diff options
Diffstat (limited to 'test/filters/namespaces-32.exp')
-rwxr-xr-x | test/filters/namespaces-32.exp | 80 |
1 files changed, 60 insertions, 20 deletions
diff --git a/test/filters/namespaces-32.exp b/test/filters/namespaces-32.exp index 3b618bd01..f2310db3b 100755 --- a/test/filters/namespaces-32.exp +++ b/test/filters/namespaces-32.exp | |||
@@ -20,7 +20,7 @@ expect { | |||
20 | timeout {puts "TESTING ERROR 1\n";exit} | 20 | timeout {puts "TESTING ERROR 1\n";exit} |
21 | "clone successful" | 21 | "clone successful" |
22 | } | 22 | } |
23 | after 100 | 23 | after 200 |
24 | 24 | ||
25 | send -- "firejail --noprofile --restrict-namespaces ./namespaces-32 clone user\r" | 25 | send -- "firejail --noprofile --restrict-namespaces ./namespaces-32 clone user\r" |
26 | expect { | 26 | expect { |
@@ -31,7 +31,7 @@ expect { | |||
31 | timeout {puts "TESTING ERROR 3\n";exit} | 31 | timeout {puts "TESTING ERROR 3\n";exit} |
32 | "Error: clone: Operation not permitted" | 32 | "Error: clone: Operation not permitted" |
33 | } | 33 | } |
34 | after 100 | 34 | after 200 |
35 | 35 | ||
36 | send -- "firejail --noprofile --restrict-namespaces=user ./namespaces-32 clone user\r" | 36 | send -- "firejail --noprofile --restrict-namespaces=user ./namespaces-32 clone user\r" |
37 | expect { | 37 | expect { |
@@ -42,7 +42,7 @@ expect { | |||
42 | timeout {puts "TESTING ERROR 5\n";exit} | 42 | timeout {puts "TESTING ERROR 5\n";exit} |
43 | "Error: clone: Operation not permitted" | 43 | "Error: clone: Operation not permitted" |
44 | } | 44 | } |
45 | after 100 | 45 | after 200 |
46 | 46 | ||
47 | send -- "firejail --noprofile --restrict-namespaces=user ./namespaces-32 clone cgroup,ipc,mnt,net,pid,user,uts\r" | 47 | send -- "firejail --noprofile --restrict-namespaces=user ./namespaces-32 clone cgroup,ipc,mnt,net,pid,user,uts\r" |
48 | expect { | 48 | expect { |
@@ -53,9 +53,9 @@ expect { | |||
53 | timeout {puts "TESTING ERROR 7\n";exit} | 53 | timeout {puts "TESTING ERROR 7\n";exit} |
54 | "Error: clone: Operation not permitted" | 54 | "Error: clone: Operation not permitted" |
55 | } | 55 | } |
56 | after 100 | 56 | after 200 |
57 | 57 | ||
58 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 clone cgroup\r" | 58 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 clone cgroup,user\r" |
59 | expect { | 59 | expect { |
60 | timeout {puts "TESTING ERROR 8\n";exit} | 60 | timeout {puts "TESTING ERROR 8\n";exit} |
61 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | 61 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" |
@@ -64,9 +64,9 @@ expect { | |||
64 | timeout {puts "TESTING ERROR 9\n";exit} | 64 | timeout {puts "TESTING ERROR 9\n";exit} |
65 | "Error: clone: Operation not permitted" | 65 | "Error: clone: Operation not permitted" |
66 | } | 66 | } |
67 | after 100 | 67 | after 200 |
68 | 68 | ||
69 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 clone ipc\r" | 69 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 clone ipc,user\r" |
70 | expect { | 70 | expect { |
71 | timeout {puts "TESTING ERROR 10\n";exit} | 71 | timeout {puts "TESTING ERROR 10\n";exit} |
72 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | 72 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" |
@@ -75,9 +75,9 @@ expect { | |||
75 | timeout {puts "TESTING ERROR 11\n";exit} | 75 | timeout {puts "TESTING ERROR 11\n";exit} |
76 | "Error: clone: Operation not permitted" | 76 | "Error: clone: Operation not permitted" |
77 | } | 77 | } |
78 | after 100 | 78 | after 200 |
79 | 79 | ||
80 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 clone mnt,net,pid,uts\r" | 80 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 clone mnt,net,pid,user,uts\r" |
81 | expect { | 81 | expect { |
82 | timeout {puts "TESTING ERROR 12\n";exit} | 82 | timeout {puts "TESTING ERROR 12\n";exit} |
83 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | 83 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" |
@@ -86,7 +86,7 @@ expect { | |||
86 | timeout {puts "TESTING ERROR 13\n";exit} | 86 | timeout {puts "TESTING ERROR 13\n";exit} |
87 | "clone successful" | 87 | "clone successful" |
88 | } | 88 | } |
89 | after 100 | 89 | after 200 |
90 | 90 | ||
91 | # | 91 | # |
92 | # unshare | 92 | # unshare |
@@ -101,7 +101,7 @@ expect { | |||
101 | timeout {puts "TESTING ERROR 15\n";exit} | 101 | timeout {puts "TESTING ERROR 15\n";exit} |
102 | "unshare successful" | 102 | "unshare successful" |
103 | } | 103 | } |
104 | after 100 | 104 | after 200 |
105 | 105 | ||
106 | send -- "firejail --noprofile --restrict-namespaces ./namespaces-32 unshare user\r" | 106 | send -- "firejail --noprofile --restrict-namespaces ./namespaces-32 unshare user\r" |
107 | expect { | 107 | expect { |
@@ -112,7 +112,7 @@ expect { | |||
112 | timeout {puts "TESTING ERROR 17\n";exit} | 112 | timeout {puts "TESTING ERROR 17\n";exit} |
113 | "Error: unshare: Operation not permitted" | 113 | "Error: unshare: Operation not permitted" |
114 | } | 114 | } |
115 | after 100 | 115 | after 200 |
116 | 116 | ||
117 | send -- "firejail --noprofile --restrict-namespaces=user ./namespaces-32 unshare user\r" | 117 | send -- "firejail --noprofile --restrict-namespaces=user ./namespaces-32 unshare user\r" |
118 | expect { | 118 | expect { |
@@ -123,7 +123,7 @@ expect { | |||
123 | timeout {puts "TESTING ERROR 19\n";exit} | 123 | timeout {puts "TESTING ERROR 19\n";exit} |
124 | "Error: unshare: Operation not permitted" | 124 | "Error: unshare: Operation not permitted" |
125 | } | 125 | } |
126 | after 100 | 126 | after 200 |
127 | 127 | ||
128 | send -- "firejail --noprofile --restrict-namespaces=user ./namespaces-32 unshare cgroup,ipc,mnt,net,pid,user,uts\r" | 128 | send -- "firejail --noprofile --restrict-namespaces=user ./namespaces-32 unshare cgroup,ipc,mnt,net,pid,user,uts\r" |
129 | expect { | 129 | expect { |
@@ -134,9 +134,9 @@ expect { | |||
134 | timeout {puts "TESTING ERROR 21\n";exit} | 134 | timeout {puts "TESTING ERROR 21\n";exit} |
135 | "Error: unshare: Operation not permitted" | 135 | "Error: unshare: Operation not permitted" |
136 | } | 136 | } |
137 | after 100 | 137 | after 200 |
138 | 138 | ||
139 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 unshare cgroup\r" | 139 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 unshare cgroup,user\r" |
140 | expect { | 140 | expect { |
141 | timeout {puts "TESTING ERROR 22\n";exit} | 141 | timeout {puts "TESTING ERROR 22\n";exit} |
142 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | 142 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" |
@@ -145,9 +145,9 @@ expect { | |||
145 | timeout {puts "TESTING ERROR 23\n";exit} | 145 | timeout {puts "TESTING ERROR 23\n";exit} |
146 | "Error: unshare: Operation not permitted" | 146 | "Error: unshare: Operation not permitted" |
147 | } | 147 | } |
148 | after 100 | 148 | after 200 |
149 | 149 | ||
150 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 unshare ipc\r" | 150 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 unshare ipc,user\r" |
151 | expect { | 151 | expect { |
152 | timeout {puts "TESTING ERROR 24\n";exit} | 152 | timeout {puts "TESTING ERROR 24\n";exit} |
153 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | 153 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" |
@@ -156,9 +156,9 @@ expect { | |||
156 | timeout {puts "TESTING ERROR 25\n";exit} | 156 | timeout {puts "TESTING ERROR 25\n";exit} |
157 | "Error: unshare: Operation not permitted" | 157 | "Error: unshare: Operation not permitted" |
158 | } | 158 | } |
159 | after 100 | 159 | after 200 |
160 | 160 | ||
161 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 unshare mnt,net,pid,uts\r" | 161 | send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces-32 unshare mnt,net,pid,user,uts\r" |
162 | expect { | 162 | expect { |
163 | timeout {puts "TESTING ERROR 26\n";exit} | 163 | timeout {puts "TESTING ERROR 26\n";exit} |
164 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | 164 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" |
@@ -167,7 +167,47 @@ expect { | |||
167 | timeout {puts "TESTING ERROR 27\n";exit} | 167 | timeout {puts "TESTING ERROR 27\n";exit} |
168 | "unshare successful" | 168 | "unshare successful" |
169 | } | 169 | } |
170 | after 200 | ||
170 | 171 | ||
171 | 172 | ||
172 | after 100 | 173 | # |
174 | # clone3 | ||
175 | # | ||
176 | |||
177 | send -- "firejail --noprofile ./namespaces-32 clone3 cgroup,ipc,mnt,net,pid,user,uts\r" | ||
178 | expect { | ||
179 | timeout {puts "TESTING ERROR 28\n";exit} | ||
180 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
181 | } | ||
182 | expect { | ||
183 | timeout {puts "TESTING ERROR 29\n";exit} | ||
184 | "Error: clone3: Function not implemented" {puts "OK, clone3 not available on this system\n"} | ||
185 | "clone3 successful" { | ||
186 | after 200 | ||
187 | |||
188 | send -- "firejail --noprofile --restrict-namespaces ./namespaces-32 clone3 user\r" | ||
189 | expect { | ||
190 | timeout {puts "TESTING ERROR 30\n";exit} | ||
191 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
192 | } | ||
193 | expect { | ||
194 | timeout {puts "TESTING ERROR 31\n";exit} | ||
195 | "Error: clone3: Function not implemented" | ||
196 | } | ||
197 | after 200 | ||
198 | |||
199 | # clone3 arguments are not checked | ||
200 | send -- "firejail --noprofile --restrict-namespaces=mnt ./namespaces-32 clone3 cgroup,ipc,net,pid,user,uts\r" | ||
201 | expect { | ||
202 | timeout {puts "TESTING ERROR 32\n";exit} | ||
203 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
204 | } | ||
205 | expect { | ||
206 | timeout {puts "TESTING ERROR 33\n";exit} | ||
207 | "Error: clone3: Function not implemented" | ||
208 | } | ||
209 | } | ||
210 | } | ||
211 | |||
212 | after 200 | ||
173 | puts "\nall done\n" | 213 | puts "\nall done\n" |