7 files changed, 520 insertions, 0 deletions

diff --git a/test/overlay/firefox-x11-xorg.exp b/test/overlay/firefox-x11-xorg.exp
new file mode 100755
index 000000000..76c0e55fc
--- /dev/null
+++ b/test/overlay/firefox-x11-xorg.exp
@@ -0,0 +1,90 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --overlay --name=test --x11=xorg firefox -no-remote www.gentoo.org\r"
+sleep 10
+
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "firefox" {puts "firefox detected\n";}
+        "iceweasel" {puts "iceweasel detected\n";}
+}
+expect {
+        timeout {puts "TESTING ERROR 3.2\n";exit}
+        "no-remote"
+}
+sleep 1
+# grsecurity exit
+send -- "file /proc/sys/kernel/grsecurity\r"
+expect {
+        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
+        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
+        "cannot open" {puts "grsecurity not present\n"}
+}
+send -- "firejail --overlay --name=blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+spawn $env(SHELL)
+send -- "firemon --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        " firefox" {puts "firefox detected\n";}
+        " iceweasel" {puts "iceweasel detected\n";}
+}
+expect {
+        timeout {puts "TESTING ERROR 5.0\n";exit}
+        "no-remote"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
+        "Seccomp:       2"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "name=blablabla"
+}
+sleep 1
+send -- "firemon --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        " firefox" {puts "firefox detected\n";}
+        " iceweasel" {puts "iceweasel detected\n";}
+}
+expect {
+        timeout {puts "TESTING ERROR 6.0\n";exit}
+        "no-remote"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "0000000000000000"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.3\n";exit}
+        "name=blablabla"
+}
+sleep 1
+send -- "firejail --shutdown=test\r"
+sleep 3
+
+puts "\nall done\n"
+
diff --git a/test/overlay/firefox-x11.exp b/test/overlay/firefox-x11.exp
new file mode 100755
index 000000000..aa248f328
--- /dev/null
+++ b/test/overlay/firefox-x11.exp
@@ -0,0 +1,90 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --overlay --name=test --x11 firefox -no-remote www.gentoo.org\r"
+sleep 10
+
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "firefox" {puts "firefox detected\n";}
+        "iceweasel" {puts "iceweasel detected\n";}
+}
+expect {
+        timeout {puts "TESTING ERROR 3.2\n";exit}
+        "no-remote"
+}
+sleep 1
+# grsecurity exit
+send -- "file /proc/sys/kernel/grsecurity\r"
+expect {
+        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
+        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
+        "cannot open" {puts "grsecurity not present\n"}
+}
+send -- "firejail --name=blablabla --overlay\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+spawn $env(SHELL)
+send -- "firemon --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        " firefox" {puts "firefox detected\n";}
+        " iceweasel" {puts "iceweasel detected\n";}
+}
+expect {
+        timeout {puts "TESTING ERROR 5.0\n";exit}
+        "no-remote"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
+        "Seccomp:       2"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "name=blablabla"
+}
+sleep 1
+send -- "firemon --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        " firefox" {puts "firefox detected\n";}
+        " iceweasel" {puts "iceweasel detected\n";}
+}
+expect {
+        timeout {puts "TESTING ERROR 6.0\n";exit}
+        "no-remote"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "0000000000000000"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.3\n";exit}
+        "name=blablabla"
+}
+sleep 1
+send -- "firejail --shutdown=test\r"
+sleep 3
+
+puts "\nall done\n"
+
diff --git a/test/overlay/firefox.exp b/test/overlay/firefox.exp
new file mode 100755
index 000000000..6ef23558d
--- /dev/null
+++ b/test/overlay/firefox.exp
@@ -0,0 +1,99 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --overlay firefox -no-remote www.gentoo.org\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Reading profile /etc/firejail/firefox.profile"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 10
+
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "firefox" {puts "firefox detected\n";}
+        "iceweasel" {puts "iceweasel detected\n";}
+}
+expect {
+        timeout {puts "TESTING ERROR 3.2\n";exit}
+        "no-remote"
+}
+after 100
+
+# grsecurity exit
+send -- "file /proc/sys/kernel/grsecurity\r"
+expect {
+        timeout {puts "TESTING ERROR - grsecurity detection\n";exit}
+        "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit}
+        "cannot open" {puts "grsecurity not present\n"}
+}
+
+
+send -- "firejail --name=blablabla --overlay\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+spawn $env(SHELL)
+send -- "firemon --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        " firefox" {puts "firefox detected\n";}
+        " iceweasel" {puts "iceweasel detected\n";}
+}
+expect {
+        timeout {puts "TESTING ERROR 5.0\n";exit}
+        "no-remote"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
+        "Seccomp:       2"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "name=blablabla"
+}
+after 100
+send -- "firemon --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        " firefox" {puts "firefox detected\n";}
+        " iceweasel" {puts "iceweasel detected\n";}
+}
+expect {
+        timeout {puts "TESTING ERROR 6.0\n";exit}
+        "no-remote"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "0000000000000000"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.3\n";exit}
+        "name=blablabla"
+}
+after 100
+
+puts "\nall done\n"
+
diff --git a/test/overlay/fs-named.exp b/test/overlay/fs-named.exp
new file mode 100755
index 000000000..2ccb22bb1
--- /dev/null
+++ b/test/overlay/fs-named.exp
@@ -0,0 +1,66 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --overlay-named=firejail-test\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit}
+        "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit}
+        "Child process initialized" {puts "found\n"}
+}
+sleep 1
+
+send -- "echo xyzxyzxyz > ~/_firejail_test_file; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "done"
+}
+after 100
+
+send -- "cat  ~/_firejail_test_file; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "xyzxyzxyz"
+}
+expect {
+        timeout {puts "TESTING ERROR 4.1\n";exit}
+        "done"
+}
+after 100
+
+send -- "exit\r"
+sleep 2
+
+send -- "cat  ~/_firejail_test_file; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "xyzxyzxyz" {puts "TESTING ERROR 5.1\n";exit}
+        "done"
+}
+after 100
+
+send -- "firejail --overlay-named=firejail-test\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit}
+        "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit}
+        "Child process initialized" {puts "found\n"}
+}
+sleep 1
+
+send -- "cat  ~/_firejail_test_file; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "xyzxyzxyz"
+}
+expect {
+        timeout {puts "TESTING ERROR 4.1\n";exit}
+        "done"
+}
+after 100
+
+puts "\nall done\n"
+
diff --git a/test/overlay/fs-tmpfs.exp b/test/overlay/fs-tmpfs.exp
new file mode 100755
index 000000000..658d16779
--- /dev/null
+++ b/test/overlay/fs-tmpfs.exp
@@ -0,0 +1,62 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --overlay-clean\r"
+after 100
+send -- "file ~/.firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "cannot open"
+}
+after 100
+
+send -- "firejail --overlay-tmpfs\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit}
+        "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit}
+        "Child process initialized" {puts "found\n"}
+}
+sleep 1
+
+send -- "echo xyzxyzxyz > ~/_firejail_test_file; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "done"
+}
+after 100
+
+send -- "cat  ~/_firejail_test_file; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "xyzxyzxyz"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "done"
+}
+after 100
+
+send -- "exit\r"
+sleep 1
+
+send -- "cat  ~/_firejail_test_file; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "xyzxyzxyz" {puts "TESTING ERROR 6\n";exit}
+        "done"
+}
+after 100
+
+send -- "file ~/.firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "cannot open"
+}
+after 100
+
+puts "\nall done\n"
+
diff --git a/test/overlay/fs.exp b/test/overlay/fs.exp
new file mode 100755
index 000000000..15ada9203
--- /dev/null
+++ b/test/overlay/fs.exp
@@ -0,0 +1,46 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --overlay\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit}
+        "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit}
+        "Child process initialized" {puts "found\n"}
+}
+sleep 1
+
+send -- "echo xyzxyzxyz > ~/_firejail_test_file; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "done"
+}
+after 100
+
+send -- "cat  ~/_firejail_test_file; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "xyzxyzxyz"
+}
+expect {
+        timeout {puts "TESTING ERROR 4.1\n";exit}
+        "done"
+}
+after 100
+
+send -- "exit\r"
+sleep 2
+
+send -- "cat  ~/_firejail_test_file; echo done\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "xyzxyzxyz" {puts "TESTING ERROR 5.1\n";exit}
+        "done"
+}
+
+after 100
+puts "\nall done\n"
+
diff --git a/test/overlay/overlay.sh b/test/overlay/overlay.sh
new file mode 100755
index 000000000..4c9ebe5b0
--- /dev/null
+++ b/test/overlay/overlay.sh
@@ -0,0 +1,67 @@
+#!/bin/bash
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+
+export MALLOC_CHECK_=3
+export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
+
+echo "TESTING: overlay fs (test/overlay/fs.exp)"
+rm -fr ~/_firejail_test_*
+./fs.exp
+rm -fr ~/_firejail_test_*
+
+echo "TESTING: overlay named fs (test/overlay/fs-named.exp)"
+rm -fr ~/_firejail_test_*
+./fs-named.exp
+rm -fr ~/_firejail_test_*
+
+echo "TESTING: overlay tmpfs fs (test/overlay/fs-tmpfs.exp)"
+rm -fr ~/_firejail_test_*
+./fs-tmpfs.exp
+rm -fr ~/_firejail_test_*
+
+which firefox
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: overlay firefox"
+        ./firefox.exp
+else
+        echo "TESTING SKIP: firefox not found"
+fi
+
+which firefox
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: overlay firefox x11 xorg"
+        ./firefox.exp
+else
+        echo "TESTING SKIP: firefox not found"
+fi
+
+
+# check xpra/xephyr
+which xpra
+if [ "$?" -eq 0 ];
+then
+        echo "xpra found"
+else
+        echo "xpra not found"
+        which Xephyr
+        if [ "$?" -eq 0 ];
+        then
+                echo "Xephyr found"
+        else
+                echo "TESTING SKIP: xpra and/or Xephyr not found"
+                exit
+        fi
+fi
+
+which firefox
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: overlay firefox x11"
+        ./firefox-x11.exp
+else
+        echo "TESTING SKIP: firefox not found"
+fi