1 files changed, 124 insertions, 0 deletions
diff --git a/test/noroot.exp b/test/noroot.exp
new file mode 100755
index 000000000..78991d4a9
--- /dev/null
+++ b/test/noroot.exp
@@ -0,0 +1,124 @@
+#!/usr/bin/expect -f
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --debug --noroot --caps.drop=all --seccomp --cpu=0,1 --name=noroot-sandbox\r"
+expect {
+        timeout {puts "TESTING ERROR 0.1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "cat /proc/self/status\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "0000000000000000"
+}
+send -- "cat /proc/self/status\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Cpus_allowed:"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "3"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.2\n";exit}
+        "Cpus_allowed_list:"
+}
+puts "\n"
+send -- "cat /proc/self/status\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Seccomp:"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "2"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.2\n";exit}
+        "Cpus_allowed:"
+}
+puts "\n"
+send -- "cat /etc/hostname\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "noroot-sandbox"
+}
+puts "\n"
+send -- "ping 0\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Operation not permitted"
+}
+puts "\n"
+send -- "whoami\r"
+expect {
+        timeout {puts "TESTING ERROR 55\\n";exit}
+        "netblue"
+}
+puts "\n"
+send -- "exit\r"
+sleep 2
+send -- "firejail --noroot\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "whoami\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "netblue"
+}
+send -- "sudo -s\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
+        "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
+}
+puts "\n"
+send -- "exit\r"
+sleep 2
+send -- "firejail --name=test --noroot\r"
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "Child process initialized"
+}
+sleep 1
+spawn $env(SHELL)
+send -- "firejail --debug --join=test\r"
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "User namespace detected"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "Joining user namespace"
+}
+sleep 1
+send -- "sudo -s\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
+        "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
+}
+puts "\n"

diff --git a/test/noroot.exp b/test/noroot.exp new file mode 100755 index 000000000..78991d4a9 --- /dev/null +++ b/test/noroot.exp
@@ -0,0 +1,124 @@
	1	#!/usr/bin/expect -f
	2
	3	set timeout 10
	4	spawn $env(SHELL)
	5	match_max 100000
	6
	7	send -- "firejail --debug --noroot --caps.drop=all --seccomp --cpu=0,1 --name=noroot-sandbox\r"
	8	expect {
	9	timeout {puts "TESTING ERROR 0.1\n";exit}
	10	"Child process initialized"
	11	}
	12	sleep 1
	13
	14	send -- "cat /proc/self/status\r"
	15	expect {
	16	timeout {puts "TESTING ERROR 1\n";exit}
	17	"CapBnd:"
	18	}
	19	expect {
	20	timeout {puts "TESTING ERROR 1.1\n";exit}
	21	"0000000000000000"
	22	}
	23
	24	send -- "cat /proc/self/status\r"
	25	expect {
	26	timeout {puts "TESTING ERROR 2\n";exit}
	27	"Cpus_allowed:"
	28	}
	29	expect {
	30	timeout {puts "TESTING ERROR 2.1\n";exit}
	31	"3"
	32	}
	33	expect {
	34	timeout {puts "TESTING ERROR 2.2\n";exit}
	35	"Cpus_allowed_list:"
	36	}
	37	puts "\n"
	38
	39	send -- "cat /proc/self/status\r"
	40	expect {
	41	timeout {puts "TESTING ERROR 2\n";exit}
	42	"Seccomp:"
	43	}
	44	expect {
	45	timeout {puts "TESTING ERROR 2.1\n";exit}
	46	"2"
	47	}
	48	expect {
	49	timeout {puts "TESTING ERROR 2.2\n";exit}
	50	"Cpus_allowed:"
	51	}
	52	puts "\n"
	53
	54	send -- "cat /etc/hostname\r"
	55	expect {
	56	timeout {puts "TESTING ERROR 3\n";exit}
	57	"noroot-sandbox"
	58	}
	59	puts "\n"
	60
	61	send -- "ping 0\r"
	62	expect {
	63	timeout {puts "TESTING ERROR 4\n";exit}
	64	"Operation not permitted"
	65	}
	66	puts "\n"
	67
	68	send -- "whoami\r"
	69	expect {
	70	timeout {puts "TESTING ERROR 55\\n";exit}
	71	"netblue"
	72	}
	73	puts "\n"
	74	send -- "exit\r"
	75	sleep 2
	76
	77
	78	send -- "firejail --noroot\r"
	79	expect {
	80	timeout {puts "TESTING ERROR 6\n";exit}
	81	"Child process initialized"
	82	}
	83	sleep 1
	84	send -- "whoami\r"
	85	expect {
	86	timeout {puts "TESTING ERROR 7\n";exit}
	87	"netblue"
	88	}
	89	send -- "sudo -s\r"
	90	expect {
	91	timeout {puts "TESTING ERROR 8\n";exit}
	92	"effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
	93	"sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
	94	}
	95	puts "\n"
	96	send -- "exit\r"
	97	sleep 2
	98
	99	send -- "firejail --name=test --noroot\r"
	100	expect {
	101	timeout {puts "TESTING ERROR 9\n";exit}
	102	"Child process initialized"
	103	}
	104	sleep 1
	105
	106	spawn $env(SHELL)
	107	send -- "firejail --debug --join=test\r"
	108	expect {
	109	timeout {puts "TESTING ERROR 9\n";exit}
	110	"User namespace detected"
	111	}
	112	expect {
	113	timeout {puts "TESTING ERROR 9\n";exit}
	114	"Joining user namespace"
	115	}
	116	sleep 1
	117
	118	send -- "sudo -s\r"
	119	expect {
	120	timeout {puts "TESTING ERROR 8\n";exit}
	121	"effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
	122	"sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
	123	}
	124	puts "\n"