diff options
Diffstat (limited to 'test/profiles')
-rwxr-xr-x | test/profiles/profile_followlnk.exp | 37 | ||||
-rwxr-xr-x | test/profiles/profile_noperm.exp | 13 | ||||
-rwxr-xr-x | test/profiles/profile_readonly.exp | 36 | ||||
-rwxr-xr-x | test/profiles/profiles.sh | 9 | ||||
-rw-r--r-- | test/profiles/readonly-lnk.profile | 2 | ||||
-rw-r--r-- | test/profiles/readonly.profile | 2 |
6 files changed, 99 insertions, 0 deletions
diff --git a/test/profiles/profile_followlnk.exp b/test/profiles/profile_followlnk.exp new file mode 100755 index 000000000..4d89de26b --- /dev/null +++ b/test/profiles/profile_followlnk.exp | |||
@@ -0,0 +1,37 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "mkdir /tmp/firejailtestdir\r" | ||
8 | send -- "ln -s /tmp/firejailtestdir /tmp/firejailtestdirlnk\r" | ||
9 | send -- "touch /tmp/firejailtestfile\r" | ||
10 | send -- "ln -s /tmp/firejailtestfile /tmp/firejailtestfilelnk\r" | ||
11 | sleep 1 | ||
12 | |||
13 | send -- "firejail --profile=readonly-lnk.profile\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 0\n";exit} | ||
16 | "Child process initialized" | ||
17 | } | ||
18 | |||
19 | send -- "ls > /tmp/firejailtestdirlnk/ttt\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "Read-only file system" | ||
23 | } | ||
24 | sleep 1 | ||
25 | |||
26 | send -- "ls > /tmp/firejailtestfilelnk;pwd\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 2\n";exit} | ||
29 | "Read-only file system" | ||
30 | } | ||
31 | sleep 1 | ||
32 | |||
33 | send -- "exit\r" | ||
34 | send -- "rm -fr /tmp/firejailtest*\r" | ||
35 | sleep 1 | ||
36 | |||
37 | puts "\nall done\n" | ||
diff --git a/test/profiles/profile_noperm.exp b/test/profiles/profile_noperm.exp new file mode 100755 index 000000000..25ec580bd --- /dev/null +++ b/test/profiles/profile_noperm.exp | |||
@@ -0,0 +1,13 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --profile=/etc/shadow\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "cannot access profile" | ||
11 | } | ||
12 | sleep 1 | ||
13 | puts "\nall done\n" | ||
diff --git a/test/profiles/profile_readonly.exp b/test/profiles/profile_readonly.exp new file mode 100755 index 000000000..e8e78d6ad --- /dev/null +++ b/test/profiles/profile_readonly.exp | |||
@@ -0,0 +1,36 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "mkdir /tmp/firejailtestdir\r" | ||
8 | send -- "touch /tmp/firejailtestfile\r" | ||
9 | sleep 1 | ||
10 | |||
11 | send -- "firejail --profile=readonly.profile\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 2 | ||
17 | |||
18 | send -- "ls > /tmp/firejailtestdir/ttt\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1\n";exit} | ||
21 | "Read-only file system" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | send -- "ls > /tmp/firejailtestfile\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 2\n";exit} | ||
28 | "Read-only file system" | ||
29 | } | ||
30 | send -- "exit\r" | ||
31 | sleep 1 | ||
32 | |||
33 | send -- "rm -fr /tmp/firejailtest*\r" | ||
34 | sleep 1 | ||
35 | |||
36 | puts "\nall done\n" | ||
diff --git a/test/profiles/profiles.sh b/test/profiles/profiles.sh index e3adc8a4f..ca0b9fb29 100755 --- a/test/profiles/profiles.sh +++ b/test/profiles/profiles.sh | |||
@@ -23,3 +23,12 @@ echo "TESTING: profile syntax 2 (test/profiles/profile_syntax2.exp)" | |||
23 | echo "TESTING: ignore command (test/profiles/ignore.exp)" | 23 | echo "TESTING: ignore command (test/profiles/ignore.exp)" |
24 | ./ignore.exp | 24 | ./ignore.exp |
25 | 25 | ||
26 | echo "TESTING: profile read-only (test/profiles/profile_readonly.exp)" | ||
27 | ./profile_readonly.exp | ||
28 | |||
29 | echo "TESTING: profile read-only links (test/profiles/profile_readonly.exp)" | ||
30 | ./profile_followlnk.exp | ||
31 | |||
32 | echo "TESTING: profile no permissions (test/profiles/profile_noperm.exp)" | ||
33 | ./profile_noperm.exp | ||
34 | |||
diff --git a/test/profiles/readonly-lnk.profile b/test/profiles/readonly-lnk.profile new file mode 100644 index 000000000..71ffb1a26 --- /dev/null +++ b/test/profiles/readonly-lnk.profile | |||
@@ -0,0 +1,2 @@ | |||
1 | read-only /tmp/firejailtestdirlnk | ||
2 | read-only /tmp/firejailtestfilelnk | ||
diff --git a/test/profiles/readonly.profile b/test/profiles/readonly.profile new file mode 100644 index 000000000..55d89e3d7 --- /dev/null +++ b/test/profiles/readonly.profile | |||
@@ -0,0 +1,2 @@ | |||
1 | read-only /tmp/firejailtestdir | ||
2 | read-only /tmp/firejailtestfile \ No newline at end of file | ||