diff options
Diffstat (limited to 'test')
-rwxr-xr-x | test/environment/dns.exp | 27 | ||||
-rw-r--r-- | test/environment/dns.profile | 3 | ||||
-rwxr-xr-x | test/fs/fs.sh | 3 | ||||
-rwxr-xr-x | test/fs/whitelist-dev.exp | 47 | ||||
-rwxr-xr-x | test/fs/whitelist.exp | 26 | ||||
-rwxr-xr-x | test/network/ip6.exp | 40 | ||||
-rw-r--r-- | test/network/ip6.profile | 3 | ||||
-rwxr-xr-x | test/network/iprange.exp | 103 | ||||
-rw-r--r-- | test/network/iprange.profile | 2 | ||||
-rwxr-xr-x | test/network/network.sh | 6 | ||||
-rwxr-xr-x | test/network/veth-name.exp | 77 | ||||
-rw-r--r-- | test/network/veth-name.profile | 3 | ||||
-rwxr-xr-x | test/root/root.sh | 3 | ||||
-rwxr-xr-x | test/root/whitelist-mnt.exp | 86 |
14 files changed, 414 insertions, 15 deletions
diff --git a/test/environment/dns.exp b/test/environment/dns.exp index 40403aade..d00e9fb94 100755 --- a/test/environment/dns.exp +++ b/test/environment/dns.exp | |||
@@ -26,10 +26,33 @@ expect { | |||
26 | } | 26 | } |
27 | after 100 | 27 | after 100 |
28 | send -- "exit\r" | 28 | send -- "exit\r" |
29 | after 100 | 29 | sleep 1 |
30 | |||
30 | 31 | ||
32 | send -- "firejail --profile=dns.profile\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 12.1\n";exit} | ||
35 | "Child process initialized" | ||
36 | } | ||
37 | sleep 1 | ||
38 | |||
39 | send -- "cat /etc/resolv.conf\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 12.2\n";exit} | ||
42 | "nameserver 8.8.4.4" | ||
43 | } | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 12.3\n";exit} | ||
46 | "nameserver 8.8.8.8" | ||
47 | } | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 12.4\n";exit} | ||
50 | "nameserver 4.2.2.1" | ||
51 | } | ||
52 | after 100 | ||
53 | send -- "exit\r" | ||
54 | sleep 1 | ||
31 | 55 | ||
32 | # no chroot | ||
33 | send -- "firejail --trace --dns=208.67.222.222 wget -q debian.org\r" | 56 | send -- "firejail --trace --dns=208.67.222.222 wget -q debian.org\r" |
34 | expect { | 57 | expect { |
35 | timeout {puts "TESTING ERROR 1.1\n";exit} | 58 | timeout {puts "TESTING ERROR 1.1\n";exit} |
diff --git a/test/environment/dns.profile b/test/environment/dns.profile new file mode 100644 index 000000000..d1b842c86 --- /dev/null +++ b/test/environment/dns.profile | |||
@@ -0,0 +1,3 @@ | |||
1 | dns 8.8.4.4 | ||
2 | dns 8.8.8.8 | ||
3 | dns 4.2.2.1 | ||
diff --git a/test/fs/fs.sh b/test/fs/fs.sh index d9a425661..611b62b09 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh | |||
@@ -88,6 +88,9 @@ echo "TESTING: double whitelist (test/fs/whitelist-double.exp)" | |||
88 | echo "TESTING: whitelist (test/fs/whitelist.exp)" | 88 | echo "TESTING: whitelist (test/fs/whitelist.exp)" |
89 | ./whitelist.exp | 89 | ./whitelist.exp |
90 | 90 | ||
91 | echo "TESTING: whitelist dev, var(test/fs/whitelist-dev.exp)" | ||
92 | ./whitelist-dev.exp | ||
93 | |||
91 | echo "TESTING: fscheck --bind non root (test/fs/fscheck-bindnoroot.exp)" | 94 | echo "TESTING: fscheck --bind non root (test/fs/fscheck-bindnoroot.exp)" |
92 | ./fscheck-bindnoroot.exp | 95 | ./fscheck-bindnoroot.exp |
93 | 96 | ||
diff --git a/test/fs/whitelist-dev.exp b/test/fs/whitelist-dev.exp new file mode 100755 index 000000000..a19d5cedf --- /dev/null +++ b/test/fs/whitelist-dev.exp | |||
@@ -0,0 +1,47 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --whitelist=/dev/null --debug\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "ls -l /dev | find /dev | wc -l\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "2" | ||
21 | } | ||
22 | after 100 | ||
23 | send -- "exit\r" | ||
24 | sleep 1 | ||
25 | |||
26 | send -- "firejail --whitelist=/var/tmp --debug\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 0\n";exit} | ||
29 | "Child process initialized" | ||
30 | } | ||
31 | sleep 1 | ||
32 | |||
33 | send -- "ls -l /dev | find /dev | wc -l\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 1\n";exit} | ||
36 | "2" | ||
37 | } | ||
38 | after 100 | ||
39 | send -- "exit\r" | ||
40 | sleep 1 | ||
41 | |||
42 | |||
43 | |||
44 | |||
45 | after 100 | ||
46 | puts "\nall done\n" | ||
47 | |||
diff --git a/test/fs/whitelist.exp b/test/fs/whitelist.exp index 9a9a0f353..9b631b884 100755 --- a/test/fs/whitelist.exp +++ b/test/fs/whitelist.exp | |||
@@ -36,7 +36,7 @@ after 200 | |||
36 | send -- "ln -s ~/fjtest-dir ~/fjtest-dir-lnk\r" | 36 | send -- "ln -s ~/fjtest-dir ~/fjtest-dir-lnk\r" |
37 | after 200 | 37 | after 200 |
38 | 38 | ||
39 | send -- "firejail --whitelist=~/fjtest-file --whitelist=~/fjtest-dir\r" | 39 | send -- "firejail --whitelist=~/fjtest-file --whitelist=~/fjtest-dir --debug\r" |
40 | expect { | 40 | expect { |
41 | timeout {puts "TESTING ERROR 0\n";exit} | 41 | timeout {puts "TESTING ERROR 0\n";exit} |
42 | "Child process initialized" | 42 | "Child process initialized" |
@@ -49,19 +49,19 @@ expect { | |||
49 | "2" | 49 | "2" |
50 | } | 50 | } |
51 | 51 | ||
52 | send -- "cat fjtest-file\r" | 52 | send -- "cat ~/fjtest-file\r" |
53 | expect { | 53 | expect { |
54 | timeout {puts "TESTING ERROR 2\n";exit} | 54 | timeout {puts "TESTING ERROR 2\n";exit} |
55 | "123" | 55 | "123" |
56 | } | 56 | } |
57 | 57 | ||
58 | send -- "cat fjtest-dir/fjtest-file\r" | 58 | send -- "cat ~/fjtest-dir/fjtest-file\r" |
59 | expect { | 59 | expect { |
60 | timeout {puts "TESTING ERROR 3\n";exit} | 60 | timeout {puts "TESTING ERROR 3\n";exit} |
61 | "123" | 61 | "123" |
62 | } | 62 | } |
63 | 63 | ||
64 | send -- "cat fjtest-dir/fjtest-dir/fjtest-file\r" | 64 | send -- "cat ~/fjtest-dir/fjtest-dir/fjtest-file\r" |
65 | expect { | 65 | expect { |
66 | timeout {puts "TESTING ERROR 4\n";exit} | 66 | timeout {puts "TESTING ERROR 4\n";exit} |
67 | "123" | 67 | "123" |
@@ -86,7 +86,7 @@ expect { | |||
86 | "1" | 86 | "1" |
87 | } | 87 | } |
88 | 88 | ||
89 | send -- "cat fjtest-dir/fjtest-dir/fjtest-file\r" | 89 | send -- "cat ~/fjtest-dir/fjtest-dir/fjtest-file\r" |
90 | expect { | 90 | expect { |
91 | timeout {puts "TESTING ERROR 12\n";exit} | 91 | timeout {puts "TESTING ERROR 12\n";exit} |
92 | "123" | 92 | "123" |
@@ -111,37 +111,37 @@ expect { | |||
111 | "4" | 111 | "4" |
112 | } | 112 | } |
113 | 113 | ||
114 | send -- "cat fjtest-file\r" | 114 | send -- "cat ~/fjtest-file\r" |
115 | expect { | 115 | expect { |
116 | timeout {puts "TESTING ERROR 22\n";exit} | 116 | timeout {puts "TESTING ERROR 22\n";exit} |
117 | "123" | 117 | "123" |
118 | } | 118 | } |
119 | 119 | ||
120 | send -- "cat fjtest-dir/fjtest-file\r" | 120 | send -- "cat ~/fjtest-dir/fjtest-file\r" |
121 | expect { | 121 | expect { |
122 | timeout {puts "TESTING ERROR 23\n";exit} | 122 | timeout {puts "TESTING ERROR 23\n";exit} |
123 | "123" | 123 | "123" |
124 | } | 124 | } |
125 | 125 | ||
126 | send -- "cat fjtest-dir/fjtest-dir/fjtest-file\r" | 126 | send -- "cat ~/fjtest-dir/fjtest-dir/fjtest-file\r" |
127 | expect { | 127 | expect { |
128 | timeout {puts "TESTING ERROR 24\n";exit} | 128 | timeout {puts "TESTING ERROR 24\n";exit} |
129 | "123" | 129 | "123" |
130 | } | 130 | } |
131 | 131 | ||
132 | send -- "cat fjtest-file-lnk\r" | 132 | send -- "cat ~/fjtest-file-lnk\r" |
133 | expect { | 133 | expect { |
134 | timeout {puts "TESTING ERROR 25\n";exit} | 134 | timeout {puts "TESTING ERROR 25\n";exit} |
135 | "123" | 135 | "123" |
136 | } | 136 | } |
137 | 137 | ||
138 | send -- "cat fjtest-dir-lnk/fjtest-file\r" | 138 | send -- "cat ~/fjtest-dir-lnk/fjtest-file\r" |
139 | expect { | 139 | expect { |
140 | timeout {puts "TESTING ERROR 26\n";exit} | 140 | timeout {puts "TESTING ERROR 26\n";exit} |
141 | "123" | 141 | "123" |
142 | } | 142 | } |
143 | 143 | ||
144 | send -- "cat fjtest-dir-lnk/fjtest-dir/fjtest-file\r" | 144 | send -- "cat ~/fjtest-dir-lnk/fjtest-dir/fjtest-file\r" |
145 | expect { | 145 | expect { |
146 | timeout {puts "TESTING ERROR 27\n";exit} | 146 | timeout {puts "TESTING ERROR 27\n";exit} |
147 | "123" | 147 | "123" |
@@ -193,13 +193,13 @@ expect { | |||
193 | "2" | 193 | "2" |
194 | } | 194 | } |
195 | 195 | ||
196 | send -- "cat fjtest-file-lnk\r" | 196 | send -- "cat ~/fjtest-file-lnk\r" |
197 | expect { | 197 | expect { |
198 | timeout {puts "TESTING ERROR 42\n";exit} | 198 | timeout {puts "TESTING ERROR 42\n";exit} |
199 | "123" | 199 | "123" |
200 | } | 200 | } |
201 | 201 | ||
202 | send -- "cat fjtest-dir-lnk/fjtest-file\r" | 202 | send -- "cat ~/fjtest-dir-lnk/fjtest-file\r" |
203 | expect { | 203 | expect { |
204 | timeout {puts "TESTING ERROR 43\n";exit} | 204 | timeout {puts "TESTING ERROR 43\n";exit} |
205 | "123" | 205 | "123" |
diff --git a/test/network/ip6.exp b/test/network/ip6.exp index f0fcebcf8..1db16c28a 100755 --- a/test/network/ip6.exp +++ b/test/network/ip6.exp | |||
@@ -43,6 +43,46 @@ expect { | |||
43 | } | 43 | } |
44 | 44 | ||
45 | send -- "exit\r" | 45 | send -- "exit\r" |
46 | sleep 2 | ||
47 | |||
48 | |||
49 | send -- "firejail --debug --profile=ip6.profile\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 10\n";exit} | ||
52 | "Installing network filter" | ||
53 | } | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 11\n";exit} | ||
56 | "DROP" | ||
57 | } | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 12\n";exit} | ||
60 | "unable to initialize table 'filter'" {puts "\nTESTING SKIP 2: no IPv6 support\n"; exit} | ||
61 | "2001:db8:1f0a:3ec::2" | ||
62 | } | ||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 13\n";exit} | ||
65 | "Child process initialized" | ||
66 | } | ||
67 | sleep 2 | ||
68 | |||
69 | send -- "/sbin/ifconfig\r" | ||
70 | expect { | ||
71 | timeout {puts "TESTING ERROR 14\n";exit} | ||
72 | "inet6" | ||
73 | } | ||
74 | expect { | ||
75 | timeout {puts "TESTING ERROR 15\n";exit} | ||
76 | "2001:db8:0:f101::1" | ||
77 | } | ||
78 | expect { | ||
79 | timeout {puts "TESTING ERROR 16\n";exit} | ||
80 | "Scope:Global" { puts "Debian\n"} | ||
81 | "scopeid 0x0<global>" { puts "Arch\n"} | ||
82 | } | ||
83 | |||
84 | send -- "exit\r" | ||
85 | |||
46 | after 100 | 86 | after 100 |
47 | 87 | ||
48 | puts "\nall done\n" | 88 | puts "\nall done\n" |
diff --git a/test/network/ip6.profile b/test/network/ip6.profile new file mode 100644 index 000000000..87afa3941 --- /dev/null +++ b/test/network/ip6.profile | |||
@@ -0,0 +1,3 @@ | |||
1 | net br0 | ||
2 | ip6 2001:0db8:0:f101::1/64 | ||
3 | netfilter6 ipv6.net | ||
diff --git a/test/network/iprange.exp b/test/network/iprange.exp new file mode 100755 index 000000000..a1b2ccab4 --- /dev/null +++ b/test/network/iprange.exp | |||
@@ -0,0 +1,103 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --net=br1 --iprange=10.10.30.50,10.10.30.55\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "eth0" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "10.10.30.50" {puts "10.10.30.50\n"} | ||
18 | "10.10.30.51" {puts "10.10.30.51\n"} | ||
19 | "10.10.30.52" {puts "10.10.30.52\n"} | ||
20 | "10.10.30.53" {puts "10.10.30.53\n"} | ||
21 | "10.10.30.54" {puts "10.10.30.54\n"} | ||
22 | "10.10.30.55" {puts "10.10.30.55\n"} | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 2\n";exit} | ||
26 | "255.255.255.0" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 3\n";exit} | ||
30 | "Child process initialized" | ||
31 | } | ||
32 | sleep 1 | ||
33 | send -- "exit\r" | ||
34 | sleep 2 | ||
35 | |||
36 | send -- "firejail --profile=iprange.profile\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 5\n";exit} | ||
39 | "eth0" | ||
40 | } | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 6\n";exit} | ||
43 | "10.10.30.50" {puts "10.10.30.50\n"} | ||
44 | "10.10.30.51" {puts "10.10.30.51\n"} | ||
45 | "10.10.30.52" {puts "10.10.30.52\n"} | ||
46 | "10.10.30.53" {puts "10.10.30.53\n"} | ||
47 | "10.10.30.54" {puts "10.10.30.54\n"} | ||
48 | "10.10.30.55" {puts "10.10.30.55\n"} | ||
49 | } | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 7\n";exit} | ||
52 | "255.255.255.0" | ||
53 | } | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 8\n";exit} | ||
56 | "Child process initialized" | ||
57 | } | ||
58 | sleep 1 | ||
59 | send -- "exit\r" | ||
60 | sleep 2 | ||
61 | |||
62 | |||
63 | |||
64 | send -- "firejail --iprange=10.10.30.50,10.10.30.55\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 9\n";exit} | ||
67 | "no network device configured" | ||
68 | } | ||
69 | after 100 | ||
70 | |||
71 | send -- "firejail --net=br1 --iprange=10.10.30.50,10.10.30.55 --iprange=10.10.30.50,10.10.30.55\r" | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 10\n";exit} | ||
74 | "cannot configure the IP range twice for the same interface" | ||
75 | } | ||
76 | after 100 | ||
77 | |||
78 | send -- "firejail --net=br1 --iprange=10.10.30.50\r" | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 11\n";exit} | ||
81 | "invalid IP range" | ||
82 | } | ||
83 | after 100 | ||
84 | |||
85 | send -- "firejail --net=br0 --iprange=10.10.30.50,10.10.30.55\r" | ||
86 | expect { | ||
87 | timeout {puts "TESTING ERROR 12\n";exit} | ||
88 | "IP range addresses not in network range" | ||
89 | } | ||
90 | after 100 | ||
91 | |||
92 | send -- "firejail --net=br1 --iprange=10.10.30.55,10.10.30.50\r" | ||
93 | expect { | ||
94 | timeout {puts "TESTING ERROR 12\n";exit} | ||
95 | "invalid IP range" | ||
96 | } | ||
97 | after 100 | ||
98 | |||
99 | |||
100 | after 100 | ||
101 | |||
102 | puts "\nall done\n" | ||
103 | |||
diff --git a/test/network/iprange.profile b/test/network/iprange.profile new file mode 100644 index 000000000..ecc01cd93 --- /dev/null +++ b/test/network/iprange.profile | |||
@@ -0,0 +1,2 @@ | |||
1 | net br1 | ||
2 | iprange 10.10.30.50,10.10.30.55 | ||
diff --git a/test/network/network.sh b/test/network/network.sh index e1646d64a..bea5dfb26 100755 --- a/test/network/network.sh +++ b/test/network/network.sh | |||
@@ -78,6 +78,12 @@ echo "TESTING: veth (net_veth.exp)" | |||
78 | echo "TESTING: netfilter (net_netfilter.exp)" | 78 | echo "TESTING: netfilter (net_netfilter.exp)" |
79 | ./net_netfilter.exp | 79 | ./net_netfilter.exp |
80 | 80 | ||
81 | echo "TESTING: iprange (iprange.exp)" | ||
82 | ./iprange.exp | ||
83 | |||
84 | echo "TESTING: veth-name (veth-name.exp)" | ||
85 | ./veth-name.exp | ||
86 | |||
81 | echo "TESTING: 4 bridges ARP (4bridges_arp.exp)" | 87 | echo "TESTING: 4 bridges ARP (4bridges_arp.exp)" |
82 | ./4bridges_arp.exp | 88 | ./4bridges_arp.exp |
83 | 89 | ||
diff --git a/test/network/veth-name.exp b/test/network/veth-name.exp new file mode 100755 index 000000000..36ed41d92 --- /dev/null +++ b/test/network/veth-name.exp | |||
@@ -0,0 +1,77 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # | ||
11 | send -- "firejail --net=br1 --ip=10.10.30.50 --veth-name=blablabla\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "eth0" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "10.10.30.50" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 2\n";exit} | ||
22 | "255.255.255.0" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3\n";exit} | ||
26 | "Child process initialized" | ||
27 | } | ||
28 | sleep 1 | ||
29 | |||
30 | spawn $env(SHELL) | ||
31 | send -- "ip link show\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 4\n";exit} | ||
34 | "blablabla" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 5\n";exit} | ||
38 | "master br1 state UP" | ||
39 | } | ||
40 | sleep 1 | ||
41 | |||
42 | |||
43 | send -- "firejail --profile=veth-name.profile\r" | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 6\n";exit} | ||
46 | "eth0" | ||
47 | } | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 7\n";exit} | ||
50 | "10.10.60.51" | ||
51 | } | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 8\n";exit} | ||
54 | "255.255.255.0" | ||
55 | } | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 9\n";exit} | ||
58 | "Child process initialized" | ||
59 | } | ||
60 | sleep 1 | ||
61 | |||
62 | spawn $env(SHELL) | ||
63 | send -- "ip link show\r" | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 10\n";exit} | ||
66 | "bingo" | ||
67 | } | ||
68 | expect { | ||
69 | timeout {puts "TESTING ERROR 11\n";exit} | ||
70 | "master br4 state UP" | ||
71 | } | ||
72 | sleep 1 | ||
73 | |||
74 | |||
75 | after 100 | ||
76 | puts "\nall done\n" | ||
77 | |||
diff --git a/test/network/veth-name.profile b/test/network/veth-name.profile new file mode 100644 index 000000000..f00a74d63 --- /dev/null +++ b/test/network/veth-name.profile | |||
@@ -0,0 +1,3 @@ | |||
1 | net br4 | ||
2 | ip 10.10.60.51 | ||
3 | veth-name bingo | ||
diff --git a/test/root/root.sh b/test/root/root.sh index 494bd4fe7..01c372f68 100755 --- a/test/root/root.sh +++ b/test/root/root.sh | |||
@@ -53,6 +53,9 @@ fi | |||
53 | echo "TESTING: fs private (test/root/private.exp)" | 53 | echo "TESTING: fs private (test/root/private.exp)" |
54 | ./private.exp | 54 | ./private.exp |
55 | 55 | ||
56 | echo "TESTING: fs whitelist mnt, opt, media(test/root/whitelist-mnt.exp)" | ||
57 | ./whitelist-mnt.exp | ||
58 | |||
56 | #******************************** | 59 | #******************************** |
57 | # seccomp | 60 | # seccomp |
58 | #******************************** | 61 | #******************************** |
diff --git a/test/root/whitelist-mnt.exp b/test/root/whitelist-mnt.exp new file mode 100755 index 000000000..58ae4fffc --- /dev/null +++ b/test/root/whitelist-mnt.exp | |||
@@ -0,0 +1,86 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "touch /mnt/firejail-test-file\r" | ||
11 | after 100 | ||
12 | send -- "firejail --whitelist=/mnt/firejail-test-file --debug\r" | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 0\n";exit} | ||
15 | "Child process initialized" | ||
16 | } | ||
17 | sleep 1 | ||
18 | |||
19 | send -- "find /mnt | wc -l\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "2" | ||
23 | } | ||
24 | after 100 | ||
25 | send -- "exit\r" | ||
26 | sleep 1 | ||
27 | |||
28 | |||
29 | send -- "touch /opt/firejail-test-file\r" | ||
30 | after 100 | ||
31 | send -- "firejail --whitelist=/opt/firejail-test-file --debug\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 0\n";exit} | ||
34 | "Child process initialized" | ||
35 | } | ||
36 | sleep 1 | ||
37 | |||
38 | send -- "find /opt | wc -l\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 1\n";exit} | ||
41 | "2" | ||
42 | } | ||
43 | after 100 | ||
44 | send -- "exit\r" | ||
45 | sleep 1 | ||
46 | |||
47 | send -- "touch /media/firejail-test-file\r" | ||
48 | after 100 | ||
49 | send -- "firejail --whitelist=/media/firejail-test-file --debug\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 0\n";exit} | ||
52 | "Child process initialized" | ||
53 | } | ||
54 | sleep 1 | ||
55 | |||
56 | send -- "find /media | wc -l\r" | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 1\n";exit} | ||
59 | "2" | ||
60 | } | ||
61 | after 100 | ||
62 | send -- "exit\r" | ||
63 | sleep 1 | ||
64 | |||
65 | |||
66 | send -- "firejail --whitelist=/var/run --whitelist=/var/lock --debug\r" | ||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 0\n";exit} | ||
69 | "Child process initialized" | ||
70 | } | ||
71 | sleep 1 | ||
72 | |||
73 | send -- "find /var | wc -l\r" | ||
74 | expect { | ||
75 | timeout {puts "TESTING ERROR 1\n";exit} | ||
76 | "" | ||
77 | } | ||
78 | after 100 | ||
79 | send -- "exit\r" | ||
80 | sleep 1 | ||
81 | |||
82 | |||
83 | |||
84 | after 100 | ||
85 | puts "\nall done\n" | ||
86 | |||