diff options
-rwxr-xr-x | test/environment/environment.sh | 3 | ||||
-rwxr-xr-x | test/environment/umask.exp | 41 | ||||
-rwxr-xr-x | test/fs/fs.sh | 9 | ||||
-rwxr-xr-x | test/fs/noblacklist-blacklist-noexec.exp | 36 | ||||
-rwxr-xr-x | test/fs/noblacklist-blacklist-readonly.exp | 35 | ||||
-rwxr-xr-x | test/fs/whitelist-noexec.exp | 36 |
6 files changed, 160 insertions, 0 deletions
diff --git a/test/environment/environment.sh b/test/environment/environment.sh index 735d3e59e..f860f7c24 100755 --- a/test/environment/environment.sh +++ b/test/environment/environment.sh | |||
@@ -120,3 +120,6 @@ echo "TESTING: rlimit errors profile (test/environment/rlimit-bad-profile.exp)" | |||
120 | 120 | ||
121 | echo "TESTING: deterministic exit code (test/environment/deterministic-exit-code.exp" | 121 | echo "TESTING: deterministic exit code (test/environment/deterministic-exit-code.exp" |
122 | ./deterministic-exit-code.exp | 122 | ./deterministic-exit-code.exp |
123 | |||
124 | echo "TESTING: retain umask (test/environment/umask.exp" | ||
125 | (umask 123 && ./umask.exp) | ||
diff --git a/test/environment/umask.exp b/test/environment/umask.exp new file mode 100755 index 000000000..e93d71bd4 --- /dev/null +++ b/test/environment/umask.exp | |||
@@ -0,0 +1,41 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --noprofile\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "umask\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "0123" | ||
18 | } | ||
19 | after 100 | ||
20 | |||
21 | send -- "firejail\r" | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 2\n";exit} | ||
24 | "Warning: an existing sandbox was detected" | ||
25 | } | ||
26 | after 100 | ||
27 | |||
28 | send -- "umask\r" | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 3\n";exit} | ||
31 | "0123" | ||
32 | } | ||
33 | after 100 | ||
34 | |||
35 | send -- "exit\r" | ||
36 | after 100 | ||
37 | |||
38 | send -- "exit\r" | ||
39 | sleep 1 | ||
40 | |||
41 | puts "\nall done\n" | ||
diff --git a/test/fs/fs.sh b/test/fs/fs.sh index fa642443f..2509638fc 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh | |||
@@ -99,6 +99,12 @@ echo "TESTING: blacklist file (test/fs/option_blacklist_file.exp)" | |||
99 | echo "TESTING: blacklist glob (test/fs/option_blacklist_glob.exp)" | 99 | echo "TESTING: blacklist glob (test/fs/option_blacklist_glob.exp)" |
100 | ./option_blacklist_glob.exp | 100 | ./option_blacklist_glob.exp |
101 | 101 | ||
102 | echo "TESTING: noblacklist blacklist noexec (test/fs/noblacklist-blacklist-noexec.exp)" | ||
103 | ./noblacklist-blacklist-noexec.exp | ||
104 | |||
105 | echo "TESTING: noblacklist blacklist readonly (test/fs/noblacklist-blacklist-readonly.exp)" | ||
106 | ./noblacklist-blacklist-readonly.exp | ||
107 | |||
102 | echo "TESTING: bind as user (test/fs/option_bind_user.exp)" | 108 | echo "TESTING: bind as user (test/fs/option_bind_user.exp)" |
103 | ./option_bind_user.exp | 109 | ./option_bind_user.exp |
104 | 110 | ||
@@ -114,6 +120,9 @@ echo "TESTING: whitelist (test/fs/whitelist.exp)" | |||
114 | echo "TESTING: whitelist dev, var(test/fs/whitelist-dev.exp)" | 120 | echo "TESTING: whitelist dev, var(test/fs/whitelist-dev.exp)" |
115 | ./whitelist-dev.exp | 121 | ./whitelist-dev.exp |
116 | 122 | ||
123 | echo "TESTING: whitelist noexec (test/fs/whitelist-noexec.exp)" | ||
124 | ./whitelist-noexec.exp | ||
125 | |||
117 | echo "TESTING: whitelist with whitespaces (test/fs/whitelist-whitespace.exp)" | 126 | echo "TESTING: whitelist with whitespaces (test/fs/whitelist-whitespace.exp)" |
118 | ./whitelist-whitespace.exp | 127 | ./whitelist-whitespace.exp |
119 | 128 | ||
diff --git a/test/fs/noblacklist-blacklist-noexec.exp b/test/fs/noblacklist-blacklist-noexec.exp new file mode 100755 index 000000000..5d0581a8c --- /dev/null +++ b/test/fs/noblacklist-blacklist-noexec.exp | |||
@@ -0,0 +1,36 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2019 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | set PWD $env(PWD) | ||
10 | |||
11 | |||
12 | send -- "firejail --noprofile --noblacklist=$PWD --blacklist=$PWD --noexec=$PWD\r" | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 0\n";exit} | ||
15 | "Child process initialized" | ||
16 | } | ||
17 | sleep 1 | ||
18 | |||
19 | send -- "ls $PWD\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "noblacklist-blacklist-noexec.exp" | ||
23 | } | ||
24 | after 100 | ||
25 | |||
26 | send -- "$PWD/noblacklist-blacklist-noexec.exp\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 2\n";exit} | ||
29 | "Permission denied" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | send -- "exit\r" | ||
34 | sleep 1 | ||
35 | |||
36 | puts "\nall done\n" | ||
diff --git a/test/fs/noblacklist-blacklist-readonly.exp b/test/fs/noblacklist-blacklist-readonly.exp new file mode 100755 index 000000000..c31bd6948 --- /dev/null +++ b/test/fs/noblacklist-blacklist-readonly.exp | |||
@@ -0,0 +1,35 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2019 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | |||
11 | send -- "firejail --noprofile --noblacklist=~ --blacklist=~ --read-only=~\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 1 | ||
17 | |||
18 | send -- "ls ~\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1\n";exit} | ||
21 | "Downloads" | ||
22 | } | ||
23 | after 100 | ||
24 | |||
25 | send -- "echo World > ~/Hello\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 2\n";exit} | ||
28 | "Read-only file system" | ||
29 | } | ||
30 | after 100 | ||
31 | |||
32 | send -- "exit\r" | ||
33 | sleep 1 | ||
34 | |||
35 | puts "\nall done\n" | ||
diff --git a/test/fs/whitelist-noexec.exp b/test/fs/whitelist-noexec.exp new file mode 100755 index 000000000..f05316a30 --- /dev/null +++ b/test/fs/whitelist-noexec.exp | |||
@@ -0,0 +1,36 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2019 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | set PWD $env(PWD) | ||
10 | |||
11 | |||
12 | send -- "firejail --noprofile --whitelist=$PWD --noexec=$PWD\r" | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 0\n";exit} | ||
15 | "Child process initialized" | ||
16 | } | ||
17 | sleep 1 | ||
18 | |||
19 | send -- "ls $PWD\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "whitelist-noexec.exp" | ||
23 | } | ||
24 | after 100 | ||
25 | |||
26 | send -- "$PWD/whitelist-noexec.exp\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 2\n";exit} | ||
29 | "Permission denied" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | send -- "exit\r" | ||
34 | sleep 1 | ||
35 | |||
36 | puts "\nall done\n" | ||