diff options
-rwxr-xr-x | test/filters/debug.exp | 3 | ||||
-rwxr-xr-x | test/filters/filters.sh | 10 | ||||
-rwxr-xr-x | test/filters/memwrexe-32 | bin | 0 -> 6678 bytes | |||
-rwxr-xr-x | test/filters/memwrexe-32.exp | 34 | ||||
-rwxr-xr-x | test/filters/seccomp-debug-32.exp | 145 | ||||
-rwxr-xr-x | test/filters/seccomp-debug.exp | 2 |
6 files changed, 190 insertions, 4 deletions
diff --git a/test/filters/debug.exp b/test/filters/debug.exp index 493022c05..d37353378 100755 --- a/test/filters/debug.exp +++ b/test/filters/debug.exp | |||
@@ -38,7 +38,8 @@ after 100 | |||
38 | send -- "firejail --debug-protocols\r" | 38 | send -- "firejail --debug-protocols\r" |
39 | expect { | 39 | expect { |
40 | timeout {puts "TESTING ERROR 4\n";exit} | 40 | timeout {puts "TESTING ERROR 4\n";exit} |
41 | "unix, inet, inet6, netlink, packet" | 41 | "unix, inet, inet6, netlink, packet" {puts "OK\n"} |
42 | "protocol not supported on this platform" {puts "OK\n"} | ||
42 | } | 43 | } |
43 | after 100 | 44 | after 100 |
44 | 45 | ||
diff --git a/test/filters/filters.sh b/test/filters/filters.sh index 3ebb61419..d59d9109b 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh | |||
@@ -18,8 +18,11 @@ export PATH="$PATH:/usr/lib/firejail" | |||
18 | if [ "$(uname -m)" = "x86_64" ]; then | 18 | if [ "$(uname -m)" = "x86_64" ]; then |
19 | echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)" | 19 | echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)" |
20 | ./memwrexe.exp | 20 | ./memwrexe.exp |
21 | elif [ "$(uname -m)" = "i686" ]; then | ||
22 | echo "TESTING: memory-deny-write-execute (test/filters/memwrexe-32.exp)" | ||
23 | ./memwrexe-32.exp | ||
21 | else | 24 | else |
22 | echo "TESTING SKIP: memwrexe binary only running on x86_64." | 25 | echo "TESTING SKIP: memwrexe binary only running on x86_64 and i686." |
23 | fi | 26 | fi |
24 | 27 | ||
25 | echo "TESTING: debug options (test/filters/debug.exp)" | 28 | echo "TESTING: debug options (test/filters/debug.exp)" |
@@ -57,8 +60,11 @@ echo "TESTING: seccomp bad empty (test/filters/seccomp-bad-empty.exp)" | |||
57 | if [ "$(uname -m)" = "x86_64" ]; then | 60 | if [ "$(uname -m)" = "x86_64" ]; then |
58 | echo "TESTING: seccomp debug (test/filters/seccomp-debug.exp)" | 61 | echo "TESTING: seccomp debug (test/filters/seccomp-debug.exp)" |
59 | ./seccomp-debug.exp | 62 | ./seccomp-debug.exp |
63 | elif [ "$(uname -m)" = "i686" ]; then | ||
64 | echo "TESTING: seccomp debug (test/filters/seccomp-debug-32.exp)" | ||
65 | ./seccomp-debug-32.exp | ||
60 | else | 66 | else |
61 | echo "TESTING SKIP: protocol, running only on x86_64" | 67 | echo "TESTING SKIP: protocol, running only on x86_64 and i686" |
62 | fi | 68 | fi |
63 | 69 | ||
64 | echo "TESTING: seccomp errno (test/filters/seccomp-errno.exp)" | 70 | echo "TESTING: seccomp errno (test/filters/seccomp-errno.exp)" |
diff --git a/test/filters/memwrexe-32 b/test/filters/memwrexe-32 new file mode 100755 index 000000000..70c98b796 --- /dev/null +++ b/test/filters/memwrexe-32 | |||
Binary files differ | |||
diff --git a/test/filters/memwrexe-32.exp b/test/filters/memwrexe-32.exp new file mode 100755 index 000000000..af2159973 --- /dev/null +++ b/test/filters/memwrexe-32.exp | |||
@@ -0,0 +1,34 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2017 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --memory-deny-write-execute ./memwrexe-32 mmap\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "mmap successful" {puts "TESTING ERROR 2\n";exit} | ||
18 | "Parent is shutting down" | ||
19 | } | ||
20 | after 100 | ||
21 | |||
22 | send -- "firejail --memory-deny-write-execute ./memwrexe-32 mprotect\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 10\n";exit} | ||
25 | "Child process initialized" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 11\n";exit} | ||
29 | "mprotect successful" {puts "TESTING ERROR 12\n";exit} | ||
30 | "Parent is shutting down" | ||
31 | } | ||
32 | |||
33 | after 100 | ||
34 | puts "\nall done\n" | ||
diff --git a/test/filters/seccomp-debug-32.exp b/test/filters/seccomp-debug-32.exp new file mode 100755 index 000000000..6983758c3 --- /dev/null +++ b/test/filters/seccomp-debug-32.exp | |||
@@ -0,0 +1,145 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2017 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --debug sleep 1; echo done\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "SECCOMP Filter" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "BLACKLIST" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "open_by_handle_at" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | "Child process initialized" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 4\n";exit} | ||
29 | "done" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | |||
34 | # i686 architecture | ||
35 | send -- "firejail --debug sleep 1; echo done\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 5\n";exit} | ||
38 | "Child process initialized" | ||
39 | } | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 6\n";exit} | ||
42 | "Installing /run/firejail/mnt/seccomp seccomp filter" | ||
43 | } | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 7\n";exit} | ||
46 | "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" | ||
47 | } | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 9\n";exit} | ||
50 | "done" | ||
51 | } | ||
52 | after 100 | ||
53 | |||
54 | # i686 architecture - ignore seccomp | ||
55 | send -- "firejail --debug --ignore=seccomp sleep 1; echo done\r" | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 10\n";exit} | ||
58 | "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 11\n";exit} | ||
59 | "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 12\n";exit} | ||
60 | "Child process initialized" | ||
61 | } | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 13\n";exit} | ||
64 | "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 14\n";exit} | ||
65 | "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 15\n";exit} | ||
66 | "done" | ||
67 | } | ||
68 | after 100 | ||
69 | |||
70 | # i686 architecture - ignore protocol | ||
71 | send -- "firejail --debug --ignore=protocol sleep 1; echo done\r" | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 17\n";exit} | ||
74 | "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 18\n";exit} | ||
75 | "Child process initialized" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 19\n";exit} | ||
79 | "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 20\n";exit} | ||
80 | "Installing /run/firejail/mnt/seccomp seccomp filter" | ||
81 | } | ||
82 | expect { | ||
83 | timeout {puts "TESTING ERROR 21\n";exit} | ||
84 | "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 22\n";exit} | ||
85 | "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" | ||
86 | } | ||
87 | expect { | ||
88 | timeout {puts "TESTING ERROR 23\n";exit} | ||
89 | "done" | ||
90 | } | ||
91 | after 100 | ||
92 | |||
93 | # memory-deny-write-execute | ||
94 | send -- "firejail --debug --memory-deny-write-execute sleep 1; echo done\r" | ||
95 | expect { | ||
96 | timeout {puts "TESTING ERROR 24\n";exit} | ||
97 | "Child process initialized" | ||
98 | } | ||
99 | expect { | ||
100 | timeout {puts "TESTING ERROR 25\n";exit} | ||
101 | "Installing /run/firejail/mnt/seccomp.mdwx seccomp filter" | ||
102 | } | ||
103 | expect { | ||
104 | timeout {puts "TESTING ERROR 26\n";exit} | ||
105 | "done" | ||
106 | } | ||
107 | |||
108 | |||
109 | # i686 architecture - seccomp.block-secondary | ||
110 | send -- "firejail --debug --seccomp.block-secondary sleep 1; echo done\r" | ||
111 | expect { | ||
112 | timeout {puts "TESTING ERROR 27\n";exit} | ||
113 | "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 28\n";exit} | ||
114 | "Child process initialized" | ||
115 | } | ||
116 | expect { | ||
117 | timeout {puts "TESTING ERROR 29\n";exit} | ||
118 | "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 30\n";exit} | ||
119 | "Installing /run/firejail/mnt/seccomp seccomp filter" | ||
120 | } | ||
121 | expect { | ||
122 | timeout {puts "TESTING ERROR 33\n";exit} | ||
123 | "done" | ||
124 | } | ||
125 | after 100 | ||
126 | |||
127 | # i686 architecture - seccomp.block-secondary, profile | ||
128 | send -- "firejail --debug --profile=block-secondary.profile sleep 1; echo done\r" | ||
129 | expect { | ||
130 | timeout {puts "TESTING ERROR 33\n";exit} | ||
131 | "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 34\n";exit} | ||
132 | "Child process initialized" | ||
133 | } | ||
134 | expect { | ||
135 | timeout {puts "TESTING ERROR 35\n";exit} | ||
136 | "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 35\n";exit} | ||
137 | "Installing /run/firejail/mnt/seccomp seccomp filter" | ||
138 | } | ||
139 | expect { | ||
140 | timeout {puts "TESTING ERROR 37\n";exit} | ||
141 | "done" | ||
142 | } | ||
143 | after 100 | ||
144 | |||
145 | puts "all done\n" | ||
diff --git a/test/filters/seccomp-debug.exp b/test/filters/seccomp-debug.exp index 7f03e45e8..7a4a13991 100755 --- a/test/filters/seccomp-debug.exp +++ b/test/filters/seccomp-debug.exp | |||
@@ -106,7 +106,7 @@ expect { | |||
106 | } | 106 | } |
107 | expect { | 107 | expect { |
108 | timeout {puts "TESTING ERROR 25\n";exit} | 108 | timeout {puts "TESTING ERROR 25\n";exit} |
109 | "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" | 109 | "Installing /run/firejail/mnt/seccomp.mdwx seccomp filter" |
110 | } | 110 | } |
111 | expect { | 111 | expect { |
112 | timeout {puts "TESTING ERROR 26\n";exit} | 112 | timeout {puts "TESTING ERROR 26\n";exit} |