diff options
Diffstat (limited to 'test')
-rw-r--r-- | test/appimage/Leafpad-0.8.17-x86_64.AppImage | bin | 786432 -> 0 bytes | |||
-rw-r--r-- | test/appimage/Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage | bin | 231417 -> 0 bytes | |||
-rwxr-xr-x | test/appimage/appimage-args.exp | 90 | ||||
-rwxr-xr-x | test/appimage/appimage-trace.exp | 45 | ||||
-rwxr-xr-x | test/appimage/appimage-v1.exp | 92 | ||||
-rwxr-xr-x | test/appimage/appimage-v2.exp | 31 | ||||
-rwxr-xr-x | test/appimage/appimage.sh | 5 | ||||
-rwxr-xr-x | test/appimage/hello-x86_64.AppImage | bin | 0 -> 197824 bytes | |||
-rw-r--r-- | test/appimage/main.c | 32 |
9 files changed, 60 insertions, 235 deletions
diff --git a/test/appimage/Leafpad-0.8.17-x86_64.AppImage b/test/appimage/Leafpad-0.8.17-x86_64.AppImage deleted file mode 100644 index 865f6b44c..000000000 --- a/test/appimage/Leafpad-0.8.17-x86_64.AppImage +++ /dev/null | |||
Binary files differ | |||
diff --git a/test/appimage/Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage b/test/appimage/Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage deleted file mode 100644 index d167431f3..000000000 --- a/test/appimage/Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage +++ /dev/null | |||
Binary files differ | |||
diff --git a/test/appimage/appimage-args.exp b/test/appimage/appimage-args.exp index e85e8a46a..ef64e862f 100755 --- a/test/appimage/appimage-args.exp +++ b/test/appimage/appimage-args.exp | |||
@@ -8,97 +8,15 @@ spawn $env(SHELL) | |||
8 | match_max 100000 | 8 | match_max 100000 |
9 | 9 | ||
10 | set appimage_id $spawn_id | 10 | set appimage_id $spawn_id |
11 | send -- "firejail --name=test --debug --appimage Leafpad-0.8.17-x86_64.AppImage testfile\r" | 11 | send -- "firejail --name=test --appimage hello-x86_64.AppImage testfile\r" |
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "execvp argument 2" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 2\n";exit} | ||
18 | "AppRun" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 3\n";exit} | ||
22 | "testfile" | ||
23 | } | ||
24 | expect { | 12 | expect { |
25 | timeout {puts "TESTING ERROR 4\n";exit} | 13 | timeout {puts "TESTING ERROR 4\n";exit} |
26 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | 14 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" |
27 | } | 15 | } |
28 | sleep 2 | ||
29 | |||
30 | spawn $env(SHELL) | ||
31 | send -- "firejail --list\r" | ||
32 | expect { | 16 | expect { |
33 | timeout {puts "TESTING ERROR 5\n";exit} | 17 | timeout {puts "TESTING ERROR 4\n";exit} |
34 | ":firejail" | 18 | "1 - testfile" |
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 6\n";exit} | ||
38 | "appimage Leafpad" | ||
39 | } | ||
40 | after 100 | ||
41 | |||
42 | # grsecurity exit | ||
43 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
46 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
47 | "cannot open" {puts "grsecurity not present\n"} | ||
48 | } | ||
49 | |||
50 | |||
51 | send -- "firejail --name=blablabla\r" | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 7\n";exit} | ||
54 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
55 | } | ||
56 | sleep 2 | ||
57 | |||
58 | spawn $env(SHELL) | ||
59 | send -- "firemon --seccomp --wrap\r" | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 8\n";exit} | ||
62 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
63 | "appimage Leafpad" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 9 (seccomp)\n";exit} | ||
67 | "Seccomp: 2" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 10\n";exit} | ||
71 | "name=blablabla" | ||
72 | } | ||
73 | after 100 | ||
74 | send -- "firemon --caps --wrap\r" | ||
75 | expect { | ||
76 | timeout {puts "TESTING ERROR 11\n";exit} | ||
77 | "appimage Leafpad" | ||
78 | } | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 12\n";exit} | ||
81 | "CapBnd:" | ||
82 | } | ||
83 | expect { | ||
84 | timeout {puts "TESTING ERROR 13\n";exit} | ||
85 | "0000000000000000" | ||
86 | } | ||
87 | expect { | ||
88 | timeout {puts "TESTING ERROR 14\n";exit} | ||
89 | "name=blablabla" | ||
90 | } | ||
91 | after 100 | ||
92 | |||
93 | spawn $env(SHELL) | ||
94 | send -- "firejail --shutdown=test\r" | ||
95 | |||
96 | set spawn_id $appimage_id | ||
97 | expect { | ||
98 | timeout {puts "shutdown\n";exit} | ||
99 | "AppImage detached" | ||
100 | } | 19 | } |
101 | 20 | ||
102 | after 100 | 21 | after 500 |
103 | |||
104 | puts "\nall done\n" | 22 | puts "\nall done\n" |
diff --git a/test/appimage/appimage-trace.exp b/test/appimage/appimage-trace.exp index f98826138..c1e481a67 100755 --- a/test/appimage/appimage-trace.exp +++ b/test/appimage/appimage-trace.exp | |||
@@ -8,61 +8,28 @@ spawn $env(SHELL) | |||
8 | match_max 100000 | 8 | match_max 100000 |
9 | set appimage_id $spawn_id | 9 | set appimage_id $spawn_id |
10 | 10 | ||
11 | send -- "firejail --trace --timeout=00:00:05 --appimage Leafpad-0.8.17-x86_64.AppImage\r" | 11 | send -- "firejail --trace --timeout=00:00:05 --appimage hello-x86_64.AppImage\r" |
12 | expect { | 12 | expect { |
13 | timeout {puts "TESTING ERROR 1\n";exit} | 13 | timeout {puts "TESTING ERROR 1\n";exit} |
14 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | 14 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" |
15 | } | 15 | } |
16 | expect { | 16 | expect { |
17 | timeout {puts "TESTING ERROR 2\n";exit} | 17 | timeout {puts "TESTING ERROR 2\n";exit} |
18 | "leafpad:socket" | 18 | "AppRun:exec" |
19 | } | 19 | } |
20 | expect { | 20 | expect { |
21 | timeout {puts "TESTING ERROR 3\n";exit} | 21 | timeout {puts "TESTING ERROR 3\n";exit} |
22 | "leafpad:connect" | 22 | "AppRun:opendir" |
23 | } | 23 | } |
24 | expect { | 24 | expect { |
25 | timeout {puts "TESTING ERROR 4\n";exit} | 25 | timeout {puts "TESTING ERROR 4\n";exit} |
26 | "X11-unix/X0" | 26 | "Hello, World!" |
27 | } | 27 | } |
28 | expect { | 28 | expect { |
29 | timeout {puts "TESTING ERROR 5\n";exit} | 29 | timeout {puts "TESTING ERROR 5\n";exit} |
30 | "Parent is shutting down, bye" | 30 | "ping:exec" |
31 | } | 31 | } |
32 | expect { | ||
33 | timeout {puts "shutdown\n"} | ||
34 | "AppImage detached" | ||
35 | } | ||
36 | sleep 1 | ||
37 | |||
38 | send -- "firejail --trace --timeout=00:00:05 --appimage Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 11\n";exit} | ||
41 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 12\n";exit} | ||
45 | "leafpad:socket" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 13\n";exit} | ||
49 | "leafpad:connect" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 14\n";exit} | ||
53 | "X11-unix/X0" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 15\n";exit} | ||
57 | "Parent is shutting down, bye" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "shutdown\n"} | ||
61 | "AppImage detached" | ||
62 | } | ||
63 | sleep 1 | ||
64 | |||
65 | 32 | ||
66 | after 100 | 33 | after 500 |
67 | 34 | ||
68 | puts "\nall done\n" | 35 | puts "\nall done\n" |
diff --git a/test/appimage/appimage-v1.exp b/test/appimage/appimage-v1.exp deleted file mode 100755 index bb360cd18..000000000 --- a/test/appimage/appimage-v1.exp +++ /dev/null | |||
@@ -1,92 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2023 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | set appimage_id $spawn_id | ||
10 | |||
11 | send -- "firejail --name=test --debug --appimage Leafpad-0.8.17-x86_64.AppImage\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
15 | } | ||
16 | sleep 2 | ||
17 | |||
18 | spawn $env(SHELL) | ||
19 | send -- "firejail --list\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 3\n";exit} | ||
22 | ":firejail" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
26 | "appimage Leafpad" | ||
27 | } | ||
28 | after 100 | ||
29 | |||
30 | # grsecurity exit | ||
31 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
34 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
35 | "cannot open" {puts "grsecurity not present\n"} | ||
36 | } | ||
37 | |||
38 | |||
39 | send -- "firejail --name=blablabla\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 4\n";exit} | ||
42 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | ||
43 | } | ||
44 | sleep 2 | ||
45 | |||
46 | spawn $env(SHELL) | ||
47 | send -- "firemon --seccomp --wrap\r" | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 5\n";exit} | ||
50 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
51 | "appimage Leafpad" | ||
52 | } | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
55 | "Seccomp: 2" | ||
56 | } | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
59 | "name=blablabla" | ||
60 | } | ||
61 | after 100 | ||
62 | send -- "firemon --caps --wrap\r" | ||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 6\n";exit} | ||
65 | "appimage Leafpad" | ||
66 | } | ||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
69 | "CapBnd:" | ||
70 | } | ||
71 | expect { | ||
72 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
73 | "0000000000000000" | ||
74 | } | ||
75 | expect { | ||
76 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
77 | "name=blablabla" | ||
78 | } | ||
79 | after 100 | ||
80 | |||
81 | spawn $env(SHELL) | ||
82 | send -- "firejail --shutdown=test\r" | ||
83 | |||
84 | set spawn_id $appimage_id | ||
85 | expect { | ||
86 | timeout {puts "shutdown\n"} | ||
87 | "AppImage detached" | ||
88 | } | ||
89 | |||
90 | after 100 | ||
91 | |||
92 | puts "\nall done\n" | ||
diff --git a/test/appimage/appimage-v2.exp b/test/appimage/appimage-v2.exp index 748ac3d79..2d86de240 100755 --- a/test/appimage/appimage-v2.exp +++ b/test/appimage/appimage-v2.exp | |||
@@ -8,12 +8,24 @@ spawn $env(SHELL) | |||
8 | match_max 100000 | 8 | match_max 100000 |
9 | set appimage_id $spawn_id | 9 | set appimage_id $spawn_id |
10 | 10 | ||
11 | send -- "firejail --name=test --appimage Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage\r" | 11 | send -- "firejail --name=test --appimage hello-x86_64.AppImage\r" |
12 | expect { | 12 | expect { |
13 | timeout {puts "TESTING ERROR 1\n";exit} | 13 | timeout {puts "TESTING ERROR 1\n";exit} |
14 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | 14 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" |
15 | } | 15 | } |
16 | sleep 2 | 16 | expect { |
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "Hello, World!" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "Operation not permitted" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 1\n";exit} | ||
26 | "Hello, again!" | ||
27 | } | ||
28 | sleep 5 | ||
17 | 29 | ||
18 | spawn $env(SHELL) | 30 | spawn $env(SHELL) |
19 | send -- "firejail --list\r" | 31 | send -- "firejail --list\r" |
@@ -23,19 +35,10 @@ expect { | |||
23 | } | 35 | } |
24 | expect { | 36 | expect { |
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | 37 | timeout {puts "TESTING ERROR 3.1\n";exit} |
26 | "appimage Leafpad" | 38 | "appimage hello-x86_64" |
27 | } | 39 | } |
28 | after 100 | 40 | after 100 |
29 | 41 | ||
30 | # grsecurity exit | ||
31 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
34 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
35 | "cannot open" {puts "grsecurity not present\n"} | ||
36 | } | ||
37 | |||
38 | |||
39 | send -- "firejail --name=blablabla\r" | 42 | send -- "firejail --name=blablabla\r" |
40 | expect { | 43 | expect { |
41 | timeout {puts "TESTING ERROR 4\n";exit} | 44 | timeout {puts "TESTING ERROR 4\n";exit} |
@@ -48,7 +51,7 @@ send -- "firemon --seccomp\r" | |||
48 | expect { | 51 | expect { |
49 | timeout {puts "TESTING ERROR 5\n";exit} | 52 | timeout {puts "TESTING ERROR 5\n";exit} |
50 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | 53 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} |
51 | "appimage Leafpad" | 54 | "appimage hello-x86_64" |
52 | } | 55 | } |
53 | expect { | 56 | expect { |
54 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | 57 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} |
@@ -62,7 +65,7 @@ after 100 | |||
62 | send -- "firemon --caps\r" | 65 | send -- "firemon --caps\r" |
63 | expect { | 66 | expect { |
64 | timeout {puts "TESTING ERROR 6\n";exit} | 67 | timeout {puts "TESTING ERROR 6\n";exit} |
65 | "appimage Leafpad" | 68 | "appimage hello-x86_64" |
66 | } | 69 | } |
67 | expect { | 70 | expect { |
68 | timeout {puts "TESTING ERROR 6.1\n";exit} | 71 | timeout {puts "TESTING ERROR 6.1\n";exit} |
diff --git a/test/appimage/appimage.sh b/test/appimage/appimage.sh index 0c50434ac..57e389249 100755 --- a/test/appimage/appimage.sh +++ b/test/appimage/appimage.sh | |||
@@ -7,16 +7,13 @@ export MALLOC_CHECK_=3 | |||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | 7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) |
8 | export LC_ALL=C | 8 | export LC_ALL=C |
9 | 9 | ||
10 | echo "TESTING: AppImage v1 (test/appimage/appimage-v1.exp)" | ||
11 | ./appimage-v1.exp | ||
12 | |||
13 | echo "TESTING: AppImage v2 (test/appimage/appimage-v2.exp)" | 10 | echo "TESTING: AppImage v2 (test/appimage/appimage-v2.exp)" |
14 | ./appimage-v2.exp | 11 | ./appimage-v2.exp |
15 | 12 | ||
16 | echo "TESTING: AppImage file name (test/appimage/filename.exp)" | 13 | echo "TESTING: AppImage file name (test/appimage/filename.exp)" |
17 | ./filename.exp | 14 | ./filename.exp |
18 | 15 | ||
19 | echo "TESTING: AppImage argsv1 (test/appimage/appimage-args.exp)" | 16 | echo "TESTING: AppImage args (test/appimage/appimage-args.exp)" |
20 | ./appimage-args.exp | 17 | ./appimage-args.exp |
21 | 18 | ||
22 | echo "TESTING: AppImage trace (test/appimage/appimage-trace.exp)" | 19 | echo "TESTING: AppImage trace (test/appimage/appimage-trace.exp)" |
diff --git a/test/appimage/hello-x86_64.AppImage b/test/appimage/hello-x86_64.AppImage new file mode 100755 index 000000000..b5d68fc5c --- /dev/null +++ b/test/appimage/hello-x86_64.AppImage | |||
Binary files differ | |||
diff --git a/test/appimage/main.c b/test/appimage/main.c new file mode 100644 index 000000000..83c495183 --- /dev/null +++ b/test/appimage/main.c | |||
@@ -0,0 +1,32 @@ | |||
1 | // This is a simple hello program compiled on Debian 11 (glibc 2.31) | ||
2 | // and packaged as an appimage using appimagetool from | ||
3 | // https://github.com/AppImage/AppImageKit. The tool in installed | ||
4 | // in the current directory. | ||
5 | // | ||
6 | // Building the appimage: | ||
7 | // mkdir -p AppDir/usr/bin | ||
8 | // gcc -o AppDir/usr/bin/hello main.c && strip AppDir/usr/bin/hello | ||
9 | // ./appimagetool AppDir | ||
10 | |||
11 | |||
12 | #include <stdio.h> | ||
13 | #include <stdlib.h> | ||
14 | #include <unistd.h> | ||
15 | |||
16 | int main(int argc, char **argv) { | ||
17 | // test args | ||
18 | int i; | ||
19 | for (i = 1; i < argc; i++) | ||
20 | printf("%d - %s\n", i, argv[i]); | ||
21 | |||
22 | printf("Hello, World!\n"); | ||
23 | |||
24 | // elevate privileges - firejail should block it | ||
25 | system("ping -c 3 127.0.0.1\n"); | ||
26 | |||
27 | printf("Hello, again!\n"); | ||
28 | sleep(30); | ||
29 | |||
30 | return 0; | ||
31 | } | ||
32 | |||