diff options
Diffstat (limited to 'test')
-rwxr-xr-x | test/filters/noroot.exp | 44 | ||||
-rwxr-xr-x | test/fs/fs.sh | 3 | ||||
-rwxr-xr-x | test/fs/sys_fs.exp | 44 |
3 files changed, 69 insertions, 22 deletions
diff --git a/test/filters/noroot.exp b/test/filters/noroot.exp index 2a7cb7975..b011f2bf9 100755 --- a/test/filters/noroot.exp +++ b/test/filters/noroot.exp | |||
@@ -46,20 +46,20 @@ expect { | |||
46 | } | 46 | } |
47 | send -- "sudo -s\r" | 47 | send -- "sudo -s\r" |
48 | expect { | 48 | expect { |
49 | timeout {puts "TESTING ERROR 8\n";exit} | 49 | timeout {puts "TESTING ERROR 7\n";exit} |
50 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | 50 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} |
51 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | 51 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} |
52 | "Bad system call" { puts "OK\n";} | 52 | "Bad system call" { puts "OK\n";} |
53 | } | 53 | } |
54 | send -- "cat /proc/self/uid_map | wc -l\r" | 54 | send -- "cat /proc/self/uid_map | wc -l\r" |
55 | expect { | 55 | expect { |
56 | timeout {puts "TESTING ERROR 7\n";exit} | 56 | timeout {puts "TESTING ERROR 8\n";exit} |
57 | "1" | 57 | "1" |
58 | } | 58 | } |
59 | send -- "cat /proc/self/gid_map | wc -l\r" | 59 | send -- "cat /proc/self/gid_map | wc -l\r" |
60 | expect { | 60 | expect { |
61 | timeout {puts "TESTING ERROR 8\n";exit} | 61 | timeout {puts "TESTING ERROR 9\n";exit} |
62 | "3" | 62 | "5" |
63 | } | 63 | } |
64 | 64 | ||
65 | puts "\n" | 65 | puts "\n" |
@@ -70,59 +70,59 @@ sleep 2 | |||
70 | 70 | ||
71 | send -- "firejail --name=test --noroot --noprofile\r" | 71 | send -- "firejail --name=test --noroot --noprofile\r" |
72 | expect { | 72 | expect { |
73 | timeout {puts "TESTING ERROR 9\n";exit} | 73 | timeout {puts "TESTING ERROR 10\n";exit} |
74 | "Child process initialized" | 74 | "Child process initialized" |
75 | } | 75 | } |
76 | sleep 1 | 76 | sleep 1 |
77 | 77 | ||
78 | send -- "cat /proc/self/status\r" | 78 | send -- "cat /proc/self/status\r" |
79 | expect { | 79 | expect { |
80 | timeout {puts "TESTING ERROR 10\n";exit} | 80 | timeout {puts "TESTING ERROR 11\n";exit} |
81 | "CapBnd:" | 81 | "CapBnd:" |
82 | } | 82 | } |
83 | expect { | 83 | expect { |
84 | timeout {puts "TESTING ERROR 11\n";exit} | 84 | timeout {puts "TESTING ERROR 12\n";exit} |
85 | "ffffffff" | 85 | "ffffffff" |
86 | } | 86 | } |
87 | expect { | 87 | expect { |
88 | timeout {puts "TESTING ERROR 12\n";exit} | 88 | timeout {puts "TESTING ERROR 13\n";exit} |
89 | "Seccomp:" | 89 | "Seccomp:" |
90 | } | 90 | } |
91 | expect { | 91 | expect { |
92 | timeout {puts "TESTING ERROR 13\n";exit} | 92 | timeout {puts "TESTING ERROR 14\n";exit} |
93 | "0" | 93 | "0" |
94 | } | 94 | } |
95 | expect { | 95 | expect { |
96 | timeout {puts "TESTING ERROR 14\n";exit} | 96 | timeout {puts "TESTING ERROR 15\n";exit} |
97 | "Cpus_allowed:" | 97 | "Cpus_allowed:" |
98 | } | 98 | } |
99 | puts "\n" | 99 | puts "\n" |
100 | 100 | ||
101 | send -- "whoami\r" | 101 | send -- "whoami\r" |
102 | expect { | 102 | expect { |
103 | timeout {puts "TESTING ERROR 15\n";exit} | 103 | timeout {puts "TESTING ERROR 16\n";exit} |
104 | $env(USER) | 104 | $env(USER) |
105 | } | 105 | } |
106 | send -- "sudo -s\r" | 106 | send -- "sudo -s\r" |
107 | expect { | 107 | expect { |
108 | timeout {puts "TESTING ERROR 16\n";exit} | 108 | timeout {puts "TESTING ERROR 17\n";exit} |
109 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | 109 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} |
110 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | 110 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} |
111 | } | 111 | } |
112 | send -- "ping 0\r" | 112 | send -- "ping 0\r" |
113 | expect { | 113 | expect { |
114 | timeout {puts "TESTING ERROR 17\n";exit} | 114 | timeout {puts "TESTING ERROR 18\n";exit} |
115 | "Operation not permitted" | 115 | "Operation not permitted" |
116 | } | 116 | } |
117 | send -- "cat /proc/self/uid_map | wc -l\r" | 117 | send -- "cat /proc/self/uid_map | wc -l\r" |
118 | expect { | 118 | expect { |
119 | timeout {puts "TESTING ERROR 18\n";exit} | 119 | timeout {puts "TESTING ERROR 19\n";exit} |
120 | "1" | 120 | "1" |
121 | } | 121 | } |
122 | send -- "cat /proc/self/gid_map | wc -l\r" | 122 | send -- "cat /proc/self/gid_map | wc -l\r" |
123 | expect { | 123 | expect { |
124 | timeout {puts "TESTING ERROR 19\n";exit} | 124 | timeout {puts "TESTING ERROR 20\n";exit} |
125 | "3" | 125 | "5" |
126 | } | 126 | } |
127 | 127 | ||
128 | 128 | ||
@@ -130,31 +130,31 @@ expect { | |||
130 | spawn $env(SHELL) | 130 | spawn $env(SHELL) |
131 | send -- "firejail --debug --join=test\r" | 131 | send -- "firejail --debug --join=test\r" |
132 | expect { | 132 | expect { |
133 | timeout {puts "TESTING ERROR 20\n";exit} | 133 | timeout {puts "TESTING ERROR 21\n";exit} |
134 | "User namespace detected" | 134 | "User namespace detected" |
135 | } | 135 | } |
136 | expect { | 136 | expect { |
137 | timeout {puts "TESTING ERROR 21\n";exit} | 137 | timeout {puts "TESTING ERROR 22\n";exit} |
138 | "Joining user namespace" | 138 | "Joining user namespace" |
139 | } | 139 | } |
140 | sleep 1 | 140 | sleep 1 |
141 | 141 | ||
142 | send -- "sudo -s\r" | 142 | send -- "sudo -s\r" |
143 | expect { | 143 | expect { |
144 | timeout {puts "TESTING ERROR 22\n";exit} | 144 | timeout {puts "TESTING ERROR 23\n";exit} |
145 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | 145 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} |
146 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | 146 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} |
147 | "Permission denied" { puts "OK\n";} | 147 | "Permission denied" { puts "OK\n";} |
148 | } | 148 | } |
149 | send -- "cat /proc/self/uid_map | wc -l\r" | 149 | send -- "cat /proc/self/uid_map | wc -l\r" |
150 | expect { | 150 | expect { |
151 | timeout {puts "TESTING ERROR 23\n";exit} | 151 | timeout {puts "TESTING ERROR 24\n";exit} |
152 | "1" | 152 | "1" |
153 | } | 153 | } |
154 | send -- "cat /proc/self/gid_map | wc -l\r" | 154 | send -- "cat /proc/self/gid_map | wc -l\r" |
155 | expect { | 155 | expect { |
156 | timeout {puts "TESTING ERROR 24\n";exit} | 156 | timeout {puts "TESTING ERROR 25\n";exit} |
157 | "3" | 157 | "5" |
158 | } | 158 | } |
159 | after 100 | 159 | after 100 |
160 | puts "\nall done\n" | 160 | puts "\nall done\n" |
diff --git a/test/fs/fs.sh b/test/fs/fs.sh index d45ef48bd..3139b8eae 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh | |||
@@ -6,6 +6,9 @@ | |||
6 | export MALLOC_CHECK_=3 | 6 | export MALLOC_CHECK_=3 |
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | 7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) |
8 | 8 | ||
9 | echo "TESTING: /sys/fs access (test/fs/sys_fs.exp)" | ||
10 | ./sys_fs.exp | ||
11 | |||
9 | echo "TESTING: kmsg access (test/fs/kmsg.exp)" | 12 | echo "TESTING: kmsg access (test/fs/kmsg.exp)" |
10 | ./kmsg.exp | 13 | ./kmsg.exp |
11 | 14 | ||
diff --git a/test/fs/sys_fs.exp b/test/fs/sys_fs.exp new file mode 100755 index 000000000..f512776d9 --- /dev/null +++ b/test/fs/sys_fs.exp | |||
@@ -0,0 +1,44 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "ls /sys/fs\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 2\n";exit} | ||
20 | "Permission denied" | ||
21 | } | ||
22 | after 100 | ||
23 | |||
24 | send -- "exit\r" | ||
25 | sleep 1 | ||
26 | |||
27 | send -- "firejail --noblacklist=/sys/fs\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 1\n";exit} | ||
30 | "Child process initialized" | ||
31 | } | ||
32 | sleep 1 | ||
33 | |||
34 | send -- "ls /sys/fs\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 2\n";exit} | ||
37 | "cgroup" | ||
38 | } | ||
39 | after 100 | ||
40 | send -- "exit\r" | ||
41 | after 100 | ||
42 | |||
43 | puts "\nall done\n" | ||
44 | |||