diff options
Diffstat (limited to 'test/seccomp-extra')
-rwxr-xr-x | test/seccomp-extra/block-secondary.exp | 43 | ||||
-rw-r--r-- | test/seccomp-extra/block-secondary.profile | 1 | ||||
-rwxr-xr-x | test/seccomp-extra/memwrexe | bin | 0 -> 14472 bytes | |||
-rw-r--r-- | test/seccomp-extra/memwrexe.c | 105 | ||||
-rwxr-xr-x | test/seccomp-extra/mrwx.exp | 37 | ||||
-rw-r--r-- | test/seccomp-extra/mrwx.profile | 1 | ||||
-rwxr-xr-x | test/seccomp-extra/mrwx2.exp | 46 | ||||
-rwxr-xr-x | test/seccomp-extra/noroot.exp | 136 | ||||
-rwxr-xr-x | test/seccomp-extra/protocol-print.exp | 59 | ||||
-rwxr-xr-x | test/seccomp-extra/protocol.exp | 87 | ||||
-rw-r--r-- | test/seccomp-extra/protocol1.profile | 1 | ||||
-rw-r--r-- | test/seccomp-extra/protocol2.profile | 1 | ||||
-rwxr-xr-x | test/seccomp-extra/seccomp-extra.sh | 26 |
13 files changed, 543 insertions, 0 deletions
diff --git a/test/seccomp-extra/block-secondary.exp b/test/seccomp-extra/block-secondary.exp new file mode 100755 index 000000000..1db512126 --- /dev/null +++ b/test/seccomp-extra/block-secondary.exp | |||
@@ -0,0 +1,43 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2023 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | |||
11 | # 64 bit architecture - seccomp.block-secondary | ||
12 | send -- "firejail --debug --seccomp.block-secondary pwd\r" | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 1\n";exit} | ||
15 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 2\n";exit} | ||
16 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
17 | } | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 3\n";exit} | ||
20 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 4\n";exit} | ||
21 | "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 5\n";exit} | ||
25 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 6\n";exit} | ||
26 | "Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter" | ||
27 | } | ||
28 | after 500 | ||
29 | |||
30 | # 64 bit architecture - seccomp.block-secondary, profile | ||
31 | send -- "firejail --debug --profile=block-secondary.profile pwd\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 7\n";exit} | ||
34 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 8\n";exit} | ||
35 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
36 | } | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 9\n";exit} | ||
39 | "Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter" {puts "TESTING ERROR 10\n";exit} | ||
40 | "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" | ||
41 | } | ||
42 | after 500 | ||
43 | puts "all done\n" | ||
diff --git a/test/seccomp-extra/block-secondary.profile b/test/seccomp-extra/block-secondary.profile new file mode 100644 index 000000000..e32056c3d --- /dev/null +++ b/test/seccomp-extra/block-secondary.profile | |||
@@ -0,0 +1 @@ | |||
seccomp.block-secondary | |||
diff --git a/test/seccomp-extra/memwrexe b/test/seccomp-extra/memwrexe new file mode 100755 index 000000000..82ea7631f --- /dev/null +++ b/test/seccomp-extra/memwrexe | |||
Binary files differ | |||
diff --git a/test/seccomp-extra/memwrexe.c b/test/seccomp-extra/memwrexe.c new file mode 100644 index 000000000..548320df9 --- /dev/null +++ b/test/seccomp-extra/memwrexe.c | |||
@@ -0,0 +1,105 @@ | |||
1 | // This file is part of Firejail project | ||
2 | // Copyright (C) 2014-2023 Firejail Authors | ||
3 | // License GPL v2 | ||
4 | |||
5 | #include <stdio.h> | ||
6 | #include <stdlib.h> | ||
7 | #include <string.h> | ||
8 | #include <unistd.h> | ||
9 | #include <sys/types.h> | ||
10 | #include <sys/stat.h> | ||
11 | #include <fcntl.h> | ||
12 | #include <sys/mman.h> | ||
13 | #include <sys/syscall.h> | ||
14 | |||
15 | static void usage(void) { | ||
16 | printf("memwrexe options\n"); | ||
17 | printf("where options is:\n"); | ||
18 | printf("\tmmap - mmap test\n"); | ||
19 | printf("\tmprotect - mprotect test\n"); | ||
20 | printf("\tmemfd_create - memfd_create test\n"); | ||
21 | } | ||
22 | |||
23 | int main(int argc, char **argv) { | ||
24 | if (argc != 2) { | ||
25 | fprintf(stderr, "TESTING ERROR: memwrexe insufficient params\n"); | ||
26 | usage(); | ||
27 | return 1; | ||
28 | } | ||
29 | |||
30 | if (strcmp(argv[1], "mmap") == 0) { | ||
31 | // open some file | ||
32 | int fd = open("memwrexe.c", O_RDONLY); | ||
33 | if (fd == -1) { | ||
34 | fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n"); | ||
35 | return 1; | ||
36 | } | ||
37 | |||
38 | int size = lseek(fd, 0, SEEK_END); | ||
39 | if (size == -1) { | ||
40 | fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n"); | ||
41 | return 1; | ||
42 | } | ||
43 | |||
44 | void *p = mmap (0, size, PROT_WRITE|PROT_READ|PROT_EXEC, MAP_SHARED, fd, 0); | ||
45 | if (p == MAP_FAILED) { | ||
46 | printf("mmap failed\n"); | ||
47 | return 0; | ||
48 | } | ||
49 | |||
50 | printf("mmap successful\n"); | ||
51 | |||
52 | // wait for expect to timeout | ||
53 | sleep(100); | ||
54 | |||
55 | return 0; | ||
56 | } | ||
57 | |||
58 | else if (strcmp(argv[1], "mprotect") == 0) { | ||
59 | // open some file | ||
60 | int fd = open("memwrexe.c", O_RDWR); | ||
61 | if (fd == -1) { | ||
62 | fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n"); | ||
63 | return 1; | ||
64 | } | ||
65 | |||
66 | int size = lseek(fd, 0, SEEK_END); | ||
67 | if (size == -1) { | ||
68 | fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n"); | ||
69 | return 1; | ||
70 | } | ||
71 | |||
72 | void *p = mmap (0, size, PROT_READ, MAP_SHARED, fd, 0); | ||
73 | if (p == MAP_FAILED) { | ||
74 | fprintf(stderr, "TESTING ERROR: cannot map file for mprotect test\n"); | ||
75 | return 1; | ||
76 | } | ||
77 | |||
78 | int rv = mprotect(p, size, PROT_READ|PROT_WRITE|PROT_EXEC); | ||
79 | if (rv) { | ||
80 | printf("mprotect failed\n"); | ||
81 | return 1; | ||
82 | } | ||
83 | |||
84 | printf("mprotect successful\n"); | ||
85 | |||
86 | // wait for expect to timeout | ||
87 | sleep(100); | ||
88 | |||
89 | return 0; | ||
90 | } | ||
91 | |||
92 | else if (strcmp(argv[1], "memfd_create") == 0) { | ||
93 | int fd = syscall(SYS_memfd_create, "memfd_create", 0); | ||
94 | if (fd == -1) { | ||
95 | printf("memfd_create failed\n"); | ||
96 | return 1; | ||
97 | } | ||
98 | printf("memfd_create successful\n"); | ||
99 | |||
100 | // wait for expect to timeout | ||
101 | sleep(100); | ||
102 | |||
103 | return 0; | ||
104 | } | ||
105 | } | ||
diff --git a/test/seccomp-extra/mrwx.exp b/test/seccomp-extra/mrwx.exp new file mode 100755 index 000000000..403bc852f --- /dev/null +++ b/test/seccomp-extra/mrwx.exp | |||
@@ -0,0 +1,37 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2023 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | |||
11 | |||
12 | # memory-deny-write-execute | ||
13 | send -- "firejail --debug --memory-deny-write-execute pwd\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 1\n";exit} | ||
16 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
17 | } | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 2\n";exit} | ||
20 | "Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter" | ||
21 | } | ||
22 | after 500 | ||
23 | |||
24 | send -- "firejail --debug --profile=mrwx.profile pwd\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 3\n";exit} | ||
27 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 4\n";exit} | ||
31 | "Installing /run/firejail/mnt/seccomp/seccomp.mdwx seccomp filter" | ||
32 | } | ||
33 | after 500 | ||
34 | |||
35 | |||
36 | after 500 | ||
37 | puts "all done\n" | ||
diff --git a/test/seccomp-extra/mrwx.profile b/test/seccomp-extra/mrwx.profile new file mode 100644 index 000000000..46d6cedee --- /dev/null +++ b/test/seccomp-extra/mrwx.profile | |||
@@ -0,0 +1 @@ | |||
memory-deny-write-execute | |||
diff --git a/test/seccomp-extra/mrwx2.exp b/test/seccomp-extra/mrwx2.exp new file mode 100755 index 000000000..4703a4014 --- /dev/null +++ b/test/seccomp-extra/mrwx2.exp | |||
@@ -0,0 +1,46 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2023 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --memory-deny-write-execute ./memwrexe mmap\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "mmap successful" {puts "TESTING ERROR 2\n";exit} | ||
18 | "Parent is shutting down" | ||
19 | } | ||
20 | after 500 | ||
21 | |||
22 | send -- "firejail --memory-deny-write-execute ./memwrexe mprotect\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 10\n";exit} | ||
25 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 11\n";exit} | ||
29 | "mprotect successful" {puts "TESTING ERROR 12\n";exit} | ||
30 | "Parent is shutting down" | ||
31 | } | ||
32 | after 500 | ||
33 | |||
34 | send -- "firejail --memory-deny-write-execute ./memwrexe memfd_create\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 20\n";exit} | ||
37 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
38 | } | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 21\n";exit} | ||
41 | "memfd_create successful" {puts "TESTING ERROR 22\n";exit} | ||
42 | "Parent is shutting down" | ||
43 | } | ||
44 | |||
45 | after 500 | ||
46 | puts "\nall done\n" | ||
diff --git a/test/seccomp-extra/noroot.exp b/test/seccomp-extra/noroot.exp new file mode 100755 index 000000000..eeb82833e --- /dev/null +++ b/test/seccomp-extra/noroot.exp | |||
@@ -0,0 +1,136 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2023 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --noroot --noprofile\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | # check seccomp disabled and all caps enabled | ||
18 | send -- "cat /proc/self/status\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "CapBnd:" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | "ffffffff" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 4\n";exit} | ||
29 | "Seccomp:" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 5\n";exit} | ||
33 | "0" | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 6\n";exit} | ||
37 | "Cpus_allowed:" | ||
38 | } | ||
39 | puts "\n" | ||
40 | |||
41 | send -- "whoami\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 7\n";exit} | ||
44 | $env(USER) | ||
45 | } | ||
46 | send -- "sudo -s\r" | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 8\n";exit} | ||
49 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | ||
50 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
51 | } | ||
52 | |||
53 | send -- "sudo su -\r" | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 9\n";exit} | ||
56 | "effective uid is not 0" {puts "OK\n"} | ||
57 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
58 | } | ||
59 | |||
60 | send -- "sudo ls\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 10\n";exit} | ||
63 | "effective uid is not 0" {puts "OK\n"} | ||
64 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
65 | } | ||
66 | |||
67 | send -- "cat /proc/self/uid_map | wc -l\r" | ||
68 | expect { | ||
69 | timeout {puts "TESTING ERROR 11\n";exit} | ||
70 | "1" | ||
71 | } | ||
72 | send -- "cat /proc/self/gid_map | wc -l\r" | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 12\n";exit} | ||
75 | "9" | ||
76 | } | ||
77 | |||
78 | |||
79 | |||
80 | spawn $env(SHELL) | ||
81 | send -- "firejail --debug --join=test\r" | ||
82 | expect { | ||
83 | timeout {puts "TESTING ERROR 13\n";exit} | ||
84 | "Joining user namespace" | ||
85 | } | ||
86 | expect { | ||
87 | timeout {puts "TESTING ERROR 14\n";exit} | ||
88 | "Child process initialized" | ||
89 | } | ||
90 | sleep 1 | ||
91 | |||
92 | send -- "sudo -s\r" | ||
93 | expect { | ||
94 | timeout {puts "TESTING ERROR 15\n";exit} | ||
95 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | ||
96 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
97 | "Permission denied" { puts "OK\n";} | ||
98 | } | ||
99 | send -- "cat /proc/self/uid_map | wc -l\r" | ||
100 | expect { | ||
101 | timeout {puts "TESTING ERROR 16\n";exit} | ||
102 | "1" | ||
103 | } | ||
104 | send -- "cat /proc/self/gid_map | wc -l\r" | ||
105 | expect { | ||
106 | timeout {puts "TESTING ERROR 17\n";exit} | ||
107 | "9" | ||
108 | } | ||
109 | |||
110 | # check seccomp disabled and all caps enabled | ||
111 | send -- "cat /proc/self/status\r" | ||
112 | expect { | ||
113 | timeout {puts "TESTING ERROR 18\n";exit} | ||
114 | "CapBnd:" | ||
115 | } | ||
116 | expect { | ||
117 | timeout {puts "TESTING ERROR 19\n";exit} | ||
118 | "ffffffff" | ||
119 | } | ||
120 | expect { | ||
121 | timeout {puts "TESTING ERROR 20\n";exit} | ||
122 | "Seccomp:" | ||
123 | } | ||
124 | expect { | ||
125 | timeout {puts "TESTING ERROR 21\n";exit} | ||
126 | "0" | ||
127 | } | ||
128 | expect { | ||
129 | timeout {puts "TESTING ERROR 22\n";exit} | ||
130 | "Cpus_allowed:" | ||
131 | } | ||
132 | puts "\n" | ||
133 | |||
134 | |||
135 | after 500 | ||
136 | puts "\nall done\n" | ||
diff --git a/test/seccomp-extra/protocol-print.exp b/test/seccomp-extra/protocol-print.exp new file mode 100755 index 000000000..7e76e6ff6 --- /dev/null +++ b/test/seccomp-extra/protocol-print.exp | |||
@@ -0,0 +1,59 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2023 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test0\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
14 | } | ||
15 | sleep 2 | ||
16 | |||
17 | |||
18 | spawn $env(SHELL) | ||
19 | send -- "firejail --name=test1 --profile=protocol1.profile\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
23 | } | ||
24 | sleep 2 | ||
25 | |||
26 | spawn $env(SHELL) | ||
27 | send -- "firejail --name=test2 --profile=protocol2.profile\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 2\n";exit} | ||
30 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
31 | } | ||
32 | sleep 2 | ||
33 | |||
34 | spawn $env(SHELL) | ||
35 | send -- "firejail --protocol.print=test0\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 3\n";exit} | ||
38 | "packet" {puts "TESTING ERROR 4\n";exit} | ||
39 | "unix,inet,inet6" | ||
40 | } | ||
41 | after 500 | ||
42 | |||
43 | send -- "firejail --protocol.print=test1\r" | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 5\n";exit} | ||
46 | "inet" {puts "TESTING ERROR 6\n";exit} | ||
47 | "unix" | ||
48 | } | ||
49 | after 500 | ||
50 | |||
51 | send -- "firejail --protocol.print=test2\r" | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 7\n";exit} | ||
54 | "unix" {puts "TESTING ERROR 8\n";exit} | ||
55 | "inet6,packet" | ||
56 | } | ||
57 | after 500 | ||
58 | |||
59 | puts "\nall done\n" | ||
diff --git a/test/seccomp-extra/protocol.exp b/test/seccomp-extra/protocol.exp new file mode 100755 index 000000000..5844e1de3 --- /dev/null +++ b/test/seccomp-extra/protocol.exp | |||
@@ -0,0 +1,87 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2023 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --noprofile --protocol=unix --debug pwd\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "0009: 20 00 00 00000000" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 2\n";exit} | ||
17 | "000f: 20 00 00 00000010" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3\n";exit} | ||
21 | "0010: 15 00 01 00000001" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 4\n";exit} | ||
25 | "0011: 06 00 00 7fff0000" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 5\n";exit} | ||
29 | "0012: 06 00 00 0005005f" | ||
30 | } | ||
31 | |||
32 | after 500 | ||
33 | |||
34 | send -- "firejail --noprofile --protocol=bluetooth --debug pwd\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 11\n";exit} | ||
37 | "0009: 20 00 00 00000000" | ||
38 | } | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 12\n";exit} | ||
41 | "000f: 20 00 00 00000010" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 13\n";exit} | ||
45 | "0010: 15 00 01 0000001f" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 14\n";exit} | ||
49 | "0011: 06 00 00 7fff0000" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR1 5\n";exit} | ||
53 | "0012: 06 00 00 0005005f" | ||
54 | } | ||
55 | after 500 | ||
56 | |||
57 | send -- "firejail --noprofile --protocol=inet,inet6 --debug pwd\r" | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 31\n";exit} | ||
60 | "0009: 20 00 00 00000000" | ||
61 | } | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 32\n";exit} | ||
64 | "000f: 20 00 00 00000010" | ||
65 | } | ||
66 | expect { | ||
67 | timeout {puts "TESTING ERROR 33\n";exit} | ||
68 | "0010: 15 00 01 00000002" | ||
69 | } | ||
70 | expect { | ||
71 | timeout {puts "TESTING ERROR 34\n";exit} | ||
72 | "0011: 06 00 00 7fff0000" | ||
73 | } | ||
74 | expect { | ||
75 | timeout {puts "TESTING ERROR1 35\n";exit} | ||
76 | "0012: 15 00 01 0000000a" | ||
77 | } | ||
78 | expect { | ||
79 | timeout {puts "TESTING ERROR 36\n";exit} | ||
80 | "0013: 06 00 00 7fff0000" | ||
81 | } | ||
82 | expect { | ||
83 | timeout {puts "TESTING ERROR 37\n";exit} | ||
84 | "0014: 06 00 00 0005005f" | ||
85 | } | ||
86 | after 500 | ||
87 | puts "\nall done\n" | ||
diff --git a/test/seccomp-extra/protocol1.profile b/test/seccomp-extra/protocol1.profile new file mode 100644 index 000000000..3e1ea2a29 --- /dev/null +++ b/test/seccomp-extra/protocol1.profile | |||
@@ -0,0 +1 @@ | |||
protocol unix | |||
diff --git a/test/seccomp-extra/protocol2.profile b/test/seccomp-extra/protocol2.profile new file mode 100644 index 000000000..b7eb4ab91 --- /dev/null +++ b/test/seccomp-extra/protocol2.profile | |||
@@ -0,0 +1 @@ | |||
protocol inet6,packet | |||
diff --git a/test/seccomp-extra/seccomp-extra.sh b/test/seccomp-extra/seccomp-extra.sh new file mode 100755 index 000000000..50852f7e0 --- /dev/null +++ b/test/seccomp-extra/seccomp-extra.sh | |||
@@ -0,0 +1,26 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2023 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | export LC_ALL=C | ||
9 | |||
10 | echo "TESTING: protocol (test/seccomp-extras/protocol-print.exp)" | ||
11 | ./protocol.exp | ||
12 | |||
13 | echo "TESTING: protocol.print (test/seccomp-extras/protocol-print.exp)" | ||
14 | ./protocol-print.exp | ||
15 | |||
16 | echo "TESTING: noroot (test/seccomp-extras/noroot.exp)" | ||
17 | ./noroot.exp | ||
18 | |||
19 | echo "TESTING: mrwx (test/seccomp-extras/mrwx.exp)" | ||
20 | ./mrwx.exp | ||
21 | |||
22 | echo "TESTING: mrwx2 (test/seccomp-extras/mrwx.exp)" | ||
23 | ./mrwx2.exp | ||
24 | |||
25 | echo "TESTING: block-secondary (test/seccomp-extras/block-secondary.exp)" | ||
26 | ./block-secondary.exp | ||