3 files changed, 171 insertions, 26 deletions
diff --git a/test/filters/filters.sh b/test/filters/filters.sh
index 5093c8614..5c7c98b3e 100755
--- a/test/filters/filters.sh
+++ b/test/filters/filters.sh
@@ -12,11 +12,21 @@ echo "TESTING: noroot (test/filters/noroot.exp)"
 echo "TESTING: capabilities (test/filters/caps.exp)"
 ./caps.exp
+rm -f seccomp-test-file
+if [ "$(uname -m)" = "x86_64" ]; then
+       echo "TESTING: fseccomp (test/filters/fseccomp.exp)"
+        ./fseccomp.exp
+else
+        echo "TESTING SKIP: fseccomp test implemented only for x86_64"
+fi
+rm -f seccomp-test-file
 if [ "$(uname -m)" = "x86_64" ]; then
        echo "TESTING: protocol (test/filters/protocol.exp)"
        ./protocol.exp
 else
-        echo "TESTING SKIP: protocol, not running on x86_64"
+        echo "TESTING SKIP: protocol, running only on x86_64"
 fi
 echo "TESTING: seccomp bad empty (test/filters/seccomp-bad-empty.exp)"
@@ -50,9 +60,6 @@ echo "TESTING: seccomp chmod profile - seccomp lists (test/filters/seccomp-chmod
 echo "TESTING: seccomp empty (test/filters/seccomp-empty.exp)"
 ./seccomp-empty.exp
-echo "TESTING: seccomp bad empty (test/filters/seccomp-bad-empty.exp)"
-./seccomp-bad-empty.exp
 if [ "$(uname -m)" = "x86_64" ]; then
        echo "TESTING: seccomp dual filter (test/filters/seccomp-dualfilter.exp)"
        ./seccomp-dualfilter.exp
diff --git a/test/filters/fseccomp.exp b/test/filters/fseccomp.exp
new file mode 100755
index 000000000..8a9a8f9dc
--- /dev/null
+++ b/test/filters/fseccomp.exp
@@ -0,0 +1,138 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+after 100
+send -- "/usr/lib/firejail/fseccomp debug-syscalls\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "1      - write"
+}
+after 100
+send -- "/usr/lib/firejail/fseccomp debug-errnos\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "1      - EPERM"
+}
+after 100
+send -- "/usr/lib/firejail/fseccomp debug-protocols\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "unix, inet, inet6, netlink, packet,"
+}
+after 100
+send -- "/usr/lib/firejail/fseccomp protocol build unix,inet seccomp-test-file\r"
+after 100
+send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r"
+expect {
+        timeout {puts "TESTING ERROR 4.1\n";exit}
+        "WHITELIST 41 socket"
+}
+after 100
+send -- "/usr/lib/firejail/fseccomp secondary 64 seccomp-test-file\r"
+after 100
+send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r"
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "BLACKLIST 165 mount"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.2\n";exit}
+        "BLACKLIST 166 umount2"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.3\n";exit}
+        "RETURN_ALLOW"
+}
+after 100
+send -- "/usr/lib/firejail/fseccomp default seccomp-test-file\r"
+after 100
+send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r"
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "BLACKLIST 165 mount"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "BLACKLIST 166 umount2"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.3\n";exit}
+        "RETURN_ALLOW"
+}
+after 100
+send -- "/usr/lib/firejail/fseccomp drop seccomp-test-file chmod,chown\r"
+after 100
+send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r"
+expect {
+        timeout {puts "TESTING ERROR 7.1\n";exit}
+        "BLACKLIST 165 mount" {puts "TESTING ERROR 7.2\n";exit}
+        "BLACKLIST 166 umount2" {puts "TESTING ERROR 7.3\n";exit}
+        "BLACKLIST 90 chmod"
+}
+expect {
+        timeout {puts "TESTING ERROR 7.4\n";exit}
+        "BLACKLIST 92 chown"
+}
+expect {
+        timeout {puts "TESTING ERROR 7.5\n";exit}
+        "RETURN_ALLOW"
+}
+after 100
+send -- "/usr/lib/firejail/fseccomp default drop seccomp-test-file chmod,chown\r"
+after 100
+send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r"
+expect {
+        timeout {puts "TESTING ERROR 8.1\n";exit}
+        "BLACKLIST 165 mount"
+}
+expect {
+        timeout {puts "TESTING ERROR 8.2\n";exit}
+        "BLACKLIST 166 umount2"
+}
+expect {
+        timeout {puts "TESTING ERROR 8.3\n";exit}
+        "BLACKLIST 90 chmod"
+}
+expect {
+        timeout {puts "TESTING ERROR 8.4\n";exit}
+        "BLACKLIST 92 chown"
+}
+expect {
+        timeout {puts "TESTING ERROR 8.5\n";exit}
+        "RETURN_ALLOW"
+}
+after 100
+send -- "/usr/lib/firejail/fseccomp keep seccomp-test-file chmod,chown\r"
+after 100
+send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r"
+expect {
+        timeout {puts "TESTING ERROR 9.1\n";exit}
+        "WHITELIST 90 chmod"
+}
+expect {
+        timeout {puts "TESTING ERROR 9.2\n";exit}
+        "WHITELIST 92 chown"
+}
+expect {
+        timeout {puts "TESTING ERROR 9.3\n";exit}
+        "KILL_PROCESS"
+}
+after 100
+puts "\nall done\n"
diff --git a/test/filters/noroot.exp b/test/filters/noroot.exp
index 2a7cb7975..b011f2bf9 100755
--- a/test/filters/noroot.exp
+++ b/test/filters/noroot.exp
@@ -46,20 +46,20 @@ expect {
 }
 send -- "sudo -s\r"
 expect {
-        timeout {puts "TESTING ERROR 8\n";exit}
+        timeout {puts "TESTING ERROR 7\n";exit}
        "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
        "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
        "Bad system call" { puts "OK\n";}
 }
 send -- "cat /proc/self/uid_map | wc -l\r"
 expect {
-        timeout {puts "TESTING ERROR 7\n";exit}
+        timeout {puts "TESTING ERROR 8\n";exit}
        "1"
 }
 send -- "cat /proc/self/gid_map | wc -l\r"
 expect {
-        timeout {puts "TESTING ERROR 8\n";exit}
+        timeout {puts "TESTING ERROR 9\n";exit}
-        "3"
+        "5"
 }
 puts "\n"
@@ -70,59 +70,59 @@ sleep 2
 send -- "firejail --name=test --noroot --noprofile\r"
 expect {
-        timeout {puts "TESTING ERROR 9\n";exit}
+        timeout {puts "TESTING ERROR 10\n";exit}
        "Child process initialized"
 }
 sleep 1
 send -- "cat /proc/self/status\r"
 expect {
-        timeout {puts "TESTING ERROR 10\n";exit}
+        timeout {puts "TESTING ERROR 11\n";exit}
        "CapBnd:"
 }
 expect {
-        timeout {puts "TESTING ERROR 11\n";exit}
+        timeout {puts "TESTING ERROR 12\n";exit}
        "ffffffff"
 }
 expect {
-        timeout {puts "TESTING ERROR 12\n";exit}
+        timeout {puts "TESTING ERROR 13\n";exit}
        "Seccomp:"
 }
 expect {
-        timeout {puts "TESTING ERROR 13\n";exit}
+        timeout {puts "TESTING ERROR 14\n";exit}
        "0"
 }
 expect {
-        timeout {puts "TESTING ERROR 14\n";exit}
+        timeout {puts "TESTING ERROR 15\n";exit}
        "Cpus_allowed:"
 }
 puts "\n"
 send -- "whoami\r"
 expect {
-        timeout {puts "TESTING ERROR 15\n";exit}
+        timeout {puts "TESTING ERROR 16\n";exit}
        $env(USER)
 }
 send -- "sudo -s\r"
 expect {
-        timeout {puts "TESTING ERROR 16\n";exit}
+        timeout {puts "TESTING ERROR 17\n";exit}
        "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
        "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
 }
 send -- "ping 0\r"
 expect {
-        timeout {puts "TESTING ERROR 17\n";exit}
+        timeout {puts "TESTING ERROR 18\n";exit}
        "Operation not permitted"
 }
 send -- "cat /proc/self/uid_map | wc -l\r"
 expect {
-        timeout {puts "TESTING ERROR 18\n";exit}
+        timeout {puts "TESTING ERROR 19\n";exit}
        "1"
 }
 send -- "cat /proc/self/gid_map | wc -l\r"
 expect {
-        timeout {puts "TESTING ERROR 19\n";exit}
+        timeout {puts "TESTING ERROR 20\n";exit}
-        "3"
+        "5"
 }
@@ -130,31 +130,31 @@ expect {
 spawn $env(SHELL)
 send -- "firejail --debug --join=test\r"
 expect {
-        timeout {puts "TESTING ERROR 20\n";exit}
+        timeout {puts "TESTING ERROR 21\n";exit}
        "User namespace detected"
 }
 expect {
-        timeout {puts "TESTING ERROR 21\n";exit}
+        timeout {puts "TESTING ERROR 22\n";exit}
        "Joining user namespace"
 }
 sleep 1
 send -- "sudo -s\r"
 expect {
-        timeout {puts "TESTING ERROR 22\n";exit}
+        timeout {puts "TESTING ERROR 23\n";exit}
        "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
        "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
        "Permission denied" { puts "OK\n";}
 }
 send -- "cat /proc/self/uid_map | wc -l\r"
 expect {
-        timeout {puts "TESTING ERROR 23\n";exit}
+        timeout {puts "TESTING ERROR 24\n";exit}
        "1"
 }
 send -- "cat /proc/self/gid_map | wc -l\r"
 expect {
-        timeout {puts "TESTING ERROR 24\n";exit}
+        timeout {puts "TESTING ERROR 25\n";exit}
-        "3"
+        "5"
 }
 after 100
 puts "\nall done\n"

diff --git a/test/filters/filters.sh b/test/filters/filters.sh index 5093c8614..5c7c98b3e 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh
@@ -12,11 +12,21 @@ echo "TESTING: noroot (test/filters/noroot.exp)"
12	echo "TESTING: capabilities (test/filters/caps.exp)"	12	echo "TESTING: capabilities (test/filters/caps.exp)"
13	./caps.exp	13	./caps.exp
14		14
		15	rm -f seccomp-test-file
		16	if [ "$(uname -m)" = "x86_64" ]; then
		17	echo "TESTING: fseccomp (test/filters/fseccomp.exp)"
		18	./fseccomp.exp
		19	else
		20	echo "TESTING SKIP: fseccomp test implemented only for x86_64"
		21	fi
		22	rm -f seccomp-test-file
		23
		24
15	if [ "$(uname -m)" = "x86_64" ]; then	25	if [ "$(uname -m)" = "x86_64" ]; then
16	echo "TESTING: protocol (test/filters/protocol.exp)"	26	echo "TESTING: protocol (test/filters/protocol.exp)"
17	./protocol.exp	27	./protocol.exp
18	else	28	else
19	echo "TESTING SKIP: protocol, not running on x86_64"	29	echo "TESTING SKIP: protocol, running only on x86_64"
20	fi	30	fi
21		31
22	echo "TESTING: seccomp bad empty (test/filters/seccomp-bad-empty.exp)"	32	echo "TESTING: seccomp bad empty (test/filters/seccomp-bad-empty.exp)"
@@ -50,9 +60,6 @@ echo "TESTING: seccomp chmod profile - seccomp lists (test/filters/seccomp-chmod
50	echo "TESTING: seccomp empty (test/filters/seccomp-empty.exp)"	60	echo "TESTING: seccomp empty (test/filters/seccomp-empty.exp)"
51	./seccomp-empty.exp	61	./seccomp-empty.exp
52		62
53	echo "TESTING: seccomp bad empty (test/filters/seccomp-bad-empty.exp)"
54	./seccomp-bad-empty.exp
55
56	if [ "$(uname -m)" = "x86_64" ]; then	63	if [ "$(uname -m)" = "x86_64" ]; then
57	echo "TESTING: seccomp dual filter (test/filters/seccomp-dualfilter.exp)"	64	echo "TESTING: seccomp dual filter (test/filters/seccomp-dualfilter.exp)"
58	./seccomp-dualfilter.exp	65	./seccomp-dualfilter.exp


diff --git a/test/filters/fseccomp.exp b/test/filters/fseccomp.exp new file mode 100755 index 000000000..8a9a8f9dc --- /dev/null +++ b/test/filters/fseccomp.exp
@@ -0,0 +1,138 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2016 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	after 100
		11	send -- "/usr/lib/firejail/fseccomp debug-syscalls\r"
		12	expect {
		13	timeout {puts "TESTING ERROR 1\n";exit}
		14	"1 - write"
		15	}
		16
		17	after 100
		18	send -- "/usr/lib/firejail/fseccomp debug-errnos\r"
		19	expect {
		20	timeout {puts "TESTING ERROR 2\n";exit}
		21	"1 - EPERM"
		22	}
		23
		24	after 100
		25	send -- "/usr/lib/firejail/fseccomp debug-protocols\r"
		26	expect {
		27	timeout {puts "TESTING ERROR 3\n";exit}
		28	"unix, inet, inet6, netlink, packet,"
		29	}
		30
		31	after 100
		32	send -- "/usr/lib/firejail/fseccomp protocol build unix,inet seccomp-test-file\r"
		33	after 100
		34	send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r"
		35	expect {
		36	timeout {puts "TESTING ERROR 4.1\n";exit}
		37	"WHITELIST 41 socket"
		38	}
		39
		40	after 100
		41	send -- "/usr/lib/firejail/fseccomp secondary 64 seccomp-test-file\r"
		42	after 100
		43	send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r"
		44	expect {
		45	timeout {puts "TESTING ERROR 5.1\n";exit}
		46	"BLACKLIST 165 mount"
		47	}
		48	expect {
		49	timeout {puts "TESTING ERROR 5.2\n";exit}
		50	"BLACKLIST 166 umount2"
		51	}
		52	expect {
		53	timeout {puts "TESTING ERROR 5.3\n";exit}
		54	"RETURN_ALLOW"
		55	}
		56
		57	after 100
		58	send -- "/usr/lib/firejail/fseccomp default seccomp-test-file\r"
		59	after 100
		60	send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r"
		61	expect {
		62	timeout {puts "TESTING ERROR 6.1\n";exit}
		63	"BLACKLIST 165 mount"
		64	}
		65	expect {
		66	timeout {puts "TESTING ERROR 6.2\n";exit}
		67	"BLACKLIST 166 umount2"
		68	}
		69	expect {
		70	timeout {puts "TESTING ERROR 6.3\n";exit}
		71	"RETURN_ALLOW"
		72	}
		73
		74	after 100
		75	send -- "/usr/lib/firejail/fseccomp drop seccomp-test-file chmod,chown\r"
		76	after 100
		77	send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r"
		78	expect {
		79	timeout {puts "TESTING ERROR 7.1\n";exit}
		80	"BLACKLIST 165 mount" {puts "TESTING ERROR 7.2\n";exit}
		81	"BLACKLIST 166 umount2" {puts "TESTING ERROR 7.3\n";exit}
		82	"BLACKLIST 90 chmod"
		83	}
		84	expect {
		85	timeout {puts "TESTING ERROR 7.4\n";exit}
		86	"BLACKLIST 92 chown"
		87	}
		88	expect {
		89	timeout {puts "TESTING ERROR 7.5\n";exit}
		90	"RETURN_ALLOW"
		91	}
		92
		93	after 100
		94	send -- "/usr/lib/firejail/fseccomp default drop seccomp-test-file chmod,chown\r"
		95	after 100
		96	send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r"
		97	expect {
		98	timeout {puts "TESTING ERROR 8.1\n";exit}
		99	"BLACKLIST 165 mount"
		100	}
		101	expect {
		102	timeout {puts "TESTING ERROR 8.2\n";exit}
		103	"BLACKLIST 166 umount2"
		104	}
		105	expect {
		106	timeout {puts "TESTING ERROR 8.3\n";exit}
		107	"BLACKLIST 90 chmod"
		108	}
		109	expect {
		110	timeout {puts "TESTING ERROR 8.4\n";exit}
		111	"BLACKLIST 92 chown"
		112	}
		113	expect {
		114	timeout {puts "TESTING ERROR 8.5\n";exit}
		115	"RETURN_ALLOW"
		116	}
		117	after 100
		118	send -- "/usr/lib/firejail/fseccomp keep seccomp-test-file chmod,chown\r"
		119	after 100
		120	send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r"
		121	expect {
		122	timeout {puts "TESTING ERROR 9.1\n";exit}
		123	"WHITELIST 90 chmod"
		124	}
		125	expect {
		126	timeout {puts "TESTING ERROR 9.2\n";exit}
		127	"WHITELIST 92 chown"
		128	}
		129	expect {
		130	timeout {puts "TESTING ERROR 9.3\n";exit}
		131	"KILL_PROCESS"
		132	}
		133
		134
		135
		136	after 100
		137	puts "\nall done\n"
		138


diff --git a/test/filters/noroot.exp b/test/filters/noroot.exp index 2a7cb7975..b011f2bf9 100755 --- a/test/filters/noroot.exp +++ b/test/filters/noroot.exp
@@ -46,20 +46,20 @@ expect {
46	}	46	}
47	send -- "sudo -s\r"	47	send -- "sudo -s\r"
48	expect {	48	expect {
49	timeout {puts "TESTING ERROR 8\n";exit}	49	timeout {puts "TESTING ERROR 7\n";exit}
50	"effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}	50	"effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
51	"sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}	51	"sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
52	"Bad system call" { puts "OK\n";}	52	"Bad system call" { puts "OK\n";}
53	}	53	}
54	send -- "cat /proc/self/uid_map \| wc -l\r"	54	send -- "cat /proc/self/uid_map \| wc -l\r"
55	expect {	55	expect {
56	timeout {puts "TESTING ERROR 7\n";exit}	56	timeout {puts "TESTING ERROR 8\n";exit}
57	"1"	57	"1"
58	}	58	}
59	send -- "cat /proc/self/gid_map \| wc -l\r"	59	send -- "cat /proc/self/gid_map \| wc -l\r"
60	expect {	60	expect {
61	timeout {puts "TESTING ERROR 8\n";exit}	61	timeout {puts "TESTING ERROR 9\n";exit}
62	"3"	62	"5"
63	}	63	}
64		64
65	puts "\n"	65	puts "\n"
@@ -70,59 +70,59 @@ sleep 2
70		70
71	send -- "firejail --name=test --noroot --noprofile\r"	71	send -- "firejail --name=test --noroot --noprofile\r"
72	expect {	72	expect {
73	timeout {puts "TESTING ERROR 9\n";exit}	73	timeout {puts "TESTING ERROR 10\n";exit}
74	"Child process initialized"	74	"Child process initialized"
75	}	75	}
76	sleep 1	76	sleep 1
77		77
78	send -- "cat /proc/self/status\r"	78	send -- "cat /proc/self/status\r"
79	expect {	79	expect {
80	timeout {puts "TESTING ERROR 10\n";exit}	80	timeout {puts "TESTING ERROR 11\n";exit}
81	"CapBnd:"	81	"CapBnd:"
82	}	82	}
83	expect {	83	expect {
84	timeout {puts "TESTING ERROR 11\n";exit}	84	timeout {puts "TESTING ERROR 12\n";exit}
85	"ffffffff"	85	"ffffffff"
86	}	86	}
87	expect {	87	expect {
88	timeout {puts "TESTING ERROR 12\n";exit}	88	timeout {puts "TESTING ERROR 13\n";exit}
89	"Seccomp:"	89	"Seccomp:"
90	}	90	}
91	expect {	91	expect {
92	timeout {puts "TESTING ERROR 13\n";exit}	92	timeout {puts "TESTING ERROR 14\n";exit}
93	"0"	93	"0"
94	}	94	}
95	expect {	95	expect {
96	timeout {puts "TESTING ERROR 14\n";exit}	96	timeout {puts "TESTING ERROR 15\n";exit}
97	"Cpus_allowed:"	97	"Cpus_allowed:"
98	}	98	}
99	puts "\n"	99	puts "\n"
100		100
101	send -- "whoami\r"	101	send -- "whoami\r"
102	expect {	102	expect {
103	timeout {puts "TESTING ERROR 15\n";exit}	103	timeout {puts "TESTING ERROR 16\n";exit}
104	$env(USER)	104	$env(USER)
105	}	105	}
106	send -- "sudo -s\r"	106	send -- "sudo -s\r"
107	expect {	107	expect {
108	timeout {puts "TESTING ERROR 16\n";exit}	108	timeout {puts "TESTING ERROR 17\n";exit}
109	"effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}	109	"effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
110	"sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}	110	"sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
111	}	111	}
112	send -- "ping 0\r"	112	send -- "ping 0\r"
113	expect {	113	expect {
114	timeout {puts "TESTING ERROR 17\n";exit}	114	timeout {puts "TESTING ERROR 18\n";exit}
115	"Operation not permitted"	115	"Operation not permitted"
116	}	116	}
117	send -- "cat /proc/self/uid_map \| wc -l\r"	117	send -- "cat /proc/self/uid_map \| wc -l\r"
118	expect {	118	expect {
119	timeout {puts "TESTING ERROR 18\n";exit}	119	timeout {puts "TESTING ERROR 19\n";exit}
120	"1"	120	"1"
121	}	121	}
122	send -- "cat /proc/self/gid_map \| wc -l\r"	122	send -- "cat /proc/self/gid_map \| wc -l\r"
123	expect {	123	expect {
124	timeout {puts "TESTING ERROR 19\n";exit}	124	timeout {puts "TESTING ERROR 20\n";exit}
125	"3"	125	"5"
126	}	126	}
127		127
128		128
@@ -130,31 +130,31 @@ expect {
130	spawn $env(SHELL)	130	spawn $env(SHELL)
131	send -- "firejail --debug --join=test\r"	131	send -- "firejail --debug --join=test\r"
132	expect {	132	expect {
133	timeout {puts "TESTING ERROR 20\n";exit}	133	timeout {puts "TESTING ERROR 21\n";exit}
134	"User namespace detected"	134	"User namespace detected"
135	}	135	}
136	expect {	136	expect {
137	timeout {puts "TESTING ERROR 21\n";exit}	137	timeout {puts "TESTING ERROR 22\n";exit}
138	"Joining user namespace"	138	"Joining user namespace"
139	}	139	}
140	sleep 1	140	sleep 1
141		141
142	send -- "sudo -s\r"	142	send -- "sudo -s\r"
143	expect {	143	expect {
144	timeout {puts "TESTING ERROR 22\n";exit}	144	timeout {puts "TESTING ERROR 23\n";exit}
145	"effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}	145	"effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
146	"sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}	146	"sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
147	"Permission denied" { puts "OK\n";}	147	"Permission denied" { puts "OK\n";}
148	}	148	}
149	send -- "cat /proc/self/uid_map \| wc -l\r"	149	send -- "cat /proc/self/uid_map \| wc -l\r"
150	expect {	150	expect {
151	timeout {puts "TESTING ERROR 23\n";exit}	151	timeout {puts "TESTING ERROR 24\n";exit}
152	"1"	152	"1"
153	}	153	}
154	send -- "cat /proc/self/gid_map \| wc -l\r"	154	send -- "cat /proc/self/gid_map \| wc -l\r"
155	expect {	155	expect {
156	timeout {puts "TESTING ERROR 24\n";exit}	156	timeout {puts "TESTING ERROR 25\n";exit}
157	"3"	157	"5"
158	}	158	}
159	after 100	159	after 100
160	puts "\nall done\n"	160	puts "\nall done\n"