aboutsummaryrefslogtreecommitdiffstats
path: root/test/chroot
diff options
context:
space:
mode:
Diffstat (limited to 'test/chroot')
-rwxr-xr-xtest/chroot/chroot.sh5
-rwxr-xr-xtest/chroot/configure2
-rwxr-xr-xtest/chroot/fs_chroot.exp48
-rwxr-xr-xtest/chroot/fs_chroot_disabled.exp17
-rwxr-xr-xtest/chroot/unchroot-as-root.exp2
5 files changed, 51 insertions, 23 deletions
diff --git a/test/chroot/chroot.sh b/test/chroot/chroot.sh
index 840f162cc..a1fb3ee38 100755
--- a/test/chroot/chroot.sh
+++ b/test/chroot/chroot.sh
@@ -11,6 +11,11 @@ rm -f unchroot
11gcc -o unchroot unchroot.c 11gcc -o unchroot unchroot.c
12sudo ./configure 12sudo ./configure
13 13
14echo "TESTING: chroot disabled (test/chroot/fs_chroot_disabled.exp)"
15./fs_chroot_disabled.exp
16
17sudo sed -i s/"# chroot no"/"chroot yes"/g /etc/firejail/firejail.config
18
14echo "TESTING: chroot (test/chroot/fs_chroot.exp)" 19echo "TESTING: chroot (test/chroot/fs_chroot.exp)"
15./fs_chroot.exp 20./fs_chroot.exp
16 21
diff --git a/test/chroot/configure b/test/chroot/configure
index a817f6566..af511f9c7 100755
--- a/test/chroot/configure
+++ b/test/chroot/configure
@@ -8,7 +8,7 @@ ROOTDIR="/tmp/chroot" # default chroot directory
8DEFAULT_FILES="/bin/bash /bin/sh " # basic chroot files 8DEFAULT_FILES="/bin/bash /bin/sh " # basic chroot files
9DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group " 9DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group "
10DEFAULT_FILES+=`find /lib -name libnss*` # files required by glibc 10DEFAULT_FILES+=`find /lib -name libnss*` # files required by glibc
11DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /usr/bin/touch /bin/ip /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount" 11DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /usr/bin/touch /bin/grep"
12 12
13rm -fr $ROOTDIR 13rm -fr $ROOTDIR
14mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc,sys} 14mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc,sys}
diff --git a/test/chroot/fs_chroot.exp b/test/chroot/fs_chroot.exp
index 545de0c66..eb1349112 100755
--- a/test/chroot/fs_chroot.exp
+++ b/test/chroot/fs_chroot.exp
@@ -10,55 +10,61 @@ match_max 100000
10send -- "firejail --chroot=/tmp/chroot\r" 10send -- "firejail --chroot=/tmp/chroot\r"
11expect { 11expect {
12 timeout {puts "TESTING ERROR 0\n";exit} 12 timeout {puts "TESTING ERROR 0\n";exit}
13 "Error: --chroot option is not available on Grsecurity systems" {puts "\nall done\n"; exit}
14 -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "chroot available\n"}; 13 -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "chroot available\n"};
15} 14}
16sleep 1 15sleep 1
17 16
18send -- "cd /home;pwd\r" 17send -- "pwd\r"
19expect { 18expect {
20 timeout {puts "TESTING ERROR 0.1\n";exit} 19 timeout {puts "TESTING ERROR 1\n";exit}
21 "home" 20 "/home"
22} 21}
23sleep 1 22after 100
24send -- "bash\r"
25sleep 1
26send -- "ls /\r" 23send -- "ls /\r"
27expect { 24expect {
28 timeout {puts "TESTING ERROR 0.2\n";exit} 25 timeout {puts "TESTING ERROR 2\n";exit}
29 "this-is-my-chroot" 26 "this-is-my-chroot"
30} 27}
31after 100 28after 100
32 29
33send -- "ps aux\r" 30send -- "ps aux\r"
34expect { 31expect {
35 timeout {puts "TESTING ERROR 1\n";exit} 32 timeout {puts "TESTING ERROR 3\n";exit}
36 "/bin/bash" 33 "/bin/bash"
37} 34}
38expect { 35expect {
39 timeout {puts "TESTING ERROR 2\n";exit} 36 timeout {puts "TESTING ERROR 4\n";exit}
40 "bash"
41}
42expect {
43 timeout {puts "TESTING ERROR 3\n";exit}
44 "ps aux" 37 "ps aux"
45} 38}
46after 100 39after 100
47 40
48send -- "ps aux | wc -l; pwd\r" 41# check /sys directory
42send -- "ls /sys\r"
49expect { 43expect {
50 timeout {puts "TESTING ERROR 5\n";exit} 44 timeout {puts "TESTING ERROR 5\n";exit}
51 "6" 45 "block"
52} 46}
53after 100
54
55# check /sys directory
56send -- "ls /sys\r"
57expect { 47expect {
58 timeout {puts "TESTING ERROR 6\n";exit} 48 timeout {puts "TESTING ERROR 6\n";exit}
59 "block" 49 "class"
50}
51expect {
52 timeout {puts "TESTING ERROR 7\n";exit}
53 "dev"
60} 54}
61after 100 55after 100
62 56
57# check /bin directory
58send -- "ls /bin/find\r"
59expect {
60 timeout {puts "TESTING ERROR 8\n";exit}
61 "No such file or directory"
62}
63after 100
64send -- "/bin/ping 1.1.1.1\r"
65expect {
66 timeout {puts "TESTING ERROR 9\n";exit}
67 "Operation not permitted"
68}
63 69
64puts "all done\n" 70puts "all done\n"
diff --git a/test/chroot/fs_chroot_disabled.exp b/test/chroot/fs_chroot_disabled.exp
new file mode 100755
index 000000000..e6cfe85f3
--- /dev/null
+++ b/test/chroot/fs_chroot_disabled.exp
@@ -0,0 +1,17 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2023 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail --chroot=/tmp/chroot\r"
11expect {
12 timeout {puts "TESTING ERROR 0\n";exit}
13 "feature is disabled"
14}
15sleep 1
16
17puts "all done\n"
diff --git a/test/chroot/unchroot-as-root.exp b/test/chroot/unchroot-as-root.exp
index eccb400c0..7614ed406 100755
--- a/test/chroot/unchroot-as-root.exp
+++ b/test/chroot/unchroot-as-root.exp
@@ -22,7 +22,7 @@ after 100
22send -- "./unchroot\r" 22send -- "./unchroot\r"
23expect { 23expect {
24 timeout {puts "TESTING ERROR 1\n";exit} 24 timeout {puts "TESTING ERROR 1\n";exit}
25 "Bad system call" 25 "Operation not permitted"
26} 26}
27after 100 27after 100
28 28
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-03 12:44:21 +0000