diff options
Diffstat (limited to 'test/fs')
-rwxr-xr-x | test/fs/fs.sh | 50 | ||||
-rwxr-xr-x | test/fs/fs_dev_shm.exp | 90 | ||||
-rwxr-xr-x | test/fs/fs_var_lock.exp | 90 | ||||
-rwxr-xr-x | test/fs/fs_var_tmp.exp | 90 | ||||
-rwxr-xr-x | test/fs/invalid_filename.exp | 189 | ||||
-rwxr-xr-x | test/fs/kmsg.exp | 32 | ||||
-rwxr-xr-x | test/fs/option_bind_user.exp | 15 | ||||
-rwxr-xr-x | test/fs/option_blacklist.exp | 38 | ||||
-rwxr-xr-x | test/fs/option_blacklist_file.exp | 26 | ||||
-rwxr-xr-x | test/fs/private-bin.exp | 71 | ||||
-rw-r--r-- | test/fs/private-bin.profile | 1 | ||||
-rwxr-xr-x | test/fs/private-etc.exp | 45 | ||||
-rwxr-xr-x | test/fs/private-whitelist.exp | 39 | ||||
-rwxr-xr-x | test/fs/private.exp | 100 | ||||
-rwxr-xr-x | test/fs/whitelist-empty.exp | 53 |
15 files changed, 929 insertions, 0 deletions
diff --git a/test/fs/fs.sh b/test/fs/fs.sh new file mode 100755 index 000000000..425af45a6 --- /dev/null +++ b/test/fs/fs.sh | |||
@@ -0,0 +1,50 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | echo "TESTING: kmsg access (test/fs/kmsg.exp)" | ||
10 | ./kmsg.exp | ||
11 | |||
12 | echo "TESTING: read/write /var/tmp (test/fs/fs_var_tmp.exp)" | ||
13 | ./fs_var_tmp.exp | ||
14 | |||
15 | echo "TESTING: read/write /var/lock (test/fs/fs_var_lock.exp)" | ||
16 | ./fs_var_lock.exp | ||
17 | |||
18 | echo "TESTING: read/write /dev/shm (test/fs/fs_dev_shm.exp)" | ||
19 | ./fs_dev_shm.exp | ||
20 | |||
21 | echo "TESTING: private (test/fs/private.exp)" | ||
22 | ./private.exp `whoami` | ||
23 | |||
24 | echo "TESTING: private-etc (test/fs/private-etc.exp)" | ||
25 | ./private-etc.exp | ||
26 | |||
27 | echo "TESTING: private-bin (test/fs/private-bin.exp)" | ||
28 | ./private-bin.exp | ||
29 | |||
30 | echo "TESTING: whitelist empty (test/fs/whitelist-empty.exp)" | ||
31 | ./whitelist-empty.exp | ||
32 | |||
33 | echo "TESTING: private whitelist (test/fs/private-whitelist.exp)" | ||
34 | echo "TESTING: (failing on OpenSUSE)" | ||
35 | ./private-whitelist.exp | ||
36 | |||
37 | echo "TESTING: invalid filename (test/fs/invalid_filename.exp)" | ||
38 | ./invalid_filename.exp | ||
39 | |||
40 | echo "TESTING: blacklist directory (test/fs/option_blacklist.exp)" | ||
41 | ./option_blacklist.exp | ||
42 | |||
43 | echo "TESTING: blacklist file (test/fs/option_blacklist_file.exp)" | ||
44 | ./option_blacklist_file.exp | ||
45 | |||
46 | echo "TESTING: bind as user (test/fs/option_bind_user.exp)" | ||
47 | ./option_bind_user.exp | ||
48 | |||
49 | |||
50 | |||
diff --git a/test/fs/fs_dev_shm.exp b/test/fs/fs_dev_shm.exp new file mode 100755 index 000000000..6d27978e2 --- /dev/null +++ b/test/fs/fs_dev_shm.exp | |||
@@ -0,0 +1,90 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # testing read-write /dev/shm | ||
11 | send -- "firejail\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 1 | ||
17 | |||
18 | send -- "echo mytest > /dev/shm/ttt;echo done\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1\n";exit} | ||
21 | "done" | ||
22 | } | ||
23 | |||
24 | send -- "cat /dev/shm/ttt;echo done\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "mytest" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 3\n";exit} | ||
31 | "done" | ||
32 | } | ||
33 | |||
34 | send -- "rm /dev/shm/ttt;echo done\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 4\n";exit} | ||
37 | "done" | ||
38 | } | ||
39 | |||
40 | send -- "cat /dev/shm/ttt;echo done\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 5\n";exit} | ||
43 | "mytest" {puts "TESTING ERROR 6\n";exit} | ||
44 | "done" | ||
45 | } | ||
46 | |||
47 | sleep 1 | ||
48 | send -- "exit\r" | ||
49 | sleep 1 | ||
50 | |||
51 | # redo the test with --private | ||
52 | send -- "firejail\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 7\n";exit} | ||
55 | "Child process initialized" | ||
56 | } | ||
57 | sleep 1 | ||
58 | |||
59 | send -- "echo mytest > /dev/shm/ttt;echo done\r" | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 8\n";exit} | ||
62 | "done" | ||
63 | } | ||
64 | |||
65 | send -- "cat /dev/shm/ttt;echo done\r" | ||
66 | expect { | ||
67 | timeout {puts "TESTING ERROR 9\n";exit} | ||
68 | "mytest" | ||
69 | } | ||
70 | expect { | ||
71 | timeout {puts "TESTING ERROR 10\n";exit} | ||
72 | "done" | ||
73 | } | ||
74 | |||
75 | send -- "rm /dev/shm/ttt;echo done\r" | ||
76 | expect { | ||
77 | timeout {puts "TESTING ERROR 11\n";exit} | ||
78 | "done" | ||
79 | } | ||
80 | |||
81 | send -- "cat /dev/shm/ttt;echo done\r" | ||
82 | expect { | ||
83 | timeout {puts "TESTING ERROR 12\n";exit} | ||
84 | "mytest" {puts "TESTING ERROR 13\n";exit} | ||
85 | "done" | ||
86 | } | ||
87 | |||
88 | sleep 1 | ||
89 | |||
90 | puts "\nall done\n" | ||
diff --git a/test/fs/fs_var_lock.exp b/test/fs/fs_var_lock.exp new file mode 100755 index 000000000..0e2b3181a --- /dev/null +++ b/test/fs/fs_var_lock.exp | |||
@@ -0,0 +1,90 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # testing read-write /var/lock | ||
11 | send -- "firejail\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 1 | ||
17 | |||
18 | send -- "echo mytest > /var/lock/ttt;echo done\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1\n";exit} | ||
21 | "done" | ||
22 | } | ||
23 | |||
24 | send -- "cat /var/lock/ttt;echo done\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "mytest" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 3\n";exit} | ||
31 | "done" | ||
32 | } | ||
33 | |||
34 | send -- "rm /var/lock/ttt;echo done\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 4\n";exit} | ||
37 | "done" | ||
38 | } | ||
39 | |||
40 | send -- "cat /var/lock/ttt;echo done\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 5\n";exit} | ||
43 | "mytest" {puts "TESTING ERROR 6\n";exit} | ||
44 | "done" | ||
45 | } | ||
46 | |||
47 | sleep 1 | ||
48 | send -- "exit\r" | ||
49 | sleep 1 | ||
50 | |||
51 | # redo the test with --private | ||
52 | send -- "firejail\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 7\n";exit} | ||
55 | "Child process initialized" | ||
56 | } | ||
57 | sleep 1 | ||
58 | |||
59 | send -- "echo mytest > /var/lock/ttt;echo done\r" | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 8\n";exit} | ||
62 | "done" | ||
63 | } | ||
64 | |||
65 | send -- "cat /var/lock/ttt;echo done\r" | ||
66 | expect { | ||
67 | timeout {puts "TESTING ERROR 9\n";exit} | ||
68 | "mytest" | ||
69 | } | ||
70 | expect { | ||
71 | timeout {puts "TESTING ERROR 10\n";exit} | ||
72 | "done" | ||
73 | } | ||
74 | |||
75 | send -- "rm /var/lock/ttt;echo done\r" | ||
76 | expect { | ||
77 | timeout {puts "TESTING ERROR 11\n";exit} | ||
78 | "done" | ||
79 | } | ||
80 | |||
81 | send -- "cat /var/lock/ttt;echo done\r" | ||
82 | expect { | ||
83 | timeout {puts "TESTING ERROR 12\n";exit} | ||
84 | "mytest" {puts "TESTING ERROR 13\n";exit} | ||
85 | "done" | ||
86 | } | ||
87 | |||
88 | sleep 1 | ||
89 | |||
90 | puts "\nall done\n" | ||
diff --git a/test/fs/fs_var_tmp.exp b/test/fs/fs_var_tmp.exp new file mode 100755 index 000000000..811baac68 --- /dev/null +++ b/test/fs/fs_var_tmp.exp | |||
@@ -0,0 +1,90 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # testing read-write /var/tmp | ||
11 | send -- "firejail\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 1 | ||
17 | |||
18 | send -- "echo mytest > /var/tmp/ttt;echo done\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1\n";exit} | ||
21 | "done" | ||
22 | } | ||
23 | |||
24 | send -- "cat /var/tmp/ttt;echo done\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "mytest" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 3\n";exit} | ||
31 | "done" | ||
32 | } | ||
33 | |||
34 | send -- "rm /var/tmp/ttt;echo done\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 4\n";exit} | ||
37 | "done" | ||
38 | } | ||
39 | |||
40 | send -- "cat /var/tmp/ttt;echo done\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 5\n";exit} | ||
43 | "mytest" {puts "TESTING ERROR 6\n";exit} | ||
44 | "done" | ||
45 | } | ||
46 | |||
47 | sleep 1 | ||
48 | send -- "exit\r" | ||
49 | sleep 1 | ||
50 | |||
51 | # redo the test with --private | ||
52 | send -- "firejail\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 7\n";exit} | ||
55 | "Child process initialized" | ||
56 | } | ||
57 | sleep 1 | ||
58 | |||
59 | send -- "echo mytest > /var/tmp/ttt;echo done\r" | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 8\n";exit} | ||
62 | "done" | ||
63 | } | ||
64 | |||
65 | send -- "cat /var/tmp/ttt;echo done\r" | ||
66 | expect { | ||
67 | timeout {puts "TESTING ERROR 9\n";exit} | ||
68 | "mytest" | ||
69 | } | ||
70 | expect { | ||
71 | timeout {puts "TESTING ERROR 10\n";exit} | ||
72 | "done" | ||
73 | } | ||
74 | |||
75 | send -- "rm /var/tmp/ttt;echo done\r" | ||
76 | expect { | ||
77 | timeout {puts "TESTING ERROR 11\n";exit} | ||
78 | "done" | ||
79 | } | ||
80 | |||
81 | send -- "cat /var/tmp/ttt;echo done\r" | ||
82 | expect { | ||
83 | timeout {puts "TESTING ERROR 12\n";exit} | ||
84 | "mytest" {puts "TESTING ERROR 13\n";exit} | ||
85 | "done" | ||
86 | } | ||
87 | |||
88 | sleep 1 | ||
89 | |||
90 | puts "\nall done\n" | ||
diff --git a/test/fs/invalid_filename.exp b/test/fs/invalid_filename.exp new file mode 100755 index 000000000..1acc85491 --- /dev/null +++ b/test/fs/invalid_filename.exp | |||
@@ -0,0 +1,189 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --debug-check-filename --noprofile --blacklist=\"bla&&bla\"\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
13 | "Checking filename bla&&bla" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
17 | "Error:" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1.3\n";exit} | ||
21 | "is an invalid filename" | ||
22 | } | ||
23 | after 100 | ||
24 | |||
25 | send -- "firejail --debug-check-filename --noprofile --cgroup=\"bla&&bla\"\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
28 | "Checking filename bla&&bla" | ||
29 | } | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
32 | "Error:" | ||
33 | } | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 2.3\n";exit} | ||
36 | "is an invalid filename" | ||
37 | } | ||
38 | after 100 | ||
39 | |||
40 | send -- "firejail --debug-check-filename --noprofile --chroot=\"bla&&bla\"\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
43 | "Checking filename bla&&bla" {puts "normal system\n"} | ||
44 | "Error: --chroot option is not available on Grsecurity systems" { puts "\nall done\n"; exit} | ||
45 | } | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
48 | "Error:" | ||
49 | } | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 3.3\n";exit} | ||
52 | "is an invalid filename" | ||
53 | } | ||
54 | after 100 | ||
55 | |||
56 | send -- "firejail --debug-check-filename --noprofile --netfilter=\"bla&&bla\"\r" | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
59 | "Checking filename bla&&bla" | ||
60 | } | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 4.2\n";exit} | ||
63 | "Error:" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 4.3\n";exit} | ||
67 | "is an invalid filename" | ||
68 | } | ||
69 | after 100 | ||
70 | |||
71 | send -- "firejail --debug-check-filename --noprofile --output=\"bla&&bla\"\r" | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 5.2\n";exit} | ||
74 | "Error:" | ||
75 | } | ||
76 | expect { | ||
77 | timeout {puts "TESTING ERROR 5.3\n";exit} | ||
78 | "is an invalid filename" | ||
79 | } | ||
80 | after 100 | ||
81 | |||
82 | send -- "firejail --debug-check-filename --noprofile --private=\"bla&&bla\"\r" | ||
83 | expect { | ||
84 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
85 | "Checking filename bla&&bla" | ||
86 | } | ||
87 | expect { | ||
88 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
89 | "Error:" | ||
90 | } | ||
91 | expect { | ||
92 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
93 | "is an invalid filename" | ||
94 | } | ||
95 | after 100 | ||
96 | |||
97 | send -- "firejail --debug-check-filename --noprofile --private-bin=\"bla&&bla\"\r" | ||
98 | expect { | ||
99 | timeout {puts "TESTING ERROR 7.1\n";exit} | ||
100 | "Checking filename bla&&bla" | ||
101 | } | ||
102 | expect { | ||
103 | timeout {puts "TESTING ERROR 7.2\n";exit} | ||
104 | "Error:" | ||
105 | } | ||
106 | expect { | ||
107 | timeout {puts "TESTING ERROR 7.3\n";exit} | ||
108 | "is an invalid filename" | ||
109 | } | ||
110 | after 100 | ||
111 | |||
112 | send -- "firejail --debug-check-filename --noprofile --private-etc=\"bla&&bla\"\r" | ||
113 | expect { | ||
114 | timeout {puts "TESTING ERROR 9.1\n";exit} | ||
115 | "Checking filename bla&&bla" | ||
116 | } | ||
117 | expect { | ||
118 | timeout {puts "TESTING ERROR 9.2\n";exit} | ||
119 | "Error:" | ||
120 | } | ||
121 | expect { | ||
122 | timeout {puts "TESTING ERROR 9.3\n";exit} | ||
123 | "is an invalid filename" | ||
124 | } | ||
125 | after 100 | ||
126 | |||
127 | send -- "firejail --debug-check-filename --profile=\"bla&&bla\"\r" | ||
128 | expect { | ||
129 | timeout {puts "TESTING ERROR 10.1\n";exit} | ||
130 | "Checking filename bla&&bla" | ||
131 | } | ||
132 | expect { | ||
133 | timeout {puts "TESTING ERROR 10.2\n";exit} | ||
134 | "Error:" | ||
135 | } | ||
136 | expect { | ||
137 | timeout {puts "TESTING ERROR 10.3\n";exit} | ||
138 | "is an invalid filename" | ||
139 | } | ||
140 | after 100 | ||
141 | |||
142 | send -- "firejail --debug-check-filename --read-only=\"bla&&bla\"\r" | ||
143 | expect { | ||
144 | timeout {puts "TESTING ERROR 11.1\n";exit} | ||
145 | "Checking filename bla&&bla" | ||
146 | } | ||
147 | expect { | ||
148 | timeout {puts "TESTING ERROR 11.2\n";exit} | ||
149 | "Error:" | ||
150 | } | ||
151 | expect { | ||
152 | timeout {puts "TESTING ERROR 11.3\n";exit} | ||
153 | "is an invalid filename" | ||
154 | } | ||
155 | after 100 | ||
156 | |||
157 | send -- "firejail --debug-check-filename --shell=\"bla&&bla\"\r" | ||
158 | expect { | ||
159 | timeout {puts "TESTING ERROR 12.1\n";exit} | ||
160 | "Checking filename bla&&bla" | ||
161 | } | ||
162 | expect { | ||
163 | timeout {puts "TESTING ERROR 12.2\n";exit} | ||
164 | "Error:" | ||
165 | } | ||
166 | expect { | ||
167 | timeout {puts "TESTING ERROR 12.3\n";exit} | ||
168 | "is an invalid filename" | ||
169 | } | ||
170 | after 100 | ||
171 | |||
172 | |||
173 | send -- "firejail --debug-check-filename --whitelist=\"bla&&bla\"\r" | ||
174 | expect { | ||
175 | timeout {puts "TESTING ERROR 14.1\n";exit} | ||
176 | "Checking filename bla&&bla" | ||
177 | } | ||
178 | expect { | ||
179 | timeout {puts "TESTING ERROR 14.2\n";exit} | ||
180 | "Error:" | ||
181 | } | ||
182 | expect { | ||
183 | timeout {puts "TESTING ERROR 14.3\n";exit} | ||
184 | "is an invalid filename" | ||
185 | } | ||
186 | after 100 | ||
187 | |||
188 | puts "\nall done\n" | ||
189 | |||
diff --git a/test/fs/kmsg.exp b/test/fs/kmsg.exp new file mode 100755 index 000000000..abc711aee --- /dev/null +++ b/test/fs/kmsg.exp | |||
@@ -0,0 +1,32 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "cat /dev/kmsg\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 2\n";exit} | ||
20 | "Permission denied" | ||
21 | } | ||
22 | after 100 | ||
23 | |||
24 | send -- "cat /proc/kmsg\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 3\n";exit} | ||
27 | "Permission denied" | ||
28 | } | ||
29 | after 100 | ||
30 | |||
31 | puts "\nall done\n" | ||
32 | |||
diff --git a/test/fs/option_bind_user.exp b/test/fs/option_bind_user.exp new file mode 100755 index 000000000..9d2d17d7f --- /dev/null +++ b/test/fs/option_bind_user.exp | |||
@@ -0,0 +1,15 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --bind=/tmp/chroot,mntpoint\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "bind option is available only if running as root" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | puts "\n" | ||
15 | |||
diff --git a/test/fs/option_blacklist.exp b/test/fs/option_blacklist.exp new file mode 100755 index 000000000..38fd19237 --- /dev/null +++ b/test/fs/option_blacklist.exp | |||
@@ -0,0 +1,38 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --blacklist=/var\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "ls -l /var;echo done\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "Permission denied" | ||
21 | } | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 2\n";exit} | ||
24 | "done" | ||
25 | } | ||
26 | send -- "cd /var;echo done\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3\n";exit} | ||
29 | "Permission denied" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 4\n";exit} | ||
33 | "done" | ||
34 | } | ||
35 | sleep 1 | ||
36 | |||
37 | puts "\n" | ||
38 | |||
diff --git a/test/fs/option_blacklist_file.exp b/test/fs/option_blacklist_file.exp new file mode 100755 index 000000000..846735d9e --- /dev/null +++ b/test/fs/option_blacklist_file.exp | |||
@@ -0,0 +1,26 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --blacklist=/etc/passwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "cat /etc/passwd;echo done\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Permission denied" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "done" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | puts "\n" | ||
26 | |||
diff --git a/test/fs/private-bin.exp b/test/fs/private-bin.exp new file mode 100755 index 000000000..c19702e77 --- /dev/null +++ b/test/fs/private-bin.exp | |||
@@ -0,0 +1,71 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --private-bin=bash,ls,sh\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "ls /bin\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 2\n";exit} | ||
20 | "bash" | ||
21 | } | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 3\n";exit} | ||
24 | "ls" | ||
25 | } | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 4\n";exit} | ||
28 | "sh" | ||
29 | } | ||
30 | |||
31 | send -- "ls /bin\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 5\n";exit} | ||
34 | "ping" {puts "TESTING ERROR 6\n";exit} | ||
35 | "sh" | ||
36 | } | ||
37 | send -- "exit\r" | ||
38 | sleep 1 | ||
39 | |||
40 | send -- "firejail --profile=private-bin.profile\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 7\n";exit} | ||
43 | "Child process initialized" | ||
44 | } | ||
45 | sleep 1 | ||
46 | |||
47 | send -- "ls /bin\r" | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 8\n";exit} | ||
50 | "bash" | ||
51 | } | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 9\n";exit} | ||
54 | "ls" | ||
55 | } | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 10\n";exit} | ||
58 | "sh" | ||
59 | } | ||
60 | |||
61 | send -- "ls /bin\r" | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 5\n";exit} | ||
64 | "ping" {puts "TESTING ERROR 6\n";exit} | ||
65 | "sh" | ||
66 | } | ||
67 | send -- "exit\r" | ||
68 | |||
69 | sleep 1 | ||
70 | puts "\nall done\n" | ||
71 | |||
diff --git a/test/fs/private-bin.profile b/test/fs/private-bin.profile new file mode 100644 index 000000000..24cf5929a --- /dev/null +++ b/test/fs/private-bin.profile | |||
@@ -0,0 +1 @@ | |||
private-bin bash,ls,sh | |||
diff --git a/test/fs/private-etc.exp b/test/fs/private-etc.exp new file mode 100755 index 000000000..e5a006585 --- /dev/null +++ b/test/fs/private-etc.exp | |||
@@ -0,0 +1,45 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # directory with ~ | ||
11 | send -- "firejail --private-etc=passwd,group,resolv.conf,X11\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 1 | ||
17 | |||
18 | send -- "ls -al /etc\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3\n";exit} | ||
21 | "group" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 4\n";exit} | ||
25 | "passwd" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 5\n";exit} | ||
29 | "resolv.conf" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 6\n";exit} | ||
33 | "X11" | ||
34 | } | ||
35 | |||
36 | send -- "ls -al /etc\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 7\n";exit} | ||
39 | "shadow" {puts "TESTING ERROR 8\n";exit} | ||
40 | "X11" | ||
41 | } | ||
42 | |||
43 | sleep 1 | ||
44 | puts "\nall done\n" | ||
45 | |||
diff --git a/test/fs/private-whitelist.exp b/test/fs/private-whitelist.exp new file mode 100755 index 000000000..a3d60369a --- /dev/null +++ b/test/fs/private-whitelist.exp | |||
@@ -0,0 +1,39 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --private --whitelist=/tmp/.X11-unix\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "ls -al /tmp\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 2\n";exit} | ||
20 | ".X11-unix" | ||
21 | } | ||
22 | sleep 1 | ||
23 | |||
24 | send -- "ls -a /tmp | wc -l\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 3\n";exit} | ||
27 | "3" | ||
28 | } | ||
29 | sleep 1 | ||
30 | |||
31 | send -- "ls -a ~ | wc -l\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 4\n";exit} | ||
34 | "5" | ||
35 | } | ||
36 | |||
37 | sleep 1 | ||
38 | puts "\nall done\n" | ||
39 | |||
diff --git a/test/fs/private.exp b/test/fs/private.exp new file mode 100755 index 000000000..01f04d3cb --- /dev/null +++ b/test/fs/private.exp | |||
@@ -0,0 +1,100 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | if { $argc != 1 } { | ||
11 | puts "TESTING ERROR: argument missing" | ||
12 | puts "Usage: private.exp username" | ||
13 | puts "where username is the name of the current user" | ||
14 | exit | ||
15 | } | ||
16 | |||
17 | # testing profile and private | ||
18 | send -- "firejail --private --profile=/etc/firejail/default.profile\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 0\n";exit} | ||
21 | "Child process initialized" | ||
22 | } | ||
23 | sleep 1 | ||
24 | send -- "exit\r" | ||
25 | sleep 1 | ||
26 | |||
27 | send -- "firejail --private --noprofile\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 1\n";exit} | ||
30 | "Child process initialized" | ||
31 | } | ||
32 | |||
33 | sleep 1 | ||
34 | send -- "cd ~; ls -al; echo done\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 2\n";exit} | ||
37 | ".bashrc" | ||
38 | } | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 3\n";exit} | ||
41 | [lindex $argv 0] | ||
42 | } | ||
43 | send -- "ls -al; echo done\r" | ||
44 | expect { | ||
45 | timeout { | ||
46 | # OpenSUSE doesn't use .Xauthority from user done directory | ||
47 | send -- "env | grep XAUTHORITY\r" | ||
48 | |||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 4\n";exit} | ||
51 | "/run/lightdm/netblue/xauthority" | ||
52 | } | ||
53 | } | ||
54 | ".Xauthority" | ||
55 | } | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 5\n";exit} | ||
58 | [lindex $argv 0] | ||
59 | } | ||
60 | |||
61 | |||
62 | # testing private only | ||
63 | send -- "bash\r" | ||
64 | sleep 1 | ||
65 | # owner /done/netblue | ||
66 | send -- "ls -l /done;echo done\r" | ||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 6\n";exit} | ||
69 | [lindex $argv 0] | ||
70 | } | ||
71 | expect { | ||
72 | timeout {puts "TESTING ERROR 7\n";exit} | ||
73 | [lindex $argv 0] | ||
74 | } | ||
75 | expect { | ||
76 | timeout {puts "TESTING ERROR 8\n";exit} | ||
77 | [lindex $argv 0] | ||
78 | } | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 9\n";exit} | ||
81 | "done" | ||
82 | } | ||
83 | sleep 1 | ||
84 | |||
85 | # owner /tmp | ||
86 | send -- "stat -c %U%a /tmp;echo done\r" | ||
87 | expect { | ||
88 | timeout {puts "TESTING ERROR 10\n";exit} | ||
89 | "root777" {puts "version 1\n";} | ||
90 | "root1777" {puts "version 2\n";} | ||
91 | "nobody777" {puts "version 3\n";} | ||
92 | "nobody1777" {puts "version 4\n";} | ||
93 | } | ||
94 | expect { | ||
95 | timeout {puts "TESTING ERROR 11\n";exit} | ||
96 | "done" | ||
97 | } | ||
98 | sleep 1 | ||
99 | |||
100 | puts "all done\n" | ||
diff --git a/test/fs/whitelist-empty.exp b/test/fs/whitelist-empty.exp new file mode 100755 index 000000000..f44d4fb58 --- /dev/null +++ b/test/fs/whitelist-empty.exp | |||
@@ -0,0 +1,53 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 30 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --whitelist=~/blablabla --whitelist=/tmp/blablabla --whitelist=/media/blablabla --whitelist=/var/blablabla --whitelist=/dev/blablabla --whitelist=/opt/blablabla\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "ls -l ~/ | wc -l\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "0" | ||
21 | } | ||
22 | |||
23 | send -- "ls -l /tmp | wc -l\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 2\n";exit} | ||
26 | "0" | ||
27 | } | ||
28 | |||
29 | send -- "ls -l /media | wc -l\r" | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 3\n";exit} | ||
32 | "0" | ||
33 | } | ||
34 | |||
35 | send -- "ls -l /var | wc -l\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 4\n";exit} | ||
38 | "0" | ||
39 | } | ||
40 | |||
41 | send -- "ls -l /dev | wc -l\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 5\n";exit} | ||
44 | "0" | ||
45 | } | ||
46 | send -- "ls -l /opt | wc -l\r" | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 6\n";exit} | ||
49 | "0" | ||
50 | } | ||
51 | |||
52 | |||
53 | puts "\nall done\n" | ||