testing

author: netblue30 <netblue30@protonmail.com> 2023-03-09 08:39:25 -0500
committer: netblue30 <netblue30@protonmail.com> 2023-03-09 08:39:25 -0500
commit: c79aa14295f907ffac0cf5555515602b7393b8b6 (patch)
tree: 87a114af4e12388e09e2d16d518b50be9ddbe0a6 /test
parent: testing (diff)
download: firejail-c79aa14295f907ffac0cf5555515602b7393b8b6.tar.gz
firejail-c79aa14295f907ffac0cf5555515602b7393b8b6.tar.zst
firejail-c79aa14295f907ffac0cf5555515602b7393b8b6.zip
18 files changed, 177 insertions, 108 deletions
diff --git a/test/filters/filters.sh b/test/filters/filters.sh
index e19047e6f..56c97482e 100755
--- a/test/filters/filters.sh
+++ b/test/filters/filters.sh
@@ -53,9 +53,6 @@ fi
 echo "TESTING: seccomp postexec (test/filters/seccomp-postexec.exp)"
 ./seccomp-postexec.exp
-echo "TESTING: noroot (test/filters/noroot.exp)"
-./noroot.exp
 #if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then
 #       echo "TESTING: capabilities (test/filters/caps.exp)"
diff --git a/test/filters/seccomp-debug.exp b/test/filters/seccomp-debug.exp
index dc6befcfe..33a992a93 100755
--- a/test/filters/seccomp-debug.exp
+++ b/test/filters/seccomp-debug.exp
@@ -97,61 +97,4 @@ expect {
 }
 after 100
-# memory-deny-write-execute
-send --  "firejail --debug --memory-deny-write-execute sleep 1; echo done\r"
-expect {
-        timeout {puts "TESTING ERROR 24\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-expect {
-        timeout {puts "TESTING ERROR 25\n";exit}
-        "Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter"
-}
-expect {
-        timeout {puts "TESTING ERROR 26\n";exit}
-        "done"
-}
-# 64 bit architecture - seccomp.block-secondary
-send --  "firejail --debug --seccomp.block-secondary sleep 1; echo done\r"
-expect {
-        timeout {puts "TESTING ERROR 27\n";exit}
-        "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 28\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-expect {
-        timeout {puts "TESTING ERROR 29\n";exit}
-        "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 30\n";exit}
-        "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter"
-}
-expect {
-        timeout {puts "TESTING ERROR 31\n";exit}
-        "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 32\n";exit}
-        "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter"
-}
-expect {
-        timeout {puts "TESTING ERROR 33\n";exit}
-        "done"
-}
-after 100
-# 64 bit architecture - seccomp.block-secondary, profile
-send --  "firejail --debug --profile=block-secondary.profile sleep 1; echo done\r"
-expect {
-        timeout {puts "TESTING ERROR 33\n";exit}
-        "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 34\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-expect {
-        timeout {puts "TESTING ERROR 35\n";exit}
-        "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit}
-        "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter"
-}
-expect {
-        timeout {puts "TESTING ERROR 37\n";exit}
-        "done"
-}
-after 100
 puts "all done\n"
diff --git a/test/network/netstats.exp b/test/network/netstats.exp
index 0d1bc4c2c..d9da9cb75 100755
--- a/test/network/netstats.exp
+++ b/test/network/netstats.exp
@@ -12,7 +12,7 @@ expect {
        timeout {puts "TESTING ERROR 1\n";exit}
        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
-sleep 2
+sleep 4
 spawn $env(SHELL)
 send -- "firejail --netstats\r"
diff --git a/test/seccomp-extra/block-secondary.exp b/test/seccomp-extra/block-secondary.exp
new file mode 100755
index 000000000..1db512126
--- /dev/null
+++ b/test/seccomp-extra/block-secondary.exp
@@ -0,0 +1,43 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+# 64 bit architecture - seccomp.block-secondary
+send --  "firejail --debug --seccomp.block-secondary pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 2\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 4\n";exit}
+        "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 6\n";exit}
+        "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter"
+}
+after 500
+# 64 bit architecture - seccomp.block-secondary, profile
+send --  "firejail --debug --profile=block-secondary.profile pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 8\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 10\n";exit}
+        "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter"
+}
+after 500
+puts "all done\n"
diff --git a/test/filters/block-secondary.profile b/test/seccomp-extra/block-secondary.profile
index e32056c3d..e32056c3d 100644
--- a/test/filters/block-secondary.profile
+++ b/test/seccomp-extra/block-secondary.profile
diff --git a/test/filters/memwrexe b/test/seccomp-extra/memwrexe
index 1173cdc07..82ea7631f 100755
--- a/test/filters/memwrexe
+++ b/test/seccomp-extra/memwrexe
Binary files differ
diff --git a/test/filters/memwrexe.c b/test/seccomp-extra/memwrexe.c
index 548320df9..548320df9 100644
--- a/test/filters/memwrexe.c
+++ b/test/seccomp-extra/memwrexe.c
diff --git a/test/seccomp-extra/mrwx.exp b/test/seccomp-extra/mrwx.exp
new file mode 100755
index 000000000..403bc852f
--- /dev/null
+++ b/test/seccomp-extra/mrwx.exp
@@ -0,0 +1,37 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+# memory-deny-write-execute
+send --  "firejail --debug --memory-deny-write-execute pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter"
+}
+after 500
+send --  "firejail --debug --profile=mrwx.profile pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter"
+}
+after 500
+after 500
+puts "all done\n"
diff --git a/test/seccomp-extra/mrwx.profile b/test/seccomp-extra/mrwx.profile
new file mode 100644
index 000000000..46d6cedee
--- /dev/null
+++ b/test/seccomp-extra/mrwx.profile
@@ -0,0 +1 @@
+memory-deny-write-execute
diff --git a/test/filters/memwrexe.exp b/test/seccomp-extra/mrwx2.exp
index e51b3372e..4703a4014 100755
--- a/test/filters/memwrexe.exp
+++ b/test/seccomp-extra/mrwx2.exp
@@ -17,7 +17,7 @@ expect {
        "mmap successful" {puts "TESTING ERROR 2\n";exit}
        "Parent is shutting down"
 }
-after 100
+after 500
 send --  "firejail --memory-deny-write-execute ./memwrexe mprotect\r"
 expect {
@@ -29,7 +29,7 @@ expect {
        "mprotect successful" {puts "TESTING ERROR 12\n";exit}
        "Parent is shutting down"
 }
-after 100
+after 500
 send --  "firejail --memory-deny-write-execute ./memwrexe memfd_create\r"
 expect {
@@ -42,5 +42,5 @@ expect {
        "Parent is shutting down"
 }
-after 100
+after 500
 puts "\nall done\n"
diff --git a/test/filters/noroot.exp b/test/seccomp-extra/noroot.exp
index 8a8842cd9..eeb82833e 100755
--- a/test/filters/noroot.exp
+++ b/test/seccomp-extra/noroot.exp
@@ -132,5 +132,5 @@ expect {
 puts "\n"
-after 100
+after 500
 puts "\nall done\n"
diff --git a/test/seccomp-extra/protocol-print.exp b/test/seccomp-extra/protocol-print.exp
new file mode 100755
index 000000000..7e76e6ff6
--- /dev/null
+++ b/test/seccomp-extra/protocol-print.exp
@@ -0,0 +1,59 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --name=test0\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+sleep 2
+spawn $env(SHELL)
+send -- "firejail --name=test1 --profile=protocol1.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+sleep 2
+spawn $env(SHELL)
+send -- "firejail --name=test2 --profile=protocol2.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+sleep 2
+spawn $env(SHELL)
+send -- "firejail --protocol.print=test0\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "packet" {puts "TESTING ERROR 4\n";exit}
+        "unix,inet,inet6"
+}
+after 500
+send -- "firejail --protocol.print=test1\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "inet" {puts "TESTING ERROR 6\n";exit}
+        "unix"
+}
+after 500
+send -- "firejail --protocol.print=test2\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "unix" {puts "TESTING ERROR 8\n";exit}
+        "inet6,packet"
+}
+after 500
+puts "\nall done\n"
diff --git a/test/filters/protocol.exp b/test/seccomp-extra/protocol.exp
index 5320dde6f..5844e1de3 100755
--- a/test/filters/protocol.exp
+++ b/test/seccomp-extra/protocol.exp
@@ -7,7 +7,7 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
-send -- "firejail --noprofile --protocol=unix --debug\r"
+send -- "firejail --noprofile --protocol=unix --debug pwd\r"
 expect {
        timeout {puts "TESTING ERROR 1\n";exit}
        "0009: 20 00 00 00000000"
@@ -29,11 +29,9 @@ expect {
        "0012: 06 00 00 0005005f"
 }
-after 100
+after 500
-send -- "exit\r"
-sleep 1
-send -- "firejail --noprofile --protocol=bluetooth --debug\r"
+send -- "firejail --noprofile --protocol=bluetooth --debug pwd\r"
 expect {
        timeout {puts "TESTING ERROR 11\n";exit}
        "0009: 20 00 00 00000000"
@@ -54,12 +52,9 @@ expect {
        timeout {puts "TESTING ERROR1 5\n";exit}
        "0012: 06 00 00 0005005f"
 }
+after 500
-after 100
+send -- "firejail --noprofile --protocol=inet,inet6 --debug pwd\r"
-send -- "exit\r"
-sleep 1
-send -- "firejail --noprofile --protocol=inet,inet6 --debug\r"
 expect {
        timeout {puts "TESTING ERROR 31\n";exit}
        "0009: 20 00 00 00000000"
@@ -88,10 +83,5 @@ expect {
        timeout {puts "TESTING ERROR 37\n";exit}
        "0014: 06 00 00 0005005f"
 }
+after 500
-after 100
-send -- "exit\r"
-after 100
 puts "\nall done\n"
diff --git a/test/filters/protocol1.profile b/test/seccomp-extra/protocol1.profile
index 3e1ea2a29..3e1ea2a29 100644
--- a/test/filters/protocol1.profile
+++ b/test/seccomp-extra/protocol1.profile
diff --git a/test/filters/protocol2.profile b/test/seccomp-extra/protocol2.profile
index b7eb4ab91..b7eb4ab91 100644
--- a/test/filters/protocol2.profile
+++ b/test/seccomp-extra/protocol2.profile
diff --git a/test/seccomp-extra/seccomp-extra.sh b/test/seccomp-extra/seccomp-extra.sh
new file mode 100755
index 000000000..50852f7e0
--- /dev/null
+++ b/test/seccomp-extra/seccomp-extra.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+export MALLOC_CHECK_=3
+export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
+export LC_ALL=C
+echo "TESTING: protocol (test/seccomp-extras/protocol-print.exp)"
+./protocol.exp
+echo "TESTING: protocol.print (test/seccomp-extras/protocol-print.exp)"
+./protocol-print.exp
+echo "TESTING: noroot (test/seccomp-extras/noroot.exp)"
+./noroot.exp
+echo "TESTING: mrwx (test/seccomp-extras/mrwx.exp)"
+./mrwx.exp
+echo "TESTING: mrwx2 (test/seccomp-extras/mrwx.exp)"
+./mrwx2.exp
+echo "TESTING: block-secondary (test/seccomp-extras/block-secondary.exp)"
+./block-secondary.exp
diff --git a/test/utils/protocol-print.exp b/test/utils/protocol-print.exp
deleted file mode 100755
index f24afc703..000000000
--- a/test/utils/protocol-print.exp
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2023 Firejail Authors
-# License GPL v2
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send -- "firejail --name=test\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 2
-spawn $env(SHELL)
-send -- "firejail --protocol.print=test\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "unix,inet,inet6"
-}
-after 100
-puts "\nall done\n"
diff --git a/test/utils/utils.sh b/test/utils/utils.sh
index 4937cf459..9ff4048ef 100755
--- a/test/utils/utils.sh
+++ b/test/utils/utils.sh
@@ -64,9 +64,6 @@ echo "TESTING: dns.print (test/utils/dns-print.exp)"
 echo "TESTING: seccomp.print (test/utils/seccomp-print.exp)"
 ./seccomp-print.exp
-echo "TESTING: protocol.print (test/utils/protocol-print.exp)"
-./protocol-print.exp
 echo "TESTING: shutdown (test/utils/shutdown.exp)"
 ./shutdown.exp
author	netblue30 <netblue30@protonmail.com>	2023-03-09 08:39:25 -0500
committer	netblue30 <netblue30@protonmail.com>	2023-03-09 08:39:25 -0500
commit	c79aa14295f907ffac0cf5555515602b7393b8b6 (patch)
tree	87a114af4e12388e09e2d16d518b50be9ddbe0a6 /test
parent	testing (diff)
download	firejail-c79aa14295f907ffac0cf5555515602b7393b8b6.tar.gz firejail-c79aa14295f907ffac0cf5555515602b7393b8b6.tar.zst firejail-c79aa14295f907ffac0cf5555515602b7393b8b6.zip

diff --git a/test/filters/filters.sh b/test/filters/filters.sh index e19047e6f..56c97482e 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh
@@ -53,9 +53,6 @@ fi
53	echo "TESTING: seccomp postexec (test/filters/seccomp-postexec.exp)"	53	echo "TESTING: seccomp postexec (test/filters/seccomp-postexec.exp)"
54	./seccomp-postexec.exp	54	./seccomp-postexec.exp
55		55
56	echo "TESTING: noroot (test/filters/noroot.exp)"
57	./noroot.exp
58
59		56
60	#if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then	57	#if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then
61	# echo "TESTING: capabilities (test/filters/caps.exp)"	58	# echo "TESTING: capabilities (test/filters/caps.exp)"


diff --git a/test/filters/seccomp-debug.exp b/test/filters/seccomp-debug.exp index dc6befcfe..33a992a93 100755 --- a/test/filters/seccomp-debug.exp +++ b/test/filters/seccomp-debug.exp
@@ -97,61 +97,4 @@ expect {
97	}	97	}
98	after 100	98	after 100
99		99
100	# memory-deny-write-execute
101	send -- "firejail --debug --memory-deny-write-execute sleep 1; echo done\r"
102	expect {
103	timeout {puts "TESTING ERROR 24\n";exit}
104	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
105	}
106	expect {
107	timeout {puts "TESTING ERROR 25\n";exit}
108	"Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter"
109	}
110	expect {
111	timeout {puts "TESTING ERROR 26\n";exit}
112	"done"
113	}
114
115
116	# 64 bit architecture - seccomp.block-secondary
117	send -- "firejail --debug --seccomp.block-secondary sleep 1; echo done\r"
118	expect {
119	timeout {puts "TESTING ERROR 27\n";exit}
120	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 28\n";exit}
121	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
122	}
123	expect {
124	timeout {puts "TESTING ERROR 29\n";exit}
125	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 30\n";exit}
126	"Installing /run/firejail/mnt/seccomp/seccomp seccomp filter"
127	}
128	expect {
129	timeout {puts "TESTING ERROR 31\n";exit}
130	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 32\n";exit}
131	"Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter"
132	}
133	expect {
134	timeout {puts "TESTING ERROR 33\n";exit}
135	"done"
136	}
137	after 100
138
139	# 64 bit architecture - seccomp.block-secondary, profile
140	send -- "firejail --debug --profile=block-secondary.profile sleep 1; echo done\r"
141	expect {
142	timeout {puts "TESTING ERROR 33\n";exit}
143	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 34\n";exit}
144	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
145	}
146	expect {
147	timeout {puts "TESTING ERROR 35\n";exit}
148	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 35\n";exit}
149	"Installing /run/firejail/mnt/seccomp/seccomp seccomp filter"
150	}
151	expect {
152	timeout {puts "TESTING ERROR 37\n";exit}
153	"done"
154	}
155	after 100
156
157	puts "all done\n"	100	puts "all done\n"


diff --git a/test/network/netstats.exp b/test/network/netstats.exp index 0d1bc4c2c..d9da9cb75 100755 --- a/test/network/netstats.exp +++ b/test/network/netstats.exp
@@ -12,7 +12,7 @@ expect {
12	timeout {puts "TESTING ERROR 1\n";exit}	12	timeout {puts "TESTING ERROR 1\n";exit}
13	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"	13	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
14	}	14	}
15	sleep 2	15	sleep 4
16		16
17	spawn $env(SHELL)	17	spawn $env(SHELL)
18	send -- "firejail --netstats\r"	18	send -- "firejail --netstats\r"


diff --git a/test/seccomp-extra/block-secondary.exp b/test/seccomp-extra/block-secondary.exp new file mode 100755 index 000000000..1db512126 --- /dev/null +++ b/test/seccomp-extra/block-secondary.exp
@@ -0,0 +1,43 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2023 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10
		11	# 64 bit architecture - seccomp.block-secondary
		12	send -- "firejail --debug --seccomp.block-secondary pwd\r"
		13	expect {
		14	timeout {puts "TESTING ERROR 1\n";exit}
		15	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 2\n";exit}
		16	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
		17	}
		18	expect {
		19	timeout {puts "TESTING ERROR 3\n";exit}
		20	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 4\n";exit}
		21	"Installing /run/firejail/mnt/seccomp/seccomp seccomp filter"
		22	}
		23	expect {
		24	timeout {puts "TESTING ERROR 5\n";exit}
		25	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 6\n";exit}
		26	"Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter"
		27	}
		28	after 500
		29
		30	# 64 bit architecture - seccomp.block-secondary, profile
		31	send -- "firejail --debug --profile=block-secondary.profile pwd\r"
		32	expect {
		33	timeout {puts "TESTING ERROR 7\n";exit}
		34	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 8\n";exit}
		35	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
		36	}
		37	expect {
		38	timeout {puts "TESTING ERROR 9\n";exit}
		39	"Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 10\n";exit}
		40	"Installing /run/firejail/mnt/seccomp/seccomp seccomp filter"
		41	}
		42	after 500
		43	puts "all done\n"


diff --git a/test/filters/block-secondary.profile b/test/seccomp-extra/block-secondary.profile index e32056c3d..e32056c3d 100644 --- a/test/filters/block-secondary.profile +++ b/test/seccomp-extra/block-secondary.profile


diff --git a/test/filters/memwrexe b/test/seccomp-extra/memwrexe index 1173cdc07..82ea7631f 100755 --- a/test/filters/memwrexe +++ b/test/seccomp-extra/memwrexe
Binary files differ


diff --git a/test/filters/memwrexe.c b/test/seccomp-extra/memwrexe.c index 548320df9..548320df9 100644 --- a/test/filters/memwrexe.c +++ b/test/seccomp-extra/memwrexe.c


diff --git a/test/seccomp-extra/mrwx.exp b/test/seccomp-extra/mrwx.exp new file mode 100755 index 000000000..403bc852f --- /dev/null +++ b/test/seccomp-extra/mrwx.exp
@@ -0,0 +1,37 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2023 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10
		11
		12	# memory-deny-write-execute
		13	send -- "firejail --debug --memory-deny-write-execute pwd\r"
		14	expect {
		15	timeout {puts "TESTING ERROR 1\n";exit}
		16	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
		17	}
		18	expect {
		19	timeout {puts "TESTING ERROR 2\n";exit}
		20	"Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter"
		21	}
		22	after 500
		23
		24	send -- "firejail --debug --profile=mrwx.profile pwd\r"
		25	expect {
		26	timeout {puts "TESTING ERROR 3\n";exit}
		27	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
		28	}
		29	expect {
		30	timeout {puts "TESTING ERROR 4\n";exit}
		31	"Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter"
		32	}
		33	after 500
		34
		35
		36	after 500
		37	puts "all done\n"


diff --git a/test/seccomp-extra/mrwx.profile b/test/seccomp-extra/mrwx.profile new file mode 100644 index 000000000..46d6cedee --- /dev/null +++ b/test/seccomp-extra/mrwx.profile
@@ -0,0 +1 @@
			memory-deny-write-execute


diff --git a/test/filters/memwrexe.exp b/test/seccomp-extra/mrwx2.exp index e51b3372e..4703a4014 100755 --- a/test/filters/memwrexe.exp +++ b/test/seccomp-extra/mrwx2.exp
@@ -17,7 +17,7 @@ expect {
17	"mmap successful" {puts "TESTING ERROR 2\n";exit}	17	"mmap successful" {puts "TESTING ERROR 2\n";exit}
18	"Parent is shutting down"	18	"Parent is shutting down"
19	}	19	}
20	after 100	20	after 500
21		21
22	send -- "firejail --memory-deny-write-execute ./memwrexe mprotect\r"	22	send -- "firejail --memory-deny-write-execute ./memwrexe mprotect\r"
23	expect {	23	expect {
@@ -29,7 +29,7 @@ expect {
29	"mprotect successful" {puts "TESTING ERROR 12\n";exit}	29	"mprotect successful" {puts "TESTING ERROR 12\n";exit}
30	"Parent is shutting down"	30	"Parent is shutting down"
31	}	31	}
32	after 100	32	after 500
33		33
34	send -- "firejail --memory-deny-write-execute ./memwrexe memfd_create\r"	34	send -- "firejail --memory-deny-write-execute ./memwrexe memfd_create\r"
35	expect {	35	expect {
@@ -42,5 +42,5 @@ expect {
42	"Parent is shutting down"	42	"Parent is shutting down"
43	}	43	}
44		44
45	after 100	45	after 500
46	puts "\nall done\n"	46	puts "\nall done\n"


diff --git a/test/filters/noroot.exp b/test/seccomp-extra/noroot.exp index 8a8842cd9..eeb82833e 100755 --- a/test/filters/noroot.exp +++ b/test/seccomp-extra/noroot.exp
@@ -132,5 +132,5 @@ expect {
132	puts "\n"	132	puts "\n"
133		133
134		134
135	after 100	135	after 500
136	puts "\nall done\n"	136	puts "\nall done\n"


diff --git a/test/seccomp-extra/protocol-print.exp b/test/seccomp-extra/protocol-print.exp new file mode 100755 index 000000000..7e76e6ff6 --- /dev/null +++ b/test/seccomp-extra/protocol-print.exp
@@ -0,0 +1,59 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2023 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --name=test0\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
		14	}
		15	sleep 2
		16
		17
		18	spawn $env(SHELL)
		19	send -- "firejail --name=test1 --profile=protocol1.profile\r"
		20	expect {
		21	timeout {puts "TESTING ERROR 1\n";exit}
		22	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
		23	}
		24	sleep 2
		25
		26	spawn $env(SHELL)
		27	send -- "firejail --name=test2 --profile=protocol2.profile\r"
		28	expect {
		29	timeout {puts "TESTING ERROR 2\n";exit}
		30	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
		31	}
		32	sleep 2
		33
		34	spawn $env(SHELL)
		35	send -- "firejail --protocol.print=test0\r"
		36	expect {
		37	timeout {puts "TESTING ERROR 3\n";exit}
		38	"packet" {puts "TESTING ERROR 4\n";exit}
		39	"unix,inet,inet6"
		40	}
		41	after 500
		42
		43	send -- "firejail --protocol.print=test1\r"
		44	expect {
		45	timeout {puts "TESTING ERROR 5\n";exit}
		46	"inet" {puts "TESTING ERROR 6\n";exit}
		47	"unix"
		48	}
		49	after 500
		50
		51	send -- "firejail --protocol.print=test2\r"
		52	expect {
		53	timeout {puts "TESTING ERROR 7\n";exit}
		54	"unix" {puts "TESTING ERROR 8\n";exit}
		55	"inet6,packet"
		56	}
		57	after 500
		58
		59	puts "\nall done\n"


diff --git a/test/filters/protocol.exp b/test/seccomp-extra/protocol.exp index 5320dde6f..5844e1de3 100755 --- a/test/filters/protocol.exp +++ b/test/seccomp-extra/protocol.exp
@@ -7,7 +7,7 @@ set timeout 10
7	spawn $env(SHELL)	7	spawn $env(SHELL)
8	match_max 100000	8	match_max 100000
9		9
10	send -- "firejail --noprofile --protocol=unix --debug\r"	10	send -- "firejail --noprofile --protocol=unix --debug pwd\r"
11	expect {	11	expect {
12	timeout {puts "TESTING ERROR 1\n";exit}	12	timeout {puts "TESTING ERROR 1\n";exit}
13	"0009: 20 00 00 00000000"	13	"0009: 20 00 00 00000000"
@@ -29,11 +29,9 @@ expect {
29	"0012: 06 00 00 0005005f"	29	"0012: 06 00 00 0005005f"
30	}	30	}
31		31
32	after 100	32	after 500
33	send -- "exit\r"
34	sleep 1
35		33
36	send -- "firejail --noprofile --protocol=bluetooth --debug\r"	34	send -- "firejail --noprofile --protocol=bluetooth --debug pwd\r"
37	expect {	35	expect {
38	timeout {puts "TESTING ERROR 11\n";exit}	36	timeout {puts "TESTING ERROR 11\n";exit}
39	"0009: 20 00 00 00000000"	37	"0009: 20 00 00 00000000"
@@ -54,12 +52,9 @@ expect {
54	timeout {puts "TESTING ERROR1 5\n";exit}	52	timeout {puts "TESTING ERROR1 5\n";exit}
55	"0012: 06 00 00 0005005f"	53	"0012: 06 00 00 0005005f"
56	}	54	}
		55	after 500
57		56
58	after 100	57	send -- "firejail --noprofile --protocol=inet,inet6 --debug pwd\r"
59	send -- "exit\r"
60	sleep 1
61
62	send -- "firejail --noprofile --protocol=inet,inet6 --debug\r"
63	expect {	58	expect {
64	timeout {puts "TESTING ERROR 31\n";exit}	59	timeout {puts "TESTING ERROR 31\n";exit}
65	"0009: 20 00 00 00000000"	60	"0009: 20 00 00 00000000"
@@ -88,10 +83,5 @@ expect {
88	timeout {puts "TESTING ERROR 37\n";exit}	83	timeout {puts "TESTING ERROR 37\n";exit}
89	"0014: 06 00 00 0005005f"	84	"0014: 06 00 00 0005005f"
90	}	85	}
91		86	after 500
92	after 100
93	send -- "exit\r"
94
95
96	after 100
97	puts "\nall done\n"	87	puts "\nall done\n"


diff --git a/test/filters/protocol1.profile b/test/seccomp-extra/protocol1.profile index 3e1ea2a29..3e1ea2a29 100644 --- a/test/filters/protocol1.profile +++ b/test/seccomp-extra/protocol1.profile


diff --git a/test/filters/protocol2.profile b/test/seccomp-extra/protocol2.profile index b7eb4ab91..b7eb4ab91 100644 --- a/test/filters/protocol2.profile +++ b/test/seccomp-extra/protocol2.profile


diff --git a/test/seccomp-extra/seccomp-extra.sh b/test/seccomp-extra/seccomp-extra.sh new file mode 100755 index 000000000..50852f7e0 --- /dev/null +++ b/test/seccomp-extra/seccomp-extra.sh
@@ -0,0 +1,26 @@
		1	#!/bin/bash
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2023 Firejail Authors
		4	# License GPL v2
		5
		6	export MALLOC_CHECK_=3
		7	export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
		8	export LC_ALL=C
		9
		10	echo "TESTING: protocol (test/seccomp-extras/protocol-print.exp)"
		11	./protocol.exp
		12
		13	echo "TESTING: protocol.print (test/seccomp-extras/protocol-print.exp)"
		14	./protocol-print.exp
		15
		16	echo "TESTING: noroot (test/seccomp-extras/noroot.exp)"
		17	./noroot.exp
		18
		19	echo "TESTING: mrwx (test/seccomp-extras/mrwx.exp)"
		20	./mrwx.exp
		21
		22	echo "TESTING: mrwx2 (test/seccomp-extras/mrwx.exp)"
		23	./mrwx2.exp
		24
		25	echo "TESTING: block-secondary (test/seccomp-extras/block-secondary.exp)"
		26	./block-secondary.exp


diff --git a/test/utils/protocol-print.exp b/test/utils/protocol-print.exp deleted file mode 100755 index f24afc703..000000000 --- a/test/utils/protocol-print.exp +++ /dev/null
@@ -1,24 +0,0 @@
1	#!/usr/bin/expect -f
2	# This file is part of Firejail project
3	# Copyright (C) 2014-2023 Firejail Authors
4	# License GPL v2
5
6	set timeout 10
7	spawn $env(SHELL)
8	match_max 100000
9
10	send -- "firejail --name=test\r"
11	expect {
12	timeout {puts "TESTING ERROR 0\n";exit}
13	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
14	}
15	sleep 2
16
17	spawn $env(SHELL)
18	send -- "firejail --protocol.print=test\r"
19	expect {
20	timeout {puts "TESTING ERROR 1\n";exit}
21	"unix,inet,inet6"
22	}
23	after 100
24	puts "\nall done\n"


diff --git a/test/utils/utils.sh b/test/utils/utils.sh index 4937cf459..9ff4048ef 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh
@@ -64,9 +64,6 @@ echo "TESTING: dns.print (test/utils/dns-print.exp)"
64	echo "TESTING: seccomp.print (test/utils/seccomp-print.exp)"	64	echo "TESTING: seccomp.print (test/utils/seccomp-print.exp)"
65	./seccomp-print.exp	65	./seccomp-print.exp
66		66
67	echo "TESTING: protocol.print (test/utils/protocol-print.exp)"
68	./protocol-print.exp
69
70	echo "TESTING: shutdown (test/utils/shutdown.exp)"	67	echo "TESTING: shutdown (test/utils/shutdown.exp)"
71	./shutdown.exp	68	./shutdown.exp
72		69