1 files changed, 160 insertions, 0 deletions
diff --git a/test/filters/noroot.exp b/test/filters/noroot.exp
new file mode 100755
index 000000000..b011f2bf9
--- /dev/null
+++ b/test/filters/noroot.exp
@@ -0,0 +1,160 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --noprofile --noroot --caps.drop=all --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "cannot create a new user namespace" {puts "TESTING SKIP: user namespace not available\n"; exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "cat /proc/self/status\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "CapBnd:        0000000000000000"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Seccomp:"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "2"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Cpus_allowed:"
+}
+puts "\n"
+send -- "ping 0\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "Operation not permitted"
+}
+send -- "whoami\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        $env(USER)
+}
+send -- "sudo -s\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
+        "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
+        "Bad system call" { puts "OK\n";}
+}
+send -- "cat /proc/self/uid_map | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "1"
+}
+send -- "cat /proc/self/gid_map | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "5"
+}
+puts "\n"
+send -- "exit\r"
+sleep 2
+send -- "firejail --name=test --noroot --noprofile\r"
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "cat /proc/self/status\r"
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 12\n";exit}
+        "ffffffff"
+}
+expect {
+        timeout {puts "TESTING ERROR 13\n";exit}
+        "Seccomp:"
+}
+expect {
+        timeout {puts "TESTING ERROR 14\n";exit}
+        "0"
+}
+expect {
+        timeout {puts "TESTING ERROR 15\n";exit}
+        "Cpus_allowed:"
+}
+puts "\n"
+send -- "whoami\r"
+expect {
+        timeout {puts "TESTING ERROR 16\n";exit}
+        $env(USER)
+}
+send -- "sudo -s\r"
+expect {
+        timeout {puts "TESTING ERROR 17\n";exit}
+        "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
+        "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
+}
+send -- "ping 0\r"
+expect {
+        timeout {puts "TESTING ERROR 18\n";exit}
+        "Operation not permitted"
+}
+send -- "cat /proc/self/uid_map | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 19\n";exit}
+        "1"
+}
+send -- "cat /proc/self/gid_map | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 20\n";exit}
+        "5"
+}
+spawn $env(SHELL)
+send -- "firejail --debug --join=test\r"
+expect {
+        timeout {puts "TESTING ERROR 21\n";exit}
+        "User namespace detected"
+}
+expect {
+        timeout {puts "TESTING ERROR 22\n";exit}
+        "Joining user namespace"
+}
+sleep 1
+send -- "sudo -s\r"
+expect {
+        timeout {puts "TESTING ERROR 23\n";exit}
+        "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
+        "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
+        "Permission denied" { puts "OK\n";}
+}
+send -- "cat /proc/self/uid_map | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 24\n";exit}
+        "1"
+}
+send -- "cat /proc/self/gid_map | wc -l\r"
+expect {
+        timeout {puts "TESTING ERROR 25\n";exit}
+        "5"
+}
+after 100
+puts "\nall done\n"

diff --git a/test/filters/noroot.exp b/test/filters/noroot.exp new file mode 100755 index 000000000..b011f2bf9 --- /dev/null +++ b/test/filters/noroot.exp
@@ -0,0 +1,160 @@
	1	#!/usr/bin/expect -f
	2	# This file is part of Firejail project
	3	# Copyright (C) 2014-2016 Firejail Authors
	4	# License GPL v2
	5
	6	set timeout 10
	7	spawn $env(SHELL)
	8	match_max 100000
	9
	10	send -- "firejail --noprofile --noroot --caps.drop=all --seccomp\r"
	11	expect {
	12	timeout {puts "TESTING ERROR 1\n";exit}
	13	"cannot create a new user namespace" {puts "TESTING SKIP: user namespace not available\n"; exit}
	14	"Child process initialized"
	15	}
	16	sleep 1
	17
	18	send -- "cat /proc/self/status\r"
	19	expect {
	20	timeout {puts "TESTING ERROR 1\n";exit}
	21	"CapBnd: 0000000000000000"
	22	}
	23	expect {
	24	timeout {puts "TESTING ERROR 2\n";exit}
	25	"Seccomp:"
	26	}
	27	expect {
	28	timeout {puts "TESTING ERROR 3\n";exit}
	29	"2"
	30	}
	31	expect {
	32	timeout {puts "TESTING ERROR 4\n";exit}
	33	"Cpus_allowed:"
	34	}
	35	puts "\n"
	36
	37	send -- "ping 0\r"
	38	expect {
	39	timeout {puts "TESTING ERROR 5\n";exit}
	40	"Operation not permitted"
	41	}
	42	send -- "whoami\r"
	43	expect {
	44	timeout {puts "TESTING ERROR 6\n";exit}
	45	$env(USER)
	46	}
	47	send -- "sudo -s\r"
	48	expect {
	49	timeout {puts "TESTING ERROR 7\n";exit}
	50	"effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
	51	"sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
	52	"Bad system call" { puts "OK\n";}
	53	}
	54	send -- "cat /proc/self/uid_map \| wc -l\r"
	55	expect {
	56	timeout {puts "TESTING ERROR 8\n";exit}
	57	"1"
	58	}
	59	send -- "cat /proc/self/gid_map \| wc -l\r"
	60	expect {
	61	timeout {puts "TESTING ERROR 9\n";exit}
	62	"5"
	63	}
	64
	65	puts "\n"
	66	send -- "exit\r"
	67	sleep 2
	68
	69
	70
	71	send -- "firejail --name=test --noroot --noprofile\r"
	72	expect {
	73	timeout {puts "TESTING ERROR 10\n";exit}
	74	"Child process initialized"
	75	}
	76	sleep 1
	77
	78	send -- "cat /proc/self/status\r"
	79	expect {
	80	timeout {puts "TESTING ERROR 11\n";exit}
	81	"CapBnd:"
	82	}
	83	expect {
	84	timeout {puts "TESTING ERROR 12\n";exit}
	85	"ffffffff"
	86	}
	87	expect {
	88	timeout {puts "TESTING ERROR 13\n";exit}
	89	"Seccomp:"
	90	}
	91	expect {
	92	timeout {puts "TESTING ERROR 14\n";exit}
	93	"0"
	94	}
	95	expect {
	96	timeout {puts "TESTING ERROR 15\n";exit}
	97	"Cpus_allowed:"
	98	}
	99	puts "\n"
	100
	101	send -- "whoami\r"
	102	expect {
	103	timeout {puts "TESTING ERROR 16\n";exit}
	104	$env(USER)
	105	}
	106	send -- "sudo -s\r"
	107	expect {
	108	timeout {puts "TESTING ERROR 17\n";exit}
	109	"effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
	110	"sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
	111	}
	112	send -- "ping 0\r"
	113	expect {
	114	timeout {puts "TESTING ERROR 18\n";exit}
	115	"Operation not permitted"
	116	}
	117	send -- "cat /proc/self/uid_map \| wc -l\r"
	118	expect {
	119	timeout {puts "TESTING ERROR 19\n";exit}
	120	"1"
	121	}
	122	send -- "cat /proc/self/gid_map \| wc -l\r"
	123	expect {
	124	timeout {puts "TESTING ERROR 20\n";exit}
	125	"5"
	126	}
	127
	128
	129
	130	spawn $env(SHELL)
	131	send -- "firejail --debug --join=test\r"
	132	expect {
	133	timeout {puts "TESTING ERROR 21\n";exit}
	134	"User namespace detected"
	135	}
	136	expect {
	137	timeout {puts "TESTING ERROR 22\n";exit}
	138	"Joining user namespace"
	139	}
	140	sleep 1
	141
	142	send -- "sudo -s\r"
	143	expect {
	144	timeout {puts "TESTING ERROR 23\n";exit}
	145	"effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
	146	"sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
	147	"Permission denied" { puts "OK\n";}
	148	}
	149	send -- "cat /proc/self/uid_map \| wc -l\r"
	150	expect {
	151	timeout {puts "TESTING ERROR 24\n";exit}
	152	"1"
	153	}
	154	send -- "cat /proc/self/gid_map \| wc -l\r"
	155	expect {
	156	timeout {puts "TESTING ERROR 25\n";exit}
	157	"5"
	158	}
	159	after 100
	160	puts "\nall done\n"