summaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rwxr-xr-xtest/filters/noroot.exp44
-rwxr-xr-xtest/fs/fs.sh3
-rwxr-xr-xtest/fs/sys_fs.exp44
3 files changed, 69 insertions, 22 deletions
diff --git a/test/filters/noroot.exp b/test/filters/noroot.exp
index 2a7cb7975..b011f2bf9 100755
--- a/test/filters/noroot.exp
+++ b/test/filters/noroot.exp
@@ -46,20 +46,20 @@ expect {
46} 46}
47send -- "sudo -s\r" 47send -- "sudo -s\r"
48expect { 48expect {
49 timeout {puts "TESTING ERROR 8\n";exit} 49 timeout {puts "TESTING ERROR 7\n";exit}
50 "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} 50 "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
51 "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} 51 "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
52 "Bad system call" { puts "OK\n";} 52 "Bad system call" { puts "OK\n";}
53} 53}
54send -- "cat /proc/self/uid_map | wc -l\r" 54send -- "cat /proc/self/uid_map | wc -l\r"
55expect { 55expect {
56 timeout {puts "TESTING ERROR 7\n";exit} 56 timeout {puts "TESTING ERROR 8\n";exit}
57 "1" 57 "1"
58} 58}
59send -- "cat /proc/self/gid_map | wc -l\r" 59send -- "cat /proc/self/gid_map | wc -l\r"
60expect { 60expect {
61 timeout {puts "TESTING ERROR 8\n";exit} 61 timeout {puts "TESTING ERROR 9\n";exit}
62 "3" 62 "5"
63} 63}
64 64
65puts "\n" 65puts "\n"
@@ -70,59 +70,59 @@ sleep 2
70 70
71send -- "firejail --name=test --noroot --noprofile\r" 71send -- "firejail --name=test --noroot --noprofile\r"
72expect { 72expect {
73 timeout {puts "TESTING ERROR 9\n";exit} 73 timeout {puts "TESTING ERROR 10\n";exit}
74 "Child process initialized" 74 "Child process initialized"
75} 75}
76sleep 1 76sleep 1
77 77
78send -- "cat /proc/self/status\r" 78send -- "cat /proc/self/status\r"
79expect { 79expect {
80 timeout {puts "TESTING ERROR 10\n";exit} 80 timeout {puts "TESTING ERROR 11\n";exit}
81 "CapBnd:" 81 "CapBnd:"
82} 82}
83expect { 83expect {
84 timeout {puts "TESTING ERROR 11\n";exit} 84 timeout {puts "TESTING ERROR 12\n";exit}
85 "ffffffff" 85 "ffffffff"
86} 86}
87expect { 87expect {
88 timeout {puts "TESTING ERROR 12\n";exit} 88 timeout {puts "TESTING ERROR 13\n";exit}
89 "Seccomp:" 89 "Seccomp:"
90} 90}
91expect { 91expect {
92 timeout {puts "TESTING ERROR 13\n";exit} 92 timeout {puts "TESTING ERROR 14\n";exit}
93 "0" 93 "0"
94} 94}
95expect { 95expect {
96 timeout {puts "TESTING ERROR 14\n";exit} 96 timeout {puts "TESTING ERROR 15\n";exit}
97 "Cpus_allowed:" 97 "Cpus_allowed:"
98} 98}
99puts "\n" 99puts "\n"
100 100
101send -- "whoami\r" 101send -- "whoami\r"
102expect { 102expect {
103 timeout {puts "TESTING ERROR 15\n";exit} 103 timeout {puts "TESTING ERROR 16\n";exit}
104 $env(USER) 104 $env(USER)
105} 105}
106send -- "sudo -s\r" 106send -- "sudo -s\r"
107expect { 107expect {
108 timeout {puts "TESTING ERROR 16\n";exit} 108 timeout {puts "TESTING ERROR 17\n";exit}
109 "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} 109 "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
110 "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} 110 "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
111} 111}
112send -- "ping 0\r" 112send -- "ping 0\r"
113expect { 113expect {
114 timeout {puts "TESTING ERROR 17\n";exit} 114 timeout {puts "TESTING ERROR 18\n";exit}
115 "Operation not permitted" 115 "Operation not permitted"
116} 116}
117send -- "cat /proc/self/uid_map | wc -l\r" 117send -- "cat /proc/self/uid_map | wc -l\r"
118expect { 118expect {
119 timeout {puts "TESTING ERROR 18\n";exit} 119 timeout {puts "TESTING ERROR 19\n";exit}
120 "1" 120 "1"
121} 121}
122send -- "cat /proc/self/gid_map | wc -l\r" 122send -- "cat /proc/self/gid_map | wc -l\r"
123expect { 123expect {
124 timeout {puts "TESTING ERROR 19\n";exit} 124 timeout {puts "TESTING ERROR 20\n";exit}
125 "3" 125 "5"
126} 126}
127 127
128 128
@@ -130,31 +130,31 @@ expect {
130spawn $env(SHELL) 130spawn $env(SHELL)
131send -- "firejail --debug --join=test\r" 131send -- "firejail --debug --join=test\r"
132expect { 132expect {
133 timeout {puts "TESTING ERROR 20\n";exit} 133 timeout {puts "TESTING ERROR 21\n";exit}
134 "User namespace detected" 134 "User namespace detected"
135} 135}
136expect { 136expect {
137 timeout {puts "TESTING ERROR 21\n";exit} 137 timeout {puts "TESTING ERROR 22\n";exit}
138 "Joining user namespace" 138 "Joining user namespace"
139} 139}
140sleep 1 140sleep 1
141 141
142send -- "sudo -s\r" 142send -- "sudo -s\r"
143expect { 143expect {
144 timeout {puts "TESTING ERROR 22\n";exit} 144 timeout {puts "TESTING ERROR 23\n";exit}
145 "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} 145 "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
146 "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} 146 "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
147 "Permission denied" { puts "OK\n";} 147 "Permission denied" { puts "OK\n";}
148} 148}
149send -- "cat /proc/self/uid_map | wc -l\r" 149send -- "cat /proc/self/uid_map | wc -l\r"
150expect { 150expect {
151 timeout {puts "TESTING ERROR 23\n";exit} 151 timeout {puts "TESTING ERROR 24\n";exit}
152 "1" 152 "1"
153} 153}
154send -- "cat /proc/self/gid_map | wc -l\r" 154send -- "cat /proc/self/gid_map | wc -l\r"
155expect { 155expect {
156 timeout {puts "TESTING ERROR 24\n";exit} 156 timeout {puts "TESTING ERROR 25\n";exit}
157 "3" 157 "5"
158} 158}
159after 100 159after 100
160puts "\nall done\n" 160puts "\nall done\n"
diff --git a/test/fs/fs.sh b/test/fs/fs.sh
index d45ef48bd..3139b8eae 100755
--- a/test/fs/fs.sh
+++ b/test/fs/fs.sh
@@ -6,6 +6,9 @@
6export MALLOC_CHECK_=3 6export MALLOC_CHECK_=3
7export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) 7export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
8 8
9echo "TESTING: /sys/fs access (test/fs/sys_fs.exp)"
10./sys_fs.exp
11
9echo "TESTING: kmsg access (test/fs/kmsg.exp)" 12echo "TESTING: kmsg access (test/fs/kmsg.exp)"
10./kmsg.exp 13./kmsg.exp
11 14
diff --git a/test/fs/sys_fs.exp b/test/fs/sys_fs.exp
new file mode 100755
index 000000000..f512776d9
--- /dev/null
+++ b/test/fs/sys_fs.exp
@@ -0,0 +1,44 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2016 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail\r"
11expect {
12 timeout {puts "TESTING ERROR 1\n";exit}
13 "Child process initialized"
14}
15sleep 1
16
17send -- "ls /sys/fs\r"
18expect {
19 timeout {puts "TESTING ERROR 2\n";exit}
20 "Permission denied"
21}
22after 100
23
24send -- "exit\r"
25sleep 1
26
27send -- "firejail --noblacklist=/sys/fs\r"
28expect {
29 timeout {puts "TESTING ERROR 1\n";exit}
30 "Child process initialized"
31}
32sleep 1
33
34send -- "ls /sys/fs\r"
35expect {
36 timeout {puts "TESTING ERROR 2\n";exit}
37 "cgroup"
38}
39after 100
40send -- "exit\r"
41after 100
42
43puts "\nall done\n"
44
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-19 23:33:19 +0000