is shutting down, bye"	30	"ping:exec"
31	}	31	}
32	expect {
33	timeout {puts "shutdown\n"}
34	"AppImage detached"
35	}
36	sleep 1
37
38	send -- "firejail --trace --timeout=00:00:05 --appimage Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage\r"
39	expect {
40	timeout {puts "TESTING ERROR 11\n";exit}
41	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
42	}
43	expect {
44	timeout {puts "TESTING ERROR 12\n";exit}
45	"leafpad:socket"
46	}
47	expect {
48	timeout {puts "TESTING ERROR 13\n";exit}
49	"leafpad:connect"
50	}
51	expect {
52	timeout {puts "TESTING ERROR 14\n";exit}
53	"X11-unix/X0"
54	}
55	expect {
56	timeout {puts "TESTING ERROR 15\n";exit}
57	"Parent is shutting down, bye"
58	}
59	expect {
60	timeout {puts "shutdown\n"}
61	"AppImage detached"
62	}
63	sleep 1
64
65		32
66	after 100	33	after 500
67		34
68	puts "\nall done\n"	35	puts "\nall done\n"


diff --git a/test/appimage/appimage-v1.exp b/test/appimage/appimage-v1.exp deleted file mode 100755 index bb360cd18..000000000 --- a/test/appimage/appimage-v1.exp +++ /dev/null
@@ -1,92 +0,0 @@
1	#!/usr/bin/expect -f
2	# This file is part of Firejail project
3	# Copyright (C) 2014-2023 Firejail Authors
4	# License GPL v2
5
6	set timeout 10
7	spawn $env(SHELL)
8	match_max 100000
9	set appimage_id $spawn_id
10
11	send -- "firejail --name=test --debug --appimage Leafpad-0.8.17-x86_64.AppImage\r"
12	expect {
13	timeout {puts "TESTING ERROR 1\n";exit}
14	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
15	}
16	sleep 2
17
18	spawn $env(SHELL)
19	send -- "firejail --list\r"
20	expect {
21	timeout {puts "TESTING ERROR 3\n";exit}
22	":firejail"
23	}
24	expect {
25	timeout {puts "TESTING ERROR 3.1\n";exit}
26	"appimage Leafpad"
27	}
28	after 100
29
30	# grsecurity exit
31	send -- "file /proc/sys/kernel/grsecurity\r"
32	expect {
33	timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
34	"grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
35	"cannot open" {puts "grsecurity not present\n"}
36	}
37
38
39	send -- "firejail --name=blablabla\r"
40	expect {
41	timeout {puts "TESTING ERROR 4\n";exit}
42	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
43	}
44	sleep 2
45
46	spawn $env(SHELL)
47	send -- "firemon --seccomp --wrap\r"
48	expect {
49	timeout {puts "TESTING ERROR 5\n";exit}
50	"need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
51	"appimage Leafpad"
52	}
53	expect {
54	timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
55	"Seccomp: 2"
56	}
57	expect {
58	timeout {puts "TESTING ERROR 5.1\n";exit}
59	"name=blablabla"
60	}
61	after 100
62	send -- "firemon --caps --wrap\r"
63	expect {
64	timeout {puts "TESTING ERROR 6\n";exit}
65	"appimage Leafpad"
66	}
67	expect {
68	timeout {puts "TESTING ERROR 6.1\n";exit}
69	"CapBnd:"
70	}
71	expect {
72	timeout {puts "TESTING ERROR 6.2\n";exit}
73	"0000000000000000"
74	}
75	expect {
76	timeout {puts "TESTING ERROR 6.3\n";exit}
77	"name=blablabla"
78	}
79	after 100
80
81	spawn $env(SHELL)
82	send -- "firejail --shutdown=test\r"
83
84	set spawn_id $appimage_id
85	expect {
86	timeout {puts "shutdown\n"}
87	"AppImage detached"
88	}
89
90	after 100
91
92	puts "\nall done\n"


diff --git a/test/appimage/appimage-v2.exp b/test/appimage/appimage-v2.exp index 748ac3d79..2d86de240 100755 --- a/test/appimage/appimage-v2.exp +++ b/test/appimage/appimage-v2.exp
@@ -8,12 +8,24 @@ spawn $env(SHELL)
8	match_max 100000	8	match_max 100000
9	set appimage_id $spawn_id	9	set appimage_id $spawn_id
10		10
11	send -- "firejail --name=test --appimage Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage\r"	11	send -- "firejail --name=test --appimage hello-x86_64.AppImage\r"
12	expect {	12	expect {
13	timeout {puts "TESTING ERROR 1\n";exit}	13	timeout {puts "TESTING ERROR 1\n";exit}
14	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"	14	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
15	}	15	}
16	sleep 2	16	expect {
		17	timeout {puts "TESTING ERROR 1\n";exit}
		18	"Hello, World!"
		19	}
		20	expect {
		21	timeout {puts "TESTING ERROR 1\n";exit}
		22	"Operation not permitted"
		23	}
		24	expect {
		25	timeout {puts "TESTING ERROR 1\n";exit}
		26	"Hello, again!"
		27	}
		28	sleep 5
17		29
18	spawn $env(SHELL)	30	spawn $env(SHELL)
19	send -- "firejail --list\r"	31	send -- "firejail --list\r"
@@ -23,19 +35,10 @@ expect {
23	}	35	}
24	expect {	36	expect {
25	timeout {puts "TESTING ERROR 3.1\n";exit}	37	timeout {puts "TESTING ERROR 3.1\n";exit}
26	"appimage Leafpad"	38	"appimage hello-x86_64"
27	}	39	}
28	after 100	40	after 100
29		41
30	# grsecurity exit
31	send -- "file /proc/sys/kernel/grsecurity\r"
32	expect {
33	timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
34	"grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
35	"cannot open" {puts "grsecurity not present\n"}
36	}
37
38
39	send -- "firejail --name=blablabla\r"	42	send -- "firejail --name=blablabla\r"
40	expect {	43	expect {
41	timeout {puts "TESTING ERROR 4\n";exit}	44	timeout {puts "TESTING ERROR 4\n";exit}
@@ -48,7 +51,7 @@ send -- "firemon --seccomp\r"
48	expect {	51	expect {
49	timeout {puts "TESTING ERROR 5\n";exit}	52	timeout {puts "TESTING ERROR 5\n";exit}
50	"need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}	53	"need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
51	"appimage Leafpad"	54	"appimage hello-x86_64"
52	}	55	}
53	expect {	56	expect {
54	timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}	57	timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
@@ -62,7 +65,7 @@ after 100
62	send -- "firemon --caps\r"	65	send -- "firemon --caps\r"
63	expect {	66	expect {
64	timeout {puts "TESTING ERROR 6\n";exit}	67	timeout {puts "TESTING ERROR 6\n";exit}
65	"appimage Leafpad"	68	"appimage hello-x86_64"
66	}	69	}
67	expect {	70	expect {
68	timeout {puts "TESTING ERROR 6.1\n";exit}	71	timeout {puts "TESTING ERROR 6.1\n";exit}


diff --git a/test/appimage/appimage.sh b/test/appimage/appimage.sh index 0c50434ac..57e389249 100755 --- a/test/appimage/appimage.sh +++ b/test/appimage/appimage.sh
@@ -7,16 +7,13 @@ export MALLOC_CHECK_=3
7	export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))	7	export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
8	export LC_ALL=C	8	export LC_ALL=C
9		9
10	echo "TESTING: AppImage v1 (test/appimage/appimage-v1.exp)"
11	./appimage-v1.exp
12
13	echo "TESTING: AppImage v2 (test/appimage/appimage-v2.exp)"	10	echo "TESTING: AppImage v2 (test/appimage/appimage-v2.exp)"
14	./appimage-v2.exp	11	./appimage-v2.exp
15		12
16	echo "TESTING: AppImage file name (test/appimage/filename.exp)"	13	echo "TESTING: AppImage file name (test/appimage/filename.exp)"
17	./filename.exp	14	./filename.exp
18		15
19	echo "TESTING: AppImage argsv1 (test/appimage/appimage-args.exp)"	16	echo "TESTING: AppImage args (test/appimage/appimage-args.exp)"
20	./appimage-args.exp	17	./appimage-args.exp
21		18
22	echo "TESTING: AppImage trace (test/appimage/appimage-trace.exp)"	19	echo "TESTING: AppImage trace (test/appimage/appimage-trace.exp)"


diff --git a/test/appimage/hello-x86_64.AppImage b/test/appimage/hello-x86_64.AppImage new file mode 100755 index 000000000..b5d68fc5c --- /dev/null +++ b/test/appimage/hello-x86_64.AppImage
Binary files differ


diff --git a/test/appimage/main.c b/test/appimage/main.c new file mode 100644 index 000000000..83c495183 --- /dev/null +++ b/test/appimage/main.c
@@ -0,0 +1,32 @@
		1	// This is a simple hello program compiled on Debian 11 (glibc 2.31)
		2	// and packaged as an appimage using appimagetool from
		3	// https://github.com/AppImage/AppImageKit. The tool in installed
		4	// in the current directory.
		5	//
		6	// Building the appimage:
		7	// mkdir -p AppDir/usr/bin
		8	// gcc -o AppDir/usr/bin/hello main.c && strip AppDir/usr/bin/hello
		9	// ./appimagetool AppDir
		10
		11
		12	#include <stdio.h>
		13	#include <stdlib.h>
		14	#include <unistd.h>
		15
		16	int main(int argc, char **argv) {
		17	// test args
		18	int i;
		19	for (i = 1; i < argc; i++)
		20	printf("%d - %s\n", i, argv[i]);
		21
		22	printf("Hello, World!\n");
		23
		24	// elevate privileges - firejail should block it
		25	system("ping -c 3 127.0.0.1\n");
		26
		27	printf("Hello, again!\n");
		28	sleep(30);
		29
		30	return 0;
		31	}
		32