diff options
Diffstat (limited to 'test')
-rw-r--r-- | test/Makefile.in | 10 | ||||
-rwxr-xr-x | test/appimage/appimage-args.exp | 4 | ||||
-rwxr-xr-x | test/appimage/appimage-v1.exp | 4 | ||||
-rwxr-xr-x | test/apps-x11-xorg/apps-x11-xorg.sh | 9 | ||||
-rwxr-xr-x | test/apps-x11-xorg/firefox.exp | 4 | ||||
-rwxr-xr-x | test/apps-x11-xorg/thunderbird.exp | 4 | ||||
-rwxr-xr-x | test/apps-x11-xorg/transmission-gtk.exp | 4 | ||||
-rwxr-xr-x | test/apps-x11-xorg/transmission-qt.exp | 85 | ||||
-rwxr-xr-x | test/compile/compile.sh | 43 | ||||
-rwxr-xr-x | test/filters/seccomp-chmod-profile.exp | 2 | ||||
-rwxr-xr-x | test/filters/seccomp-chmod.exp | 2 | ||||
-rwxr-xr-x | test/filters/seccomp-run-files.exp | 4 | ||||
-rwxr-xr-x | test/fs/fscheck-tmpfs.exp | 43 | ||||
-rwxr-xr-x | test/fs/mkdir.exp | 36 | ||||
-rwxr-xr-x | test/profiles/profiles.sh | 13 | ||||
-rwxr-xr-x | test/sysutils/less.exp | 1 | ||||
-rwxr-xr-x | test/sysutils/xz.exp | 5 | ||||
-rwxr-xr-x | test/utils/join5.exp | 46 | ||||
-rw-r--r-- | test/utils/join5.profile | 4 | ||||
-rwxr-xr-x | test/utils/man.exp | 1 | ||||
-rwxr-xr-x | test/utils/utils.sh | 5 |
21 files changed, 270 insertions, 59 deletions
diff --git a/test/Makefile.in b/test/Makefile.in new file mode 100644 index 000000000..ef1ca73bc --- /dev/null +++ b/test/Makefile.in | |||
@@ -0,0 +1,10 @@ | |||
1 | TESTS=$(patsubst %/,%,$(wildcard */)) | ||
2 | |||
3 | .PHONY: $(TESTS) | ||
4 | |||
5 | $(TESTS): | ||
6 | cd $@ && ./$@.sh 2>&1 | tee $@.log | ||
7 | cd $@ && grep -a TESTING $@.log && grep -a -L "TESTING ERROR" $@.log | ||
8 | |||
9 | clean: | ||
10 | for test in $(TESTS); do rm -f "$$test/$$test.log"; done | ||
diff --git a/test/appimage/appimage-args.exp b/test/appimage/appimage-args.exp index 03c7218ac..cee01d509 100755 --- a/test/appimage/appimage-args.exp +++ b/test/appimage/appimage-args.exp | |||
@@ -56,7 +56,7 @@ expect { | |||
56 | sleep 2 | 56 | sleep 2 |
57 | 57 | ||
58 | spawn $env(SHELL) | 58 | spawn $env(SHELL) |
59 | send -- "firemon --seccomp --nowrap\r" | 59 | send -- "firemon --seccomp --wrap\r" |
60 | expect { | 60 | expect { |
61 | timeout {puts "TESTING ERROR 8\n";exit} | 61 | timeout {puts "TESTING ERROR 8\n";exit} |
62 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | 62 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} |
@@ -71,7 +71,7 @@ expect { | |||
71 | "name=blablabla" | 71 | "name=blablabla" |
72 | } | 72 | } |
73 | after 100 | 73 | after 100 |
74 | send -- "firemon --caps --nowrap\r" | 74 | send -- "firemon --caps --wrap\r" |
75 | expect { | 75 | expect { |
76 | timeout {puts "TESTING ERROR 11\n";exit} | 76 | timeout {puts "TESTING ERROR 11\n";exit} |
77 | "appimage Leafpad" | 77 | "appimage Leafpad" |
diff --git a/test/appimage/appimage-v1.exp b/test/appimage/appimage-v1.exp index 7b6fa2120..80e228145 100755 --- a/test/appimage/appimage-v1.exp +++ b/test/appimage/appimage-v1.exp | |||
@@ -44,7 +44,7 @@ expect { | |||
44 | sleep 2 | 44 | sleep 2 |
45 | 45 | ||
46 | spawn $env(SHELL) | 46 | spawn $env(SHELL) |
47 | send -- "firemon --seccomp --nowrap\r" | 47 | send -- "firemon --seccomp --wrap\r" |
48 | expect { | 48 | expect { |
49 | timeout {puts "TESTING ERROR 5\n";exit} | 49 | timeout {puts "TESTING ERROR 5\n";exit} |
50 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | 50 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} |
@@ -59,7 +59,7 @@ expect { | |||
59 | "name=blablabla" | 59 | "name=blablabla" |
60 | } | 60 | } |
61 | after 100 | 61 | after 100 |
62 | send -- "firemon --caps --nowrap\r" | 62 | send -- "firemon --caps --wrap\r" |
63 | expect { | 63 | expect { |
64 | timeout {puts "TESTING ERROR 6\n";exit} | 64 | timeout {puts "TESTING ERROR 6\n";exit} |
65 | "appimage Leafpad" | 65 | "appimage Leafpad" |
diff --git a/test/apps-x11-xorg/apps-x11-xorg.sh b/test/apps-x11-xorg/apps-x11-xorg.sh index 843fdc50b..568dee85d 100755 --- a/test/apps-x11-xorg/apps-x11-xorg.sh +++ b/test/apps-x11-xorg/apps-x11-xorg.sh | |||
@@ -25,6 +25,15 @@ else | |||
25 | echo "TESTING SKIP: transmission-gtk not found" | 25 | echo "TESTING SKIP: transmission-gtk not found" |
26 | fi | 26 | fi |
27 | 27 | ||
28 | which transmission-qt 2>/dev/null | ||
29 | if [ "$?" -eq 0 ]; | ||
30 | then | ||
31 | echo "TESTING: transmission-qt x11 xorg" | ||
32 | ./transmission-qt.exp | ||
33 | else | ||
34 | echo "TESTING SKIP: transmission-qt not found" | ||
35 | fi | ||
36 | |||
28 | which thunderbird 2>/dev/null | 37 | which thunderbird 2>/dev/null |
29 | if [ "$?" -eq 0 ]; | 38 | if [ "$?" -eq 0 ]; |
30 | then | 39 | then |
diff --git a/test/apps-x11-xorg/firefox.exp b/test/apps-x11-xorg/firefox.exp index 0a43db568..8322e2d0e 100755 --- a/test/apps-x11-xorg/firefox.exp +++ b/test/apps-x11-xorg/firefox.exp | |||
@@ -41,7 +41,7 @@ expect { | |||
41 | sleep 2 | 41 | sleep 2 |
42 | 42 | ||
43 | spawn $env(SHELL) | 43 | spawn $env(SHELL) |
44 | send -- "firemon --seccomp --nowrap\r" | 44 | send -- "firemon --seccomp --wrap\r" |
45 | expect { | 45 | expect { |
46 | timeout {puts "TESTING ERROR 5\n";exit} | 46 | timeout {puts "TESTING ERROR 5\n";exit} |
47 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | 47 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} |
@@ -61,7 +61,7 @@ expect { | |||
61 | "name=blablabla" | 61 | "name=blablabla" |
62 | } | 62 | } |
63 | sleep 1 | 63 | sleep 1 |
64 | send -- "firemon --caps --nowrap\r" | 64 | send -- "firemon --caps --wrap\r" |
65 | expect { | 65 | expect { |
66 | timeout {puts "TESTING ERROR 6\n";exit} | 66 | timeout {puts "TESTING ERROR 6\n";exit} |
67 | " firefox" {puts "firefox detected\n";} | 67 | " firefox" {puts "firefox detected\n";} |
diff --git a/test/apps-x11-xorg/thunderbird.exp b/test/apps-x11-xorg/thunderbird.exp index 8cf0ac244..24549e6c8 100755 --- a/test/apps-x11-xorg/thunderbird.exp +++ b/test/apps-x11-xorg/thunderbird.exp | |||
@@ -38,7 +38,7 @@ expect { | |||
38 | sleep 2 | 38 | sleep 2 |
39 | 39 | ||
40 | spawn $env(SHELL) | 40 | spawn $env(SHELL) |
41 | send -- "firemon --seccomp --nowrap\r" | 41 | send -- "firemon --seccomp --wrap\r" |
42 | expect { | 42 | expect { |
43 | timeout {puts "TESTING ERROR 5\n";exit} | 43 | timeout {puts "TESTING ERROR 5\n";exit} |
44 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | 44 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} |
@@ -57,7 +57,7 @@ expect { | |||
57 | "name=blablabla" | 57 | "name=blablabla" |
58 | } | 58 | } |
59 | sleep 2 | 59 | sleep 2 |
60 | send -- "firemon --caps --nowrap\r" | 60 | send -- "firemon --caps --wrap\r" |
61 | expect { | 61 | expect { |
62 | timeout {puts "TESTING ERROR 6\n";exit} | 62 | timeout {puts "TESTING ERROR 6\n";exit} |
63 | ":firejail" | 63 | ":firejail" |
diff --git a/test/apps-x11-xorg/transmission-gtk.exp b/test/apps-x11-xorg/transmission-gtk.exp index fdbf388e9..b688bc619 100755 --- a/test/apps-x11-xorg/transmission-gtk.exp +++ b/test/apps-x11-xorg/transmission-gtk.exp | |||
@@ -38,7 +38,7 @@ expect { | |||
38 | sleep 2 | 38 | sleep 2 |
39 | 39 | ||
40 | spawn $env(SHELL) | 40 | spawn $env(SHELL) |
41 | send -- "firemon --seccomp --nowrap\r" | 41 | send -- "firemon --seccomp --wrap\r" |
42 | expect { | 42 | expect { |
43 | timeout {puts "TESTING ERROR 5\n";exit} | 43 | timeout {puts "TESTING ERROR 5\n";exit} |
44 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | 44 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} |
@@ -57,7 +57,7 @@ expect { | |||
57 | "name=blablabla" | 57 | "name=blablabla" |
58 | } | 58 | } |
59 | sleep 1 | 59 | sleep 1 |
60 | send -- "firemon --caps --nowrap\r" | 60 | send -- "firemon --caps --wrap\r" |
61 | expect { | 61 | expect { |
62 | timeout {puts "TESTING ERROR 6\n";exit} | 62 | timeout {puts "TESTING ERROR 6\n";exit} |
63 | ":firejail" | 63 | ":firejail" |
diff --git a/test/apps-x11-xorg/transmission-qt.exp b/test/apps-x11-xorg/transmission-qt.exp new file mode 100755 index 000000000..5864bb845 --- /dev/null +++ b/test/apps-x11-xorg/transmission-qt.exp | |||
@@ -0,0 +1,85 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2020 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11=xorg --ignore=net --ignore=netfilter --ignore=iprange transmission-qt\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "transmission-qt" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | # grsecurity exit | ||
26 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
29 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
30 | "cannot open" {puts "grsecurity not present\n"} | ||
31 | } | ||
32 | |||
33 | send -- "firejail --name=blablabla\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4\n";exit} | ||
36 | "Child process initialized" | ||
37 | } | ||
38 | sleep 2 | ||
39 | |||
40 | spawn $env(SHELL) | ||
41 | send -- "firemon --seccomp --wrap\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 5\n";exit} | ||
44 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
45 | ":firejail" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
49 | "transmission-qt" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
53 | "Seccomp: 2" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
57 | "name=blablabla" | ||
58 | } | ||
59 | sleep 1 | ||
60 | send -- "firemon --caps --wrap\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6\n";exit} | ||
63 | ":firejail" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
67 | "transmission-qt" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | sleep 1 | ||
82 | send -- "firejail --shutdown=test\r" | ||
83 | sleep 3 | ||
84 | |||
85 | puts "\nall done\n" | ||
diff --git a/test/compile/compile.sh b/test/compile/compile.sh index 2f9e0ece6..91fcfb85d 100755 --- a/test/compile/compile.sh +++ b/test/compile/compile.sh | |||
@@ -4,7 +4,7 @@ | |||
4 | # License GPL v2 | 4 | # License GPL v2 |
5 | 5 | ||
6 | arr[1]="TEST 1: standard compilation" | 6 | arr[1]="TEST 1: standard compilation" |
7 | arr[2]="TEST 2: compile seccomp disabled" | 7 | arr[2]="TEST 2: compile dbus proxy disabled" |
8 | arr[3]="TEST 3: compile chroot disabled" | 8 | arr[3]="TEST 3: compile chroot disabled" |
9 | arr[4]="TEST 4: compile firetunnel disabled" | 9 | arr[4]="TEST 4: compile firetunnel disabled" |
10 | arr[5]="TEST 5: compile user namespace disabled" | 10 | arr[5]="TEST 5: compile user namespace disabled" |
@@ -17,13 +17,16 @@ arr[11]="TEST 11: compile disable global config" | |||
17 | arr[12]="TEST 12: compile apparmor" | 17 | arr[12]="TEST 12: compile apparmor" |
18 | arr[13]="TEST 13: compile busybox" | 18 | arr[13]="TEST 13: compile busybox" |
19 | arr[14]="TEST 14: compile overlayfs disabled" | 19 | arr[14]="TEST 14: compile overlayfs disabled" |
20 | arr[14]="TEST 15: compile private-home disabled" | 20 | arr[15]="TEST 15: compile private-home disabled" |
21 | arr[15]="TEST 16: compile disable manpages" | ||
21 | 22 | ||
22 | # remove previous reports and output file | 23 | # remove previous reports and output file |
23 | cleanup() { | 24 | cleanup() { |
24 | rm -f report* | 25 | rm -f report* |
25 | rm -fr firejail | 26 | rm -fr firejail |
26 | rm -f oc* om* | 27 | rm -f oc* om* |
28 | rm -f output-configure | ||
29 | rm -f output-make | ||
27 | } | 30 | } |
28 | 31 | ||
29 | print_title() { | 32 | print_title() { |
@@ -77,13 +80,12 @@ rm output-configure output-make | |||
77 | #***************************************************************** | 80 | #***************************************************************** |
78 | # TEST 2 | 81 | # TEST 2 |
79 | #***************************************************************** | 82 | #***************************************************************** |
80 | # - disable seccomp configuration | 83 | # - disable dbus proxy configuration |
81 | #***************************************************************** | 84 | #***************************************************************** |
82 | print_title "${arr[2]}" | 85 | print_title "${arr[2]}" |
83 | # seccomp | ||
84 | cd firejail | 86 | cd firejail |
85 | make distclean | 87 | make distclean |
86 | ./configure --prefix=/usr --disable-seccomp --enable-fatal-warnings 2>&1 | tee ../output-configure | 88 | ./configure --prefix=/usr --disable-dbusproxy --enable-fatal-warnings 2>&1 | tee ../output-configure |
87 | make -j4 2>&1 | tee ../output-make | 89 | make -j4 2>&1 | tee ../output-make |
88 | cd .. | 90 | cd .. |
89 | grep Warning output-configure output-make > ./report-test2 | 91 | grep Warning output-configure output-make > ./report-test2 |
@@ -98,7 +100,6 @@ rm output-configure output-make | |||
98 | # - disable chroot configuration | 100 | # - disable chroot configuration |
99 | #***************************************************************** | 101 | #***************************************************************** |
100 | print_title "${arr[3]}" | 102 | print_title "${arr[3]}" |
101 | # seccomp | ||
102 | cd firejail | 103 | cd firejail |
103 | make distclean | 104 | make distclean |
104 | ./configure --prefix=/usr --disable-chroot --enable-fatal-warnings 2>&1 | tee ../output-configure | 105 | ./configure --prefix=/usr --disable-chroot --enable-fatal-warnings 2>&1 | tee ../output-configure |
@@ -116,7 +117,6 @@ rm output-configure output-make | |||
116 | # - disable firetunnel configuration | 117 | # - disable firetunnel configuration |
117 | #***************************************************************** | 118 | #***************************************************************** |
118 | print_title "${arr[4]}" | 119 | print_title "${arr[4]}" |
119 | # seccomp | ||
120 | cd firejail | 120 | cd firejail |
121 | make distclean | 121 | make distclean |
122 | ./configure --prefix=/usr --disable-firetunnel --enable-fatal-warnings 2>&1 | tee ../output-configure | 122 | ./configure --prefix=/usr --disable-firetunnel --enable-fatal-warnings 2>&1 | tee ../output-configure |
@@ -134,7 +134,6 @@ rm output-configure output-make | |||
134 | # - disable user namespace configuration | 134 | # - disable user namespace configuration |
135 | #***************************************************************** | 135 | #***************************************************************** |
136 | print_title "${arr[5]}" | 136 | print_title "${arr[5]}" |
137 | # seccomp | ||
138 | cd firejail | 137 | cd firejail |
139 | make distclean | 138 | make distclean |
140 | ./configure --prefix=/usr --disable-userns --enable-fatal-warnings 2>&1 | tee ../output-configure | 139 | ./configure --prefix=/usr --disable-userns --enable-fatal-warnings 2>&1 | tee ../output-configure |
@@ -153,7 +152,6 @@ rm output-configure output-make | |||
153 | # - check compilation | 152 | # - check compilation |
154 | #***************************************************************** | 153 | #***************************************************************** |
155 | print_title "${arr[6]}" | 154 | print_title "${arr[6]}" |
156 | # seccomp | ||
157 | cd firejail | 155 | cd firejail |
158 | make distclean | 156 | make distclean |
159 | ./configure --prefix=/usr --disable-network --enable-fatal-warnings 2>&1 | tee ../output-configure | 157 | ./configure --prefix=/usr --disable-network --enable-fatal-warnings 2>&1 | tee ../output-configure |
@@ -171,7 +169,6 @@ rm output-configure output-make | |||
171 | # - disable X11 support | 169 | # - disable X11 support |
172 | #***************************************************************** | 170 | #***************************************************************** |
173 | print_title "${arr[7]}" | 171 | print_title "${arr[7]}" |
174 | # seccomp | ||
175 | cd firejail | 172 | cd firejail |
176 | make distclean | 173 | make distclean |
177 | ./configure --prefix=/usr --disable-x11 --enable-fatal-warnings 2>&1 | tee ../output-configure | 174 | ./configure --prefix=/usr --disable-x11 --enable-fatal-warnings 2>&1 | tee ../output-configure |
@@ -189,7 +186,6 @@ rm output-configure output-make | |||
189 | # - enable selinux | 186 | # - enable selinux |
190 | #***************************************************************** | 187 | #***************************************************************** |
191 | print_title "${arr[8]}" | 188 | print_title "${arr[8]}" |
192 | # seccomp | ||
193 | cd firejail | 189 | cd firejail |
194 | make distclean | 190 | make distclean |
195 | ./configure --prefix=/usr --enable-selinux --enable-fatal-warnings 2>&1 | tee ../output-configure | 191 | ./configure --prefix=/usr --enable-selinux --enable-fatal-warnings 2>&1 | tee ../output-configure |
@@ -207,7 +203,6 @@ rm output-configure output-make | |||
207 | # - disable file transfer | 203 | # - disable file transfer |
208 | #***************************************************************** | 204 | #***************************************************************** |
209 | print_title "${arr[9]}" | 205 | print_title "${arr[9]}" |
210 | # seccomp | ||
211 | cd firejail | 206 | cd firejail |
212 | make distclean | 207 | make distclean |
213 | ./configure --prefix=/usr --disable-file-transfer --enable-fatal-warnings 2>&1 | tee ../output-configure | 208 | ./configure --prefix=/usr --disable-file-transfer --enable-fatal-warnings 2>&1 | tee ../output-configure |
@@ -225,7 +220,6 @@ rm output-configure output-make | |||
225 | # - disable whitelist | 220 | # - disable whitelist |
226 | #***************************************************************** | 221 | #***************************************************************** |
227 | print_title "${arr[10]}" | 222 | print_title "${arr[10]}" |
228 | # seccomp | ||
229 | cd firejail | 223 | cd firejail |
230 | make distclean | 224 | make distclean |
231 | ./configure --prefix=/usr --disable-whitelist --enable-fatal-warnings 2>&1 | tee ../output-configure | 225 | ./configure --prefix=/usr --disable-whitelist --enable-fatal-warnings 2>&1 | tee ../output-configure |
@@ -243,7 +237,6 @@ rm output-configure output-make | |||
243 | # - disable global config | 237 | # - disable global config |
244 | #***************************************************************** | 238 | #***************************************************************** |
245 | print_title "${arr[11]}" | 239 | print_title "${arr[11]}" |
246 | # seccomp | ||
247 | cd firejail | 240 | cd firejail |
248 | make distclean | 241 | make distclean |
249 | ./configure --prefix=/usr --disable-globalcfg --enable-fatal-warnings 2>&1 | tee ../output-configure | 242 | ./configure --prefix=/usr --disable-globalcfg --enable-fatal-warnings 2>&1 | tee ../output-configure |
@@ -261,7 +254,6 @@ rm output-configure output-make | |||
261 | # - enable apparmor | 254 | # - enable apparmor |
262 | #***************************************************************** | 255 | #***************************************************************** |
263 | print_title "${arr[12]}" | 256 | print_title "${arr[12]}" |
264 | # seccomp | ||
265 | cd firejail | 257 | cd firejail |
266 | make distclean | 258 | make distclean |
267 | ./configure --prefix=/usr --enable-apparmor --enable-fatal-warnings 2>&1 | tee ../output-configure | 259 | ./configure --prefix=/usr --enable-apparmor --enable-fatal-warnings 2>&1 | tee ../output-configure |
@@ -279,7 +271,6 @@ rm output-configure output-make | |||
279 | # - enable busybox workaround | 271 | # - enable busybox workaround |
280 | #***************************************************************** | 272 | #***************************************************************** |
281 | print_title "${arr[13]}" | 273 | print_title "${arr[13]}" |
282 | # seccomp | ||
283 | cd firejail | 274 | cd firejail |
284 | make distclean | 275 | make distclean |
285 | ./configure --prefix=/usr --enable-busybox-workaround --enable-fatal-warnings 2>&1 | tee ../output-configure | 276 | ./configure --prefix=/usr --enable-busybox-workaround --enable-fatal-warnings 2>&1 | tee ../output-configure |
@@ -297,7 +288,6 @@ rm output-configure output-make | |||
297 | # - disable overlayfs | 288 | # - disable overlayfs |
298 | #***************************************************************** | 289 | #***************************************************************** |
299 | print_title "${arr[14]}" | 290 | print_title "${arr[14]}" |
300 | # seccomp | ||
301 | cd firejail | 291 | cd firejail |
302 | make distclean | 292 | make distclean |
303 | ./configure --prefix=/usr --disable-overlayfs --enable-fatal-warnings 2>&1 | tee ../output-configure | 293 | ./configure --prefix=/usr --disable-overlayfs --enable-fatal-warnings 2>&1 | tee ../output-configure |
@@ -315,7 +305,6 @@ rm output-configure output-make | |||
315 | # - disable private home | 305 | # - disable private home |
316 | #***************************************************************** | 306 | #***************************************************************** |
317 | print_title "${arr[15]}" | 307 | print_title "${arr[15]}" |
318 | # seccomp | ||
319 | cd firejail | 308 | cd firejail |
320 | make distclean | 309 | make distclean |
321 | ./configure --prefix=/usr --disable-private-home --enable-fatal-warnings 2>&1 | tee ../output-configure | 310 | ./configure --prefix=/usr --disable-private-home --enable-fatal-warnings 2>&1 | tee ../output-configure |
@@ -328,6 +317,23 @@ cp output-make om15 | |||
328 | rm output-configure output-make | 317 | rm output-configure output-make |
329 | 318 | ||
330 | #***************************************************************** | 319 | #***************************************************************** |
320 | # TEST 16 | ||
321 | #***************************************************************** | ||
322 | # - disable manpages | ||
323 | #***************************************************************** | ||
324 | print_title "${arr[16]}" | ||
325 | cd firejail | ||
326 | make distclean | ||
327 | ./configure --prefix=/usr --disable-man --enable-fatal-warnings 2>&1 | tee ../output-configure | ||
328 | make -j4 2>&1 | tee ../output-make | ||
329 | cd .. | ||
330 | grep Warning output-configure output-make > ./report-test16 | ||
331 | grep Error output-configure output-make >> ./report-test16 | ||
332 | cp output-configure oc16 | ||
333 | cp output-make om16 | ||
334 | rm output-configure output-make | ||
335 | |||
336 | #***************************************************************** | ||
331 | # PRINT REPORTS | 337 | # PRINT REPORTS |
332 | #***************************************************************** | 338 | #***************************************************************** |
333 | echo | 339 | echo |
@@ -356,3 +362,4 @@ echo ${arr[12]} | |||
356 | echo ${arr[13]} | 362 | echo ${arr[13]} |
357 | echo ${arr[14]} | 363 | echo ${arr[14]} |
358 | echo ${arr[15]} | 364 | echo ${arr[15]} |
365 | echo ${arr[16]} | ||
diff --git a/test/filters/seccomp-chmod-profile.exp b/test/filters/seccomp-chmod-profile.exp index 9b61397ca..22392f882 100755 --- a/test/filters/seccomp-chmod-profile.exp +++ b/test/filters/seccomp-chmod-profile.exp | |||
@@ -41,7 +41,7 @@ expect { | |||
41 | send -- "chmod +x testfile; echo done\r" | 41 | send -- "chmod +x testfile; echo done\r" |
42 | expect { | 42 | expect { |
43 | timeout {puts "TESTING ERROR 5\n";exit} | 43 | timeout {puts "TESTING ERROR 5\n";exit} |
44 | "Bad system call" | 44 | "Operation not permitted" |
45 | } | 45 | } |
46 | expect { | 46 | expect { |
47 | timeout {puts "TESTING ERROR 6\n";exit} | 47 | timeout {puts "TESTING ERROR 6\n";exit} |
diff --git a/test/filters/seccomp-chmod.exp b/test/filters/seccomp-chmod.exp index 01b9cbaac..c72a68c82 100755 --- a/test/filters/seccomp-chmod.exp +++ b/test/filters/seccomp-chmod.exp | |||
@@ -41,7 +41,7 @@ expect { | |||
41 | send -- "chmod +x testfile; echo done\r" | 41 | send -- "chmod +x testfile; echo done\r" |
42 | expect { | 42 | expect { |
43 | timeout {puts "TESTING ERROR 5\n";exit} | 43 | timeout {puts "TESTING ERROR 5\n";exit} |
44 | "Bad system call" | 44 | "Operation not permitted" |
45 | } | 45 | } |
46 | expect { | 46 | expect { |
47 | timeout {puts "TESTING ERROR 6\n";exit} | 47 | timeout {puts "TESTING ERROR 6\n";exit} |
diff --git a/test/filters/seccomp-run-files.exp b/test/filters/seccomp-run-files.exp index fd3033a69..5f468cf24 100755 --- a/test/filters/seccomp-run-files.exp +++ b/test/filters/seccomp-run-files.exp | |||
@@ -24,7 +24,7 @@ after 100 | |||
24 | send -- "ls -l /run/firejail/mnt/seccomp | grep -c seccomp\r" | 24 | send -- "ls -l /run/firejail/mnt/seccomp | grep -c seccomp\r" |
25 | expect { | 25 | expect { |
26 | timeout {puts "TESTING ERROR 3\n";exit} | 26 | timeout {puts "TESTING ERROR 3\n";exit} |
27 | "5" | 27 | "6" |
28 | } | 28 | } |
29 | send -- "exit\r" | 29 | send -- "exit\r" |
30 | sleep 1 | 30 | sleep 1 |
@@ -90,7 +90,7 @@ after 100 | |||
90 | send -- "ls -l /run/firejail/mnt/seccomp | grep -c seccomp\r" | 90 | send -- "ls -l /run/firejail/mnt/seccomp | grep -c seccomp\r" |
91 | expect { | 91 | expect { |
92 | timeout {puts "TESTING ERROR 18\n";exit} | 92 | timeout {puts "TESTING ERROR 18\n";exit} |
93 | "6" | 93 | "8" |
94 | } | 94 | } |
95 | send -- "exit\r" | 95 | send -- "exit\r" |
96 | sleep 1 | 96 | sleep 1 |
diff --git a/test/fs/fscheck-tmpfs.exp b/test/fs/fscheck-tmpfs.exp index ebd3eeb9c..818549fe2 100755 --- a/test/fs/fscheck-tmpfs.exp +++ b/test/fs/fscheck-tmpfs.exp | |||
@@ -7,12 +7,49 @@ set timeout 10 | |||
7 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
8 | match_max 100000 | 8 | match_max 100000 |
9 | 9 | ||
10 | # .. | 10 | send -- "mkdir -p ~/fjtest-dir/fjtest-dir\r" |
11 | send -- "firejail --tmpfs=fscheck-dir\r" | 11 | after 100 |
12 | send -- "mkdir /tmp/fjtest-dir\r" | ||
13 | after 100 | ||
14 | |||
15 | if { ! [file exists ~/fjtest-dir/fjtest-dir] } { | ||
16 | puts "TESTING ERROR 1\n" | ||
17 | exit | ||
18 | } | ||
19 | if { ! [file exists /tmp/fjtest-dir] } { | ||
20 | puts "TESTING ERROR 2\n" | ||
21 | exit | ||
22 | } | ||
23 | |||
24 | send -- "firejail --noprofile --tmpfs=~/fjtest-dir\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 3\n";exit} | ||
27 | "Child process initialized" | ||
28 | } | ||
29 | after 500 | ||
30 | |||
31 | send -- "ls ~/fjtest-dir/fjtest-dir\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 4\n";exit} | ||
34 | "No such file or directory" | ||
35 | } | ||
36 | after 500 | ||
37 | |||
38 | send -- "exit\r" | ||
39 | after 500 | ||
40 | |||
41 | send -- "firejail --noprofile --tmpfs=/tmp/fjtest-dir\r" | ||
12 | expect { | 42 | expect { |
13 | timeout {puts "TESTING ERROR 0.1\n";exit} | 43 | timeout {puts "TESTING ERROR 5\n";exit} |
14 | "Error" | 44 | "Error" |
15 | } | 45 | } |
46 | after 500 | ||
47 | |||
48 | # cleanup | ||
49 | send -- "rm -fr ~/fjtest-dir\r" | ||
16 | after 100 | 50 | after 100 |
51 | send -- "rm -fr /tmp/fjtest-dir\r" | ||
52 | after 100 | ||
53 | |||
17 | 54 | ||
18 | puts "\nall done\n" | 55 | puts "\nall done\n" |
diff --git a/test/fs/mkdir.exp b/test/fs/mkdir.exp index 59005e1a2..61029ec18 100755 --- a/test/fs/mkdir.exp +++ b/test/fs/mkdir.exp | |||
@@ -7,11 +7,12 @@ set timeout 3 | |||
7 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
8 | match_max 100000 | 8 | match_max 100000 |
9 | 9 | ||
10 | send -- "rm -fr ~/.firejail_test\r" | ||
11 | after 100 | ||
12 | |||
10 | send -- "firejail --profile=mkdir.profile find ~/.firejail_test\r" | 13 | send -- "firejail --profile=mkdir.profile find ~/.firejail_test\r" |
11 | expect { | 14 | expect { |
12 | timeout {puts "TESTING ERROR 1.1\n";exit} | 15 | timeout {puts "TESTING ERROR 1.1\n";exit} |
13 | "Warning: cannot create" { puts "TESTING ERROR 1.2\n";exit} | ||
14 | "No such file or directory" { puts "TESTING ERROR 1.3\n";exit} | ||
15 | ".firejail_test/a/b/c/d.txt" | 16 | ".firejail_test/a/b/c/d.txt" |
16 | } | 17 | } |
17 | send -- "rm -rf ~/.firejail_test\r" | 18 | send -- "rm -rf ~/.firejail_test\r" |
@@ -20,30 +21,29 @@ after 100 | |||
20 | send -- "firejail --profile=mkdir.profile find /tmp/.firejail_test\r" | 21 | send -- "firejail --profile=mkdir.profile find /tmp/.firejail_test\r" |
21 | expect { | 22 | expect { |
22 | timeout {puts "TESTING ERROR 2.1\n";exit} | 23 | timeout {puts "TESTING ERROR 2.1\n";exit} |
23 | "Warning: cannot create" { puts "TESTING ERROR 2.2\n";exit} | ||
24 | "No such file or directory" { puts "TESTING ERROR 2.3\n";exit} | ||
25 | "/tmp/.firejail_test/a/b/c/d.txt" | 24 | "/tmp/.firejail_test/a/b/c/d.txt" |
26 | } | 25 | } |
27 | send -- "rm -rf /tmp/.firejail_test\r" | 26 | send -- "rm -rf /tmp/.firejail_test\r" |
28 | after 100 | 27 | after 100 |
29 | 28 | ||
30 | set UID [exec id -u] | 29 | set UID [exec id -u] |
31 | send -- "firejail --profile=mkdir.profile find /run/user/$UID/.firejail_test\r" | 30 | set fexist [file exist /run/user/$UID] |
32 | expect { | 31 | if { $fexist } { |
33 | timeout {puts "TESTING ERROR 3.1\n";exit} | 32 | send -- "firejail --profile=mkdir.profile find /run/user/$UID/.firejail_test\r" |
34 | "Warning: cannot create" { puts "TESTING ERROR 3.2\n";exit} | 33 | expect { |
35 | "No such file or directory" { puts "TESTING ERROR 3.3\n";exit} | 34 | timeout {puts "TESTING ERROR 3.1\n";exit} |
36 | "/run/user/$UID/.firejail_test/a/b/c/d.txt" | 35 | "/run/user/$UID/.firejail_test/a/b/c/d.txt" |
37 | } | 36 | } |
38 | send -- "rm -rf /run/user/$UID/.firejail_test\r" | 37 | send -- "rm -rf /run/user/$UID/.firejail_test\r" |
39 | after 100 | 38 | after 100 |
40 | 39 | ||
41 | 40 | ||
42 | send -- "firejail --profile=mkdir2.profile\r" | 41 | send -- "firejail --profile=mkdir2.profile\r" |
43 | expect { | 42 | expect { |
44 | timeout {puts "TESTING ERROR 4\n";exit} | 43 | timeout {puts "TESTING ERROR 4\n";exit} |
45 | "only files or directories in user home, /tmp, or /run/user/<UID>" | 44 | "only files or directories in user home, /tmp, or /run/user/<UID>" |
45 | } | ||
46 | after 100 | ||
46 | } | 47 | } |
47 | after 100 | ||
48 | 48 | ||
49 | puts "\nall done\n" | 49 | puts "\nall done\n" |
diff --git a/test/profiles/profiles.sh b/test/profiles/profiles.sh index 69f0dc086..2d7d2a966 100755 --- a/test/profiles/profiles.sh +++ b/test/profiles/profiles.sh | |||
@@ -34,11 +34,16 @@ echo "TESTING: profile read-only links (test/profiles/profile_readonly.exp)" | |||
34 | echo "TESTING: profile no permissions (test/profiles/profile_noperm.exp)" | 34 | echo "TESTING: profile no permissions (test/profiles/profile_noperm.exp)" |
35 | ./profile_noperm.exp | 35 | ./profile_noperm.exp |
36 | 36 | ||
37 | # GitHub CI doesn't have a /run/user/$UID directory. Using it to test a small number of profiles. | ||
38 | UID=`id -u` | ||
39 | if [ -d "/run/user/$UID" ]; then | ||
40 | PROFILES=`ls /etc/firejail/*.profile` | ||
41 | echo "TESTING: default profiles installed in /etc" | ||
42 | else | ||
43 | PROFILES=`ls /etc/firejail/transmission*.profile /etc/firejail/fi*.profile /etc/firejail/fl*.profile /etc/firejail/free*.profile` | ||
44 | echo "TESTING: small number of default profiles installed in /etc" | ||
45 | fi | ||
37 | 46 | ||
38 | |||
39 | |||
40 | echo "TESTING: default profiles installed in /etc" | ||
41 | PROFILES=`ls /etc/firejail/*.profile` | ||
42 | for PROFILE in $PROFILES | 47 | for PROFILE in $PROFILES |
43 | do | 48 | do |
44 | echo "TESTING: $PROFILE" | 49 | echo "TESTING: $PROFILE" |
diff --git a/test/sysutils/less.exp b/test/sysutils/less.exp index 2bfb60302..daa666c18 100755 --- a/test/sysutils/less.exp +++ b/test/sysutils/less.exp | |||
@@ -10,6 +10,7 @@ match_max 100000 | |||
10 | send -- "firejail less sysutils.sh\r" | 10 | send -- "firejail less sysutils.sh\r" |
11 | expect { | 11 | expect { |
12 | timeout {puts "TESTING ERROR 1\n";exit} | 12 | timeout {puts "TESTING ERROR 1\n";exit} |
13 | "(press RETURN)" {puts "TESTING SKIP 1.1\n";exit} | ||
13 | "MALLOC_CHECK" | 14 | "MALLOC_CHECK" |
14 | } | 15 | } |
15 | expect { | 16 | expect { |
diff --git a/test/sysutils/xz.exp b/test/sysutils/xz.exp index 63b1ad3c7..074b90076 100755 --- a/test/sysutils/xz.exp +++ b/test/sysutils/xz.exp | |||
@@ -3,7 +3,7 @@ | |||
3 | # Copyright (C) 2014-2020 Firejail Authors | 3 | # Copyright (C) 2014-2020 Firejail Authors |
4 | # License GPL v2 | 4 | # License GPL v2 |
5 | 5 | ||
6 | set timeout 10 | 6 | set timeout 60 |
7 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
8 | match_max 100000 | 8 | match_max 100000 |
9 | 9 | ||
@@ -13,6 +13,9 @@ sleep 1 | |||
13 | send -- "firejail /usr/bin/xz -c /usr/bin/firejail > firejail_t2\r" | 13 | send -- "firejail /usr/bin/xz -c /usr/bin/firejail > firejail_t2\r" |
14 | sleep 1 | 14 | sleep 1 |
15 | 15 | ||
16 | send -- "md5sum firejail_t1 firejail_t2; ls -l firejail_t1 firejail_t2\r" | ||
17 | sleep 1 | ||
18 | |||
16 | send -- "diff -s firejail_t1 firejail_t2\r" | 19 | send -- "diff -s firejail_t1 firejail_t2\r" |
17 | expect { | 20 | expect { |
18 | timeout {puts "TESTING ERROR 1\n";exit} | 21 | timeout {puts "TESTING ERROR 1\n";exit} |
diff --git a/test/utils/join5.exp b/test/utils/join5.exp new file mode 100755 index 000000000..43ca09b4d --- /dev/null +++ b/test/utils/join5.exp | |||
@@ -0,0 +1,46 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2020 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test123 --profile=join5.profile\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 5\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | spawn $env(SHELL) | ||
17 | send -- "firejail --join=test123\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "Switching to pid" | ||
21 | } | ||
22 | sleep 1 | ||
23 | send -- "ps aux\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 2\n";exit} | ||
26 | "/bin/bash" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 3\n";exit} | ||
30 | "/bin/bash" | ||
31 | } | ||
32 | |||
33 | send -- "exit\r" | ||
34 | after 100 | ||
35 | |||
36 | send -- "firejail --protocol.print=test123\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 4\n";exit} | ||
39 | "Switching to pid" | ||
40 | } | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 5\n";exit} | ||
43 | "unix" | ||
44 | } | ||
45 | |||
46 | puts "\nall done\n" | ||
diff --git a/test/utils/join5.profile b/test/utils/join5.profile new file mode 100644 index 000000000..e9eb37a4f --- /dev/null +++ b/test/utils/join5.profile | |||
@@ -0,0 +1,4 @@ | |||
1 | dbus-user filter | ||
2 | dbus-system none | ||
3 | seccomp | ||
4 | protocol unix | ||
diff --git a/test/utils/man.exp b/test/utils/man.exp index 3cde9f2c8..102701a6a 100755 --- a/test/utils/man.exp +++ b/test/utils/man.exp | |||
@@ -10,6 +10,7 @@ match_max 100000 | |||
10 | send -- "man firejail\r" | 10 | send -- "man firejail\r" |
11 | expect { | 11 | expect { |
12 | timeout {puts "TESTING ERROR 0\n";exit} | 12 | timeout {puts "TESTING ERROR 0\n";exit} |
13 | "(press RETURN)" {puts "TESTING SKIP 1.1\n";exit} | ||
13 | "Linux namespaces sandbox program" | 14 | "Linux namespaces sandbox program" |
14 | } | 15 | } |
15 | after 100 | 16 | after 100 |
diff --git a/test/utils/utils.sh b/test/utils/utils.sh index 48a8051fa..7e8426f35 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh | |||
@@ -99,9 +99,12 @@ echo "TESTING: join2 (test/utils/join2.exp)" | |||
99 | echo "TESTING: join3 (test/utils/join3.exp)" | 99 | echo "TESTING: join3 (test/utils/join3.exp)" |
100 | ./join3.exp | 100 | ./join3.exp |
101 | 101 | ||
102 | echo "TESTING: join3 (test/utils/join4.exp)" | 102 | echo "TESTING: join4 (test/utils/join4.exp)" |
103 | ./join4.exp | 103 | ./join4.exp |
104 | 104 | ||
105 | echo "TESTING: join5 (test/utils/join5.exp)" | ||
106 | ./join5.exp | ||
107 | |||
105 | echo "TESTING: join profile (test/utils/join-profile.exp)" | 108 | echo "TESTING: join profile (test/utils/join-profile.exp)" |
106 | ./join-profile.exp | 109 | ./join-profile.exp |
107 | 110 | ||