diff options
-rw-r--r-- | Makefile.in | 4 | ||||
-rwxr-xr-x | gcov.sh | 6 | ||||
-rw-r--r-- | src/firecfg/desktop_files.c | 10 | ||||
-rw-r--r-- | src/firecfg/main.c | 63 | ||||
-rw-r--r-- | src/firemon/usage.c | 111 | ||||
-rw-r--r-- | src/fnetfilter/main.c | 41 | ||||
-rwxr-xr-x | test/environment/csh.exp | 14 | ||||
-rwxr-xr-x | test/environment/zsh.exp | 14 | ||||
-rwxr-xr-x | test/login_ssh.exp | 59 | ||||
-rwxr-xr-x | test/network/netfilter-template.exp | 23 | ||||
-rwxr-xr-x | test/root/firecfg.exp | 6 | ||||
-rwxr-xr-x | test/root/login_nobody.exp | 35 | ||||
-rwxr-xr-x | test/root/root.sh | 29 | ||||
-rwxr-xr-x | test/ssh/login.exp | 49 | ||||
-rwxr-xr-x | test/ssh/scp.exp | 63 | ||||
-rwxr-xr-x | test/ssh/sftp.exp | 87 | ||||
-rwxr-xr-x | test/ssh/ssh.sh | 16 | ||||
-rwxr-xr-x | test/utils/audit.exp | 60 | ||||
-rwxr-xr-x | test/utils/build.exp | 33 | ||||
-rwxr-xr-x | test/utils/command.exp | 23 | ||||
-rwxr-xr-x | test/utils/name.exp | 174 | ||||
-rwxr-xr-x | test/utils/profile_print.exp | 27 | ||||
-rwxr-xr-x | test/utils/utils.sh | 13 |
23 files changed, 770 insertions, 190 deletions
diff --git a/Makefile.in b/Makefile.in index 134e7bd66..ebf9d40e8 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -299,6 +299,10 @@ test-travis: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sy | |||
299 | # with them you will need to restart your computer. | 299 | # with them you will need to restart your computer. |
300 | ########################################## | 300 | ########################################## |
301 | 301 | ||
302 | # a firejail-test account is required, public/private key setup | ||
303 | test-ssh: | ||
304 | cd test/ssh; ./ssh.sh | grep TESTING | ||
305 | |||
302 | # requires root access | 306 | # requires root access |
303 | test-chroot: | 307 | test-chroot: |
304 | cd test/chroot; ./chroot.sh | grep testing | 308 | cd test/chroot; ./chroot.sh | grep testing |
@@ -34,7 +34,7 @@ generate() { | |||
34 | gcov_init | 34 | gcov_init |
35 | lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder -d src/fcopy -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-old | 35 | lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder -d src/fcopy -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-old |
36 | 36 | ||
37 | #make test-environment | 37 | #make test-utils |
38 | #generate | 38 | #generate |
39 | #sleep 2 | 39 | #sleep 2 |
40 | #exit | 40 | #exit |
@@ -57,6 +57,10 @@ make test-stress | |||
57 | generate | 57 | generate |
58 | sleep 2 | 58 | sleep 2 |
59 | 59 | ||
60 | make test-ssh | ||
61 | generate | ||
62 | sleep 2 | ||
63 | |||
60 | make test-appimage | 64 | make test-appimage |
61 | generate | 65 | generate |
62 | sleep 2 | 66 | sleep 2 |
diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c index 0a6a0bbf0..49e58528c 100644 --- a/src/firecfg/desktop_files.c +++ b/src/firecfg/desktop_files.c | |||
@@ -136,15 +136,9 @@ void fix_desktop_files(char *homedir) { | |||
136 | 136 | ||
137 | // source | 137 | // source |
138 | DIR *dir = opendir("/usr/share/applications"); | 138 | DIR *dir = opendir("/usr/share/applications"); |
139 | if (!dir) { | 139 | if (!dir || chdir("/usr/share/applications")) { |
140 | perror("opendir"); | 140 | perror("opendir"); |
141 | fprintf(stderr, "Warning: cannot open /usr/share/applications directory, desktop files fixing skipped...\n"); | 141 | fprintf(stderr, "Warning: cannot access /usr/share/applications directory, desktop files fixing skipped...\n"); |
142 | free(user_apps_dir); | ||
143 | return; | ||
144 | } | ||
145 | if (chdir("/usr/share/applications")) { | ||
146 | perror("chdir"); | ||
147 | fprintf(stderr, "Warning: cannot chdir to /usr/share/applications, desktop files fixing skipped...\n"); | ||
148 | free(user_apps_dir); | 142 | free(user_apps_dir); |
149 | return; | 143 | return; |
150 | } | 144 | } |
diff --git a/src/firecfg/main.c b/src/firecfg/main.c index ab0fd53e3..e636dc385 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c | |||
@@ -21,38 +21,41 @@ | |||
21 | #include "firecfg.h" | 21 | #include "firecfg.h" |
22 | int arg_debug = 0; | 22 | int arg_debug = 0; |
23 | 23 | ||
24 | static char *usage_str = | ||
25 | "Firecfg is the desktop configuration utility for Firejail software. The utility\n" | ||
26 | "creates several symbolic links to firejail executable. This allows the user to\n" | ||
27 | "sandbox applications automatically, just by clicking on a regular desktop\n" | ||
28 | "menus and icons.\n\n" | ||
29 | "The symbolic links are placed in /usr/local/bin. For more information, see\n" | ||
30 | "DESKTOP INTEGRATION section in man 1 firejail.\n\n" | ||
31 | "Usage: firecfg [OPTIONS]\n\n" | ||
32 | " --clean - remove all firejail symbolic links.\n\n" | ||
33 | " --debug - print debug messages.\n\n" | ||
34 | " --fix - fix .desktop files.\n\n" | ||
35 | " --fix-sound - create ~/.config/pulse/client.conf file.\n\n" | ||
36 | " --help, -? - this help screen.\n\n" | ||
37 | " --list - list all firejail symbolic links.\n\n" | ||
38 | " --version - print program version and exit.\n\n" | ||
39 | "Example:\n\n" | ||
40 | " $ sudo firecfg\n" | ||
41 | " /usr/local/bin/firefox created\n" | ||
42 | " /usr/local/bin/vlc created\n" | ||
43 | " [...]\n" | ||
44 | " $ firecfg --list\n" | ||
45 | " /usr/local/bin/firefox\n" | ||
46 | " /usr/local/bin/vlc\n" | ||
47 | " [...]\n" | ||
48 | " $ sudo firecfg --clean\n" | ||
49 | " /usr/local/bin/firefox removed\n" | ||
50 | " /usr/local/bin/vlc removed\n" | ||
51 | " [...]\n" | ||
52 | "\n" | ||
53 | "License GPL version 2 or later\n" | ||
54 | "Homepage: http://firejail.wordpress.com\n\n"; | ||
55 | |||
24 | static void usage(void) { | 56 | static void usage(void) { |
25 | printf("firecfg - version %s\n\n", VERSION); | 57 | printf("firecfg - version %s\n\n", VERSION); |
26 | printf("Firecfg is the desktop configuration utility for Firejail software. The utility\n"); | 58 | puts(usage_str); |
27 | printf("creates several symbolic links to firejail executable. This allows the user to\n"); | ||
28 | printf("sandbox applications automatically, just by clicking on a regular desktop\n"); | ||
29 | printf("menus and icons.\n\n"); | ||
30 | printf("The symbolic links are placed in /usr/local/bin. For more information, see\n"); | ||
31 | printf("DESKTOP INTEGRATION section in man 1 firejail.\n\n"); | ||
32 | printf("Usage: firecfg [OPTIONS]\n\n"); | ||
33 | printf(" --clean - remove all firejail symbolic links.\n\n"); | ||
34 | printf(" --debug - print debug messages.\n\n"); | ||
35 | printf(" --fix - fix .desktop files.\n\n"); | ||
36 | printf(" --fix-sound - create ~/.config/pulse/client.conf file.\n\n"); | ||
37 | printf(" --help, -? - this help screen.\n\n"); | ||
38 | printf(" --list - list all firejail symbolic links.\n\n"); | ||
39 | printf(" --version - print program version and exit.\n\n"); | ||
40 | printf("Example:\n\n"); | ||
41 | printf(" $ sudo firecfg\n"); | ||
42 | printf(" /usr/local/bin/firefox created\n"); | ||
43 | printf(" /usr/local/bin/vlc created\n"); | ||
44 | printf(" [...]\n"); | ||
45 | printf(" $ firecfg --list\n"); | ||
46 | printf(" /usr/local/bin/firefox\n"); | ||
47 | printf(" /usr/local/bin/vlc\n"); | ||
48 | printf(" [...]\n"); | ||
49 | printf(" $ sudo firecfg --clean\n"); | ||
50 | printf(" /usr/local/bin/firefox removed\n"); | ||
51 | printf(" /usr/local/bin/vlc removed\n"); | ||
52 | printf(" [...]\n"); | ||
53 | printf("\n"); | ||
54 | printf("License GPL version 2 or later\n"); | ||
55 | printf("Homepage: http://firejail.wordpress.com\n\n"); | ||
56 | } | 59 | } |
57 | 60 | ||
58 | 61 | ||
diff --git a/src/firemon/usage.c b/src/firemon/usage.c index 617f4dacd..37bd4e874 100644 --- a/src/firemon/usage.c +++ b/src/firemon/usage.c | |||
@@ -19,62 +19,65 @@ | |||
19 | */ | 19 | */ |
20 | #include "firemon.h" | 20 | #include "firemon.h" |
21 | 21 | ||
22 | void usage(void) { | 22 | static char *help_str = |
23 | printf("firemon - version %s\n", VERSION); | 23 | "Usage: firemon [OPTIONS] [PID]\n\n" |
24 | printf("Usage: firemon [OPTIONS] [PID]\n\n"); | 24 | "Monitor processes started in a Firejail sandbox. Without any PID specified,\n" |
25 | printf("Monitor processes started in a Firejail sandbox. Without any PID specified,\n"); | 25 | "all processes started by Firejail are monitored. Descendants of these processes\n" |
26 | printf("all processes started by Firejail are monitored. Descendants of these processes\n"); | 26 | "are also being monitored. On Grsecurity systems only root user\n" |
27 | printf("are also being monitored. On Grsecurity systems only root user\n"); | 27 | "can run this program.\n\n" |
28 | printf("can run this program.\n\n"); | 28 | "Options:\n" |
29 | printf("Options:\n"); | 29 | "\t--apparmor - print AppArmor confinement status for each sandbox.\n\n" |
30 | printf("\t--apparmor - print AppArmor confinement status for each sandbox.\n\n"); | 30 | "\t--arp - print ARP table for each sandbox.\n\n" |
31 | printf("\t--arp - print ARP table for each sandbox.\n\n"); | 31 | "\t--caps - print capabilities configuration for each sandbox.\n\n" |
32 | printf("\t--caps - print capabilities configuration for each sandbox.\n\n"); | 32 | "\t--cgroup - print control group information for each sandbox.\n\n" |
33 | printf("\t--cgroup - print control group information for each sandbox.\n\n"); | 33 | "\t--cpu - print CPU affinity for each sandbox.\n\n" |
34 | printf("\t--cpu - print CPU affinity for each sandbox.\n\n"); | 34 | "\t--help, -? - this help screen.\n\n" |
35 | printf("\t--help, -? - this help screen.\n\n"); | 35 | "\t--interface - print network interface information for each sandbox.\n\n" |
36 | printf("\t--interface - print network interface information for each sandbox.\n\n"); | 36 | "\t--list - list all sandboxes.\n\n" |
37 | printf("\t--list - list all sandboxes.\n\n"); | 37 | "\t--name=name - print information only about named sandbox.\n\n" |
38 | printf("\t--name=name - print information only about named sandbox.\n\n"); | 38 | "\t--netstats - monitor network statistics for sandboxes creating a new\n" |
39 | printf("\t--netstats - monitor network statistics for sandboxes creating a new\n"); | 39 | "\t\tnetwork namespace.\n\n" |
40 | printf("\t\tnetwork namespace.\n\n"); | 40 | "\t--nowrap - enable line wrapping in terminals.\n\n" |
41 | printf("\t--nowrap - enable line wrapping in terminals.\n\n"); | 41 | "\t--route - print route table for each sandbox.\n\n" |
42 | printf("\t--route - print route table for each sandbox.\n\n"); | 42 | "\t--seccomp - print seccomp configuration for each sandbox.\n\n" |
43 | printf("\t--seccomp - print seccomp configuration for each sandbox.\n\n"); | 43 | "\t--tree - print a tree of all sandboxed processes.\n\n" |
44 | printf("\t--tree - print a tree of all sandboxed processes.\n\n"); | 44 | "\t--top - monitor the most CPU-intensive sandboxes.\n\n" |
45 | printf("\t--top - monitor the most CPU-intensive sandboxes.\n\n"); | 45 | "\t--version - print program version and exit.\n\n" |
46 | printf("\t--version - print program version and exit.\n\n"); | 46 | |
47 | "Without any options, firemon monitors all fork, exec, id change, and exit\n" | ||
48 | "events in the sandbox. Monitoring a specific PID is also supported.\n\n" | ||
47 | 49 | ||
48 | printf("Without any options, firemon monitors all fork, exec, id change, and exit events\n"); | 50 | "Option --list prints a list of all sandboxes. The format for each entry is as\n" |
49 | printf("in the sandbox. Monitoring a specific PID is also supported.\n\n"); | 51 | "follows:\n\n" |
52 | "\tPID:USER:Command\n\n" | ||
50 | 53 | ||
51 | printf("Option --list prints a list of all sandboxes. The format for each entry is as\n"); | 54 | "Option --tree prints the tree of processes running in the sandbox. The format\n" |
52 | printf("follows:\n\n"); | 55 | "for each process entry is as follows:\n\n" |
53 | printf("\tPID:USER:Command\n\n"); | 56 | "\tPID:USER:Command\n\n" |
54 | 57 | ||
55 | printf("Option --tree prints the tree of processes running in the sandbox. The format\n"); | 58 | "Option --top is similar to the UNIX top command, however it applies only to\n" |
56 | printf("for each process entry is as follows:\n\n"); | 59 | "sandboxes. Listed below are the available fields (columns) in alphabetical\n" |
57 | printf("\tPID:USER:Command\n\n"); | 60 | "order:\n\n" |
61 | "\tCommand - command used to start the sandbox.\n" | ||
62 | "\tCPU%% - CPU usage, the sandbox share of the elapsed CPU time since the\n" | ||
63 | "\t last screen update\n" | ||
64 | "\tPID - Unique process ID for the task controlling the sandbox.\n" | ||
65 | "\tPrcs - number of processes running in sandbox, including the\n" | ||
66 | "\t controlling process.\n" | ||
67 | "\tRES - Resident Memory Size (KiB), sandbox non-swapped physical memory.\n" | ||
68 | "\t It is a sum of the RES values for all processes running in the\n" | ||
69 | "\t sandbox.\n" | ||
70 | "\tSHR - Shared Memory Size (KiB), it reflects memory shared with other\n" | ||
71 | "\t processes. It is a sum of the SHR values for all processes\n" | ||
72 | "\t running in the sandbox, including the controlling process.\n" | ||
73 | "\tUptime - sandbox running time in hours:minutes:seconds format.\n" | ||
74 | "\tUser - The owner of the sandbox.\n" | ||
75 | "\n" | ||
76 | "License GPL version 2 or later\n" | ||
77 | "Homepage: http://firejail.wordpress.com\n" | ||
78 | "\n"; | ||
58 | 79 | ||
59 | printf("Option --top is similar to the UNIX top command, however it applies only to\n"); | 80 | void usage(void) { |
60 | printf("sandboxes. Listed below are the available fields (columns) in alphabetical\n"); | 81 | printf("firemon - version %s\n", VERSION); |
61 | printf("order:\n\n"); | 82 | puts(help_str); |
62 | printf("\tCommand - command used to start the sandbox.\n"); | ||
63 | printf("\tCPU%% - CPU usage, the sandbox share of the elapsed CPU time since the\n"); | ||
64 | printf("\t last screen update\n"); | ||
65 | printf("\tPID - Unique process ID for the task controlling the sandbox.\n"); | ||
66 | printf("\tPrcs - number of processes running in sandbox, including the controlling\n"); | ||
67 | printf("\t process.\n"); | ||
68 | printf("\tRES - Resident Memory Size (KiB), sandbox non-swapped physical memory.\n"); | ||
69 | printf("\t It is a sum of the RES values for all processes running in the\n"); | ||
70 | printf("\t sandbox.\n"); | ||
71 | printf("\tSHR - Shared Memory Size (KiB), it reflects memory shared with other\n"); | ||
72 | printf("\t processes. It is a sum of the SHR values for all processes running\n"); | ||
73 | printf("\t in the sandbox, including the controlling process.\n"); | ||
74 | printf("\tUptime - sandbox running time in hours:minutes:seconds format.\n"); | ||
75 | printf("\tUser - The owner of the sandbox.\n"); | ||
76 | printf("\n"); | ||
77 | printf("License GPL version 2 or later\n"); | ||
78 | printf("Homepage: http://firejail.wordpress.com\n"); | ||
79 | printf("\n"); | ||
80 | } | 83 | } |
diff --git a/src/fnetfilter/main.c b/src/fnetfilter/main.c index 828b30d40..ba58ba3c9 100644 --- a/src/fnetfilter/main.c +++ b/src/fnetfilter/main.c | |||
@@ -50,19 +50,20 @@ static void usage(void) { | |||
50 | printf("\tfnetfilter netfilter-command destination-file\n"); | 50 | printf("\tfnetfilter netfilter-command destination-file\n"); |
51 | } | 51 | } |
52 | 52 | ||
53 | static void err_exit_cannot_open_file(const char *fname) { | ||
54 | fprintf(stderr, "Error fnetfilter: cannot open %s\n", fname); | ||
55 | exit(1); | ||
56 | } | ||
57 | |||
53 | 58 | ||
54 | static void copy(const char *src, const char *dest) { | 59 | static void copy(const char *src, const char *dest) { |
55 | FILE *fp1 = fopen(src, "r"); | 60 | FILE *fp1 = fopen(src, "r"); |
56 | if (!fp1) { | 61 | if (!fp1) |
57 | fprintf(stderr, "Error fnetfilter: cannot open %s\n", src); | 62 | err_exit_cannot_open_file(src); |
58 | exit(1); | ||
59 | } | ||
60 | 63 | ||
61 | FILE *fp2 = fopen(dest, "w"); | 64 | FILE *fp2 = fopen(dest, "w"); |
62 | if (!fp2) { | 65 | if (!fp2) |
63 | fprintf(stderr, "Error fnetfilter: cannot open %s\n", dest); | 66 | err_exit_cannot_open_file(dest); |
64 | exit(1); | ||
65 | } | ||
66 | 67 | ||
67 | char buf[MAXBUF]; | 68 | char buf[MAXBUF]; |
68 | while (fgets(buf, MAXBUF, fp1)) | 69 | while (fgets(buf, MAXBUF, fp1)) |
@@ -106,16 +107,12 @@ for (i = 0; i < argcnt; i++) | |||
106 | 107 | ||
107 | // open the files | 108 | // open the files |
108 | FILE *fp1 = fopen(src, "r"); | 109 | FILE *fp1 = fopen(src, "r"); |
109 | if (!fp1) { | 110 | if (!fp1) |
110 | fprintf(stderr, "Error fnetfilter: cannot open %s\n", src); | 111 | err_exit_cannot_open_file(src); |
111 | exit(1); | ||
112 | } | ||
113 | 112 | ||
114 | FILE *fp2 = fopen(dest, "w"); | 113 | FILE *fp2 = fopen(dest, "w"); |
115 | if (!fp2) { | 114 | if (!fp2) |
116 | fprintf(stderr, "Error fnetfilter: cannot open %s\n", dest); | 115 | err_exit_cannot_open_file(dest); |
117 | exit(1); | ||
118 | } | ||
119 | 116 | ||
120 | int line = 0; | 117 | int line = 0; |
121 | char buf[MAXBUF]; | 118 | char buf[MAXBUF]; |
@@ -186,19 +183,15 @@ printf("\n"); | |||
186 | //printf("destfile %s\n", destfile); | 183 | //printf("destfile %s\n", destfile); |
187 | // destfile is a real filename | 184 | // destfile is a real filename |
188 | int len = strlen(destfile); | 185 | int len = strlen(destfile); |
189 | if (strcspn(destfile, "\\&!?\"'<>%^(){};,*[]") != (size_t)len) { | 186 | if (strcspn(destfile, "\\&!?\"'<>%^(){};,*[]") != (size_t)len) |
190 | fprintf(stderr, "Error fnetfilter: invalid destination file in netfilter command\n"); | 187 | err_exit_cannot_open_file(destfile); |
191 | exit(1); | ||
192 | } | ||
193 | 188 | ||
194 | // handle default config (command = NULL, destfile) | 189 | // handle default config (command = NULL, destfile) |
195 | if (command == NULL) { | 190 | if (command == NULL) { |
196 | // create a default filter file | 191 | // create a default filter file |
197 | FILE *fp = fopen(destfile, "w"); | 192 | FILE *fp = fopen(destfile, "w"); |
198 | if (!fp) { | 193 | if (!fp) |
199 | fprintf(stderr, "Error fnetfilter: cannot open %s\n", destfile); | 194 | err_exit_cannot_open_file(destfile); |
200 | exit(1); | ||
201 | } | ||
202 | fprintf(fp, "%s\n", default_filter); | 195 | fprintf(fp, "%s\n", default_filter); |
203 | fclose(fp); | 196 | fclose(fp); |
204 | } | 197 | } |
diff --git a/test/environment/csh.exp b/test/environment/csh.exp index 7b9fe7dc4..10a278ebc 100755 --- a/test/environment/csh.exp +++ b/test/environment/csh.exp | |||
@@ -30,6 +30,20 @@ expect { | |||
30 | "/bin/csh" | 30 | "/bin/csh" |
31 | } | 31 | } |
32 | send -- "exit\r" | 32 | send -- "exit\r" |
33 | sleep 1 | ||
34 | |||
35 | send -- "firejail --shell=none --csh\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 3\n";exit} | ||
38 | "shell=none was already specified" | ||
39 | } | ||
40 | after 100 | ||
41 | |||
42 | send -- "firejail --csh --shell=none\r" | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 4\n";exit} | ||
45 | "a shell was already specified" | ||
46 | } | ||
33 | after 100 | 47 | after 100 |
34 | 48 | ||
35 | puts "\n" | 49 | puts "\n" |
diff --git a/test/environment/zsh.exp b/test/environment/zsh.exp index 65fe440c7..e7f610e98 100755 --- a/test/environment/zsh.exp +++ b/test/environment/zsh.exp | |||
@@ -30,6 +30,20 @@ expect { | |||
30 | "/bin/zsh" | 30 | "/bin/zsh" |
31 | } | 31 | } |
32 | send -- "exit\r" | 32 | send -- "exit\r" |
33 | sleep 1 | ||
34 | |||
35 | send -- "firejail --shell=none --zsh\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 3\n";exit} | ||
38 | "shell=none was already specified" | ||
39 | } | ||
40 | after 100 | ||
41 | |||
42 | send -- "firejail --zsh --shell=none\r" | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 4\n";exit} | ||
45 | "a shell was already specified" | ||
46 | } | ||
33 | after 100 | 47 | after 100 |
34 | 48 | ||
35 | puts "\nall done\n" | 49 | puts "\nall done\n" |
diff --git a/test/login_ssh.exp b/test/login_ssh.exp deleted file mode 100755 index db0721d25..000000000 --- a/test/login_ssh.exp +++ /dev/null | |||
@@ -1,59 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "ssh bingo@0\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "password:" { | ||
11 | puts "\nTESTING: please enter SSH password" | ||
12 | set oldmode [stty -echo -raw] | ||
13 | expect_user -re "(.*)\n" | ||
14 | send_user "\n" | ||
15 | eval stty $oldmode | ||
16 | # stty echo | ||
17 | set pass $expect_out(1,string) | ||
18 | send -- "$pass\r" | ||
19 | puts "TESTING: password sent to the server" | ||
20 | } | ||
21 | "Child process initialized" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | # test default gw | ||
26 | send -- "bash\r" | ||
27 | sleep 1 | ||
28 | send -- "ps aux; pwd\r" | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 1\n";exit} | ||
31 | "/bin/bash" | ||
32 | } | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 2\n";exit} | ||
35 | "bash" | ||
36 | } | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 3\n";exit} | ||
39 | "ps aux" | ||
40 | } | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 4\n";exit} | ||
43 | "home" | ||
44 | } | ||
45 | sleep 1 | ||
46 | |||
47 | |||
48 | send -- "ps aux |wc -l; pwd\r" | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 5\n";exit} | ||
51 | "6" | ||
52 | } | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 6\n";exit} | ||
55 | "home" | ||
56 | } | ||
57 | sleep 1 | ||
58 | |||
59 | puts "\nall done\n" | ||
diff --git a/test/network/netfilter-template.exp b/test/network/netfilter-template.exp index 1ad28a103..5a15152d3 100755 --- a/test/network/netfilter-template.exp +++ b/test/network/netfilter-template.exp | |||
@@ -7,6 +7,14 @@ set timeout 10 | |||
7 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
8 | match_max 100000 | 8 | match_max 100000 |
9 | 9 | ||
10 | |||
11 | send -- "firejail --net=br1 --ip=10.10.30.10 --name=test1 --netfilter=/etc/firejail/blablabla\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "invalid network filter file" | ||
15 | } | ||
16 | sleep 1 | ||
17 | |||
10 | send -- "firejail --net=br1 --ip=10.10.30.10 --name=test1 --netfilter=/etc/firejail/tcpserver.net,5555 ./tcpserver 5555\r" | 18 | send -- "firejail --net=br1 --ip=10.10.30.10 --name=test1 --netfilter=/etc/firejail/tcpserver.net,5555 ./tcpserver 5555\r" |
11 | expect { | 19 | expect { |
12 | timeout {puts "TESTING ERROR 1\n";exit} | 20 | timeout {puts "TESTING ERROR 1\n";exit} |
@@ -15,6 +23,21 @@ expect { | |||
15 | sleep 1 | 23 | sleep 1 |
16 | 24 | ||
17 | spawn $env(SHELL) | 25 | spawn $env(SHELL) |
26 | send -- "firejail --netfilter.print=test1\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
29 | "Chain INPUT" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
33 | "Chain FORWARD" | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 1.3\n";exit} | ||
37 | "Chain OUTPUT" | ||
38 | } | ||
39 | sleep 1 | ||
40 | |||
18 | send -- "telnet 10.10.30.10 5555\r" | 41 | send -- "telnet 10.10.30.10 5555\r" |
19 | expect { | 42 | expect { |
20 | timeout {puts "TESTING ERROR 2\n";exit} | 43 | timeout {puts "TESTING ERROR 2\n";exit} |
diff --git a/test/root/firecfg.exp b/test/root/firecfg.exp index 656b8e215..b73167bd1 100755 --- a/test/root/firecfg.exp +++ b/test/root/firecfg.exp | |||
@@ -7,10 +7,10 @@ set timeout 10 | |||
7 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
8 | match_max 100000 | 8 | match_max 100000 |
9 | 9 | ||
10 | send -- "firecfg\r" | 10 | send -- "firecfg --debug\r" |
11 | sleep 1 | 11 | sleep 1 |
12 | 12 | ||
13 | send -- "firecfg --clean\r" | 13 | send -- "firecfg --debug --clean\r" |
14 | expect { | 14 | expect { |
15 | timeout {puts "TESTING ERROR 0\n";exit} | 15 | timeout {puts "TESTING ERROR 0\n";exit} |
16 | "less removed" | 16 | "less removed" |
@@ -27,7 +27,7 @@ expect { | |||
27 | } | 27 | } |
28 | sleep 1 | 28 | sleep 1 |
29 | 29 | ||
30 | send -- "firecfg\r" | 30 | send -- "firecfg --debug\r" |
31 | expect { | 31 | expect { |
32 | timeout {puts "TESTING ERROR 3\n";exit} | 32 | timeout {puts "TESTING ERROR 3\n";exit} |
33 | "less created" | 33 | "less created" |
diff --git a/test/root/login_nobody.exp b/test/root/login_nobody.exp new file mode 100755 index 000000000..8e9ec4367 --- /dev/null +++ b/test/root/login_nobody.exp | |||
@@ -0,0 +1,35 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | cd /home | ||
8 | spawn $env(SHELL) | ||
9 | match_max 100000 | ||
10 | |||
11 | send -- "su - nobody -s /usr/bin/firejail\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | after 100 | ||
17 | |||
18 | send -- "cat /proc/self/status | grep Seccomp\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3\n";exit} | ||
21 | "2" | ||
22 | } | ||
23 | after 100 | ||
24 | |||
25 | send -- "cat /proc/self/status | grep CapBnd\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 4\n";exit} | ||
28 | "0000000000000000" | ||
29 | } | ||
30 | after 100 | ||
31 | |||
32 | send -- "exit\r" | ||
33 | sleep 1 | ||
34 | |||
35 | puts "\nall done\n" | ||
diff --git a/test/root/root.sh b/test/root/root.sh index 22b12cf86..4132bc739 100755 --- a/test/root/root.sh +++ b/test/root/root.sh | |||
@@ -3,6 +3,21 @@ | |||
3 | # set a new firejail config file | 3 | # set a new firejail config file |
4 | #cp firejail.config /etc/firejail/firejail.config | 4 | #cp firejail.config /etc/firejail/firejail.config |
5 | 5 | ||
6 | |||
7 | #******************************** | ||
8 | # firecfg | ||
9 | #******************************** | ||
10 | which less | ||
11 | if [ "$?" -eq 0 ]; | ||
12 | then | ||
13 | echo "TESTING: firecfg (test/root/firecfg.exp)" | ||
14 | mv /home/netblue/.local/share/applications /home/netblue/.local/share/applications-store | ||
15 | ./firecfg.exp | ||
16 | mv /home/netblue/.local/share/applications-store /home/netblue/.local/share/applications | ||
17 | else | ||
18 | echo "TESTING SKIP: firecfg, less not found" | ||
19 | fi | ||
20 | |||
6 | #******************************** | 21 | #******************************** |
7 | # servers | 22 | # servers |
8 | #******************************** | 23 | #******************************** |
@@ -65,6 +80,9 @@ echo "TESTING: join (test/root/join.exp)" | |||
65 | echo "TESTING: git-install (test/root/git.exp)" | 80 | echo "TESTING: git-install (test/root/git.exp)" |
66 | ./git.exp | 81 | ./git.exp |
67 | 82 | ||
83 | echo "TESTING: login-nobody (test/root/login_nobody.exp)" | ||
84 | ./login_nobody.exp | ||
85 | |||
68 | #******************************** | 86 | #******************************** |
69 | # seccomp | 87 | # seccomp |
70 | #******************************** | 88 | #******************************** |
@@ -107,17 +125,6 @@ rm -f tmpfile | |||
107 | echo "TESTING: firemon events (test/root/firemon-events.exp)" | 125 | echo "TESTING: firemon events (test/root/firemon-events.exp)" |
108 | ./firemon-events.exp | 126 | ./firemon-events.exp |
109 | 127 | ||
110 | #******************************** | ||
111 | # firecfg | ||
112 | #******************************** | ||
113 | which less | ||
114 | if [ "$?" -eq 0 ]; | ||
115 | then | ||
116 | echo "TESTING: firecfg (test/root/firecfg.exp)" | ||
117 | ./firecfg.exp | ||
118 | else | ||
119 | echo "TESTING SKIP: firecfg, less not found" | ||
120 | fi | ||
121 | 128 | ||
122 | # restore the default config file | 129 | # restore the default config file |
123 | #cp ../../etc/firejail.config /etc/firejail/firejail.config | 130 | #cp ../../etc/firejail.config /etc/firejail/firejail.config |
diff --git a/test/ssh/login.exp b/test/ssh/login.exp new file mode 100755 index 000000000..479292c91 --- /dev/null +++ b/test/ssh/login.exp | |||
@@ -0,0 +1,49 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "ssh firejail-test@0\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" {puts "OK\n"} | ||
11 | "an existing sandbox was detected" {puts "OK\n"} | ||
12 | } | ||
13 | sleep 1 | ||
14 | |||
15 | send -- "ps aux | wc -l\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "5" | ||
19 | } | ||
20 | after 100 | ||
21 | |||
22 | send -- "ls -l /home | grep drw | wc -l\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 2\n";exit} | ||
25 | "1" | ||
26 | } | ||
27 | after 100 | ||
28 | |||
29 | send -- "cat /proc/self/status | grep Seccomp\r" | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 3\n";exit} | ||
32 | "2" | ||
33 | } | ||
34 | after 100 | ||
35 | |||
36 | send -- "cat /proc/self/status | grep CapBnd\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 4\n";exit} | ||
39 | "0000000000000000" | ||
40 | } | ||
41 | after 100 | ||
42 | |||
43 | # preparing scp/sftp tests | ||
44 | send -- "rm testfile\r" | ||
45 | |||
46 | send -- "exit\r" | ||
47 | sleep 1 | ||
48 | |||
49 | puts "\nall done\n" | ||
diff --git a/test/ssh/scp.exp b/test/ssh/scp.exp new file mode 100755 index 000000000..355125751 --- /dev/null +++ b/test/ssh/scp.exp | |||
@@ -0,0 +1,63 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "ssh firejail-test@0\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" {puts "OK\n"} | ||
11 | "an existing sandbox was detected" {puts "OK\n"} | ||
12 | } | ||
13 | sleep 1 | ||
14 | |||
15 | send -- "rm -f testfile\r" | ||
16 | after 100 | ||
17 | send -- "exit\r" | ||
18 | sleep 1 | ||
19 | |||
20 | send -- "echo 12345 > testfile\r" | ||
21 | after 100 | ||
22 | send -- "scp testfile firejail-test@0:~/testfile\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 1\n";exit} | ||
25 | "100%" | ||
26 | } | ||
27 | sleep 1 | ||
28 | |||
29 | |||
30 | send -- "ssh firejail-test@0\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 2\n";exit} | ||
33 | "Child process initialized" {puts "OK\n"} | ||
34 | "an existing sandbox was detected" {puts "OK\n"} | ||
35 | } | ||
36 | sleep 1 | ||
37 | send -- "cat testfile\r" | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 3\n";exit} | ||
40 | "12345" | ||
41 | } | ||
42 | after 100 | ||
43 | send -- "exit\r" | ||
44 | sleep 1 | ||
45 | |||
46 | send -- "rm testfile\r" | ||
47 | after 100 | ||
48 | send -- "scp firejail-test@0:~/testfile testfile\r" | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 4\n";exit} | ||
51 | "100%" | ||
52 | } | ||
53 | sleep 1 | ||
54 | send -- "cat testfile\r" | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5\n";exit} | ||
57 | "12345" | ||
58 | } | ||
59 | after 100 | ||
60 | send -- "rm testfile\r" | ||
61 | sleep 1 | ||
62 | |||
63 | puts "\nall done\n" | ||
diff --git a/test/ssh/sftp.exp b/test/ssh/sftp.exp new file mode 100755 index 000000000..3b0124ec7 --- /dev/null +++ b/test/ssh/sftp.exp | |||
@@ -0,0 +1,87 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "ssh firejail-test@0\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" {puts "OK\n"} | ||
11 | "an existing sandbox was detected" {puts "OK\n"} | ||
12 | } | ||
13 | sleep 1 | ||
14 | |||
15 | send -- "rm -f testfile\r" | ||
16 | after 100 | ||
17 | send -- "exit\r" | ||
18 | sleep 1 | ||
19 | |||
20 | send -- "echo 12345 > testfile\r" | ||
21 | after 100 | ||
22 | send -- "sftp firejail-test@0\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 1\n";exit} | ||
25 | "Connected to 0" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 2\n";exit} | ||
29 | "sftp>" | ||
30 | } | ||
31 | after 100 | ||
32 | send -- "put testfile\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 3\n";exit} | ||
35 | "100%" | ||
36 | } | ||
37 | after 100 | ||
38 | send -- "exit\r" | ||
39 | sleep 1 | ||
40 | |||
41 | |||
42 | send -- "ssh firejail-test@0\r" | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 4\n";exit} | ||
45 | "Child process initialized" {puts "OK\n"} | ||
46 | "an existing sandbox was detected" {puts "OK\n"} | ||
47 | } | ||
48 | sleep 1 | ||
49 | send -- "cat testfile\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5\n";exit} | ||
52 | "12345" | ||
53 | } | ||
54 | after 100 | ||
55 | send -- "exit\r" | ||
56 | sleep 1 | ||
57 | |||
58 | send -- "rm testfile\r" | ||
59 | after 100 | ||
60 | send -- "sftp firejail-test@0\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6\n";exit} | ||
63 | "Connected to 0" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 7\n";exit} | ||
67 | "sftp>" | ||
68 | } | ||
69 | after 100 | ||
70 | send -- "get testfile\r" | ||
71 | expect { | ||
72 | timeout {puts "TESTING ERROR 8\n";exit} | ||
73 | "100%" | ||
74 | } | ||
75 | after 100 | ||
76 | send -- "exit\r" | ||
77 | sleep 1 | ||
78 | send -- "cat testfile\r" | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 9\n";exit} | ||
81 | "12345" | ||
82 | } | ||
83 | after 100 | ||
84 | send -- "rm testfile\r" | ||
85 | sleep 1 | ||
86 | |||
87 | puts "\nall done\n" | ||
diff --git a/test/ssh/ssh.sh b/test/ssh/ssh.sh new file mode 100755 index 000000000..20a70b1b6 --- /dev/null +++ b/test/ssh/ssh.sh | |||
@@ -0,0 +1,16 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | echo "TESTING: ssh login (test/ssh/login.exp)" | ||
10 | ./login.exp | ||
11 | |||
12 | echo "TESTING: sftp (test/ssh/sftp.exp)" | ||
13 | ./sftp.exp | ||
14 | |||
15 | echo "TESTING: scp (test/ssh/scp.exp)" | ||
16 | ./scp.exp | ||
diff --git a/test/utils/audit.exp b/test/utils/audit.exp index 684886af7..6352dc62d 100755 --- a/test/utils/audit.exp +++ b/test/utils/audit.exp | |||
@@ -96,4 +96,64 @@ expect { | |||
96 | } | 96 | } |
97 | after 100 | 97 | after 100 |
98 | 98 | ||
99 | # test seccomp | ||
100 | send -- "firejail --seccomp.drop=mkdir --audit\r" | ||
101 | expect { | ||
102 | timeout {puts "TESTING ERROR 17\n";exit} | ||
103 | "Firejail Audit" | ||
104 | } | ||
105 | expect { | ||
106 | timeout {puts "TESTING ERROR 18\n";exit} | ||
107 | "GOOD: seccomp BPF enabled" | ||
108 | } | ||
109 | expect { | ||
110 | timeout {puts "TESTING ERROR 19\n";exit} | ||
111 | "UGLY: mount syscall permitted" | ||
112 | } | ||
113 | expect { | ||
114 | timeout {puts "TESTING ERROR 20\n";exit} | ||
115 | "UGLY: umount2 syscall permitted" | ||
116 | } | ||
117 | expect { | ||
118 | timeout {puts "TESTING ERROR 21\n";exit} | ||
119 | "UGLY: ptrace syscall permitted" | ||
120 | } | ||
121 | expect { | ||
122 | timeout {puts "TESTING ERROR 22\n";exit} | ||
123 | "UGLY: swapon syscall permitted" | ||
124 | } | ||
125 | expect { | ||
126 | timeout {puts "TESTING ERROR 23\n";exit} | ||
127 | "UGLY: swapoff syscall permitted" | ||
128 | } | ||
129 | expect { | ||
130 | timeout {puts "TESTING ERROR 24\n";exit} | ||
131 | "UGLY: init_module syscall permitted" | ||
132 | } | ||
133 | expect { | ||
134 | timeout {puts "TESTING ERROR 25\n";exit} | ||
135 | "UGLY: delete_module syscall permitted" | ||
136 | } | ||
137 | expect { | ||
138 | timeout {puts "TESTING ERROR 26\n";exit} | ||
139 | "UGLY: chroot syscall permitted" | ||
140 | } | ||
141 | expect { | ||
142 | timeout {puts "TESTING ERROR 27\n";exit} | ||
143 | "UGLY: pivot_root syscall permitted" | ||
144 | } | ||
145 | expect { | ||
146 | timeout {puts "TESTING ERROR 28\n";exit} | ||
147 | "UGLY: iopl syscall permitted" | ||
148 | } | ||
149 | expect { | ||
150 | timeout {puts "TESTING ERROR 29\n";exit} | ||
151 | "UGLY: ioperm syscall permitted" | ||
152 | } | ||
153 | expect { | ||
154 | timeout {puts "TESTING ERROR 30\n";exit} | ||
155 | "GOOD: all capabilities are disabled" | ||
156 | } | ||
157 | after 100 | ||
158 | |||
99 | puts "\nall done\n" | 159 | puts "\nall done\n" |
diff --git a/test/utils/build.exp b/test/utils/build.exp index de2a9b6ae..5e883e4ba 100755 --- a/test/utils/build.exp +++ b/test/utils/build.exp | |||
@@ -54,5 +54,38 @@ expect { | |||
54 | } | 54 | } |
55 | after 100 | 55 | after 100 |
56 | 56 | ||
57 | send -- "firejail --build cat /etc/passwd\r" | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 10\n";exit} | ||
60 | "private-etc passwd," | ||
61 | } | ||
62 | after 100 | ||
63 | |||
64 | send -- "firejail --build cat /var/tmp/firejail-test-file-7699\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 11\n";exit} | ||
67 | "whitelist /var/tmp/firejail-test-file-7699" | ||
68 | } | ||
69 | after 100 | ||
70 | |||
71 | send -- "firejail --build man firejail\r" | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 12\n";exit} | ||
74 | "whitelist /usr/share/man" | ||
75 | } | ||
76 | after 100 | ||
77 | |||
78 | send -- "firejail --build wget blablabla\r" | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 13\n";exit} | ||
81 | "protocol inet" | ||
82 | } | ||
83 | after 100 | ||
84 | |||
85 | |||
86 | send -- "firejail --build cat /tmp/firejail-test-file-7699\r" | ||
87 | #todo - bug: it comes back with private-tmp | ||
88 | sleep 1 | ||
89 | |||
57 | 90 | ||
58 | puts "all done\n" | 91 | puts "all done\n" |
diff --git a/test/utils/command.exp b/test/utils/command.exp new file mode 100755 index 000000000..3b18540db --- /dev/null +++ b/test/utils/command.exp | |||
@@ -0,0 +1,23 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --quiet --private-etc=passwd,group -c ls -al /etc\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "cron" {puts "TESTING ERROR 2\n";exit} | ||
14 | "group" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 3\n";exit} | ||
18 | "passwd" | ||
19 | } | ||
20 | |||
21 | |||
22 | after 100 | ||
23 | puts "\nall done\n" | ||
diff --git a/test/utils/name.exp b/test/utils/name.exp new file mode 100755 index 000000000..f00b5866e --- /dev/null +++ b/test/utils/name.exp | |||
@@ -0,0 +1,174 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | |||
11 | send -- "firejail --name=ftest\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | after 100 | ||
17 | |||
18 | spawn $env(SHELL) | ||
19 | send -- "firejail --name=ftest\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "Child process initialized" | ||
23 | } | ||
24 | after 100 | ||
25 | |||
26 | spawn $env(SHELL) | ||
27 | send -- "firejail --name=ftest\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 2\n";exit} | ||
30 | "Child process initialized" | ||
31 | } | ||
32 | after 100 | ||
33 | |||
34 | spawn $env(SHELL) | ||
35 | send -- "firejail --name=ftest\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 3\n";exit} | ||
38 | "Child process initialized" | ||
39 | } | ||
40 | after 100 | ||
41 | |||
42 | spawn $env(SHELL) | ||
43 | send -- "firejail --name=ftest\r" | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 4\n";exit} | ||
46 | "Child process initialized" | ||
47 | } | ||
48 | after 100 | ||
49 | |||
50 | spawn $env(SHELL) | ||
51 | send -- "firejail --name=ftest\r" | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 5\n";exit} | ||
54 | "Child process initialized" | ||
55 | } | ||
56 | after 100 | ||
57 | |||
58 | spawn $env(SHELL) | ||
59 | send -- "firejail --name=ftest\r" | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 6\n";exit} | ||
62 | "Child process initialized" | ||
63 | } | ||
64 | after 100 | ||
65 | |||
66 | spawn $env(SHELL) | ||
67 | send -- "firejail --name=ftest\r" | ||
68 | expect { | ||
69 | timeout {puts "TESTING ERROR 7\n";exit} | ||
70 | "Child process initialized" | ||
71 | } | ||
72 | after 100 | ||
73 | |||
74 | spawn $env(SHELL) | ||
75 | send -- "firejail --name=ftest\r" | ||
76 | expect { | ||
77 | timeout {puts "TESTING ERROR 8\n";exit} | ||
78 | "Child process initialized" | ||
79 | } | ||
80 | after 100 | ||
81 | |||
82 | spawn $env(SHELL) | ||
83 | send -- "firejail --name=ftest\r" | ||
84 | expect { | ||
85 | timeout {puts "TESTING ERROR 9\n";exit} | ||
86 | "Child process initialized" | ||
87 | } | ||
88 | after 100 | ||
89 | |||
90 | spawn $env(SHELL) | ||
91 | send -- "firejail --name=ftest\r" | ||
92 | expect { | ||
93 | timeout {puts "TESTING ERROR 10\n";exit} | ||
94 | "Child process initialized" | ||
95 | } | ||
96 | after 100 | ||
97 | |||
98 | spawn $env(SHELL) | ||
99 | send -- "firejail --name=ftest\r" | ||
100 | expect { | ||
101 | timeout {puts "TESTING ERROR 11\n";exit} | ||
102 | "Child process initialized" | ||
103 | } | ||
104 | after 100 | ||
105 | |||
106 | spawn $env(SHELL) | ||
107 | send -- "firejail --list\r" | ||
108 | expect { | ||
109 | timeout {puts "TESTING ERROR 12\n";exit} | ||
110 | ":ftest:" | ||
111 | } | ||
112 | expect { | ||
113 | timeout {puts "TESTING ERROR 13\n";exit} | ||
114 | ":ftest-1:" | ||
115 | } | ||
116 | expect { | ||
117 | timeout {puts "TESTING ERROR 14\n";exit} | ||
118 | ":ftest-2:" | ||
119 | } | ||
120 | expect { | ||
121 | timeout {puts "TESTING ERROR 15\n";exit} | ||
122 | ":ftest-3:" | ||
123 | } | ||
124 | expect { | ||
125 | timeout {puts "TESTING ERROR 16\n";exit} | ||
126 | ":ftest-4:" | ||
127 | } | ||
128 | expect { | ||
129 | timeout {puts "TESTING ERROR 17\n";exit} | ||
130 | ":ftest-5:" | ||
131 | } | ||
132 | expect { | ||
133 | timeout {puts "TESTING ERROR 18\n";exit} | ||
134 | ":ftest-6:" | ||
135 | } | ||
136 | expect { | ||
137 | timeout {puts "TESTING ERROR 19\n";exit} | ||
138 | ":ftest-7:" | ||
139 | } | ||
140 | expect { | ||
141 | timeout {puts "TESTING ERROR 20\n";exit} | ||
142 | ":ftest-8:" | ||
143 | } | ||
144 | expect { | ||
145 | timeout {puts "TESTING ERROR 21\n";exit} | ||
146 | ":ftest-9:" | ||
147 | } | ||
148 | expect { | ||
149 | timeout {puts "TESTING ERROR 22\n";exit} | ||
150 | ":ftest-" | ||
151 | } | ||
152 | expect { | ||
153 | timeout {puts "TESTING ERROR 23\n";exit} | ||
154 | ":ftest-" | ||
155 | } | ||
156 | after 100 | ||
157 | |||
158 | send -- "firejail --shutdown=ftest-5\r" | ||
159 | expect { | ||
160 | timeout {puts "TESTING ERROR 11\n";exit} | ||
161 | "Sending SIGTERM" | ||
162 | } | ||
163 | sleep 1 | ||
164 | |||
165 | spawn $env(SHELL) | ||
166 | send -- "firejail --list\r" | ||
167 | expect { | ||
168 | timeout {puts "TESTING ERROR 12\n";exit} | ||
169 | ":ftest-5:" {puts "TESTING ERROR 15\n";exit} | ||
170 | ":ftest-9:" | ||
171 | } | ||
172 | |||
173 | after 100 | ||
174 | puts "all done\n" | ||
diff --git a/test/utils/profile_print.exp b/test/utils/profile_print.exp new file mode 100755 index 000000000..20d88a264 --- /dev/null +++ b/test/utils/profile_print.exp | |||
@@ -0,0 +1,27 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | |||
11 | send -- "firejail --name=ftest\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | after 100 | ||
17 | |||
18 | spawn $env(SHELL) | ||
19 | send -- "firejail --profile.print=ftest\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "/etc/firejail/default.profile" | ||
23 | } | ||
24 | |||
25 | |||
26 | after 100 | ||
27 | puts "all done\n" | ||
diff --git a/test/utils/utils.sh b/test/utils/utils.sh index d72cc2269..5438e11a8 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh | |||
@@ -13,13 +13,26 @@ fi | |||
13 | export PATH="$PATH:/usr/lib/firejail" | 13 | export PATH="$PATH:/usr/lib/firejail" |
14 | 14 | ||
15 | echo "testing" > ~/firejail-test-file-7699 | 15 | echo "testing" > ~/firejail-test-file-7699 |
16 | echo "testing" > /tmp/firejail-test-file-7699 | ||
17 | echo "testing" > /var/tmp/firejail-test-file-7699 | ||
16 | echo "TESTING: build (test/utils/build.exp)" | 18 | echo "TESTING: build (test/utils/build.exp)" |
17 | ./build.exp | 19 | ./build.exp |
18 | rm -f ~/firejail-test-file-7699 | 20 | rm -f ~/firejail-test-file-7699 |
21 | rm -f /tmp/firejail-test-file-7699 | ||
22 | rm -f /var/tmp/firejail-test-file-7699 | ||
19 | 23 | ||
20 | echo "TESTING: audit (test/utils/audit.exp)" | 24 | echo "TESTING: audit (test/utils/audit.exp)" |
21 | ./audit.exp | 25 | ./audit.exp |
22 | 26 | ||
27 | echo "TESTING: name (test/utils/name.exp)" | ||
28 | ./name.exp | ||
29 | |||
30 | echo "TESTING: command (test/utils/command.exp)" | ||
31 | ./command.exp | ||
32 | |||
33 | echo "TESTING: profile.print (test/utils/profile_print.exp)" | ||
34 | ./profile_print.exp | ||
35 | |||
23 | echo "TESTING: version (test/utils/version.exp)" | 36 | echo "TESTING: version (test/utils/version.exp)" |
24 | ./version.exp | 37 | ./version.exp |
25 | 38 | ||