6 files changed, 174 insertions, 22 deletions
diff --git a/test/environment/dns.exp b/test/environment/dns.exp
index a6a7171eb..40403aade 100755
--- a/test/environment/dns.exp
+++ b/test/environment/dns.exp
@@ -4,6 +4,31 @@ set timeout 30
 spawn $env(SHELL)
 match_max 100000
+send -- "firejail --dns=8.8.4.4 --dns=8.8.8.8 --dns=4.2.2.1\r"
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "cat /etc/resolv.conf\r"
+expect {
+        timeout {puts "TESTING ERROR 2.2\n";exit}
+        "nameserver 8.8.4.4"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.3\n";exit}
+        "nameserver 8.8.8.8"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.4\n";exit}
+        "nameserver 4.2.2.1"
+}
+after 100
+send -- "exit\r"
+after 100
 # no chroot
 send -- "firejail --trace --dns=208.67.222.222 wget -q debian.org\r"
 expect {
@@ -27,28 +52,6 @@ after 100
 send -- "rm index.html\r"
 after 100
 send -- "exit\r"
-sleep 1
-send -- "firejail --dns=8.8.4.4 --dns=8.8.8.8 --dns=4.2.2.1\r"
-expect {
-        timeout {puts "TESTING ERROR 2.1\n";exit}
-        "Child process initialized"
-}
-sleep 1
-send -- "cat /etc/resolv.conf\r"
-expect {
-        timeout {puts "TESTING ERROR 2.2\n";exit}
-        "nameserver 8.8.4.4"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.3\n";exit}
-        "nameserver 8.8.8.8"
-}
-expect {
-        timeout {puts "TESTING ERROR 2.4\n";exit}
-        "nameserver 4.2.2.1"
-}
 after 100
 puts "\nall done\n"
diff --git a/test/fs/fs.sh b/test/fs/fs.sh
index 1c5473f79..d9a425661 100755
--- a/test/fs/fs.sh
+++ b/test/fs/fs.sh
@@ -61,6 +61,9 @@ echo "TESTING: whitelist empty (test/fs/whitelist-empty.exp)"
 echo "TESTING: private whitelist (test/fs/private-whitelist.exp)"
 ./private-whitelist.exp
+echo "TESTING: whitelist ~/Downloads (test/fs/whitelist-downloads.exp)"
+./whitelist-downloads.exp
 echo "TESTING: invalid filename (test/fs/invalid_filename.exp)"
 ./invalid_filename.exp
diff --git a/test/fs/user-dirs.dirs b/test/fs/user-dirs.dirs
new file mode 100644
index 000000000..0d19da4e4
--- /dev/null
+++ b/test/fs/user-dirs.dirs
@@ -0,0 +1,15 @@
+# This file is written by xdg-user-dirs-update
+# If you want to change or add directories, just edit the line you're
+# interested in. All local changes will be retained on the next run
+# Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped
+# homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an
+# absolute path. No other format is supported.
+# 
+XDG_DESKTOP_DIR="$HOME/Desktop"
+XDG_DOWNLOAD_DIR="$HOME/Downloads"
+XDG_TEMPLATES_DIR="$HOME/Templates"
+XDG_PUBLICSHARE_DIR="$HOME/Public"
+XDG_DOCUMENTS_DIR="$HOME/Documents"
+XDG_MUSIC_DIR="$HOME/Music"
+XDG_PICTURES_DIR="$HOME/Pictures"
+XDG_VIDEOS_DIR="$HOME/Videos"
diff --git a/test/fs/whitelist-downloads.exp b/test/fs/whitelist-downloads.exp
new file mode 100755
index 000000000..6af318d2b
--- /dev/null
+++ b/test/fs/whitelist-downloads.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "cp user-dirs.dirs /tmp/.\r"
+after 100
+send -- "firejail --private --noprofile\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+after 100
+send -- "firejail --force --profile=/etc/firejail/firefox.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "cannot whitelist Downloads directory"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Child process initialized"
+}
+after 100
+send -- "exit\r"
+after 100
+send -- "cp /tmp/user-dirs.dirs ~/.config/.\r"
+after 100
+send -- "firejail --force --profile=/etc/firejail/firefox.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "cannot whitelist Downloads directory"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+after 100
+puts "\nall done\n"
diff --git a/test/utils/audit.exp b/test/utils/audit.exp
new file mode 100755
index 000000000..931b46981
--- /dev/null
+++ b/test/utils/audit.exp
@@ -0,0 +1,79 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --audit\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Firejail Audit"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "is running in a PID namespace"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "container/sandbox firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "seccomp BPF enabled"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "all capabilities are disabled"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "dev directory seems to be fully populated"
+}
+after 100
+send -- "firejail --audit=/usr/lib/firejail/faudit\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "Firejail Audit"
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "is running in a PID namespace"
+}
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "container/sandbox firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "seccomp BPF enabled"
+}
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "all capabilities are disabled"
+}
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "dev directory seems to be fully populated"
+}
+after 100
+send -- "firejail --audit=blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 12\n";exit}
+        "cannot find the audit program"
+}
+after 100
+send -- "firejail --audit=\r"
+expect {
+        timeout {puts "TESTING ERROR 12\n";exit}
+        "invalid audit program"
+}
+after 100
+puts "\nall done\n"
diff --git a/test/utils/utils.sh b/test/utils/utils.sh
index 804e5ae0f..04702597f 100755
--- a/test/utils/utils.sh
+++ b/test/utils/utils.sh
@@ -6,6 +6,9 @@
 export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
+echo "TESTING: audit (test/utils/audit.exp)"
+./audit.exp
 echo "TESTING: version (test/utils/version.exp)"
 ./version.exp

diff --git a/test/environment/dns.exp b/test/environment/dns.exp index a6a7171eb..40403aade 100755 --- a/test/environment/dns.exp +++ b/test/environment/dns.exp
@@ -4,6 +4,31 @@ set timeout 30
4	spawn $env(SHELL)	4	spawn $env(SHELL)
5	match_max 100000	5	match_max 100000
6		6
		7	send -- "firejail --dns=8.8.4.4 --dns=8.8.8.8 --dns=4.2.2.1\r"
		8	expect {
		9	timeout {puts "TESTING ERROR 2.1\n";exit}
		10	"Child process initialized"
		11	}
		12	sleep 1
		13
		14	send -- "cat /etc/resolv.conf\r"
		15	expect {
		16	timeout {puts "TESTING ERROR 2.2\n";exit}
		17	"nameserver 8.8.4.4"
		18	}
		19	expect {
		20	timeout {puts "TESTING ERROR 2.3\n";exit}
		21	"nameserver 8.8.8.8"
		22	}
		23	expect {
		24	timeout {puts "TESTING ERROR 2.4\n";exit}
		25	"nameserver 4.2.2.1"
		26	}
		27	after 100
		28	send -- "exit\r"
		29	after 100
		30
		31
7	# no chroot	32	# no chroot
8	send -- "firejail --trace --dns=208.67.222.222 wget -q debian.org\r"	33	send -- "firejail --trace --dns=208.67.222.222 wget -q debian.org\r"
9	expect {	34	expect {
@@ -27,28 +52,6 @@ after 100
27	send -- "rm index.html\r"	52	send -- "rm index.html\r"
28	after 100	53	after 100
29	send -- "exit\r"	54	send -- "exit\r"
30	sleep 1
31
32	send -- "firejail --dns=8.8.4.4 --dns=8.8.8.8 --dns=4.2.2.1\r"
33	expect {
34	timeout {puts "TESTING ERROR 2.1\n";exit}
35	"Child process initialized"
36	}
37	sleep 1
38
39	send -- "cat /etc/resolv.conf\r"
40	expect {
41	timeout {puts "TESTING ERROR 2.2\n";exit}
42	"nameserver 8.8.4.4"
43	}
44	expect {
45	timeout {puts "TESTING ERROR 2.3\n";exit}
46	"nameserver 8.8.8.8"
47	}
48	expect {
49	timeout {puts "TESTING ERROR 2.4\n";exit}
50	"nameserver 4.2.2.1"
51	}
52	after 100	55	after 100
53		56
54	puts "\nall done\n"	57	puts "\nall done\n"


diff --git a/test/fs/fs.sh b/test/fs/fs.sh index 1c5473f79..d9a425661 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh
@@ -61,6 +61,9 @@ echo "TESTING: whitelist empty (test/fs/whitelist-empty.exp)"
61	echo "TESTING: private whitelist (test/fs/private-whitelist.exp)"	61	echo "TESTING: private whitelist (test/fs/private-whitelist.exp)"
62	./private-whitelist.exp	62	./private-whitelist.exp
63		63
		64	echo "TESTING: whitelist ~/Downloads (test/fs/whitelist-downloads.exp)"
		65	./whitelist-downloads.exp
		66
64	echo "TESTING: invalid filename (test/fs/invalid_filename.exp)"	67	echo "TESTING: invalid filename (test/fs/invalid_filename.exp)"
65	./invalid_filename.exp	68	./invalid_filename.exp
66		69


diff --git a/test/fs/user-dirs.dirs b/test/fs/user-dirs.dirs new file mode 100644 index 000000000..0d19da4e4 --- /dev/null +++ b/test/fs/user-dirs.dirs
@@ -0,0 +1,15 @@
		1	# This file is written by xdg-user-dirs-update
		2	# If you want to change or add directories, just edit the line you're
		3	# interested in. All local changes will be retained on the next run
		4	# Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped
		5	# homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an
		6	# absolute path. No other format is supported.
		7	#
		8	XDG_DESKTOP_DIR="$HOME/Desktop"
		9	XDG_DOWNLOAD_DIR="$HOME/Downloads"
		10	XDG_TEMPLATES_DIR="$HOME/Templates"
		11	XDG_PUBLICSHARE_DIR="$HOME/Public"
		12	XDG_DOCUMENTS_DIR="$HOME/Documents"
		13	XDG_MUSIC_DIR="$HOME/Music"
		14	XDG_PICTURES_DIR="$HOME/Pictures"
		15	XDG_VIDEOS_DIR="$HOME/Videos"


diff --git a/test/fs/whitelist-downloads.exp b/test/fs/whitelist-downloads.exp new file mode 100755 index 000000000..6af318d2b --- /dev/null +++ b/test/fs/whitelist-downloads.exp
@@ -0,0 +1,49 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2016 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "cp user-dirs.dirs /tmp/.\r"
		11	after 100
		12
		13	send -- "firejail --private --noprofile\r"
		14	expect {
		15	timeout {puts "TESTING ERROR 0\n";exit}
		16	"Child process initialized"
		17	}
		18	after 100
		19
		20	send -- "firejail --force --profile=/etc/firejail/firefox.profile\r"
		21	expect {
		22	timeout {puts "TESTING ERROR 1\n";exit}
		23	"cannot whitelist Downloads directory"
		24	}
		25	expect {
		26	timeout {puts "TESTING ERROR 2\n";exit}
		27	"Child process initialized"
		28	}
		29	after 100
		30
		31	send -- "exit\r"
		32	after 100
		33
		34	send -- "cp /tmp/user-dirs.dirs ~/.config/.\r"
		35	after 100
		36
		37	send -- "firejail --force --profile=/etc/firejail/firefox.profile\r"
		38	expect {
		39	timeout {puts "TESTING ERROR 3\n";exit}
		40	"cannot whitelist Downloads directory"
		41	}
		42	expect {
		43	timeout {puts "TESTING ERROR 4\n";exit}
		44	"Child process initialized"
		45	}
		46	after 100
		47
		48	puts "\nall done\n"
		49


diff --git a/test/utils/audit.exp b/test/utils/audit.exp new file mode 100755 index 000000000..931b46981 --- /dev/null +++ b/test/utils/audit.exp
@@ -0,0 +1,79 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2016 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --audit\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	"Firejail Audit"
		14	}
		15	expect {
		16	timeout {puts "TESTING ERROR 1\n";exit}
		17	"is running in a PID namespace"
		18	}
		19	expect {
		20	timeout {puts "TESTING ERROR 2\n";exit}
		21	"container/sandbox firejail"
		22	}
		23	expect {
		24	timeout {puts "TESTING ERROR 3\n";exit}
		25	"seccomp BPF enabled"
		26	}
		27	expect {
		28	timeout {puts "TESTING ERROR 4\n";exit}
		29	"all capabilities are disabled"
		30	}
		31	expect {
		32	timeout {puts "TESTING ERROR 5\n";exit}
		33	"dev directory seems to be fully populated"
		34	}
		35	after 100
		36
		37
		38	send -- "firejail --audit=/usr/lib/firejail/faudit\r"
		39	expect {
		40	timeout {puts "TESTING ERROR 6\n";exit}
		41	"Firejail Audit"
		42	}
		43	expect {
		44	timeout {puts "TESTING ERROR 7\n";exit}
		45	"is running in a PID namespace"
		46	}
		47	expect {
		48	timeout {puts "TESTING ERROR 8\n";exit}
		49	"container/sandbox firejail"
		50	}
		51	expect {
		52	timeout {puts "TESTING ERROR 9\n";exit}
		53	"seccomp BPF enabled"
		54	}
		55	expect {
		56	timeout {puts "TESTING ERROR 10\n";exit}
		57	"all capabilities are disabled"
		58	}
		59	expect {
		60	timeout {puts "TESTING ERROR 11\n";exit}
		61	"dev directory seems to be fully populated"
		62	}
		63	after 100
		64
		65	send -- "firejail --audit=blablabla\r"
		66	expect {
		67	timeout {puts "TESTING ERROR 12\n";exit}
		68	"cannot find the audit program"
		69	}
		70	after 100
		71
		72	send -- "firejail --audit=\r"
		73	expect {
		74	timeout {puts "TESTING ERROR 12\n";exit}
		75	"invalid audit program"
		76	}
		77	after 100
		78
		79	puts "\nall done\n"


diff --git a/test/utils/utils.sh b/test/utils/utils.sh index 804e5ae0f..04702597f 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh
@@ -6,6 +6,9 @@
6	export MALLOC_CHECK_=3	6	export MALLOC_CHECK_=3
7	export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))	7	export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
8		8
		9	echo "TESTING: audit (test/utils/audit.exp)"
		10	./audit.exp
		11
9	echo "TESTING: version (test/utils/version.exp)"	12	echo "TESTING: version (test/utils/version.exp)"
10	./version.exp	13	./version.exp
11		14