diff options
Diffstat (limited to 'test')
-rw-r--r-- | test/appimage/Leafpad-0.8.17-x86_64.AppImage | bin | 0 -> 786432 bytes | |||
-rw-r--r-- | test/appimage/Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage | bin | 0 -> 231417 bytes | |||
-rwxr-xr-x | test/appimage/appimage-v1.exp | 85 | ||||
-rwxr-xr-x | test/appimage/appimage-v2.exp | 85 | ||||
-rwxr-xr-x | test/appimage/appimage.sh | 16 | ||||
-rwxr-xr-x | test/appimage/filename.exp | 35 | ||||
-rwxr-xr-x | test/apps-x11-xorg/apps-x11-xorg.sh | 35 | ||||
-rwxr-xr-x | test/apps-x11-xorg/firefox.exp | 91 | ||||
-rwxr-xr-x | test/apps-x11-xorg/icedove.exp | 86 | ||||
-rwxr-xr-x | test/apps-x11-xorg/transmission-gtk.exp | 86 | ||||
-rwxr-xr-x | test/apps-x11/apps-x11.sh | 88 | ||||
-rwxr-xr-x | test/apps-x11/chromium.exp (renamed from test/chromium-x11.exp) | 6 | ||||
-rwxr-xr-x | test/apps-x11/firefox.exp | 91 | ||||
-rwxr-xr-x | test/apps-x11/icedove.exp | 86 | ||||
-rwxr-xr-x | test/apps-x11/transmission-gtk.exp (renamed from test/transmission-gtk-x11.exp) | 6 | ||||
-rwxr-xr-x | test/apps-x11/x11-none.exp | 48 | ||||
-rwxr-xr-x | test/apps-x11/x11-xephyr.exp | 59 | ||||
-rwxr-xr-x | test/apps-x11/xterm-xephyr.exp | 86 | ||||
-rwxr-xr-x | test/apps-x11/xterm-xorg.exp | 86 | ||||
-rwxr-xr-x | test/apps-x11/xterm-xpra.exp | 98 | ||||
-rwxr-xr-x | test/apps/apps.sh (renamed from test/test-apps.sh) | 91 | ||||
-rwxr-xr-x | test/apps/chromium.exp (renamed from test/chromium.exp) | 10 | ||||
-rwxr-xr-x | test/apps/deluge.exp (renamed from test/deluge.exp) | 10 | ||||
-rwxr-xr-x | test/apps/evince.exp (renamed from test/evince.exp) | 10 | ||||
-rwxr-xr-x | test/apps/fbreader.exp (renamed from test/fbreader.exp) | 10 | ||||
-rwxr-xr-x | test/apps/filezilla.exp | 84 | ||||
-rwxr-xr-x | test/apps/firefox.exp (renamed from test/firefox.exp) | 10 | ||||
-rwxr-xr-x | test/apps/gnome-mplayer.exp (renamed from test/gnome-mplayer.exp) | 12 | ||||
-rwxr-xr-x | test/apps/gthumb.exp (renamed from test/weechat.exp) | 22 | ||||
-rwxr-xr-x | test/apps/hexchat.exp (renamed from test/hexchat.exp) | 10 | ||||
-rwxr-xr-x | test/apps/icedove.exp (renamed from test/icedove.exp) | 10 | ||||
-rwxr-xr-x | test/apps/midori.exp (renamed from test/midori.exp) | 12 | ||||
-rwxr-xr-x | test/apps/opera.exp (renamed from test/opera.exp) | 10 | ||||
-rwxr-xr-x | test/apps/qbittorrent.exp | 84 | ||||
-rwxr-xr-x | test/apps/transmission-gtk.exp (renamed from test/transmission-gtk.exp) | 12 | ||||
-rwxr-xr-x | test/apps/transmission-qt.exp (renamed from test/transmission-qt.exp) | 12 | ||||
-rwxr-xr-x | test/apps/uget-gtk.exp | 84 | ||||
-rwxr-xr-x | test/apps/vlc.exp (renamed from test/vlc.exp) | 10 | ||||
-rwxr-xr-x | test/apps/wine.exp (renamed from test/wine.exp) | 3 | ||||
-rwxr-xr-x | test/apps/xchat.exp (renamed from test/xchat.exp) | 10 | ||||
-rwxr-xr-x | test/arguments/arguments.sh | 23 | ||||
-rwxr-xr-x | test/arguments/bashrun.exp | 86 | ||||
-rwxr-xr-x | test/arguments/bashrun.sh | 22 | ||||
-rwxr-xr-x | test/arguments/joinrun.exp | 91 | ||||
-rwxr-xr-x | test/arguments/joinrun.sh | 22 | ||||
-rwxr-xr-x | test/arguments/outrun.exp | 90 | ||||
-rwxr-xr-x | test/arguments/outrun.sh | 22 | ||||
-rwxr-xr-x | test/arguments/symrun.exp | 71 | ||||
-rwxr-xr-x | test/arguments/symrun.sh | 30 | ||||
-rwxr-xr-x | test/auto/autotest.sh | 202 | ||||
-rwxr-xr-x | test/chroot-resolvconf.exp | 14 | ||||
-rwxr-xr-x | test/chroot/chroot.sh | 21 | ||||
-rwxr-xr-x | test/chroot/configure | 46 | ||||
-rwxr-xr-x | test/chroot/fs_chroot.exp (renamed from test/fs_chroot.exp) | 26 | ||||
-rwxr-xr-x | test/chroot/unchroot-as-root.exp | 27 | ||||
-rw-r--r-- | test/chroot/unchroot.c | 40 | ||||
-rwxr-xr-x | test/compile/compile.sh | 150 | ||||
-rwxr-xr-x | test/configure | 2 | ||||
-rwxr-xr-x | test/dns.exp | 69 | ||||
-rwxr-xr-x | test/environment/allow-debuggers.exp | 40 | ||||
-rwxr-xr-x | test/environment/csh.exp (renamed from test/shell_csh.exp) | 18 | ||||
-rwxr-xr-x | test/environment/dash.exp (renamed from test/shell_dash.exp) | 3 | ||||
-rwxr-xr-x | test/environment/dns.exp | 76 | ||||
-rw-r--r-- | test/environment/dns.profile | 3 | ||||
-rwxr-xr-x | test/environment/doubledash.exp (renamed from test/doubledash.exp) | 10 | ||||
-rwxr-xr-x | test/environment/env.exp (renamed from test/env.exp) | 5 | ||||
-rw-r--r-- | test/environment/env.profile (renamed from test/env.profile) | 0 | ||||
-rwxr-xr-x | test/environment/environment.sh | 113 | ||||
-rwxr-xr-x | test/environment/extract_command.exp (renamed from test/extract_command.exp) | 4 | ||||
-rwxr-xr-x | test/environment/firejail-in-firejail.exp | 49 | ||||
-rwxr-xr-x | test/environment/firejail-in-firejail2.exp | 51 | ||||
-rwxr-xr-x | test/environment/ibus.exp (renamed from test/sysrq-trigger.exp) | 17 | ||||
-rwxr-xr-x | test/environment/nice.exp (renamed from test/nice.exp) | 13 | ||||
-rw-r--r-- | test/environment/nice.profile (renamed from test/nice.profile) | 0 | ||||
-rwxr-xr-x | test/environment/output.exp (renamed from test/output.exp) | 7 | ||||
-rwxr-xr-x | test/environment/output.sh (renamed from test/output.sh) | 0 | ||||
-rwxr-xr-x | test/environment/quiet.exp | 21 | ||||
-rwxr-xr-x | test/environment/rlimit-bad-profile.exp | 35 | ||||
-rwxr-xr-x | test/environment/rlimit-bad.exp | 34 | ||||
-rw-r--r-- | test/environment/rlimit-bad1.profile | 1 | ||||
-rw-r--r-- | test/environment/rlimit-bad2.profile | 1 | ||||
-rw-r--r-- | test/environment/rlimit-bad3.profile | 1 | ||||
-rw-r--r-- | test/environment/rlimit-bad4.profile | 1 | ||||
-rwxr-xr-x | test/environment/rlimit-profile.exp (renamed from test/profile_rlimit.exp) | 11 | ||||
-rwxr-xr-x | test/environment/rlimit.exp (renamed from test/option_rlimit.exp) | 3 | ||||
-rw-r--r-- | test/environment/rlimit.profile (renamed from test/rlimit.profile) | 0 | ||||
-rwxr-xr-x | test/environment/shell-none.exp | 48 | ||||
-rw-r--r-- | test/environment/shell-none.profile | 1 | ||||
-rwxr-xr-x | test/environment/sound.exp (renamed from test/sound.exp) | 8 | ||||
-rw-r--r-- | test/environment/sound.profile (renamed from test/sound.profile) | 0 | ||||
-rwxr-xr-x | test/environment/zsh.exp (renamed from test/shell_zsh.exp) | 20 | ||||
-rwxr-xr-x | test/fcopy/cmdline.exp | 46 | ||||
-rwxr-xr-x | test/fcopy/dircopy.exp | 106 | ||||
-rwxr-xr-x | test/fcopy/fcopy.sh | 23 | ||||
-rwxr-xr-x | test/fcopy/filecopy.exp | 54 | ||||
-rwxr-xr-x | test/fcopy/linkcopy.exp | 54 | ||||
-rw-r--r-- | test/fcopy/src/a/b/file4 | 11 | ||||
-rw-r--r-- | test/fcopy/src/a/file3 | 0 | ||||
l--------- | test/fcopy/src/dircopy.exp | 1 | ||||
-rwxr-xr-x | test/fcopy/src/file1 | 0 | ||||
-rw-r--r-- | test/fcopy/src/file2 | 0 | ||||
-rwxr-xr-x | test/features/1.2.exp | 30 | ||||
-rwxr-xr-x | test/features/1.8.exp | 18 | ||||
-rwxr-xr-x | test/features/3.5.exp | 10 | ||||
-rwxr-xr-x | test/features/3.6.exp | 11 | ||||
-rwxr-xr-x | test/features/3.8.exp | 8 | ||||
-rwxr-xr-x | test/filters/caps-print.exp | 103 | ||||
-rwxr-xr-x | test/filters/caps.exp | 139 | ||||
-rw-r--r-- | test/filters/caps1.profile | 1 | ||||
-rw-r--r-- | test/filters/caps2.profile | 1 | ||||
-rw-r--r-- | test/filters/caps3.profile | 1 | ||||
-rwxr-xr-x | test/filters/filters.sh | 71 | ||||
-rwxr-xr-x | test/filters/fseccomp.exp | 138 | ||||
-rwxr-xr-x | test/filters/noroot.exp | 160 | ||||
-rwxr-xr-x | test/filters/protocol.exp (renamed from test/protocol.exp) | 19 | ||||
-rw-r--r-- | test/filters/protocol1.profile (renamed from test/protocol1.profile) | 0 | ||||
-rw-r--r-- | test/filters/protocol2.profile (renamed from test/protocol2.profile) | 0 | ||||
-rwxr-xr-x | test/filters/seccomp-bad-empty.exp (renamed from test/seccomp-bad-empty.exp) | 5 | ||||
-rw-r--r-- | test/filters/seccomp-bad-empty.profile (renamed from test/seccomp-bad-empty.profile) | 0 | ||||
-rw-r--r-- | test/filters/seccomp-bad-empty2.profile (renamed from test/seccomp-bad-empty2.profile) | 0 | ||||
-rwxr-xr-x | test/filters/seccomp-chmod-profile.exp (renamed from test/ip6.exp) | 36 | ||||
-rwxr-xr-x | test/filters/seccomp-chmod.exp (renamed from test/pid.exp) | 36 | ||||
-rwxr-xr-x | test/filters/seccomp-chown.exp (renamed from test/seccomp-chown.exp) | 7 | ||||
-rwxr-xr-x | test/filters/seccomp-debug.exp (renamed from test/seccomp-debug.exp) | 3 | ||||
-rwxr-xr-x | test/filters/seccomp-dualfilter.exp | 55 | ||||
-rwxr-xr-x | test/filters/seccomp-empty.exp (renamed from test/seccomp-empty.exp) | 4 | ||||
-rw-r--r-- | test/filters/seccomp-empty.profile (renamed from test/seccomp-empty.profile) | 0 | ||||
-rwxr-xr-x | test/filters/seccomp-errno.exp | 54 | ||||
-rwxr-xr-x | test/filters/seccomp-ptrace.exp (renamed from test/seccomp-ptrace.exp) | 5 | ||||
-rwxr-xr-x | test/filters/seccomp-su.exp (renamed from test/seccomp-su.exp) | 16 | ||||
-rw-r--r-- | test/filters/seccomp.profile (renamed from test/seccomp.profile) | 0 | ||||
-rwxr-xr-x | test/filters/syscall_test | bin | 0 -> 9552 bytes | |||
-rw-r--r-- | test/filters/syscall_test.c | 82 | ||||
-rwxr-xr-x | test/filters/syscall_test32 | bin | 0 -> 6868 bytes | |||
-rwxr-xr-x | test/firejail-in-firejail.exp | 21 | ||||
-rwxr-xr-x | test/firejail-in-firejail2.exp | 21 | ||||
-rwxr-xr-x | test/fs/fs.sh | 116 | ||||
-rwxr-xr-x | test/fs/fs_dev_shm.exp (renamed from test/fs_dev_shm.exp) | 63 | ||||
-rwxr-xr-x | test/fs/fs_var_lock.exp | 90 | ||||
-rwxr-xr-x | test/fs/fs_var_tmp.exp (renamed from test/fs_var_tmp.exp) | 63 | ||||
-rwxr-xr-x | test/fs/fscheck-bindnoroot.exp (renamed from test/fscheck-bindnoroot.exp) | 5 | ||||
-rwxr-xr-x | test/fs/fscheck-private.exp | 50 | ||||
-rwxr-xr-x | test/fs/fscheck-readonly.exp (renamed from test/fscheck-readonly.exp) | 3 | ||||
-rwxr-xr-x | test/fs/fscheck-tmpfs.exp (renamed from test/fscheck-tmpfs.exp) | 2 | ||||
-rwxr-xr-x | test/fs/invalid_filename.exp (renamed from test/invalid_filename.exp) | 39 | ||||
-rwxr-xr-x | test/fs/kmsg.exp (renamed from test/kmsg.exp) | 7 | ||||
-rwxr-xr-x | test/fs/mkdir.exp | 20 | ||||
-rw-r--r-- | test/fs/mkdir.profile | 2 | ||||
-rwxr-xr-x | test/fs/mkdir_mkfile.exp | 46 | ||||
-rw-r--r-- | test/fs/mkdir_mkfile.profile | 4 | ||||
-rwxr-xr-x | test/fs/option_bind_user.exp (renamed from test/option_bind_user.exp) | 2 | ||||
-rwxr-xr-x | test/fs/option_blacklist.exp (renamed from test/option_blacklist.exp) | 13 | ||||
-rwxr-xr-x | test/fs/option_blacklist_file.exp (renamed from test/option_blacklist_file.exp) | 6 | ||||
-rwxr-xr-x | test/fs/option_blacklist_glob.exp | 33 | ||||
-rwxr-xr-x | test/fs/private-bin.exp (renamed from test/private-bin.exp) | 24 | ||||
-rw-r--r-- | test/fs/private-bin.profile (renamed from test/private-bin.profile) | 0 | ||||
-rwxr-xr-x | test/fs/private-etc-empty.exp | 42 | ||||
-rw-r--r-- | test/fs/private-etc-empty.profile | 1 | ||||
-rwxr-xr-x | test/fs/private-etc.exp | 73 | ||||
-rwxr-xr-x | test/fs/private-home-dir.exp | 70 | ||||
-rwxr-xr-x | test/fs/private-home.exp | 103 | ||||
-rwxr-xr-x | test/fs/private-homedir.exp | 25 | ||||
-rwxr-xr-x | test/fs/private-whitelist.exp (renamed from test/private-whitelist.exp) | 13 | ||||
-rwxr-xr-x | test/fs/private.exp | 58 | ||||
-rwxr-xr-x | test/fs/read-write.exp | 35 | ||||
-rwxr-xr-x | test/fs/sys_fs.exp | 44 | ||||
-rw-r--r-- | test/fs/testdir1/.directory/file | 0 | ||||
-rw-r--r-- | test/fs/testdir1/.file | 0 | ||||
-rw-r--r-- | test/fs/testfile1 | 0 | ||||
-rw-r--r-- | test/fs/user-dirs.dirs | 15 | ||||
-rwxr-xr-x | test/fs/whitelist-dev.exp | 47 | ||||
-rwxr-xr-x | test/fs/whitelist-double.exp | 42 | ||||
-rwxr-xr-x | test/fs/whitelist-downloads.exp | 49 | ||||
-rwxr-xr-x | test/fs/whitelist-empty.exp (renamed from test/whitelist-empty.exp) | 4 | ||||
-rwxr-xr-x | test/fs/whitelist.exp | 226 | ||||
-rwxr-xr-x | test/fs_var_lock.exp | 87 | ||||
-rwxr-xr-x | test/fscheck-private.exp | 70 | ||||
-rwxr-xr-x | test/google-chrome.exp | 80 | ||||
-rwxr-xr-x | test/net_interface.exp | 88 | ||||
-rwxr-xr-x | test/network/4bridges_arp.exp (renamed from test/4bridges_arp.exp) | 22 | ||||
-rwxr-xr-x | test/network/4bridges_ip.exp (renamed from test/4bridges_ip.exp) | 22 | ||||
-rw-r--r-- | test/network/README | 14 | ||||
-rwxr-xr-x | test/network/bandwidth.exp (renamed from test/bandwidth.exp) | 13 | ||||
-rwxr-xr-x | test/network/configure | 27 | ||||
-rwxr-xr-x | test/network/dns-print.exp | 31 | ||||
-rwxr-xr-x | test/network/firemon-arp.exp | 50 | ||||
-rwxr-xr-x | test/network/firemon-interfaces.exp | 67 | ||||
-rwxr-xr-x | test/network/firemon-route.exp (renamed from test/firemon-route.exp) | 30 | ||||
-rwxr-xr-x | test/network/hostname.exp (renamed from test/hostname.exp) | 12 | ||||
-rwxr-xr-x | test/network/interface.exp | 66 | ||||
-rwxr-xr-x | test/network/ip6.exp | 89 | ||||
-rw-r--r-- | test/network/ip6.profile | 3 | ||||
-rwxr-xr-x | test/network/iprange.exp | 103 | ||||
-rw-r--r-- | test/network/iprange.profile | 2 | ||||
-rw-r--r-- | test/network/ipv6.net (renamed from test/ipv6.net) | 0 | ||||
-rw-r--r-- | test/network/net-profile.profile | 10 | ||||
-rwxr-xr-x | test/network/net_arp.exp (renamed from test/net_arp.exp) | 5 | ||||
-rwxr-xr-x | test/network/net_badip.exp (renamed from test/net_badip.exp) | 5 | ||||
-rwxr-xr-x | test/network/net_defaultgw.exp (renamed from test/net_defaultgw.exp) | 6 | ||||
-rwxr-xr-x | test/network/net_defaultgw2.exp (renamed from test/net_defaultgw2.exp) | 6 | ||||
-rwxr-xr-x | test/network/net_defaultgw3.exp (renamed from test/net_defaultgw3.exp) | 6 | ||||
-rwxr-xr-x | test/network/net_ip.exp (renamed from test/net_ip.exp) | 10 | ||||
-rwxr-xr-x | test/network/net_local.exp (renamed from test/net_local.exp) | 9 | ||||
-rwxr-xr-x | test/network/net_mac.exp (renamed from test/net_mac.exp) | 6 | ||||
-rwxr-xr-x | test/network/net_macvlan2.exp | 43 | ||||
-rwxr-xr-x | test/network/net_mtu.exp (renamed from test/net_mtu.exp) | 5 | ||||
-rwxr-xr-x | test/network/net_netfilter.exp (renamed from test/net_netfilter.exp) | 9 | ||||
-rwxr-xr-x | test/network/net_noip.exp (renamed from test/net_noip.exp) | 12 | ||||
-rwxr-xr-x | test/network/net_noip2.exp (renamed from test/net_noip2.exp) | 12 | ||||
-rwxr-xr-x | test/network/net_none.exp (renamed from test/net_none.exp) | 24 | ||||
-rw-r--r-- | test/network/net_none.profile (renamed from test/net_none.profile) | 0 | ||||
-rwxr-xr-x | test/network/net_profile.exp | 77 | ||||
-rwxr-xr-x | test/network/net_scan.exp | 75 | ||||
-rwxr-xr-x | test/network/net_veth.exp | 142 | ||||
-rw-r--r-- | test/network/netfilter.filter (renamed from test/netfilter.filter) | 0 | ||||
-rw-r--r-- | test/network/netfilter.profile (renamed from test/netfilter.profile) | 0 | ||||
-rwxr-xr-x | test/network/netstats.exp | 39 | ||||
-rwxr-xr-x | test/network/network.sh | 100 | ||||
-rwxr-xr-x | test/network/veth-name.exp | 77 | ||||
-rw-r--r-- | test/network/veth-name.profile | 3 | ||||
-rwxr-xr-x | test/noroot.exp | 117 | ||||
-rw-r--r-- | test/notes | 13 | ||||
-rwxr-xr-x | test/option-join-profile.exp | 39 | ||||
-rwxr-xr-x | test/option-join.exp | 39 | ||||
-rwxr-xr-x | test/option-join2.exp | 39 | ||||
-rwxr-xr-x | test/option-join3.exp | 39 | ||||
-rwxr-xr-x | test/option-shutdown.exp | 30 | ||||
-rwxr-xr-x | test/option-trace.exp | 25 | ||||
-rwxr-xr-x | test/overlay/firefox-x11-xorg.exp | 90 | ||||
-rwxr-xr-x | test/overlay/firefox-x11.exp (renamed from test/firefox-x11.exp) | 7 | ||||
-rwxr-xr-x | test/overlay/firefox.exp | 99 | ||||
-rwxr-xr-x | test/overlay/fs-named.exp | 66 | ||||
-rwxr-xr-x | test/overlay/fs-tmpfs.exp (renamed from test/fs_overlay.exp) | 54 | ||||
-rwxr-xr-x | test/overlay/fs.exp | 46 | ||||
-rwxr-xr-x | test/overlay/overlay.sh | 67 | ||||
-rwxr-xr-x | test/private-etc.exp | 42 | ||||
-rwxr-xr-x | test/private.exp | 97 | ||||
-rwxr-xr-x | test/private_dir.exp | 2 | ||||
-rwxr-xr-x | test/private_dir_profile.exp | 2 | ||||
-rwxr-xr-x | test/profile_tmpfs.exp | 37 | ||||
-rwxr-xr-x | test/profiles/ignore.exp (renamed from test/ignore.exp) | 5 | ||||
-rw-r--r-- | test/profiles/ignore.profile (renamed from test/ignore.profile) | 0 | ||||
-rw-r--r-- | test/profiles/ignore2.profile (renamed from test/ignore2.profile) | 0 | ||||
-rwxr-xr-x | test/profiles/profile_followlnk.exp (renamed from test/profile_followlnk.exp) | 40 | ||||
-rwxr-xr-x | test/profiles/profile_noperm.exp (renamed from test/profile_noperm.exp) | 4 | ||||
-rwxr-xr-x | test/profiles/profile_readonly.exp (renamed from test/profile_readonly.exp) | 42 | ||||
-rwxr-xr-x | test/profiles/profile_syntax.exp (renamed from test/profile_syntax.exp) | 27 | ||||
-rwxr-xr-x | test/profiles/profile_syntax2.exp (renamed from test/profile_syntax2.exp) | 7 | ||||
-rwxr-xr-x | test/profiles/profiles.sh | 34 | ||||
-rw-r--r-- | test/profiles/readonly-lnk.profile (renamed from test/readonly-lnk.profile) | 0 | ||||
-rw-r--r-- | test/profiles/readonly.profile (renamed from test/readonly.profile) | 0 | ||||
-rwxr-xr-x | test/profiles/test-profile.exp (renamed from test/test-profile.exp) | 7 | ||||
-rw-r--r-- | test/profiles/test.profile (renamed from test/test.profile) | 0 | ||||
-rw-r--r-- | test/profiles/test2.profile (renamed from test/test2.profile) | 0 | ||||
-rwxr-xr-x | test/quiet.exp | 17 | ||||
-rwxr-xr-x | test/root/apache2.exp (renamed from test/servers3.exp) | 10 | ||||
-rwxr-xr-x | test/root/firecfg.exp | 46 | ||||
-rw-r--r-- | test/root/firejail.config | 20 | ||||
-rwxr-xr-x | test/root/firemon-events.exp | 72 | ||||
-rwxr-xr-x | test/root/isc-dhcp.exp (renamed from test/servers4.exp) | 9 | ||||
-rwxr-xr-x | test/root/join.exp | 52 | ||||
-rwxr-xr-x | test/root/nginx.exp (renamed from test/servers6.exp) | 10 | ||||
-rwxr-xr-x | test/root/option_bind_directory.exp (renamed from test/option_bind_directory.exp) | 0 | ||||
-rwxr-xr-x | test/root/option_bind_file.exp (renamed from test/option_bind_file.exp) | 0 | ||||
-rwxr-xr-x | test/root/option_tmpfs.exp (renamed from test/option_tmpfs.exp) | 10 | ||||
-rwxr-xr-x | test/root/private.exp | 90 | ||||
-rwxr-xr-x | test/root/profile_tmpfs.exp | 40 | ||||
-rwxr-xr-x | test/root/root.sh | 114 | ||||
-rwxr-xr-x | test/root/seccomp-chmod.exp | 51 | ||||
-rwxr-xr-x | test/root/seccomp-chown.exp (renamed from test/seccomp-chmod.exp) | 11 | ||||
-rwxr-xr-x | test/root/seccomp-umount.exp (renamed from test/seccomp-umount.exp) | 13 | ||||
-rwxr-xr-x | test/root/snmpd.exp (renamed from test/servers2.exp) | 10 | ||||
-rw-r--r-- | test/root/tmpfs-bad.profile | 1 | ||||
-rw-r--r-- | test/root/tmpfs.profile | 1 | ||||
-rwxr-xr-x | test/root/unbound.exp (renamed from test/servers5.exp) | 9 | ||||
-rwxr-xr-x | test/root/whitelist.exp | 118 | ||||
-rwxr-xr-x | test/seccomp-chmod-profile.exp | 46 | ||||
-rwxr-xr-x | test/seccomp-errno.exp | 87 | ||||
-rwxr-xr-x | test/stress/net_macvlan.exp (renamed from test/net_macvlan.exp) | 7 | ||||
-rwxr-xr-x | test/stress/stress.sh | 11 | ||||
-rwxr-xr-x | test/sysutils/cpio.exp | 26 | ||||
-rwxr-xr-x | test/sysutils/file.exp | 18 | ||||
-rwxr-xr-x | test/sysutils/gzip.exp | 26 | ||||
-rwxr-xr-x | test/sysutils/less.exp | 20 | ||||
-rwxr-xr-x | test/sysutils/strings.exp | 26 | ||||
-rwxr-xr-x | test/sysutils/sysutils.sh | 80 | ||||
-rwxr-xr-x | test/sysutils/tar.exp | 46 | ||||
-rwxr-xr-x | test/sysutils/xz.exp | 26 | ||||
-rwxr-xr-x | test/sysutils/xzdec.exp | 29 | ||||
-rwxr-xr-x | test/test-apps-x11.sh | 29 | ||||
-rwxr-xr-x | test/test-nonet.sh | 44 | ||||
-rwxr-xr-x | test/test-profiles.sh | 10 | ||||
-rwxr-xr-x | test/test-root.sh | 82 | ||||
-rwxr-xr-x | test/test.sh | 294 | ||||
-rw-r--r-- | test/tmpfs.profile | 1 | ||||
-rwxr-xr-x | test/utils/audit.exp | 79 | ||||
-rwxr-xr-x | test/utils/caps-print.exp (renamed from test/caps-print.exp) | 5 | ||||
-rw-r--r-- | test/utils/caps1.profile (renamed from test/caps1.profile) | 0 | ||||
-rw-r--r-- | test/utils/caps2.profile (renamed from test/caps2.profile) | 0 | ||||
-rwxr-xr-x | test/utils/catchsignal-master.sh (renamed from test/catchsignal-master.sh) | 0 | ||||
-rwxr-xr-x | test/utils/catchsignal.sh (renamed from test/catchsignal.sh) | 0 | ||||
-rwxr-xr-x | test/utils/catchsignal2.sh (renamed from test/catchsignal2.sh) | 0 | ||||
-rwxr-xr-x | test/utils/cpu-print.exp (renamed from test/cpu-print.exp) | 5 | ||||
-rwxr-xr-x | test/utils/dns-print.exp (renamed from test/dns-print.exp) | 5 | ||||
-rwxr-xr-x | test/utils/firemon-caps.exp (renamed from test/firemon-caps.exp) | 4 | ||||
-rwxr-xr-x | test/utils/firemon-cgroup.exp | 41 | ||||
-rwxr-xr-x | test/utils/firemon-cpu.exp (renamed from test/seccomp-dualfilter.exp) | 34 | ||||
-rwxr-xr-x | test/utils/firemon-interface.exp | 18 | ||||
-rwxr-xr-x | test/utils/firemon-name.exp | 28 | ||||
-rwxr-xr-x | test/utils/firemon-seccomp.exp (renamed from test/firemon-seccomp.exp) | 6 | ||||
-rwxr-xr-x | test/utils/firemon-version.exp | 18 | ||||
-rwxr-xr-x | test/utils/fs-print.exp (renamed from test/fs-print.exp) | 5 | ||||
-rwxr-xr-x | test/utils/help.exp (renamed from test/option_help.exp) | 3 | ||||
-rwxr-xr-x | test/utils/join-profile.exp (renamed from test/firemon-interface.exp) | 25 | ||||
-rwxr-xr-x | test/utils/join.exp | 51 | ||||
-rwxr-xr-x | test/utils/join2.exp | 38 | ||||
-rwxr-xr-x | test/utils/join3.exp | 38 | ||||
-rwxr-xr-x | test/utils/join4.exp (renamed from test/firemon-arp.exp) | 30 | ||||
-rwxr-xr-x | test/utils/list.exp (renamed from test/option_list.exp) | 3 | ||||
-rwxr-xr-x | test/utils/ls.exp (renamed from test/ls.exp) | 48 | ||||
-rwxr-xr-x | test/utils/man.exp (renamed from test/option_man.exp) | 3 | ||||
-rw-r--r-- | test/utils/name.profile (renamed from test/name.profile) | 0 | ||||
-rwxr-xr-x | test/utils/protocol-print.exp (renamed from test/protocol-print.exp) | 5 | ||||
-rwxr-xr-x | test/utils/seccomp-print.exp (renamed from test/seccomp-print.exp) | 5 | ||||
-rwxr-xr-x | test/utils/shutdown.exp | 49 | ||||
-rwxr-xr-x | test/utils/shutdown2.exp (renamed from test/option-shutdown2.exp) | 5 | ||||
-rwxr-xr-x | test/utils/shutdown3.exp (renamed from test/option-shutdown3.exp) | 5 | ||||
-rwxr-xr-x | test/utils/shutdown4.exp (renamed from test/option-shutdown4.exp) | 9 | ||||
-rwxr-xr-x | test/utils/top.exp | 40 | ||||
-rwxr-xr-x | test/utils/trace.exp (renamed from test/trace.exp) | 23 | ||||
-rwxr-xr-x | test/utils/tree.exp (renamed from test/option_tree.exp) | 3 | ||||
-rwxr-xr-x | test/utils/utils.sh | 114 | ||||
-rwxr-xr-x | test/utils/version.exp (renamed from test/option_version.exp) | 3 |
333 files changed, 8675 insertions, 2480 deletions
diff --git a/test/appimage/Leafpad-0.8.17-x86_64.AppImage b/test/appimage/Leafpad-0.8.17-x86_64.AppImage new file mode 100644 index 000000000..865f6b44c --- /dev/null +++ b/test/appimage/Leafpad-0.8.17-x86_64.AppImage | |||
Binary files differ | |||
diff --git a/test/appimage/Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage b/test/appimage/Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage new file mode 100644 index 000000000..d167431f3 --- /dev/null +++ b/test/appimage/Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage | |||
Binary files differ | |||
diff --git a/test/appimage/appimage-v1.exp b/test/appimage/appimage-v1.exp new file mode 100755 index 000000000..f1c1c10f5 --- /dev/null +++ b/test/appimage/appimage-v1.exp | |||
@@ -0,0 +1,85 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=appimage-test --debug --appimage Leafpad-0.8.17-x86_64.AppImage\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 2 | ||
16 | |||
17 | spawn $env(SHELL) | ||
18 | send -- "firejail --list\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3\n";exit} | ||
21 | ":firejail" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
25 | "appimage Leafpad" | ||
26 | } | ||
27 | after 100 | ||
28 | |||
29 | # grsecurity exit | ||
30 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
33 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
34 | "cannot open" {puts "grsecurity not present\n"} | ||
35 | } | ||
36 | |||
37 | |||
38 | send -- "firejail --name=blablabla\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 4\n";exit} | ||
41 | "Child process initialized" | ||
42 | } | ||
43 | sleep 2 | ||
44 | |||
45 | spawn $env(SHELL) | ||
46 | send -- "firemon --seccomp\r" | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5\n";exit} | ||
49 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
50 | "appimage Leafpad" | ||
51 | } | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
54 | "Seccomp: 2" | ||
55 | } | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
58 | "name=blablabla" | ||
59 | } | ||
60 | after 100 | ||
61 | send -- "firemon --caps\r" | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 6\n";exit} | ||
64 | "appimage Leafpad" | ||
65 | } | ||
66 | expect { | ||
67 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
68 | "CapBnd:" | ||
69 | } | ||
70 | expect { | ||
71 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
72 | "0000000000000000" | ||
73 | } | ||
74 | expect { | ||
75 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
76 | "name=blablabla" | ||
77 | } | ||
78 | after 100 | ||
79 | |||
80 | spawn $env(SHELL) | ||
81 | send -- "firejail --shutdown=appimage-test\r" | ||
82 | sleep 3 | ||
83 | |||
84 | puts "\nall done\n" | ||
85 | |||
diff --git a/test/appimage/appimage-v2.exp b/test/appimage/appimage-v2.exp new file mode 100755 index 000000000..5cb9d0849 --- /dev/null +++ b/test/appimage/appimage-v2.exp | |||
@@ -0,0 +1,85 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --appimage Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 2 | ||
16 | |||
17 | spawn $env(SHELL) | ||
18 | send -- "firejail --list\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3\n";exit} | ||
21 | ":firejail" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
25 | "appimage Leafpad" | ||
26 | } | ||
27 | after 100 | ||
28 | |||
29 | # grsecurity exit | ||
30 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
33 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
34 | "cannot open" {puts "grsecurity not present\n"} | ||
35 | } | ||
36 | |||
37 | |||
38 | send -- "firejail --name=blablabla\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 4\n";exit} | ||
41 | "Child process initialized" | ||
42 | } | ||
43 | sleep 2 | ||
44 | |||
45 | spawn $env(SHELL) | ||
46 | send -- "firemon --seccomp\r" | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5\n";exit} | ||
49 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
50 | "appimage Leafpad" | ||
51 | } | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
54 | "Seccomp: 2" | ||
55 | } | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
58 | "name=blablabla" | ||
59 | } | ||
60 | after 100 | ||
61 | send -- "firemon --caps\r" | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 6\n";exit} | ||
64 | "appimage Leafpad" | ||
65 | } | ||
66 | expect { | ||
67 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
68 | "CapBnd:" | ||
69 | } | ||
70 | expect { | ||
71 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
72 | "0000000000000000" | ||
73 | } | ||
74 | expect { | ||
75 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
76 | "name=blablabla" | ||
77 | } | ||
78 | after 100 | ||
79 | |||
80 | spawn $env(SHELL) | ||
81 | send -- "firejail --shutdown=appimage-test\r" | ||
82 | sleep 3 | ||
83 | |||
84 | puts "\nall done\n" | ||
85 | |||
diff --git a/test/appimage/appimage.sh b/test/appimage/appimage.sh new file mode 100755 index 000000000..db221ec8a --- /dev/null +++ b/test/appimage/appimage.sh | |||
@@ -0,0 +1,16 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | echo "TESTING: AppImage v1 (test/appimage/appimage-v1.exp)" | ||
10 | ./appimage-v1.exp | ||
11 | |||
12 | echo "TESTING: AppImage v2 (test/appimage/appimage-v2.exp)" | ||
13 | ./appimage-v2.exp | ||
14 | |||
15 | echo "TESTING: AppImage file name (test/appimage/filename.exp)"; | ||
16 | ./filename.exp \ No newline at end of file | ||
diff --git a/test/appimage/filename.exp b/test/appimage/filename.exp new file mode 100755 index 000000000..ce8d70464 --- /dev/null +++ b/test/appimage/filename.exp | |||
@@ -0,0 +1,35 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --appimage \"bla;bla\"\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "is an invalid filename" | ||
14 | } | ||
15 | after 100 | ||
16 | |||
17 | send -- "firejail --appimage /etc/shadow\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 2\n";exit} | ||
20 | "cannot access" | ||
21 | } | ||
22 | after 100 | ||
23 | |||
24 | send -- "firejail --appimage appimage.sh\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "Error mounting appimage" | ||
28 | } | ||
29 | after 100 | ||
30 | |||
31 | |||
32 | |||
33 | |||
34 | puts "\nall done\n" | ||
35 | |||
diff --git a/test/apps-x11-xorg/apps-x11-xorg.sh b/test/apps-x11-xorg/apps-x11-xorg.sh new file mode 100755 index 000000000..b05914b52 --- /dev/null +++ b/test/apps-x11-xorg/apps-x11-xorg.sh | |||
@@ -0,0 +1,35 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | which firefox | ||
10 | if [ "$?" -eq 0 ]; | ||
11 | then | ||
12 | echo "TESTING: firefox x11 xorg" | ||
13 | ./firefox.exp | ||
14 | else | ||
15 | echo "TESTING SKIP: firefox not found" | ||
16 | fi | ||
17 | |||
18 | which transmission-gtk | ||
19 | if [ "$?" -eq 0 ]; | ||
20 | then | ||
21 | echo "TESTING: transmission-gtk x11 xorg" | ||
22 | ./transmission-gtk.exp | ||
23 | else | ||
24 | echo "TESTING SKIP: transmission-gtk not found" | ||
25 | fi | ||
26 | |||
27 | which icedove | ||
28 | if [ "$?" -eq 0 ]; | ||
29 | then | ||
30 | echo "TESTING: icedove x11 xorg" | ||
31 | ./icedove.exp | ||
32 | else | ||
33 | echo "TESTING SKIP: icedove not found" | ||
34 | fi | ||
35 | |||
diff --git a/test/apps-x11-xorg/firefox.exp b/test/apps-x11-xorg/firefox.exp new file mode 100755 index 000000000..66b82fe92 --- /dev/null +++ b/test/apps-x11-xorg/firefox.exp | |||
@@ -0,0 +1,91 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11=xorg firefox -no-remote www.gentoo.org\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "firefox" {puts "firefox detected\n";} | ||
22 | "iceweasel" {puts "iceweasel detected\n";} | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
26 | "no-remote" | ||
27 | } | ||
28 | sleep 1 | ||
29 | # grsecurity exit | ||
30 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
33 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
34 | "cannot open" {puts "grsecurity not present\n"} | ||
35 | } | ||
36 | send -- "firejail --name=blablabla\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 4\n";exit} | ||
39 | "Child process initialized" | ||
40 | } | ||
41 | sleep 2 | ||
42 | |||
43 | spawn $env(SHELL) | ||
44 | send -- "firemon --seccomp\r" | ||
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 5\n";exit} | ||
47 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
48 | " firefox" {puts "firefox detected\n";} | ||
49 | " iceweasel" {puts "iceweasel detected\n";} | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
53 | "no-remote" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
57 | "Seccomp: 2" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
61 | "name=blablabla" | ||
62 | } | ||
63 | sleep 1 | ||
64 | send -- "firemon --caps\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6\n";exit} | ||
67 | " firefox" {puts "firefox detected\n";} | ||
68 | " iceweasel" {puts "iceweasel detected\n";} | ||
69 | } | ||
70 | expect { | ||
71 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
72 | "no-remote" | ||
73 | } | ||
74 | expect { | ||
75 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
76 | "CapBnd:" | ||
77 | } | ||
78 | expect { | ||
79 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
80 | "0000000000000000" | ||
81 | } | ||
82 | expect { | ||
83 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
84 | "name=blablabla" | ||
85 | } | ||
86 | sleep 1 | ||
87 | send -- "firejail --shutdown=test\r" | ||
88 | sleep 3 | ||
89 | |||
90 | puts "\nall done\n" | ||
91 | |||
diff --git a/test/apps-x11-xorg/icedove.exp b/test/apps-x11-xorg/icedove.exp new file mode 100755 index 000000000..667c2259f --- /dev/null +++ b/test/apps-x11-xorg/icedove.exp | |||
@@ -0,0 +1,86 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11=xorg icedove\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "icedove" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | # grsecurity exit | ||
26 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
29 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
30 | "cannot open" {puts "grsecurity not present\n"} | ||
31 | } | ||
32 | |||
33 | send -- "firejail --name=blablabla\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4\n";exit} | ||
36 | "Child process initialized" | ||
37 | } | ||
38 | sleep 2 | ||
39 | |||
40 | spawn $env(SHELL) | ||
41 | send -- "firemon --seccomp\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 5\n";exit} | ||
44 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
45 | ":firejail" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
49 | "icedove" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
53 | "Seccomp: 2" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
57 | "name=blablabla" | ||
58 | } | ||
59 | sleep 2 | ||
60 | send -- "firemon --caps\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6\n";exit} | ||
63 | ":firejail" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
67 | "icedove" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | sleep 1 | ||
82 | send -- "firejail --shutdown=test\r" | ||
83 | sleep 3 | ||
84 | |||
85 | puts "\nall done\n" | ||
86 | |||
diff --git a/test/apps-x11-xorg/transmission-gtk.exp b/test/apps-x11-xorg/transmission-gtk.exp new file mode 100755 index 000000000..c52cb5b3a --- /dev/null +++ b/test/apps-x11-xorg/transmission-gtk.exp | |||
@@ -0,0 +1,86 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11=xorg transmission-gtk\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "transmission-gtk" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | # grsecurity exit | ||
26 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
29 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
30 | "cannot open" {puts "grsecurity not present\n"} | ||
31 | } | ||
32 | |||
33 | send -- "firejail --name=blablabla\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4\n";exit} | ||
36 | "Child process initialized" | ||
37 | } | ||
38 | sleep 2 | ||
39 | |||
40 | spawn $env(SHELL) | ||
41 | send -- "firemon --seccomp\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 5\n";exit} | ||
44 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
45 | ":firejail" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
49 | "transmission-gtk" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
53 | "Seccomp: 2" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
57 | "name=blablabla" | ||
58 | } | ||
59 | sleep 1 | ||
60 | send -- "firemon --caps\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6\n";exit} | ||
63 | ":firejail" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
67 | "transmission-gtk" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | sleep 1 | ||
82 | send -- "firejail --shutdown=test\r" | ||
83 | sleep 3 | ||
84 | |||
85 | puts "\nall done\n" | ||
86 | |||
diff --git a/test/apps-x11/apps-x11.sh b/test/apps-x11/apps-x11.sh new file mode 100755 index 000000000..4a8671dbd --- /dev/null +++ b/test/apps-x11/apps-x11.sh | |||
@@ -0,0 +1,88 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | echo "TESTING: no x11 (test/apps-x11/x11-none.exp)" | ||
10 | ./x11-none.exp | ||
11 | |||
12 | |||
13 | which xterm | ||
14 | if [ "$?" -eq 0 ]; | ||
15 | then | ||
16 | echo "TESTING: xterm x11 xorg" | ||
17 | ./xterm-xorg.exp | ||
18 | |||
19 | which xpra | ||
20 | if [ "$?" -eq 0 ]; | ||
21 | then | ||
22 | echo "TESTING: xterm x11 xpra" | ||
23 | ./xterm-xpra.exp | ||
24 | fi | ||
25 | |||
26 | which Xephyr | ||
27 | if [ "$?" -eq 0 ]; | ||
28 | then | ||
29 | echo "TESTING: xterm x11 xephyr" | ||
30 | ./xterm-xephyr.exp | ||
31 | fi | ||
32 | else | ||
33 | echo "TESTING SKIP: xterm not found" | ||
34 | fi | ||
35 | |||
36 | # check xpra/xephyr | ||
37 | which xpra | ||
38 | if [ "$?" -eq 0 ]; | ||
39 | then | ||
40 | echo "xpra found" | ||
41 | else | ||
42 | echo "xpra not found" | ||
43 | which Xephyr | ||
44 | if [ "$?" -eq 0 ]; | ||
45 | then | ||
46 | echo "Xephyr found" | ||
47 | else | ||
48 | echo "TESTING SKIP: xpra and/or Xephyr not found" | ||
49 | exit | ||
50 | fi | ||
51 | fi | ||
52 | |||
53 | which firefox | ||
54 | if [ "$?" -eq 0 ]; | ||
55 | then | ||
56 | echo "TESTING: firefox x11" | ||
57 | ./firefox.exp | ||
58 | else | ||
59 | echo "TESTING SKIP: firefox not found" | ||
60 | fi | ||
61 | |||
62 | which chromium | ||
63 | if [ "$?" -eq 0 ]; | ||
64 | then | ||
65 | echo "TESTING: chromium x11" | ||
66 | ./chromium.exp | ||
67 | else | ||
68 | echo "TESTING SKIP: chromium not found" | ||
69 | fi | ||
70 | |||
71 | which transmission-gtk | ||
72 | if [ "$?" -eq 0 ]; | ||
73 | then | ||
74 | echo "TESTING: transmission-gtk x11" | ||
75 | ./transmission-gtk.exp | ||
76 | else | ||
77 | echo "TESTING SKIP: transmission-gtk not found" | ||
78 | fi | ||
79 | |||
80 | which icedove | ||
81 | if [ "$?" -eq 0 ]; | ||
82 | then | ||
83 | echo "TESTING: icedove x11" | ||
84 | ./icedove.exp | ||
85 | else | ||
86 | echo "TESTING SKIP: icedove not found" | ||
87 | fi | ||
88 | |||
diff --git a/test/chromium-x11.exp b/test/apps-x11/chromium.exp index bcac3233c..2505c0c37 100755 --- a/test/chromium-x11.exp +++ b/test/apps-x11/chromium.exp | |||
@@ -1,10 +1,13 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
5 | match_max 100000 | 8 | match_max 100000 |
6 | 9 | ||
7 | send -- "firejail --name=test --x11 --net=br0 chromium www.gentoo.org\r" | 10 | send -- "firejail --name=test --x11 chromium www.gentoo.org\r" |
8 | sleep 10 | 11 | sleep 10 |
9 | 12 | ||
10 | spawn $env(SHELL) | 13 | spawn $env(SHELL) |
@@ -37,6 +40,7 @@ spawn $env(SHELL) | |||
37 | send -- "firemon --seccomp\r" | 40 | send -- "firemon --seccomp\r" |
38 | expect { | 41 | expect { |
39 | timeout {puts "TESTING ERROR 5\n";exit} | 42 | timeout {puts "TESTING ERROR 5\n";exit} |
43 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
40 | ":firejail" | 44 | ":firejail" |
41 | } | 45 | } |
42 | expect { | 46 | expect { |
diff --git a/test/apps-x11/firefox.exp b/test/apps-x11/firefox.exp new file mode 100755 index 000000000..6a50c8884 --- /dev/null +++ b/test/apps-x11/firefox.exp | |||
@@ -0,0 +1,91 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11 firefox -no-remote www.gentoo.org\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "firefox" {puts "firefox detected\n";} | ||
22 | "iceweasel" {puts "iceweasel detected\n";} | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
26 | "no-remote" | ||
27 | } | ||
28 | sleep 1 | ||
29 | # grsecurity exit | ||
30 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
33 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
34 | "cannot open" {puts "grsecurity not present\n"} | ||
35 | } | ||
36 | send -- "firejail --name=blablabla\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 4\n";exit} | ||
39 | "Child process initialized" | ||
40 | } | ||
41 | sleep 2 | ||
42 | |||
43 | spawn $env(SHELL) | ||
44 | send -- "firemon --seccomp\r" | ||
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 5\n";exit} | ||
47 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
48 | " firefox" {puts "firefox detected\n";} | ||
49 | " iceweasel" {puts "iceweasel detected\n";} | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
53 | "no-remote" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
57 | "Seccomp: 2" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
61 | "name=blablabla" | ||
62 | } | ||
63 | sleep 1 | ||
64 | send -- "firemon --caps\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6\n";exit} | ||
67 | " firefox" {puts "firefox detected\n";} | ||
68 | " iceweasel" {puts "iceweasel detected\n";} | ||
69 | } | ||
70 | expect { | ||
71 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
72 | "no-remote" | ||
73 | } | ||
74 | expect { | ||
75 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
76 | "CapBnd:" | ||
77 | } | ||
78 | expect { | ||
79 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
80 | "0000000000000000" | ||
81 | } | ||
82 | expect { | ||
83 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
84 | "name=blablabla" | ||
85 | } | ||
86 | sleep 1 | ||
87 | send -- "firejail --shutdown=test\r" | ||
88 | sleep 3 | ||
89 | |||
90 | puts "\nall done\n" | ||
91 | |||
diff --git a/test/apps-x11/icedove.exp b/test/apps-x11/icedove.exp new file mode 100755 index 000000000..e306e33ce --- /dev/null +++ b/test/apps-x11/icedove.exp | |||
@@ -0,0 +1,86 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11 icedove\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "icedove" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | # grsecurity exit | ||
26 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
29 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
30 | "cannot open" {puts "grsecurity not present\n"} | ||
31 | } | ||
32 | |||
33 | send -- "firejail --name=blablabla\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4\n";exit} | ||
36 | "Child process initialized" | ||
37 | } | ||
38 | sleep 2 | ||
39 | |||
40 | spawn $env(SHELL) | ||
41 | send -- "firemon --seccomp\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 5\n";exit} | ||
44 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
45 | ":firejail" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
49 | "icedove" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
53 | "Seccomp: 2" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
57 | "name=blablabla" | ||
58 | } | ||
59 | sleep 2 | ||
60 | send -- "firemon --caps\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6\n";exit} | ||
63 | ":firejail" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
67 | "icedove" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | sleep 1 | ||
82 | send -- "firejail --shutdown=test\r" | ||
83 | sleep 3 | ||
84 | |||
85 | puts "\nall done\n" | ||
86 | |||
diff --git a/test/transmission-gtk-x11.exp b/test/apps-x11/transmission-gtk.exp index 4ee3de701..4083a121f 100755 --- a/test/transmission-gtk-x11.exp +++ b/test/apps-x11/transmission-gtk.exp | |||
@@ -1,10 +1,13 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
5 | match_max 100000 | 8 | match_max 100000 |
6 | 9 | ||
7 | send -- "firejail --name=test --net=br0 --x11 transmission-gtk\r" | 10 | send -- "firejail --name=test --x11 transmission-gtk\r" |
8 | sleep 10 | 11 | sleep 10 |
9 | 12 | ||
10 | spawn $env(SHELL) | 13 | spawn $env(SHELL) |
@@ -38,6 +41,7 @@ spawn $env(SHELL) | |||
38 | send -- "firemon --seccomp\r" | 41 | send -- "firemon --seccomp\r" |
39 | expect { | 42 | expect { |
40 | timeout {puts "TESTING ERROR 5\n";exit} | 43 | timeout {puts "TESTING ERROR 5\n";exit} |
44 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
41 | ":firejail" | 45 | ":firejail" |
42 | } | 46 | } |
43 | expect { | 47 | expect { |
diff --git a/test/apps-x11/x11-none.exp b/test/apps-x11/x11-none.exp new file mode 100755 index 000000000..e9908839b --- /dev/null +++ b/test/apps-x11/x11-none.exp | |||
@@ -0,0 +1,48 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11=none\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "use network namespace in firejail" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "firejail --name=test --net=none --x11=none\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "Child process initialized" | ||
21 | } | ||
22 | sleep 1 | ||
23 | |||
24 | send -- "ls -al /tmp/.X11-unix\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "cannot open directory" | ||
28 | } | ||
29 | after 100 | ||
30 | |||
31 | send -- "xterm\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 3\n";exit} | ||
34 | "DISPLAY is not set" | ||
35 | } | ||
36 | after 100 | ||
37 | |||
38 | send -- "export DISPLAY=:0.0\r" | ||
39 | after 100 | ||
40 | send -- "xterm\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 4\n";exit} | ||
43 | "Xt error" | ||
44 | } | ||
45 | after 100 | ||
46 | |||
47 | puts "\nall done\n" | ||
48 | |||
diff --git a/test/apps-x11/x11-xephyr.exp b/test/apps-x11/x11-xephyr.exp new file mode 100755 index 000000000..41a413890 --- /dev/null +++ b/test/apps-x11/x11-xephyr.exp | |||
@@ -0,0 +1,59 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11=xephyr xterm\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | |||
16 | exit | ||
17 | |||
18 | |||
19 | sleep 5 | ||
20 | |||
21 | |||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 0\n";exit} | ||
24 | "use network namespace in firejail" | ||
25 | } | ||
26 | sleep 1 | ||
27 | |||
28 | send -- "firejail --name=test --net=none --x11=none\r" | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 1\n";exit} | ||
31 | "Child process initialized" | ||
32 | } | ||
33 | sleep 1 | ||
34 | |||
35 | send -- "ls -al /tmp/.X11-unix\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 2\n";exit} | ||
38 | "cannot open directory" | ||
39 | } | ||
40 | after 100 | ||
41 | |||
42 | send -- "xterm\r" | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 3\n";exit} | ||
45 | "DISPLAY is not set" | ||
46 | } | ||
47 | after 100 | ||
48 | |||
49 | send -- "export DISPLAY=:0.0\r" | ||
50 | after 100 | ||
51 | send -- "xterm\r" | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 4\n";exit} | ||
54 | "Xt error" | ||
55 | } | ||
56 | after 100 | ||
57 | |||
58 | puts "\nall done\n" | ||
59 | |||
diff --git a/test/apps-x11/xterm-xephyr.exp b/test/apps-x11/xterm-xephyr.exp new file mode 100755 index 000000000..5b4299478 --- /dev/null +++ b/test/apps-x11/xterm-xephyr.exp | |||
@@ -0,0 +1,86 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11=xephyr xterm\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "xterm" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | # grsecurity exit | ||
26 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
29 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
30 | "cannot open" {puts "grsecurity not present\n"} | ||
31 | } | ||
32 | |||
33 | send -- "firejail --name=blablabla\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4\n";exit} | ||
36 | "Child process initialized" | ||
37 | } | ||
38 | sleep 2 | ||
39 | |||
40 | spawn $env(SHELL) | ||
41 | send -- "firemon --seccomp\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 5\n";exit} | ||
44 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
45 | ":firejail" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
49 | "xterm" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
53 | "Seccomp: 2" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
57 | "name=blablabla" | ||
58 | } | ||
59 | sleep 1 | ||
60 | send -- "firemon --caps\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6\n";exit} | ||
63 | ":firejail" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
67 | "xterm" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | sleep 1 | ||
82 | send -- "firejail --shutdown=test\r" | ||
83 | sleep 3 | ||
84 | |||
85 | puts "\nall done\n" | ||
86 | |||
diff --git a/test/apps-x11/xterm-xorg.exp b/test/apps-x11/xterm-xorg.exp new file mode 100755 index 000000000..fbc88f196 --- /dev/null +++ b/test/apps-x11/xterm-xorg.exp | |||
@@ -0,0 +1,86 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11=xorg xterm\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "xterm" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | # grsecurity exit | ||
26 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
29 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
30 | "cannot open" {puts "grsecurity not present\n"} | ||
31 | } | ||
32 | |||
33 | send -- "firejail --name=blablabla\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4\n";exit} | ||
36 | "Child process initialized" | ||
37 | } | ||
38 | sleep 2 | ||
39 | |||
40 | spawn $env(SHELL) | ||
41 | send -- "firemon --seccomp\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 5\n";exit} | ||
44 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
45 | ":firejail" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
49 | "xterm" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
53 | "Seccomp: 2" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
57 | "name=blablabla" | ||
58 | } | ||
59 | sleep 1 | ||
60 | send -- "firemon --caps\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6\n";exit} | ||
63 | ":firejail" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
67 | "xterm" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | sleep 1 | ||
82 | send -- "firejail --shutdown=test\r" | ||
83 | sleep 3 | ||
84 | |||
85 | puts "\nall done\n" | ||
86 | |||
diff --git a/test/apps-x11/xterm-xpra.exp b/test/apps-x11/xterm-xpra.exp new file mode 100755 index 000000000..1fb5df486 --- /dev/null +++ b/test/apps-x11/xterm-xpra.exp | |||
@@ -0,0 +1,98 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --x11=xpra xterm\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "xterm" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | # grsecurity exit | ||
26 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
29 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
30 | "cannot open" {puts "grsecurity not present\n"} | ||
31 | } | ||
32 | |||
33 | send -- "firejail --name=blablabla\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4\n";exit} | ||
36 | "Child process initialized" | ||
37 | } | ||
38 | sleep 2 | ||
39 | |||
40 | spawn $env(SHELL) | ||
41 | send -- "firemon --seccomp\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 5\n";exit} | ||
44 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
45 | ":firejail" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
49 | "xterm" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
53 | "Seccomp: 2" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
57 | "name=blablabla" | ||
58 | } | ||
59 | sleep 1 | ||
60 | send -- "firemon --caps\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6\n";exit} | ||
63 | ":firejail" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
67 | "xterm" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | sleep 1 | ||
82 | |||
83 | send -- "firemon --x11\r" | ||
84 | expect { | ||
85 | timeout {puts "TESTING ERROR 7\n";exit} | ||
86 | "name=test xterm" | ||
87 | } | ||
88 | expect { | ||
89 | timeout {puts "TESTING ERROR 7.1\n";exit} | ||
90 | "DISPLAY" | ||
91 | } | ||
92 | sleep 1 | ||
93 | |||
94 | send -- "firejail --shutdown=test\r" | ||
95 | sleep 3 | ||
96 | |||
97 | puts "\nall done\n" | ||
98 | |||
diff --git a/test/test-apps.sh b/test/apps/apps.sh index 5ada20549..38307b284 100755 --- a/test/test-apps.sh +++ b/test/apps/apps.sh | |||
@@ -1,4 +1,10 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
2 | 8 | ||
3 | which firefox | 9 | which firefox |
4 | if [ "$?" -eq 0 ]; | 10 | if [ "$?" -eq 0 ]; |
@@ -6,7 +12,7 @@ then | |||
6 | echo "TESTING: firefox" | 12 | echo "TESTING: firefox" |
7 | ./firefox.exp | 13 | ./firefox.exp |
8 | else | 14 | else |
9 | echo "TESTING: firefox not found" | 15 | echo "TESTING SKIP: firefox not found" |
10 | fi | 16 | fi |
11 | 17 | ||
12 | which midori | 18 | which midori |
@@ -15,7 +21,7 @@ then | |||
15 | echo "TESTING: midori" | 21 | echo "TESTING: midori" |
16 | ./midori.exp | 22 | ./midori.exp |
17 | else | 23 | else |
18 | echo "TESTING: midori not found" | 24 | echo "TESTING SKIP: midori not found" |
19 | fi | 25 | fi |
20 | 26 | ||
21 | which chromium | 27 | which chromium |
@@ -24,16 +30,7 @@ then | |||
24 | echo "TESTING: chromium" | 30 | echo "TESTING: chromium" |
25 | ./chromium.exp | 31 | ./chromium.exp |
26 | else | 32 | else |
27 | echo "TESTING: chromium not found" | 33 | echo "TESTING SKIP: chromium not found" |
28 | fi | ||
29 | |||
30 | which google-chrome | ||
31 | if [ "$?" -eq 0 ]; | ||
32 | then | ||
33 | echo "TESTING: google-chrome" | ||
34 | ./chromium.exp | ||
35 | else | ||
36 | echo "TESTING: google-chrome not found" | ||
37 | fi | 34 | fi |
38 | 35 | ||
39 | which opera | 36 | which opera |
@@ -42,7 +39,7 @@ then | |||
42 | echo "TESTING: opera" | 39 | echo "TESTING: opera" |
43 | ./opera.exp | 40 | ./opera.exp |
44 | else | 41 | else |
45 | echo "TESTING: opera not found" | 42 | echo "TESTING SKIP: opera not found" |
46 | fi | 43 | fi |
47 | 44 | ||
48 | which transmission-gtk | 45 | which transmission-gtk |
@@ -51,7 +48,7 @@ then | |||
51 | echo "TESTING: transmission-gtk" | 48 | echo "TESTING: transmission-gtk" |
52 | ./transmission-gtk.exp | 49 | ./transmission-gtk.exp |
53 | else | 50 | else |
54 | echo "TESTING: transmission-gtk not found" | 51 | echo "TESTING SKIP: transmission-gtk not found" |
55 | fi | 52 | fi |
56 | 53 | ||
57 | which transmission-qt | 54 | which transmission-qt |
@@ -60,7 +57,34 @@ then | |||
60 | echo "TESTING: transmission-qt" | 57 | echo "TESTING: transmission-qt" |
61 | ./transmission-qt.exp | 58 | ./transmission-qt.exp |
62 | else | 59 | else |
63 | echo "TESTING: transmission-qt not found" | 60 | echo "TESTING SKIP: transmission-qt not found" |
61 | fi | ||
62 | |||
63 | which qbittorrent | ||
64 | if [ "$?" -eq 0 ]; | ||
65 | then | ||
66 | echo "TESTING: qbittorrent" | ||
67 | ./qbittorrent.exp | ||
68 | else | ||
69 | echo "TESTING SKIP: qbittorrent not found" | ||
70 | fi | ||
71 | |||
72 | which uget-gtk | ||
73 | if [ "$?" -eq 0 ]; | ||
74 | then | ||
75 | echo "TESTING: uget" | ||
76 | ./uget-gtk.exp | ||
77 | else | ||
78 | echo "TESTING SKIP: uget-gtk not found" | ||
79 | fi | ||
80 | |||
81 | which filezilla | ||
82 | if [ "$?" -eq 0 ]; | ||
83 | then | ||
84 | echo "TESTING: filezilla" | ||
85 | ./filezilla.exp | ||
86 | else | ||
87 | echo "TESTING SKIP: filezilla not found" | ||
64 | fi | 88 | fi |
65 | 89 | ||
66 | which evince | 90 | which evince |
@@ -69,7 +93,17 @@ then | |||
69 | echo "TESTING: evince" | 93 | echo "TESTING: evince" |
70 | ./evince.exp | 94 | ./evince.exp |
71 | else | 95 | else |
72 | echo "TESTING: evince not found" | 96 | echo "TESTING SKIP: evince not found" |
97 | fi | ||
98 | |||
99 | |||
100 | which gthumb | ||
101 | if [ "$?" -eq 0 ]; | ||
102 | then | ||
103 | echo "TESTING: gthumb" | ||
104 | ./gthumb.exp | ||
105 | else | ||
106 | echo "TESTING SKIP: gthumb not found" | ||
73 | fi | 107 | fi |
74 | 108 | ||
75 | which icedove | 109 | which icedove |
@@ -78,7 +112,7 @@ then | |||
78 | echo "TESTING: icedove" | 112 | echo "TESTING: icedove" |
79 | ./icedove.exp | 113 | ./icedove.exp |
80 | else | 114 | else |
81 | echo "TESTING: icedove not found" | 115 | echo "TESTING SKIP: icedove not found" |
82 | fi | 116 | fi |
83 | 117 | ||
84 | which vlc | 118 | which vlc |
@@ -87,7 +121,7 @@ then | |||
87 | echo "TESTING: vlc" | 121 | echo "TESTING: vlc" |
88 | ./vlc.exp | 122 | ./vlc.exp |
89 | else | 123 | else |
90 | echo "TESTING: vlc not found" | 124 | echo "TESTING SKIP: vlc not found" |
91 | fi | 125 | fi |
92 | 126 | ||
93 | which fbreader | 127 | which fbreader |
@@ -96,7 +130,7 @@ then | |||
96 | echo "TESTING: fbreader" | 130 | echo "TESTING: fbreader" |
97 | ./fbreader.exp | 131 | ./fbreader.exp |
98 | else | 132 | else |
99 | echo "TESTING: fbreader not found" | 133 | echo "TESTING SKIP: fbreader not found" |
100 | fi | 134 | fi |
101 | 135 | ||
102 | which deluge | 136 | which deluge |
@@ -105,7 +139,7 @@ then | |||
105 | echo "TESTING: deluge" | 139 | echo "TESTING: deluge" |
106 | ./deluge.exp | 140 | ./deluge.exp |
107 | else | 141 | else |
108 | echo "TESTING: deluge not found" | 142 | echo "TESTING SKIP: deluge not found" |
109 | fi | 143 | fi |
110 | 144 | ||
111 | which gnome-mplayer | 145 | which gnome-mplayer |
@@ -114,7 +148,7 @@ then | |||
114 | echo "TESTING: gnome-mplayer" | 148 | echo "TESTING: gnome-mplayer" |
115 | ./gnome-mplayer.exp | 149 | ./gnome-mplayer.exp |
116 | else | 150 | else |
117 | echo "TESTING: gnome-mplayer not found" | 151 | echo "TESTING SKIP: gnome-mplayer not found" |
118 | fi | 152 | fi |
119 | 153 | ||
120 | which xchat | 154 | which xchat |
@@ -123,7 +157,7 @@ then | |||
123 | echo "TESTING: xchat" | 157 | echo "TESTING: xchat" |
124 | ./xchat.exp | 158 | ./xchat.exp |
125 | else | 159 | else |
126 | echo "TESTING: xchat not found" | 160 | echo "TESTING SKIP: xchat not found" |
127 | fi | 161 | fi |
128 | 162 | ||
129 | which hexchat | 163 | which hexchat |
@@ -132,16 +166,7 @@ then | |||
132 | echo "TESTING: hexchat" | 166 | echo "TESTING: hexchat" |
133 | ./hexchat.exp | 167 | ./hexchat.exp |
134 | else | 168 | else |
135 | echo "TESTING: hexchat not found" | 169 | echo "TESTING SKIP: hexchat not found" |
136 | fi | ||
137 | |||
138 | which weechat-curses | ||
139 | if [ "$?" -eq 0 ]; | ||
140 | then | ||
141 | echo "TESTING: weechat" | ||
142 | ./weechat.exp | ||
143 | else | ||
144 | echo "TESTING: weechat not found" | ||
145 | fi | 170 | fi |
146 | 171 | ||
147 | which wine | 172 | which wine |
@@ -150,6 +175,6 @@ then | |||
150 | echo "TESTING: wine" | 175 | echo "TESTING: wine" |
151 | ./wine.exp | 176 | ./wine.exp |
152 | else | 177 | else |
153 | echo "TESTING: wine not found" | 178 | echo "TESTING SKIP: wine not found" |
154 | fi | 179 | fi |
155 | 180 | ||
diff --git a/test/chromium.exp b/test/apps/chromium.exp index 676f7e314..d43f70f8e 100755 --- a/test/chromium.exp +++ b/test/apps/chromium.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -25,7 +28,7 @@ expect { | |||
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | 28 | timeout {puts "TESTING ERROR 3.1\n";exit} |
26 | "chromium" | 29 | "chromium" |
27 | } | 30 | } |
28 | sleep 1 | 31 | after 100 |
29 | 32 | ||
30 | # grsecurity exit | 33 | # grsecurity exit |
31 | send -- "file /proc/sys/kernel/grsecurity\r" | 34 | send -- "file /proc/sys/kernel/grsecurity\r" |
@@ -46,6 +49,7 @@ spawn $env(SHELL) | |||
46 | send -- "firemon --seccomp\r" | 49 | send -- "firemon --seccomp\r" |
47 | expect { | 50 | expect { |
48 | timeout {puts "TESTING ERROR 5\n";exit} | 51 | timeout {puts "TESTING ERROR 5\n";exit} |
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
49 | ":firejail chromium" | 53 | ":firejail chromium" |
50 | } | 54 | } |
51 | expect { | 55 | expect { |
@@ -56,7 +60,7 @@ expect { | |||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | 60 | timeout {puts "TESTING ERROR 5.1\n";exit} |
57 | "name=blablabla" | 61 | "name=blablabla" |
58 | } | 62 | } |
59 | sleep 1 | 63 | after 100 |
60 | send -- "firemon --caps\r" | 64 | send -- "firemon --caps\r" |
61 | expect { | 65 | expect { |
62 | timeout {puts "TESTING ERROR 6\n";exit} | 66 | timeout {puts "TESTING ERROR 6\n";exit} |
@@ -74,7 +78,7 @@ expect { | |||
74 | timeout {puts "TESTING ERROR 6.3\n";exit} | 78 | timeout {puts "TESTING ERROR 6.3\n";exit} |
75 | "name=blablabla" | 79 | "name=blablabla" |
76 | } | 80 | } |
77 | sleep 1 | 81 | after 100 |
78 | 82 | ||
79 | puts "\n" | 83 | puts "\n" |
80 | 84 | ||
diff --git a/test/deluge.exp b/test/apps/deluge.exp index 9f5063495..0bf1baae2 100755 --- a/test/deluge.exp +++ b/test/apps/deluge.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -25,7 +28,7 @@ expect { | |||
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | 28 | timeout {puts "TESTING ERROR 3.1\n";exit} |
26 | "deluge" | 29 | "deluge" |
27 | } | 30 | } |
28 | sleep 1 | 31 | after 100 |
29 | 32 | ||
30 | # grsecurity exit | 33 | # grsecurity exit |
31 | send -- "file /proc/sys/kernel/grsecurity\r" | 34 | send -- "file /proc/sys/kernel/grsecurity\r" |
@@ -46,6 +49,7 @@ spawn $env(SHELL) | |||
46 | send -- "firemon --seccomp\r" | 49 | send -- "firemon --seccomp\r" |
47 | expect { | 50 | expect { |
48 | timeout {puts "TESTING ERROR 5\n";exit} | 51 | timeout {puts "TESTING ERROR 5\n";exit} |
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
49 | ":firejail deluge" | 53 | ":firejail deluge" |
50 | } | 54 | } |
51 | expect { | 55 | expect { |
@@ -56,7 +60,7 @@ expect { | |||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | 60 | timeout {puts "TESTING ERROR 5.1\n";exit} |
57 | "name=blablabla" | 61 | "name=blablabla" |
58 | } | 62 | } |
59 | sleep 1 | 63 | after 100 |
60 | send -- "firemon --caps\r" | 64 | send -- "firemon --caps\r" |
61 | expect { | 65 | expect { |
62 | timeout {puts "TESTING ERROR 6\n";exit} | 66 | timeout {puts "TESTING ERROR 6\n";exit} |
@@ -74,7 +78,7 @@ expect { | |||
74 | timeout {puts "TESTING ERROR 6.3\n";exit} | 78 | timeout {puts "TESTING ERROR 6.3\n";exit} |
75 | "name=blablabla" | 79 | "name=blablabla" |
76 | } | 80 | } |
77 | sleep 1 | 81 | after 100 |
78 | 82 | ||
79 | puts "\n" | 83 | puts "\n" |
80 | 84 | ||
diff --git a/test/evince.exp b/test/apps/evince.exp index 3c3ad4bdd..71f760a9c 100755 --- a/test/evince.exp +++ b/test/apps/evince.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -25,7 +28,7 @@ expect { | |||
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | 28 | timeout {puts "TESTING ERROR 3.1\n";exit} |
26 | "evince" | 29 | "evince" |
27 | } | 30 | } |
28 | sleep 1 | 31 | after 100 |
29 | 32 | ||
30 | # grsecurity exit | 33 | # grsecurity exit |
31 | send -- "file /proc/sys/kernel/grsecurity\r" | 34 | send -- "file /proc/sys/kernel/grsecurity\r" |
@@ -46,6 +49,7 @@ spawn $env(SHELL) | |||
46 | send -- "firemon --seccomp\r" | 49 | send -- "firemon --seccomp\r" |
47 | expect { | 50 | expect { |
48 | timeout {puts "TESTING ERROR 5\n";exit} | 51 | timeout {puts "TESTING ERROR 5\n";exit} |
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
49 | ":firejail evince" | 53 | ":firejail evince" |
50 | } | 54 | } |
51 | expect { | 55 | expect { |
@@ -56,7 +60,7 @@ expect { | |||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | 60 | timeout {puts "TESTING ERROR 5.1\n";exit} |
57 | "name=blablabla" | 61 | "name=blablabla" |
58 | } | 62 | } |
59 | sleep 1 | 63 | after 100 |
60 | send -- "firemon --caps\r" | 64 | send -- "firemon --caps\r" |
61 | expect { | 65 | expect { |
62 | timeout {puts "TESTING ERROR 6\n";exit} | 66 | timeout {puts "TESTING ERROR 6\n";exit} |
@@ -74,7 +78,7 @@ expect { | |||
74 | timeout {puts "TESTING ERROR 6.3\n";exit} | 78 | timeout {puts "TESTING ERROR 6.3\n";exit} |
75 | "name=blablabla" | 79 | "name=blablabla" |
76 | } | 80 | } |
77 | sleep 1 | 81 | after 100 |
78 | 82 | ||
79 | puts "\nall done\n" | 83 | puts "\nall done\n" |
80 | 84 | ||
diff --git a/test/fbreader.exp b/test/apps/fbreader.exp index d2bee880e..99c48d87c 100755 --- a/test/fbreader.exp +++ b/test/apps/fbreader.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -25,7 +28,7 @@ expect { | |||
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | 28 | timeout {puts "TESTING ERROR 3.1\n";exit} |
26 | "fbreader" | 29 | "fbreader" |
27 | } | 30 | } |
28 | sleep 1 | 31 | after 100 |
29 | 32 | ||
30 | # grsecurity exit | 33 | # grsecurity exit |
31 | send -- "file /proc/sys/kernel/grsecurity\r" | 34 | send -- "file /proc/sys/kernel/grsecurity\r" |
@@ -46,6 +49,7 @@ spawn $env(SHELL) | |||
46 | send -- "firemon --seccomp\r" | 49 | send -- "firemon --seccomp\r" |
47 | expect { | 50 | expect { |
48 | timeout {puts "TESTING ERROR 5\n";exit} | 51 | timeout {puts "TESTING ERROR 5\n";exit} |
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
49 | ":firejail fbreader" | 53 | ":firejail fbreader" |
50 | } | 54 | } |
51 | expect { | 55 | expect { |
@@ -56,7 +60,7 @@ expect { | |||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | 60 | timeout {puts "TESTING ERROR 5.1\n";exit} |
57 | "name=blablabla" | 61 | "name=blablabla" |
58 | } | 62 | } |
59 | sleep 1 | 63 | after 100 |
60 | send -- "firemon --caps\r" | 64 | send -- "firemon --caps\r" |
61 | expect { | 65 | expect { |
62 | timeout {puts "TESTING ERROR 6\n";exit} | 66 | timeout {puts "TESTING ERROR 6\n";exit} |
@@ -74,7 +78,7 @@ expect { | |||
74 | timeout {puts "TESTING ERROR 6.3\n";exit} | 78 | timeout {puts "TESTING ERROR 6.3\n";exit} |
75 | "name=blablabla" | 79 | "name=blablabla" |
76 | } | 80 | } |
77 | sleep 1 | 81 | after 100 |
78 | 82 | ||
79 | puts "\nall done\n" | 83 | puts "\nall done\n" |
80 | 84 | ||
diff --git a/test/apps/filezilla.exp b/test/apps/filezilla.exp new file mode 100755 index 000000000..2f7038184 --- /dev/null +++ b/test/apps/filezilla.exp | |||
@@ -0,0 +1,84 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail filezilla\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Reading profile /etc/firejail/filezilla.profile" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 3 | ||
20 | |||
21 | spawn $env(SHELL) | ||
22 | send -- "firejail --list\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | ":firejail" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
29 | "filezilla" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | # grsecurity exit | ||
34 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
37 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
38 | "cannot open" {puts "grsecurity not present\n"} | ||
39 | } | ||
40 | |||
41 | send -- "firejail --name=blablabla\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "Child process initialized" | ||
45 | } | ||
46 | sleep 2 | ||
47 | |||
48 | spawn $env(SHELL) | ||
49 | send -- "firemon --seccomp\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5\n";exit} | ||
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
53 | ":firejail filezilla" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
57 | "Seccomp: 2" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
61 | "name=blablabla" | ||
62 | } | ||
63 | after 100 | ||
64 | send -- "firemon --caps\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6\n";exit} | ||
67 | ":firejail filezilla" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd:" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | after 100 | ||
82 | |||
83 | puts "\nall done\n" | ||
84 | |||
diff --git a/test/firefox.exp b/test/apps/firefox.exp index 2585e4b5c..5745d9270 100755 --- a/test/firefox.exp +++ b/test/apps/firefox.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -30,7 +33,7 @@ expect { | |||
30 | timeout {puts "TESTING ERROR 3.2\n";exit} | 33 | timeout {puts "TESTING ERROR 3.2\n";exit} |
31 | "no-remote" | 34 | "no-remote" |
32 | } | 35 | } |
33 | sleep 1 | 36 | after 100 |
34 | 37 | ||
35 | # grsecurity exit | 38 | # grsecurity exit |
36 | send -- "file /proc/sys/kernel/grsecurity\r" | 39 | send -- "file /proc/sys/kernel/grsecurity\r" |
@@ -52,6 +55,7 @@ spawn $env(SHELL) | |||
52 | send -- "firemon --seccomp\r" | 55 | send -- "firemon --seccomp\r" |
53 | expect { | 56 | expect { |
54 | timeout {puts "TESTING ERROR 5\n";exit} | 57 | timeout {puts "TESTING ERROR 5\n";exit} |
58 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
55 | " firefox" {puts "firefox detected\n";} | 59 | " firefox" {puts "firefox detected\n";} |
56 | " iceweasel" {puts "iceweasel detected\n";} | 60 | " iceweasel" {puts "iceweasel detected\n";} |
57 | } | 61 | } |
@@ -67,7 +71,7 @@ expect { | |||
67 | timeout {puts "TESTING ERROR 5.1\n";exit} | 71 | timeout {puts "TESTING ERROR 5.1\n";exit} |
68 | "name=blablabla" | 72 | "name=blablabla" |
69 | } | 73 | } |
70 | sleep 1 | 74 | after 100 |
71 | send -- "firemon --caps\r" | 75 | send -- "firemon --caps\r" |
72 | expect { | 76 | expect { |
73 | timeout {puts "TESTING ERROR 6\n";exit} | 77 | timeout {puts "TESTING ERROR 6\n";exit} |
@@ -90,7 +94,7 @@ expect { | |||
90 | timeout {puts "TESTING ERROR 6.3\n";exit} | 94 | timeout {puts "TESTING ERROR 6.3\n";exit} |
91 | "name=blablabla" | 95 | "name=blablabla" |
92 | } | 96 | } |
93 | sleep 1 | 97 | after 100 |
94 | 98 | ||
95 | puts "\n" | 99 | puts "\n" |
96 | 100 | ||
diff --git a/test/gnome-mplayer.exp b/test/apps/gnome-mplayer.exp index 6965322fc..6f0e5a312 100755 --- a/test/gnome-mplayer.exp +++ b/test/apps/gnome-mplayer.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -13,7 +16,7 @@ expect { | |||
13 | timeout {puts "TESTING ERROR 1\n";exit} | 16 | timeout {puts "TESTING ERROR 1\n";exit} |
14 | "Child process initialized" | 17 | "Child process initialized" |
15 | } | 18 | } |
16 | sleep 10 | 19 | sleep 5 |
17 | 20 | ||
18 | spawn $env(SHELL) | 21 | spawn $env(SHELL) |
19 | send -- "firejail --list\r" | 22 | send -- "firejail --list\r" |
@@ -25,7 +28,7 @@ expect { | |||
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | 28 | timeout {puts "TESTING ERROR 3.1\n";exit} |
26 | "gnome-mplayer" | 29 | "gnome-mplayer" |
27 | } | 30 | } |
28 | sleep 1 | 31 | after 100 |
29 | 32 | ||
30 | # grsecurity exit | 33 | # grsecurity exit |
31 | send -- "file /proc/sys/kernel/grsecurity\r" | 34 | send -- "file /proc/sys/kernel/grsecurity\r" |
@@ -46,6 +49,7 @@ spawn $env(SHELL) | |||
46 | send -- "firemon --seccomp\r" | 49 | send -- "firemon --seccomp\r" |
47 | expect { | 50 | expect { |
48 | timeout {puts "TESTING ERROR 5\n";exit} | 51 | timeout {puts "TESTING ERROR 5\n";exit} |
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
49 | ":firejail gnome-mplayer" | 53 | ":firejail gnome-mplayer" |
50 | } | 54 | } |
51 | expect { | 55 | expect { |
@@ -56,7 +60,7 @@ expect { | |||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | 60 | timeout {puts "TESTING ERROR 5.1\n";exit} |
57 | "name=blablabla" | 61 | "name=blablabla" |
58 | } | 62 | } |
59 | sleep 1 | 63 | after 100 |
60 | send -- "firemon --caps\r" | 64 | send -- "firemon --caps\r" |
61 | expect { | 65 | expect { |
62 | timeout {puts "TESTING ERROR 6\n";exit} | 66 | timeout {puts "TESTING ERROR 6\n";exit} |
@@ -74,7 +78,7 @@ expect { | |||
74 | timeout {puts "TESTING ERROR 6.3\n";exit} | 78 | timeout {puts "TESTING ERROR 6.3\n";exit} |
75 | "name=blablabla" | 79 | "name=blablabla" |
76 | } | 80 | } |
77 | sleep 1 | 81 | after 100 |
78 | 82 | ||
79 | puts "\nall done\n" | 83 | puts "\nall done\n" |
80 | 84 | ||
diff --git a/test/weechat.exp b/test/apps/gthumb.exp index 630af55ee..13132cef6 100755 --- a/test/weechat.exp +++ b/test/apps/gthumb.exp | |||
@@ -1,13 +1,16 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
5 | match_max 100000 | 8 | match_max 100000 |
6 | 9 | ||
7 | send -- "firejail weechat-curses\r" | 10 | send -- "firejail gthumb\r" |
8 | expect { | 11 | expect { |
9 | timeout {puts "TESTING ERROR 0\n";exit} | 12 | timeout {puts "TESTING ERROR 0\n";exit} |
10 | "Reading profile /etc/firejail/weechat.profile" | 13 | "Reading profile /etc/firejail/gthumb.profile" |
11 | } | 14 | } |
12 | expect { | 15 | expect { |
13 | timeout {puts "TESTING ERROR 1\n";exit} | 16 | timeout {puts "TESTING ERROR 1\n";exit} |
@@ -23,9 +26,9 @@ expect { | |||
23 | } | 26 | } |
24 | expect { | 27 | expect { |
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | 28 | timeout {puts "TESTING ERROR 3.1\n";exit} |
26 | "weechat-curses" | 29 | "gthumb" |
27 | } | 30 | } |
28 | sleep 1 | 31 | after 100 |
29 | 32 | ||
30 | # grsecurity exit | 33 | # grsecurity exit |
31 | send -- "file /proc/sys/kernel/grsecurity\r" | 34 | send -- "file /proc/sys/kernel/grsecurity\r" |
@@ -46,7 +49,8 @@ spawn $env(SHELL) | |||
46 | send -- "firemon --seccomp\r" | 49 | send -- "firemon --seccomp\r" |
47 | expect { | 50 | expect { |
48 | timeout {puts "TESTING ERROR 5\n";exit} | 51 | timeout {puts "TESTING ERROR 5\n";exit} |
49 | "weechat-curses" | 52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} |
53 | ":firejail gthumb" | ||
50 | } | 54 | } |
51 | expect { | 55 | expect { |
52 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | 56 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} |
@@ -56,11 +60,11 @@ expect { | |||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | 60 | timeout {puts "TESTING ERROR 5.1\n";exit} |
57 | "name=blablabla" | 61 | "name=blablabla" |
58 | } | 62 | } |
59 | sleep 1 | 63 | after 100 |
60 | send -- "firemon --caps\r" | 64 | send -- "firemon --caps\r" |
61 | expect { | 65 | expect { |
62 | timeout {puts "TESTING ERROR 6\n";exit} | 66 | timeout {puts "TESTING ERROR 6\n";exit} |
63 | "weechat-curses" | 67 | ":firejail gthumb" |
64 | } | 68 | } |
65 | expect { | 69 | expect { |
66 | timeout {puts "TESTING ERROR 6.1\n";exit} | 70 | timeout {puts "TESTING ERROR 6.1\n";exit} |
@@ -74,7 +78,7 @@ expect { | |||
74 | timeout {puts "TESTING ERROR 6.3\n";exit} | 78 | timeout {puts "TESTING ERROR 6.3\n";exit} |
75 | "name=blablabla" | 79 | "name=blablabla" |
76 | } | 80 | } |
77 | sleep 1 | 81 | after 100 |
78 | 82 | ||
79 | puts "\n" | 83 | puts "\nall done\n" |
80 | 84 | ||
diff --git a/test/hexchat.exp b/test/apps/hexchat.exp index 7e99c8cdf..5d0bc1093 100755 --- a/test/hexchat.exp +++ b/test/apps/hexchat.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -25,7 +28,7 @@ expect { | |||
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | 28 | timeout {puts "TESTING ERROR 3.1\n";exit} |
26 | "hexchat" | 29 | "hexchat" |
27 | } | 30 | } |
28 | sleep 1 | 31 | after 100 |
29 | 32 | ||
30 | # grsecurity exit | 33 | # grsecurity exit |
31 | send -- "file /proc/sys/kernel/grsecurity\r" | 34 | send -- "file /proc/sys/kernel/grsecurity\r" |
@@ -46,6 +49,7 @@ spawn $env(SHELL) | |||
46 | send -- "firemon --seccomp\r" | 49 | send -- "firemon --seccomp\r" |
47 | expect { | 50 | expect { |
48 | timeout {puts "TESTING ERROR 5\n";exit} | 51 | timeout {puts "TESTING ERROR 5\n";exit} |
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
49 | "hexchat" | 53 | "hexchat" |
50 | } | 54 | } |
51 | expect { | 55 | expect { |
@@ -56,7 +60,7 @@ expect { | |||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | 60 | timeout {puts "TESTING ERROR 5.1\n";exit} |
57 | "name=blablabla" | 61 | "name=blablabla" |
58 | } | 62 | } |
59 | sleep 1 | 63 | after 100 |
60 | send -- "firemon --caps\r" | 64 | send -- "firemon --caps\r" |
61 | expect { | 65 | expect { |
62 | timeout {puts "TESTING ERROR 6\n";exit} | 66 | timeout {puts "TESTING ERROR 6\n";exit} |
@@ -74,7 +78,7 @@ expect { | |||
74 | timeout {puts "TESTING ERROR 6.3\n";exit} | 78 | timeout {puts "TESTING ERROR 6.3\n";exit} |
75 | "name=blablabla" | 79 | "name=blablabla" |
76 | } | 80 | } |
77 | sleep 1 | 81 | after 100 |
78 | 82 | ||
79 | puts "\n" | 83 | puts "\n" |
80 | 84 | ||
diff --git a/test/icedove.exp b/test/apps/icedove.exp index 344febb93..c0fbd9fc8 100755 --- a/test/icedove.exp +++ b/test/apps/icedove.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -25,7 +28,7 @@ expect { | |||
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | 28 | timeout {puts "TESTING ERROR 3.1\n";exit} |
26 | "icedove" | 29 | "icedove" |
27 | } | 30 | } |
28 | sleep 1 | 31 | after 100 |
29 | 32 | ||
30 | # grsecurity exit | 33 | # grsecurity exit |
31 | send -- "file /proc/sys/kernel/grsecurity\r" | 34 | send -- "file /proc/sys/kernel/grsecurity\r" |
@@ -46,6 +49,7 @@ spawn $env(SHELL) | |||
46 | send -- "firemon --seccomp\r" | 49 | send -- "firemon --seccomp\r" |
47 | expect { | 50 | expect { |
48 | timeout {puts "TESTING ERROR 5\n";exit} | 51 | timeout {puts "TESTING ERROR 5\n";exit} |
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
49 | ":firejail icedove" | 53 | ":firejail icedove" |
50 | } | 54 | } |
51 | expect { | 55 | expect { |
@@ -56,7 +60,7 @@ expect { | |||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | 60 | timeout {puts "TESTING ERROR 5.1\n";exit} |
57 | "name=blablabla" | 61 | "name=blablabla" |
58 | } | 62 | } |
59 | sleep 1 | 63 | after 100 |
60 | send -- "firemon --caps\r" | 64 | send -- "firemon --caps\r" |
61 | expect { | 65 | expect { |
62 | timeout {puts "TESTING ERROR 6\n";exit} | 66 | timeout {puts "TESTING ERROR 6\n";exit} |
@@ -74,7 +78,7 @@ expect { | |||
74 | timeout {puts "TESTING ERROR 6.3\n";exit} | 78 | timeout {puts "TESTING ERROR 6.3\n";exit} |
75 | "name=blablabla" | 79 | "name=blablabla" |
76 | } | 80 | } |
77 | sleep 1 | 81 | after 100 |
78 | 82 | ||
79 | puts "\nall done\n" | 83 | puts "\nall done\n" |
80 | 84 | ||
diff --git a/test/midori.exp b/test/apps/midori.exp index 470f5de77..45d70eda1 100755 --- a/test/midori.exp +++ b/test/apps/midori.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -13,7 +16,7 @@ expect { | |||
13 | timeout {puts "TESTING ERROR 1\n";exit} | 16 | timeout {puts "TESTING ERROR 1\n";exit} |
14 | "Child process initialized" | 17 | "Child process initialized" |
15 | } | 18 | } |
16 | sleep 10 | 19 | sleep 5 |
17 | 20 | ||
18 | spawn $env(SHELL) | 21 | spawn $env(SHELL) |
19 | send -- "firejail --list\r" | 22 | send -- "firejail --list\r" |
@@ -25,7 +28,7 @@ expect { | |||
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | 28 | timeout {puts "TESTING ERROR 3.1\n";exit} |
26 | "midori" | 29 | "midori" |
27 | } | 30 | } |
28 | sleep 1 | 31 | after 100 |
29 | 32 | ||
30 | # grsecurity exit | 33 | # grsecurity exit |
31 | send -- "file /proc/sys/kernel/grsecurity\r" | 34 | send -- "file /proc/sys/kernel/grsecurity\r" |
@@ -46,6 +49,7 @@ spawn $env(SHELL) | |||
46 | send -- "firemon --seccomp\r" | 49 | send -- "firemon --seccomp\r" |
47 | expect { | 50 | expect { |
48 | timeout {puts "TESTING ERROR 5\n";exit} | 51 | timeout {puts "TESTING ERROR 5\n";exit} |
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
49 | ":firejail midori" | 53 | ":firejail midori" |
50 | } | 54 | } |
51 | expect { | 55 | expect { |
@@ -56,7 +60,7 @@ expect { | |||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | 60 | timeout {puts "TESTING ERROR 5.1\n";exit} |
57 | "name=blablabla" | 61 | "name=blablabla" |
58 | } | 62 | } |
59 | sleep 1 | 63 | after 100 |
60 | send -- "firemon --caps\r" | 64 | send -- "firemon --caps\r" |
61 | expect { | 65 | expect { |
62 | timeout {puts "TESTING ERROR 6\n";exit} | 66 | timeout {puts "TESTING ERROR 6\n";exit} |
@@ -74,7 +78,7 @@ expect { | |||
74 | timeout {puts "TESTING ERROR 6.3n";exit} | 78 | timeout {puts "TESTING ERROR 6.3n";exit} |
75 | "name=blablabla" | 79 | "name=blablabla" |
76 | } | 80 | } |
77 | sleep 1 | 81 | after 100 |
78 | 82 | ||
79 | 83 | ||
80 | puts "\n" | 84 | puts "\n" |
diff --git a/test/opera.exp b/test/apps/opera.exp index 23eed5504..036fc2e21 100755 --- a/test/opera.exp +++ b/test/apps/opera.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -25,7 +28,7 @@ expect { | |||
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | 28 | timeout {puts "TESTING ERROR 3.1\n";exit} |
26 | "opera" | 29 | "opera" |
27 | } | 30 | } |
28 | sleep 1 | 31 | after 100 |
29 | 32 | ||
30 | # grsecurity exit | 33 | # grsecurity exit |
31 | send -- "file /proc/sys/kernel/grsecurity\r" | 34 | send -- "file /proc/sys/kernel/grsecurity\r" |
@@ -46,6 +49,7 @@ spawn $env(SHELL) | |||
46 | send -- "firemon --seccomp\r" | 49 | send -- "firemon --seccomp\r" |
47 | expect { | 50 | expect { |
48 | timeout {puts "TESTING ERROR 5\n";exit} | 51 | timeout {puts "TESTING ERROR 5\n";exit} |
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
49 | ":firejail opera" | 53 | ":firejail opera" |
50 | } | 54 | } |
51 | expect { | 55 | expect { |
@@ -56,7 +60,7 @@ expect { | |||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | 60 | timeout {puts "TESTING ERROR 5.1\n";exit} |
57 | "name=blablabla" | 61 | "name=blablabla" |
58 | } | 62 | } |
59 | sleep 1 | 63 | after 100 |
60 | send -- "firemon --caps\r" | 64 | send -- "firemon --caps\r" |
61 | expect { | 65 | expect { |
62 | timeout {puts "TESTING ERROR 6\n";exit} | 66 | timeout {puts "TESTING ERROR 6\n";exit} |
@@ -74,7 +78,7 @@ expect { | |||
74 | timeout {puts "TESTING ERROR 6.3\n";exit} | 78 | timeout {puts "TESTING ERROR 6.3\n";exit} |
75 | "name=blablabla" | 79 | "name=blablabla" |
76 | } | 80 | } |
77 | sleep 1 | 81 | after 100 |
78 | 82 | ||
79 | puts "\n" | 83 | puts "\n" |
80 | 84 | ||
diff --git a/test/apps/qbittorrent.exp b/test/apps/qbittorrent.exp new file mode 100755 index 000000000..8bc6d8564 --- /dev/null +++ b/test/apps/qbittorrent.exp | |||
@@ -0,0 +1,84 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail qbittorrent\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Reading profile /etc/firejail/qbittorrent.profile" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 3 | ||
20 | |||
21 | spawn $env(SHELL) | ||
22 | send -- "firejail --list\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | ":firejail" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
29 | "qbittorrent" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | # grsecurity exit | ||
34 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
37 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
38 | "cannot open" {puts "grsecurity not present\n"} | ||
39 | } | ||
40 | |||
41 | send -- "firejail --name=blablabla\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "Child process initialized" | ||
45 | } | ||
46 | sleep 2 | ||
47 | |||
48 | spawn $env(SHELL) | ||
49 | send -- "firemon --seccomp\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5\n";exit} | ||
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
53 | ":firejail qbittorrent" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
57 | "Seccomp: 2" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
61 | "name=blablabla" | ||
62 | } | ||
63 | after 100 | ||
64 | send -- "firemon --caps\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6\n";exit} | ||
67 | ":firejail qbittorrent" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd:" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | after 100 | ||
82 | |||
83 | puts "\n" | ||
84 | |||
diff --git a/test/transmission-gtk.exp b/test/apps/transmission-gtk.exp index 1acfc6f94..70700d523 100755 --- a/test/transmission-gtk.exp +++ b/test/apps/transmission-gtk.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -9,7 +12,7 @@ expect { | |||
9 | timeout {puts "TESTING ERROR 1\n";exit} | 12 | timeout {puts "TESTING ERROR 1\n";exit} |
10 | "Child process initialized" | 13 | "Child process initialized" |
11 | } | 14 | } |
12 | sleep 10 | 15 | sleep 5 |
13 | 16 | ||
14 | spawn $env(SHELL) | 17 | spawn $env(SHELL) |
15 | send -- "firejail --list\r" | 18 | send -- "firejail --list\r" |
@@ -21,7 +24,7 @@ expect { | |||
21 | timeout {puts "TESTING ERROR 3.1\n";exit} | 24 | timeout {puts "TESTING ERROR 3.1\n";exit} |
22 | "transmission-gtk" | 25 | "transmission-gtk" |
23 | } | 26 | } |
24 | sleep 1 | 27 | after 100 |
25 | 28 | ||
26 | # grsecurity exit | 29 | # grsecurity exit |
27 | send -- "file /proc/sys/kernel/grsecurity\r" | 30 | send -- "file /proc/sys/kernel/grsecurity\r" |
@@ -41,6 +44,7 @@ spawn $env(SHELL) | |||
41 | send -- "firemon --seccomp\r" | 44 | send -- "firemon --seccomp\r" |
42 | expect { | 45 | expect { |
43 | timeout {puts "TESTING ERROR 5\n";exit} | 46 | timeout {puts "TESTING ERROR 5\n";exit} |
47 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
44 | ":firejail transmission-gtk" | 48 | ":firejail transmission-gtk" |
45 | } | 49 | } |
46 | expect { | 50 | expect { |
@@ -51,7 +55,7 @@ expect { | |||
51 | timeout {puts "TESTING ERROR 5.1\n";exit} | 55 | timeout {puts "TESTING ERROR 5.1\n";exit} |
52 | "name=blablabla" | 56 | "name=blablabla" |
53 | } | 57 | } |
54 | sleep 1 | 58 | after 100 |
55 | send -- "firemon --caps\r" | 59 | send -- "firemon --caps\r" |
56 | expect { | 60 | expect { |
57 | timeout {puts "TESTING ERROR 6\n";exit} | 61 | timeout {puts "TESTING ERROR 6\n";exit} |
@@ -69,7 +73,7 @@ expect { | |||
69 | timeout {puts "TESTING ERROR 6.3\n";exit} | 73 | timeout {puts "TESTING ERROR 6.3\n";exit} |
70 | "name=blablabla" | 74 | "name=blablabla" |
71 | } | 75 | } |
72 | sleep 1 | 76 | after 100 |
73 | 77 | ||
74 | puts "\nall done\n" | 78 | puts "\nall done\n" |
75 | 79 | ||
diff --git a/test/transmission-qt.exp b/test/apps/transmission-qt.exp index 944fd28a2..3773b1dc2 100755 --- a/test/transmission-qt.exp +++ b/test/apps/transmission-qt.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -13,7 +16,7 @@ expect { | |||
13 | timeout {puts "TESTING ERROR 1\n";exit} | 16 | timeout {puts "TESTING ERROR 1\n";exit} |
14 | "Child process initialized" | 17 | "Child process initialized" |
15 | } | 18 | } |
16 | sleep 10 | 19 | sleep 3 |
17 | 20 | ||
18 | spawn $env(SHELL) | 21 | spawn $env(SHELL) |
19 | send -- "firejail --list\r" | 22 | send -- "firejail --list\r" |
@@ -25,7 +28,7 @@ expect { | |||
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | 28 | timeout {puts "TESTING ERROR 3.1\n";exit} |
26 | "transmission-qt" | 29 | "transmission-qt" |
27 | } | 30 | } |
28 | sleep 1 | 31 | after 100 |
29 | 32 | ||
30 | # grsecurity exit | 33 | # grsecurity exit |
31 | send -- "file /proc/sys/kernel/grsecurity\r" | 34 | send -- "file /proc/sys/kernel/grsecurity\r" |
@@ -46,6 +49,7 @@ spawn $env(SHELL) | |||
46 | send -- "firemon --seccomp\r" | 49 | send -- "firemon --seccomp\r" |
47 | expect { | 50 | expect { |
48 | timeout {puts "TESTING ERROR 5\n";exit} | 51 | timeout {puts "TESTING ERROR 5\n";exit} |
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
49 | ":firejail transmission-qt" | 53 | ":firejail transmission-qt" |
50 | } | 54 | } |
51 | expect { | 55 | expect { |
@@ -56,7 +60,7 @@ expect { | |||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | 60 | timeout {puts "TESTING ERROR 5.1\n";exit} |
57 | "name=blablabla" | 61 | "name=blablabla" |
58 | } | 62 | } |
59 | sleep 1 | 63 | after 100 |
60 | send -- "firemon --caps\r" | 64 | send -- "firemon --caps\r" |
61 | expect { | 65 | expect { |
62 | timeout {puts "TESTING ERROR 6\n";exit} | 66 | timeout {puts "TESTING ERROR 6\n";exit} |
@@ -74,7 +78,7 @@ expect { | |||
74 | timeout {puts "TESTING ERROR 6.3\n";exit} | 78 | timeout {puts "TESTING ERROR 6.3\n";exit} |
75 | "name=blablabla" | 79 | "name=blablabla" |
76 | } | 80 | } |
77 | sleep 1 | 81 | after 100 |
78 | 82 | ||
79 | puts "\nall done\n" | 83 | puts "\nall done\n" |
80 | 84 | ||
diff --git a/test/apps/uget-gtk.exp b/test/apps/uget-gtk.exp new file mode 100755 index 000000000..22c2a0831 --- /dev/null +++ b/test/apps/uget-gtk.exp | |||
@@ -0,0 +1,84 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail uget-gtk\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Reading profile /etc/firejail/uget-gtk.profile" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 3 | ||
20 | |||
21 | spawn $env(SHELL) | ||
22 | send -- "firejail --list\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | ":firejail" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
29 | "uget-gtk" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | # grsecurity exit | ||
34 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
37 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
38 | "cannot open" {puts "grsecurity not present\n"} | ||
39 | } | ||
40 | |||
41 | send -- "firejail --name=blablabla\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "Child process initialized" | ||
45 | } | ||
46 | sleep 2 | ||
47 | |||
48 | spawn $env(SHELL) | ||
49 | send -- "firemon --seccomp\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5\n";exit} | ||
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
53 | ":firejail uget-gtk" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
57 | "Seccomp: 2" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
61 | "name=blablabla" | ||
62 | } | ||
63 | after 100 | ||
64 | send -- "firemon --caps\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6\n";exit} | ||
67 | ":firejail uget-gtk" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
71 | "CapBnd:" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
75 | "0000000000000000" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
79 | "name=blablabla" | ||
80 | } | ||
81 | after 100 | ||
82 | |||
83 | puts "\nall done\n" | ||
84 | |||
diff --git a/test/vlc.exp b/test/apps/vlc.exp index 290c0fc2f..b94ef8e12 100755 --- a/test/vlc.exp +++ b/test/apps/vlc.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -25,7 +28,7 @@ expect { | |||
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | 28 | timeout {puts "TESTING ERROR 3.1\n";exit} |
26 | "vlc" | 29 | "vlc" |
27 | } | 30 | } |
28 | sleep 1 | 31 | after 100 |
29 | 32 | ||
30 | # grsecurity exit | 33 | # grsecurity exit |
31 | send -- "file /proc/sys/kernel/grsecurity\r" | 34 | send -- "file /proc/sys/kernel/grsecurity\r" |
@@ -46,6 +49,7 @@ spawn $env(SHELL) | |||
46 | send -- "firemon --seccomp\r" | 49 | send -- "firemon --seccomp\r" |
47 | expect { | 50 | expect { |
48 | timeout {puts "TESTING ERROR 5\n";exit} | 51 | timeout {puts "TESTING ERROR 5\n";exit} |
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
49 | ":firejail vlc" | 53 | ":firejail vlc" |
50 | } | 54 | } |
51 | expect { | 55 | expect { |
@@ -56,7 +60,7 @@ expect { | |||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | 60 | timeout {puts "TESTING ERROR 5.1\n";exit} |
57 | "name=blablabla" | 61 | "name=blablabla" |
58 | } | 62 | } |
59 | sleep 1 | 63 | after 100 |
60 | send -- "firemon --caps\r" | 64 | send -- "firemon --caps\r" |
61 | expect { | 65 | expect { |
62 | timeout {puts "TESTING ERROR 6\n";exit} | 66 | timeout {puts "TESTING ERROR 6\n";exit} |
@@ -74,7 +78,7 @@ expect { | |||
74 | timeout {puts "TESTING ERROR 6.3\n";exit} | 78 | timeout {puts "TESTING ERROR 6.3\n";exit} |
75 | "name=blablabla" | 79 | "name=blablabla" |
76 | } | 80 | } |
77 | sleep 1 | 81 | after 100 |
78 | 82 | ||
79 | puts "\nall done\n" | 83 | puts "\nall done\n" |
80 | 84 | ||
diff --git a/test/wine.exp b/test/apps/wine.exp index f5b7d12b4..a2f465acb 100755 --- a/test/wine.exp +++ b/test/apps/wine.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
diff --git a/test/xchat.exp b/test/apps/xchat.exp index cde89d754..f3284caf7 100755 --- a/test/xchat.exp +++ b/test/apps/xchat.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -25,7 +28,7 @@ expect { | |||
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | 28 | timeout {puts "TESTING ERROR 3.1\n";exit} |
26 | "xchat" | 29 | "xchat" |
27 | } | 30 | } |
28 | sleep 1 | 31 | after 100 |
29 | 32 | ||
30 | # grsecurity exit | 33 | # grsecurity exit |
31 | send -- "file /proc/sys/kernel/grsecurity\r" | 34 | send -- "file /proc/sys/kernel/grsecurity\r" |
@@ -46,6 +49,7 @@ spawn $env(SHELL) | |||
46 | send -- "firemon --seccomp\r" | 49 | send -- "firemon --seccomp\r" |
47 | expect { | 50 | expect { |
48 | timeout {puts "TESTING ERROR 5\n";exit} | 51 | timeout {puts "TESTING ERROR 5\n";exit} |
52 | "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} | ||
49 | " xchat" | 53 | " xchat" |
50 | } | 54 | } |
51 | expect { | 55 | expect { |
@@ -56,7 +60,7 @@ expect { | |||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | 60 | timeout {puts "TESTING ERROR 5.1\n";exit} |
57 | "name=blablabla" | 61 | "name=blablabla" |
58 | } | 62 | } |
59 | sleep 1 | 63 | after 100 |
60 | send -- "firemon --caps\r" | 64 | send -- "firemon --caps\r" |
61 | expect { | 65 | expect { |
62 | timeout {puts "TESTING ERROR 6\n";exit} | 66 | timeout {puts "TESTING ERROR 6\n";exit} |
@@ -74,7 +78,7 @@ expect { | |||
74 | timeout {puts "TESTING ERROR 6.3\n";exit} | 78 | timeout {puts "TESTING ERROR 6.3\n";exit} |
75 | "name=blablabla" | 79 | "name=blablabla" |
76 | } | 80 | } |
77 | sleep 1 | 81 | after 100 |
78 | 82 | ||
79 | puts "\n" | 83 | puts "\n" |
80 | 84 | ||
diff --git a/test/arguments/arguments.sh b/test/arguments/arguments.sh new file mode 100755 index 000000000..db4c9b472 --- /dev/null +++ b/test/arguments/arguments.sh | |||
@@ -0,0 +1,23 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | [ -f argtest ] || make argtest | ||
4 | |||
5 | echo "TESTING: 1. regular bash session" | ||
6 | ./bashrun.exp | ||
7 | sleep 1 | ||
8 | |||
9 | echo "TESTING: 2. symbolic link to firejail" | ||
10 | ./symrun.exp | ||
11 | rm -fr symtest | ||
12 | sleep 1 | ||
13 | |||
14 | echo "TESTING: 3. --join option" | ||
15 | ./joinrun.exp | ||
16 | sleep 1 | ||
17 | |||
18 | echo "TESTING: 4. --output option" | ||
19 | ./outrun.exp | ||
20 | rm out | ||
21 | rm out.* | ||
22 | |||
23 | |||
diff --git a/test/arguments/bashrun.exp b/test/arguments/bashrun.exp new file mode 100755 index 000000000..a3c9e382d --- /dev/null +++ b/test/arguments/bashrun.exp | |||
@@ -0,0 +1,86 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "./bashrun.sh\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 1.1.1\n";exit} | ||
10 | "Arguments:" | ||
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1.1.2\n";exit} | ||
14 | "#arg1#" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1.1.3\n";exit} | ||
18 | "#arg2#" | ||
19 | } | ||
20 | |||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 1.2.1\n";exit} | ||
23 | "Arguments:" | ||
24 | } | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 1.2.2\n";exit} | ||
27 | "#arg1 tail#" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 1.2.3\n";exit} | ||
31 | "#arg2 tail#" | ||
32 | } | ||
33 | |||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 1.3.1\n";exit} | ||
36 | "Arguments:" | ||
37 | } | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 1.3.2\n";exit} | ||
40 | "#arg1 tail#" | ||
41 | } | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 1.3.3\n";exit} | ||
44 | "#arg2 tail#" | ||
45 | } | ||
46 | |||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 1.4.1\n";exit} | ||
49 | "Arguments:" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 1.4.2\n";exit} | ||
53 | "#arg1 tail#" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 1.4.3\n";exit} | ||
57 | "#arg2 tail#" | ||
58 | } | ||
59 | |||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 1.5.1\n";exit} | ||
62 | "Arguments:" | ||
63 | } | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 1.5.2\n";exit} | ||
66 | "#arg1&tail#" | ||
67 | } | ||
68 | expect { | ||
69 | timeout {puts "TESTING ERROR 1.5.3\n";exit} | ||
70 | "#arg2&tail#" | ||
71 | } | ||
72 | |||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 1.6.1\n";exit} | ||
75 | "Arguments:" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 1.6.2\n";exit} | ||
79 | "#arg1&tail#" | ||
80 | } | ||
81 | expect { | ||
82 | timeout {puts "TESTING ERROR 1.6.3\n";exit} | ||
83 | "#arg2&tail#" | ||
84 | } | ||
85 | |||
86 | puts "\nall done\n" | ||
diff --git a/test/arguments/bashrun.sh b/test/arguments/bashrun.sh new file mode 100755 index 000000000..0797c92c2 --- /dev/null +++ b/test/arguments/bashrun.sh | |||
@@ -0,0 +1,22 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | echo "TESTING: 1.1 - simple args" | ||
4 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit arg1 arg2 | ||
5 | |||
6 | # simple quotes, testing spaces in file names | ||
7 | echo "TESTING: 1.2 - args with space and \"" | ||
8 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit "arg1 tail" "arg2 tail" | ||
9 | |||
10 | echo "TESTING: 1.3 - args with space and '" | ||
11 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit 'arg1 tail' 'arg2 tail' | ||
12 | |||
13 | # escaped space in file names | ||
14 | echo "TESTING: 1.4 - args with space and \\" | ||
15 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit arg1\ tail arg2\ tail | ||
16 | |||
17 | # & char appears in URLs - URLs should be quoted | ||
18 | echo "TESTING: 1.5 - args with & and \"" | ||
19 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit "arg1&tail" "arg2&tail" | ||
20 | |||
21 | echo "TESTING: 1.6 - args with & and '" | ||
22 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit 'arg1&tail' 'arg2&tail' | ||
diff --git a/test/arguments/joinrun.exp b/test/arguments/joinrun.exp new file mode 100755 index 000000000..8e8570e4f --- /dev/null +++ b/test/arguments/joinrun.exp | |||
@@ -0,0 +1,91 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | |||
8 | send -- "firejail --name=joinrun\r" | ||
9 | sleep 2 | ||
10 | |||
11 | spawn $env(SHELL) | ||
12 | send -- "./joinrun.sh\r" | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 3.1.1\n";exit} | ||
15 | "Arguments:" | ||
16 | } | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 3.1.2\n";exit} | ||
19 | "#arg1#" | ||
20 | } | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 3.1.3\n";exit} | ||
23 | "#arg2#" | ||
24 | } | ||
25 | |||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 3.2.1\n";exit} | ||
28 | "Arguments:" | ||
29 | } | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 3.2.2\n";exit} | ||
32 | "#arg1 tail#" | ||
33 | } | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 3.2.3\n";exit} | ||
36 | "#arg2 tail#" | ||
37 | } | ||
38 | |||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 3.3.1\n";exit} | ||
41 | "Arguments:" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 3.3.2\n";exit} | ||
45 | "#arg1 tail#" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 3.3.3\n";exit} | ||
49 | "#arg2 tail#" | ||
50 | } | ||
51 | |||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 3.4.1\n";exit} | ||
54 | "Arguments:" | ||
55 | } | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 3.4.2\n";exit} | ||
58 | "#arg1 tail#" | ||
59 | } | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 3.4.3\n";exit} | ||
62 | "#arg2 tail#" | ||
63 | } | ||
64 | |||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 3.5.1\n";exit} | ||
67 | "Arguments:" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 3.5.2\n";exit} | ||
71 | "#arg1&tail#" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 3.5.3\n";exit} | ||
75 | "#arg2&tail#" | ||
76 | } | ||
77 | |||
78 | expect { | ||
79 | timeout {puts "TESTING ERROR 3.6.1\n";exit} | ||
80 | "Arguments:" | ||
81 | } | ||
82 | expect { | ||
83 | timeout {puts "TESTING ERROR 3.6.2\n";exit} | ||
84 | "#arg1&tail#" | ||
85 | } | ||
86 | expect { | ||
87 | timeout {puts "TESTING ERROR 3.6.3\n";exit} | ||
88 | "#arg2&tail#" | ||
89 | } | ||
90 | |||
91 | puts "\nall done\n" | ||
diff --git a/test/arguments/joinrun.sh b/test/arguments/joinrun.sh new file mode 100755 index 000000000..2743d823e --- /dev/null +++ b/test/arguments/joinrun.sh | |||
@@ -0,0 +1,22 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | echo "TESTING: 3.1 - simple args" | ||
4 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --join=joinrun /usr/lib/firejail/faudit arg1 arg2 | ||
5 | |||
6 | # simple quotes, testing spaces in file names | ||
7 | echo "TESTING: 3.2 - args with space and \"" | ||
8 | firejail--env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit "arg1 tail" "arg2 tail" | ||
9 | |||
10 | echo "TESTING: 3.3 - args with space and '" | ||
11 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit 'arg1 tail' 'arg2 tail' | ||
12 | |||
13 | # escaped space in file names | ||
14 | echo "TESTING: 3.4 - args with space and \\" | ||
15 | firejail--env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit arg1\ tail arg2\ tail | ||
16 | |||
17 | # & char appears in URLs - URLs should be quoted | ||
18 | echo "TESTING: 3.5 - args with & and \"" | ||
19 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit "arg1&tail" "arg2&tail" | ||
20 | |||
21 | echo "TESTING: 3.6 - args with & and '" | ||
22 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --quiet /usr/lib/firejail/faudit 'arg1&tail' 'arg2&tail' | ||
diff --git a/test/arguments/outrun.exp b/test/arguments/outrun.exp new file mode 100755 index 000000000..d28e75661 --- /dev/null +++ b/test/arguments/outrun.exp | |||
@@ -0,0 +1,90 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "./outrun.sh\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 4.1.1\n";exit} | ||
10 | "Arguments:" | ||
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 4.1.2\n";exit} | ||
14 | "#arg1#" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 4.1.3\n";exit} | ||
18 | "#arg2#" | ||
19 | } | ||
20 | |||
21 | exit | ||
22 | #*************************************************** | ||
23 | # breaking down from here on - bug to fix | ||
24 | #*************************************************** | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 4.2.1\n";exit} | ||
27 | "Arguments:" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 4.2.2\n";exit} | ||
31 | "#arg1 tail#" | ||
32 | } | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 4.2.3\n";exit} | ||
35 | "#arg2 tail#" | ||
36 | } | ||
37 | |||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 4.3.1\n";exit} | ||
40 | "Arguments:" | ||
41 | } | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4.3.2\n";exit} | ||
44 | "#arg1 tail#" | ||
45 | } | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 4.3.3\n";exit} | ||
48 | "#arg2 tail#" | ||
49 | } | ||
50 | |||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 4.4.1\n";exit} | ||
53 | "Arguments:" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 4.4.2\n";exit} | ||
57 | "#arg1 tail#" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 4.4.3\n";exit} | ||
61 | "#arg2 tail#" | ||
62 | } | ||
63 | |||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 4.5.1\n";exit} | ||
66 | "Arguments:" | ||
67 | } | ||
68 | expect { | ||
69 | timeout {puts "TESTING ERROR 4.5.2\n";exit} | ||
70 | "#arg1&tail#" | ||
71 | } | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 4.5.3\n";exit} | ||
74 | "#arg2&tail#" | ||
75 | } | ||
76 | |||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 4.6.1\n";exit} | ||
79 | "Arguments:" | ||
80 | } | ||
81 | expect { | ||
82 | timeout {puts "TESTING ERROR 4.6.2\n";exit} | ||
83 | "#arg1&tail#" | ||
84 | } | ||
85 | expect { | ||
86 | timeout {puts "TESTING ERROR 4.6.3\n";exit} | ||
87 | "#arg2&tail#" | ||
88 | } | ||
89 | |||
90 | puts "\nall done\n" | ||
diff --git a/test/arguments/outrun.sh b/test/arguments/outrun.sh new file mode 100755 index 000000000..a21243873 --- /dev/null +++ b/test/arguments/outrun.sh | |||
@@ -0,0 +1,22 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | echo "TESTING: 4.1 - simple args" | ||
4 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit arg1 arg2 | ||
5 | |||
6 | # simple quotes, testing spaces in file names | ||
7 | echo "TESTING: 4.2 - args with space and \"" | ||
8 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit "arg1 tail" "arg2 tail" | ||
9 | |||
10 | echo "TESTING: 4.3 - args with space and '" | ||
11 | firejail--env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit 'arg1 tail' 'arg2 tail' | ||
12 | |||
13 | # escaped space in file names | ||
14 | echo "TESTING: 4.4 - args with space and \\" | ||
15 | firejail--env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit arg1\ tail arg2\ tail | ||
16 | |||
17 | # & char appears in URLs - URLs should be quoted | ||
18 | echo "TESTING: 4.5 - args with & and \"" | ||
19 | firejail --env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit "arg1&tail" "arg2&tail" | ||
20 | |||
21 | echo "TESTING: 4.6 - args with & and '" | ||
22 | firejail--env=FIREJAIL_TEST_ARGUMENTS=yes --output=out /usr/lib/firejail/faudit 'arg1&tail' 'arg2&tail' | ||
diff --git a/test/arguments/symrun.exp b/test/arguments/symrun.exp new file mode 100755 index 000000000..10e7ac6c8 --- /dev/null +++ b/test/arguments/symrun.exp | |||
@@ -0,0 +1,71 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "./symrun.sh\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 2.1.1\n";exit} | ||
10 | "Arguments:" | ||
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 2.1.2\n";exit} | ||
14 | "#arg1#" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 2.1.3\n";exit} | ||
18 | "#arg2#" | ||
19 | } | ||
20 | |||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 2.3.1\n";exit} | ||
23 | "Arguments:" | ||
24 | } | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2.3.2\n";exit} | ||
27 | "#arg1 tail#" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 2.3.3\n";exit} | ||
31 | "#arg2 tail#" | ||
32 | } | ||
33 | |||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 2.4.1\n";exit} | ||
36 | "Arguments:" | ||
37 | } | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 2.4.2\n";exit} | ||
40 | "#arg1 tail#" | ||
41 | } | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 2.4.3\n";exit} | ||
44 | "#arg2 tail#" | ||
45 | } | ||
46 | |||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 2.5.1\n";exit} | ||
49 | "Arguments:" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 2.5.2\n";exit} | ||
53 | "#arg1&tail#" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 2.5.3\n";exit} | ||
57 | "#arg2&tail#" | ||
58 | } | ||
59 | |||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 2.6.1\n";exit} | ||
62 | "Arguments:" | ||
63 | } | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 2.6.2\n";exit} | ||
66 | "#arg1&tail#" | ||
67 | } | ||
68 | expect { | ||
69 | timeout {puts "TESTING ERROR 2.6.3\n";exit} | ||
70 | "#arg2&tail#" | ||
71 | } | ||
diff --git a/test/arguments/symrun.sh b/test/arguments/symrun.sh new file mode 100755 index 000000000..d28f024a8 --- /dev/null +++ b/test/arguments/symrun.sh | |||
@@ -0,0 +1,30 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | mkdir symtest | ||
4 | ln -s /usr/bin/firejail symtest/argtest | ||
5 | |||
6 | # search for argtest in current directory | ||
7 | export PATH=$PATH:. | ||
8 | |||
9 | echo "TESTING: 2.1 - simple args" | ||
10 | symtest/argtest arg1 arg2 | ||
11 | |||
12 | # simple quotes, testing spaces in file names | ||
13 | echo "TESTING: 2.2 - args with space and \"" | ||
14 | symtest/argtest "arg1 tail" "arg2 tail" | ||
15 | |||
16 | echo "TESTING: 2.3 - args with space and '" | ||
17 | symtest/argtest 'arg1 tail' 'arg2 tail' | ||
18 | |||
19 | # escaped space in file names | ||
20 | echo "TESTING: 2.4 - args with space and \\" | ||
21 | symtest/argtest arg1\ tail arg2\ tail | ||
22 | |||
23 | # & char appears in URLs - URLs should be quoted | ||
24 | echo "TESTING: 2.5 - args with & and \"" | ||
25 | symtest/argtest "arg1&tail" "arg2&tail" | ||
26 | |||
27 | echo "TESTING: 2.6 - args with & and '" | ||
28 | symtest/argtest 'arg1&tail' 'arg2&tail' | ||
29 | |||
30 | rm -fr symtest | ||
diff --git a/test/auto/autotest.sh b/test/auto/autotest.sh deleted file mode 100755 index 0fb7565af..000000000 --- a/test/auto/autotest.sh +++ /dev/null | |||
@@ -1,202 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | arr[1]="TEST 1: svn and standard compilation" | ||
4 | arr[2]="TEST 2: cppcheck" | ||
5 | arr[3]="TEST 3: compile seccomp disabled, chroot disabled, bind disabled" | ||
6 | arr[4]="TEST 4: rvtest" | ||
7 | arr[5]="TEST 5: expect test as root, no malloc perturb" | ||
8 | arr[6]="TEST 6: expect test as user, no malloc perturb" | ||
9 | arr[7]="TEST 7: expect test as root, malloc perturb" | ||
10 | arr[8]="TEST 8: expect test as user, malloc perturb" | ||
11 | |||
12 | |||
13 | # remove previous reports and output file | ||
14 | cleanup() { | ||
15 | rm -f out-test | ||
16 | rm -f output* | ||
17 | rm -f report* | ||
18 | rm -fr firejail-trunk | ||
19 | } | ||
20 | |||
21 | print_title() { | ||
22 | echo | ||
23 | echo | ||
24 | echo | ||
25 | echo "**************************************************" | ||
26 | echo $1 | ||
27 | echo "**************************************************" | ||
28 | } | ||
29 | |||
30 | while [ $# -gt 0 ]; do # Until you run out of parameters . . . | ||
31 | case "$1" in | ||
32 | --clean) | ||
33 | cleanup | ||
34 | exit | ||
35 | ;; | ||
36 | --help) | ||
37 | echo "./autotest.sh [--clean|--help]" | ||
38 | exit | ||
39 | ;; | ||
40 | esac | ||
41 | shift # Check next set of parameters. | ||
42 | done | ||
43 | |||
44 | cleanup | ||
45 | # enable sudo | ||
46 | sudo ls -al | ||
47 | |||
48 | #***************************************************************** | ||
49 | # TEST 1 | ||
50 | #***************************************************************** | ||
51 | # - checkout source code | ||
52 | # - check compilation | ||
53 | # - install | ||
54 | #***************************************************************** | ||
55 | print_title "${arr[1]}" | ||
56 | svn checkout svn://svn.code.sf.net/p/firejail/code-0/trunk firejail-trunk | ||
57 | cd firejail-trunk | ||
58 | ./configure --prefix=/usr 2>&1 | tee ../output-configure | ||
59 | make -j4 2>&1 | tee ../output-make | ||
60 | sudo make install 2>&1 | tee ../output-install | ||
61 | cd src/tools | ||
62 | gcc -o rvtest rvtest.c | ||
63 | cd ../.. | ||
64 | cd test | ||
65 | sudo ./configure > /dev/null | ||
66 | cd ../.. | ||
67 | grep warning output-configure output-make output-install > ./report-test1 | ||
68 | grep error output-configure output-make output-install >> ./report-test1 | ||
69 | cat report-test1 > out-test1 | ||
70 | |||
71 | #***************************************************************** | ||
72 | # TEST 2 | ||
73 | #***************************************************************** | ||
74 | # - run cppcheck | ||
75 | #***************************************************************** | ||
76 | print_title "${arr[2]}" | ||
77 | cd firejail-trunk | ||
78 | cp /home/netblue/bin/cfg/std.cfg . | ||
79 | cppcheck --force . 2>&1 | tee ../output-cppcheck | ||
80 | cd .. | ||
81 | grep error output-cppcheck > report-test2 | ||
82 | cat report-test2 > out-test2 | ||
83 | |||
84 | #***************************************************************** | ||
85 | # TEST 3 | ||
86 | #***************************************************************** | ||
87 | # - disable seccomp configuration | ||
88 | # - check compilation | ||
89 | #***************************************************************** | ||
90 | print_title "${arr[3]}" | ||
91 | # seccomp | ||
92 | cd firejail-trunk | ||
93 | make distclean | ||
94 | ./configure --prefix=/usr --disable-seccomp 2>&1 | tee ../output-configure-noseccomp | ||
95 | make -j4 2>&1 | tee ../output-make-noseccomp | ||
96 | cd .. | ||
97 | grep warning output-configure-noseccomp output-make-noseccomp > ./report-test3 | ||
98 | grep error output-configure-noseccomp output-make-noseccomp >> ./report-test3 | ||
99 | # chroot | ||
100 | cd firejail-trunk | ||
101 | make distclean | ||
102 | ./configure --prefix=/usr --disable-chroot 2>&1 | tee ../output-configure-nochroot | ||
103 | make -j4 2>&1 | tee ../output-make-nochroot | ||
104 | cd .. | ||
105 | grep warning output-configure-nochroot output-make-nochroot >> ./report-test3 | ||
106 | grep error output-configure-nochroot output-make-nochroot >> ./report-test3 | ||
107 | # bind | ||
108 | cd firejail-trunk | ||
109 | make distclean | ||
110 | ./configure --prefix=/usr --disable-bind 2>&1 | tee ../output-configure-nobind | ||
111 | make -j4 2>&1 | tee ../output-make-nobind | ||
112 | cd .. | ||
113 | grep warning output-configure-nobind output-make-nobind >> ./report-test3 | ||
114 | grep error output-configure-nobind output-make-nobind >> ./report-test3 | ||
115 | # save result | ||
116 | cat report-test3 > out-test3 | ||
117 | |||
118 | #***************************************************************** | ||
119 | # TEST 4 | ||
120 | #***************************************************************** | ||
121 | # - rvtest | ||
122 | #***************************************************************** | ||
123 | print_title "${arr[4]}" | ||
124 | cd firejail-trunk | ||
125 | cd test | ||
126 | ../src/tools/rvtest test.rv 2>/dev/null | tee ../../output-test4 | grep TESTING | ||
127 | cd ../.. | ||
128 | grep TESTING output-test4 > ./report-test4 | ||
129 | grep ERROR report-test4 > out-test4 | ||
130 | |||
131 | |||
132 | #***************************************************************** | ||
133 | # TEST 5 | ||
134 | #***************************************************************** | ||
135 | # - expect test as root, no malloc perturb | ||
136 | #***************************************************************** | ||
137 | print_title "${arr[5]}" | ||
138 | cd firejail-trunk/test | ||
139 | sudo ./test-root.sh 2>&1 | tee ../../output-test5 | grep TESTING | ||
140 | cd ../.. | ||
141 | grep TESTING output-test5 > ./report-test5 | ||
142 | grep ERROR report-test5 > out-test5 | ||
143 | |||
144 | #***************************************************************** | ||
145 | # TEST 6 | ||
146 | #***************************************************************** | ||
147 | # - expect test as user, no malloc perturb | ||
148 | #***************************************************************** | ||
149 | print_title "${arr[6]}" | ||
150 | cd firejail-trunk/test | ||
151 | ./test.sh 2>&1 | tee ../../output-test6 | grep TESTING | ||
152 | cd ../.. | ||
153 | grep TESTING output-test6 > ./report-test6 | ||
154 | grep ERROR report-test6 > out-test6 | ||
155 | |||
156 | |||
157 | |||
158 | #***************************************************************** | ||
159 | # TEST 7 | ||
160 | #***************************************************************** | ||
161 | # - expect test as root, malloc perturb | ||
162 | #***************************************************************** | ||
163 | print_title "${arr[7]}" | ||
164 | export MALLOC_CHECK_=3 | ||
165 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
166 | cd firejail-trunk/test | ||
167 | sudo ./test-root.sh 2>&1 | tee ../../output-test7 | grep TESTING | ||
168 | cd ../.. | ||
169 | grep TESTING output-test7 > ./report-test7 | ||
170 | grep ERROR report-test7 > out-test7 | ||
171 | |||
172 | #***************************************************************** | ||
173 | # TEST 8 | ||
174 | #***************************************************************** | ||
175 | # - expect test as user, malloc perturb | ||
176 | #***************************************************************** | ||
177 | print_title "${arr[8]}" | ||
178 | cd firejail-trunk/test | ||
179 | ./test.sh 2>&1 | tee ../../output-test8| grep TESTING | ||
180 | cd ../.. | ||
181 | grep TESTING output-test8 > ./report-test8 | ||
182 | grep ERROR report-test8 > out-test8 | ||
183 | |||
184 | #***************************************************************** | ||
185 | # PRINT REPORTS | ||
186 | #***************************************************************** | ||
187 | echo | ||
188 | echo | ||
189 | echo | ||
190 | echo | ||
191 | echo "**********************************************************" | ||
192 | echo "TEST RESULTS" | ||
193 | echo "**********************************************************" | ||
194 | |||
195 | wc -l out-test* | ||
196 | rm out-test* | ||
197 | echo | ||
198 | |||
199 | |||
200 | |||
201 | |||
202 | exit | ||
diff --git a/test/chroot-resolvconf.exp b/test/chroot-resolvconf.exp deleted file mode 100755 index 2d0da2fb0..000000000 --- a/test/chroot-resolvconf.exp +++ /dev/null | |||
@@ -1,14 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --chroot=/tmp/chroot /bin/bash\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "invalid /tmp/chroot/etc/resolv.conf file" | ||
11 | } | ||
12 | |||
13 | puts "\nall done\n" | ||
14 | |||
diff --git a/test/chroot/chroot.sh b/test/chroot/chroot.sh new file mode 100755 index 000000000..34bff2a67 --- /dev/null +++ b/test/chroot/chroot.sh | |||
@@ -0,0 +1,21 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | rm -f unchroot | ||
10 | gcc -o unchroot unchroot.c | ||
11 | sudo ./configure | ||
12 | |||
13 | echo "TESTING: chroot (test/chroot/fs_chroot.exp)" | ||
14 | ./fs_chroot.exp | ||
15 | |||
16 | echo "TESTING: unchroot as root (test/chroot/unchroot-as-root.exp)" | ||
17 | sudo ./unchroot-as-root.exp | ||
18 | |||
19 | |||
20 | |||
21 | rm -f unchroot | ||
diff --git a/test/chroot/configure b/test/chroot/configure new file mode 100755 index 000000000..ba8238803 --- /dev/null +++ b/test/chroot/configure | |||
@@ -0,0 +1,46 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | # build a very small chroot | ||
4 | ROOTDIR="/tmp/chroot" # default chroot directory | ||
5 | DEFAULT_FILES="/bin/bash /bin/sh " # basic chroot files | ||
6 | DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group " | ||
7 | DEFAULT_FILES+=`find /lib -name libnss*` # files required by glibc | ||
8 | DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /usr/bin/touch /bin/ip /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount" | ||
9 | |||
10 | rm -fr $ROOTDIR | ||
11 | mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc} | ||
12 | chmod 777 $ROOTDIR/tmp | ||
13 | mkdir -p $ROOTDIR/etc/firejail | ||
14 | mkdir -p $ROOTDIR/home/netblue/.config/firejail | ||
15 | chown netblue:netblue $ROOTDIR/home/netblue | ||
16 | chown netblue:netblue $ROOTDIR/home/netblue/.config | ||
17 | cp /home/netblue/.Xauthority $ROOTDIR/home/netblue/. | ||
18 | cp -a /etc/skel $ROOTDIR/etc/. | ||
19 | mkdir $ROOTDIR/home/someotheruser | ||
20 | mkdir $ROOTDIR/boot | ||
21 | mkdir $ROOTDIR/selinux | ||
22 | cp /etc/passwd $ROOTDIR/etc/. | ||
23 | cp /etc/group $ROOTDIR/etc/. | ||
24 | cp /etc/hosts $ROOTDIR/etc/. | ||
25 | cp /etc/hostname $ROOTDIR/etc/. | ||
26 | mkdir -p $ROOTDIR/usr/lib/x86_64-linux-gnu | ||
27 | cp -a /usr/lib/x86_64-linux-gnu/openssl-1.0.0 $ROOTDIR/usr/lib/x86_64-linux-gnu/. | ||
28 | cp -a /usr/lib/ssl $ROOTDIR/usr/lib/. | ||
29 | touch $ROOTDIR/var/log/syslog | ||
30 | touch $ROOTDIR/var/tmp/somefile | ||
31 | SORTED=`for FILE in $* $DEFAULT_FILES; do echo " $FILE "; ldd $FILE | grep -v dynamic | cut -d " " -f 3; done | sort -u` | ||
32 | for FILE in $SORTED | ||
33 | do | ||
34 | cp --parents $FILE $ROOTDIR | ||
35 | done | ||
36 | cp --parents /lib64/ld-linux-x86-64.so.2 $ROOTDIR | ||
37 | cp --parents /lib/ld-linux.so.2 $ROOTDIR | ||
38 | cp unchroot $ROOTDIR/. | ||
39 | touch $ROOTDIR/this-is-my-chroot | ||
40 | |||
41 | cd $ROOTDIR; find . | ||
42 | mkdir -p usr/lib/firejail/ | ||
43 | cp /usr/lib/firejail/libtrace.so usr/lib/firejail/. | ||
44 | |||
45 | |||
46 | echo "To enter the chroot directory run: firejail --chroot=$ROOTDIR" | ||
diff --git a/test/fs_chroot.exp b/test/chroot/fs_chroot.exp index aeb5669e1..295ff8ff9 100755 --- a/test/fs_chroot.exp +++ b/test/chroot/fs_chroot.exp | |||
@@ -20,19 +20,14 @@ expect { | |||
20 | sleep 1 | 20 | sleep 1 |
21 | send -- "bash\r" | 21 | send -- "bash\r" |
22 | sleep 1 | 22 | sleep 1 |
23 | send -- "ls /; pwd\r" | 23 | send -- "ls /\r" |
24 | expect { | 24 | expect { |
25 | timeout {puts "TESTING ERROR 0.2\n";exit} | 25 | timeout {puts "TESTING ERROR 0.2\n";exit} |
26 | "this-is-my-chroot" | 26 | "this-is-my-chroot" |
27 | } | 27 | } |
28 | expect { | 28 | after 100 |
29 | timeout {puts "TESTING ERROR 0.3\n";exit} | ||
30 | "home" | ||
31 | } | ||
32 | |||
33 | 29 | ||
34 | 30 | send -- "ps aux\r" | |
35 | send -- "ps aux; pwd\r" | ||
36 | expect { | 31 | expect { |
37 | timeout {puts "TESTING ERROR 1\n";exit} | 32 | timeout {puts "TESTING ERROR 1\n";exit} |
38 | "/bin/bash" | 33 | "/bin/bash" |
@@ -45,23 +40,14 @@ expect { | |||
45 | timeout {puts "TESTING ERROR 3\n";exit} | 40 | timeout {puts "TESTING ERROR 3\n";exit} |
46 | "ps aux" | 41 | "ps aux" |
47 | } | 42 | } |
48 | expect { | 43 | after 100 |
49 | timeout {puts "TESTING ERROR 4\n";exit} | ||
50 | "home" | ||
51 | } | ||
52 | sleep 1 | ||
53 | 44 | ||
54 | 45 | send -- "ps aux | wc -l; pwd\r" | |
55 | send -- "ps aux |wc -l; pwd\r" | ||
56 | expect { | 46 | expect { |
57 | timeout {puts "TESTING ERROR 5\n";exit} | 47 | timeout {puts "TESTING ERROR 5\n";exit} |
58 | "6" | 48 | "6" |
59 | } | 49 | } |
60 | expect { | 50 | after 100 |
61 | timeout {puts "TESTING ERROR 6\n";exit} | ||
62 | "home" | ||
63 | } | ||
64 | sleep 1 | ||
65 | 51 | ||
66 | 52 | ||
67 | puts "all done\n" | 53 | puts "all done\n" |
diff --git a/test/chroot/unchroot-as-root.exp b/test/chroot/unchroot-as-root.exp new file mode 100755 index 000000000..9f8a1d784 --- /dev/null +++ b/test/chroot/unchroot-as-root.exp | |||
@@ -0,0 +1,27 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --chroot=/tmp/chroot\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Error: --chroot option is not available on Grsecurity systems" {puts "\nall done\n"; exit} | ||
11 | "Child process initialized" {puts "chroot available\n"}; | ||
12 | } | ||
13 | sleep 1 | ||
14 | |||
15 | send -- "cd /\r" | ||
16 | after 100 | ||
17 | |||
18 | |||
19 | send -- "./unchroot\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "Bad system call" | ||
23 | } | ||
24 | after 100 | ||
25 | |||
26 | puts "all done\n" | ||
27 | |||
diff --git a/test/chroot/unchroot.c b/test/chroot/unchroot.c new file mode 100644 index 000000000..1982e07f3 --- /dev/null +++ b/test/chroot/unchroot.c | |||
@@ -0,0 +1,40 @@ | |||
1 | // simple unchroot example from http://linux-vserver.org/Secure_chroot_Barrier | ||
2 | #include <unistd.h> | ||
3 | #include <stdlib.h> | ||
4 | #include <stdio.h> | ||
5 | #include <sys/types.h> | ||
6 | #include <sys/stat.h> | ||
7 | |||
8 | void die(char *msg) { | ||
9 | perror(msg); | ||
10 | exit(1); | ||
11 | } | ||
12 | |||
13 | int main(int argc, char *argv[]) | ||
14 | { | ||
15 | int i; | ||
16 | |||
17 | if (chdir("/") != 0) | ||
18 | die("chdir(/)"); | ||
19 | |||
20 | if (mkdir("baz", 0777) != 0) | ||
21 | ; //die("mkdir(baz)"); | ||
22 | |||
23 | if (chroot("baz") != 0) | ||
24 | die("chroot(baz)"); | ||
25 | |||
26 | for (i=0; i<50; i++) { | ||
27 | if (chdir("..") != 0) | ||
28 | die("chdir(..)"); | ||
29 | } | ||
30 | |||
31 | if (chroot(".") != 0) | ||
32 | die("chroot(.)"); | ||
33 | |||
34 | printf("Exploit seems to work. =)\n"); | ||
35 | |||
36 | execl("/bin/bash", "bash", "-i", (char *)0); | ||
37 | die("exec bash"); | ||
38 | |||
39 | exit(0); | ||
40 | } | ||
diff --git a/test/compile/compile.sh b/test/compile/compile.sh index e3e9bef2b..44e67fe22 100755 --- a/test/compile/compile.sh +++ b/test/compile/compile.sh | |||
@@ -9,13 +9,18 @@ arr[6]="TEST 6: compile network disabled" | |||
9 | arr[7]="TEST 7: compile X11 disabled" | 9 | arr[7]="TEST 7: compile X11 disabled" |
10 | arr[8]="TEST 8: compile network restricted" | 10 | arr[8]="TEST 8: compile network restricted" |
11 | arr[9]="TEST 9: compile file transfer disabled" | 11 | arr[9]="TEST 9: compile file transfer disabled" |
12 | 12 | arr[10]="TEST 10: compile disable whitelist" | |
13 | arr[11]="TEST 11: compile disable global config" | ||
14 | arr[12]="TEST 12: compile apparmor" | ||
15 | arr[13]="TEST 13: compile busybox" | ||
16 | arr[14]="TEST 14: compile overlayfs disabled" | ||
17 | arr[15]="TEST 15: compile apparmor enabled" | ||
13 | 18 | ||
14 | # remove previous reports and output file | 19 | # remove previous reports and output file |
15 | cleanup() { | 20 | cleanup() { |
16 | rm -f report* | 21 | rm -f report* |
17 | rm -fr firejail | 22 | rm -fr firejail |
18 | rm oc* om* | 23 | rm -f oc* om* |
19 | } | 24 | } |
20 | 25 | ||
21 | print_title() { | 26 | print_title() { |
@@ -27,6 +32,7 @@ print_title() { | |||
27 | echo "**************************************************" | 32 | echo "**************************************************" |
28 | } | 33 | } |
29 | 34 | ||
35 | DIST="$1" | ||
30 | while [ $# -gt 0 ]; do # Until you run out of parameters . . . | 36 | while [ $# -gt 0 ]; do # Until you run out of parameters . . . |
31 | case "$1" in | 37 | case "$1" in |
32 | --clean) | 38 | --clean) |
@@ -42,36 +48,33 @@ while [ $# -gt 0 ]; do # Until you run out of parameters . . . | |||
42 | done | 48 | done |
43 | 49 | ||
44 | cleanup | 50 | cleanup |
45 | # enable sudo | ||
46 | sudo ls -al | ||
47 | 51 | ||
48 | 52 | ||
49 | #***************************************************************** | 53 | #***************************************************************** |
50 | # TEST 1 | 54 | # TEST 1 |
51 | #***************************************************************** | 55 | #***************************************************************** |
52 | # - checkout source code | 56 | # - checkout source code |
53 | # - check compilation | ||
54 | # - install | ||
55 | #***************************************************************** | 57 | #***************************************************************** |
56 | print_title "${arr[1]}" | 58 | print_title "${arr[1]}" |
57 | git clone https://github.com/netblue30/firejail.git | 59 | echo "$DIST" |
60 | tar -xJvf ../../$DIST.tar.xz | ||
61 | mv $DIST firejail | ||
62 | |||
58 | cd firejail | 63 | cd firejail |
59 | ./configure --prefix=/usr --enable-fatal-warnings 2>&1 | tee ../output-configure | 64 | ./configure --prefix=/usr --enable-fatal-warnings 2>&1 | tee ../output-configure |
60 | make -j4 2>&1 | tee ../output-make | 65 | make -j4 2>&1 | tee ../output-make |
61 | sudo make install 2>&1 | tee ../output-install | ||
62 | cd .. | 66 | cd .. |
63 | grep Warning output-configure output-make output-install > ./report-test1 | 67 | grep Warning output-configure output-make > ./report-test1 |
64 | grep Error output-configure output-make output-install >> ./report-test1 | 68 | grep Error output-configure output-make >> ./report-test1 |
65 | cp output-configure oc1 | 69 | cp output-configure oc1 |
66 | cp output-make om1 | 70 | cp output-make om1 |
67 | rm output-configure output-make output-install | 71 | rm output-configure output-make |
68 | 72 | ||
69 | 73 | ||
70 | #***************************************************************** | 74 | #***************************************************************** |
71 | # TEST 2 | 75 | # TEST 2 |
72 | #***************************************************************** | 76 | #***************************************************************** |
73 | # - disable seccomp configuration | 77 | # - disable seccomp configuration |
74 | # - check compilation | ||
75 | #***************************************************************** | 78 | #***************************************************************** |
76 | print_title "${arr[2]}" | 79 | print_title "${arr[2]}" |
77 | # seccomp | 80 | # seccomp |
@@ -90,7 +93,6 @@ rm output-configure output-make | |||
90 | # TEST 3 | 93 | # TEST 3 |
91 | #***************************************************************** | 94 | #***************************************************************** |
92 | # - disable chroot configuration | 95 | # - disable chroot configuration |
93 | # - check compilation | ||
94 | #***************************************************************** | 96 | #***************************************************************** |
95 | print_title "${arr[3]}" | 97 | print_title "${arr[3]}" |
96 | # seccomp | 98 | # seccomp |
@@ -109,7 +111,6 @@ rm output-configure output-make | |||
109 | # TEST 4 | 111 | # TEST 4 |
110 | #***************************************************************** | 112 | #***************************************************************** |
111 | # - disable bind configuration | 113 | # - disable bind configuration |
112 | # - check compilation | ||
113 | #***************************************************************** | 114 | #***************************************************************** |
114 | print_title "${arr[4]}" | 115 | print_title "${arr[4]}" |
115 | # seccomp | 116 | # seccomp |
@@ -128,7 +129,6 @@ rm output-configure output-make | |||
128 | # TEST 5 | 129 | # TEST 5 |
129 | #***************************************************************** | 130 | #***************************************************************** |
130 | # - disable user namespace configuration | 131 | # - disable user namespace configuration |
131 | # - check compilation | ||
132 | #***************************************************************** | 132 | #***************************************************************** |
133 | print_title "${arr[5]}" | 133 | print_title "${arr[5]}" |
134 | # seccomp | 134 | # seccomp |
@@ -166,7 +166,6 @@ rm output-configure output-make | |||
166 | # TEST 7 | 166 | # TEST 7 |
167 | #***************************************************************** | 167 | #***************************************************************** |
168 | # - disable X11 support | 168 | # - disable X11 support |
169 | # - check compilation | ||
170 | #***************************************************************** | 169 | #***************************************************************** |
171 | print_title "${arr[7]}" | 170 | print_title "${arr[7]}" |
172 | # seccomp | 171 | # seccomp |
@@ -186,7 +185,6 @@ rm output-configure output-make | |||
186 | # TEST 8 | 185 | # TEST 8 |
187 | #***************************************************************** | 186 | #***************************************************************** |
188 | # - enable network restricted | 187 | # - enable network restricted |
189 | # - check compilation | ||
190 | #***************************************************************** | 188 | #***************************************************************** |
191 | print_title "${arr[8]}" | 189 | print_title "${arr[8]}" |
192 | # seccomp | 190 | # seccomp |
@@ -206,13 +204,12 @@ rm output-configure output-make | |||
206 | # TEST 9 | 204 | # TEST 9 |
207 | #***************************************************************** | 205 | #***************************************************************** |
208 | # - disable file transfer | 206 | # - disable file transfer |
209 | # - check compilation | ||
210 | #***************************************************************** | 207 | #***************************************************************** |
211 | print_title "${arr[9]}" | 208 | print_title "${arr[9]}" |
212 | # seccomp | 209 | # seccomp |
213 | cd firejail | 210 | cd firejail |
214 | make distclean | 211 | make distclean |
215 | ./configure --prefix=/usr --enable-network=restricted --enable-fatal-warnings 2>&1 | tee ../output-configure | 212 | ./configure --prefix=/usr --disable-file-transfer --enable-fatal-warnings 2>&1 | tee ../output-configure |
216 | make -j4 2>&1 | tee ../output-make | 213 | make -j4 2>&1 | tee ../output-make |
217 | cd .. | 214 | cd .. |
218 | grep Warning output-configure output-make > ./report-test9 | 215 | grep Warning output-configure output-make > ./report-test9 |
@@ -221,6 +218,114 @@ cp output-configure oc9 | |||
221 | cp output-make om9 | 218 | cp output-make om9 |
222 | rm output-configure output-make | 219 | rm output-configure output-make |
223 | 220 | ||
221 | #***************************************************************** | ||
222 | # TEST 10 | ||
223 | #***************************************************************** | ||
224 | # - disable whitelist | ||
225 | #***************************************************************** | ||
226 | print_title "${arr[10]}" | ||
227 | # seccomp | ||
228 | cd firejail | ||
229 | make distclean | ||
230 | ./configure --prefix=/usr --disable-whitelist --enable-fatal-warnings 2>&1 | tee ../output-configure | ||
231 | make -j4 2>&1 | tee ../output-make | ||
232 | cd .. | ||
233 | grep Warning output-configure output-make > ./report-test10 | ||
234 | grep Error output-configure output-make >> ./report-test10 | ||
235 | cp output-configure oc10 | ||
236 | cp output-make om10 | ||
237 | rm output-configure output-make | ||
238 | |||
239 | #***************************************************************** | ||
240 | # TEST 11 | ||
241 | #***************************************************************** | ||
242 | # - disable global config | ||
243 | #***************************************************************** | ||
244 | print_title "${arr[11]}" | ||
245 | # seccomp | ||
246 | cd firejail | ||
247 | make distclean | ||
248 | ./configure --prefix=/usr --disable-globalcfg --enable-fatal-warnings 2>&1 | tee ../output-configure | ||
249 | make -j4 2>&1 | tee ../output-make | ||
250 | cd .. | ||
251 | grep Warning output-configure output-make > ./report-test11 | ||
252 | grep Error output-configure output-make >> ./report-test11 | ||
253 | cp output-configure oc11 | ||
254 | cp output-make om11 | ||
255 | rm output-configure output-make | ||
256 | |||
257 | #***************************************************************** | ||
258 | # TEST 12 | ||
259 | #***************************************************************** | ||
260 | # - enable apparmor | ||
261 | #***************************************************************** | ||
262 | print_title "${arr[12]}" | ||
263 | # seccomp | ||
264 | cd firejail | ||
265 | make distclean | ||
266 | ./configure --prefix=/usr --enable-apparmor --enable-fatal-warnings 2>&1 | tee ../output-configure | ||
267 | make -j4 2>&1 | tee ../output-make | ||
268 | cd .. | ||
269 | grep Warning output-configure output-make > ./report-test12 | ||
270 | grep Error output-configure output-make >> ./report-test12 | ||
271 | cp output-configure oc12 | ||
272 | cp output-make om12 | ||
273 | rm output-configure output-make | ||
274 | |||
275 | #***************************************************************** | ||
276 | # TEST 13 | ||
277 | #***************************************************************** | ||
278 | # - enable busybox workaround | ||
279 | #***************************************************************** | ||
280 | print_title "${arr[13]}" | ||
281 | # seccomp | ||
282 | cd firejail | ||
283 | make distclean | ||
284 | ./configure --prefix=/usr --enable-busybox-workaround --enable-fatal-warnings 2>&1 | tee ../output-configure | ||
285 | make -j4 2>&1 | tee ../output-make | ||
286 | cd .. | ||
287 | grep Warning output-configure output-make > ./report-test13 | ||
288 | grep Error output-configure output-make >> ./report-test13 | ||
289 | cp output-configure oc13 | ||
290 | cp output-make om13 | ||
291 | rm output-configure output-make | ||
292 | |||
293 | #***************************************************************** | ||
294 | # TEST 14 | ||
295 | #***************************************************************** | ||
296 | # - disable overlayfs | ||
297 | #***************************************************************** | ||
298 | print_title "${arr[14]}" | ||
299 | # seccomp | ||
300 | cd firejail | ||
301 | make distclean | ||
302 | ./configure --prefix=/usr --disable-overlayfs --enable-fatal-warnings 2>&1 | tee ../output-configure | ||
303 | make -j4 2>&1 | tee ../output-make | ||
304 | cd .. | ||
305 | grep Warning output-configure output-make > ./report-test14 | ||
306 | grep Error output-configure output-make >> ./report-test14 | ||
307 | cp output-configure oc14 | ||
308 | cp output-make om14 | ||
309 | rm output-configure output-make | ||
310 | |||
311 | #***************************************************************** | ||
312 | # TEST 15 | ||
313 | #***************************************************************** | ||
314 | # - enable apparmor | ||
315 | #***************************************************************** | ||
316 | print_title "${arr[15]}" | ||
317 | # seccomp | ||
318 | cd firejail | ||
319 | make distclean | ||
320 | ./configure --prefix=/usr --enable-apparmor --enable-fatal-warnings 2>&1 | tee ../output-configure | ||
321 | make -j4 2>&1 | tee ../output-make | ||
322 | cd .. | ||
323 | grep Warning output-configure output-make > ./report-test15 | ||
324 | grep Error output-configure output-make >> ./report-test15 | ||
325 | cp output-configure oc15 | ||
326 | cp output-make om15 | ||
327 | rm output-configure output-make | ||
328 | |||
224 | 329 | ||
225 | #***************************************************************** | 330 | #***************************************************************** |
226 | # PRINT REPORTS | 331 | # PRINT REPORTS |
@@ -245,3 +350,10 @@ echo ${arr[6]} | |||
245 | echo ${arr[7]} | 350 | echo ${arr[7]} |
246 | echo ${arr[8]} | 351 | echo ${arr[8]} |
247 | echo ${arr[9]} | 352 | echo ${arr[9]} |
353 | echo ${arr[10]} | ||
354 | echo ${arr[11]} | ||
355 | echo ${arr[12]} | ||
356 | echo ${arr[13]} | ||
357 | echo ${arr[14]} | ||
358 | echo ${arr[15]} | ||
359 | |||
diff --git a/test/configure b/test/configure index bdf36fcad..9acd021c8 100755 --- a/test/configure +++ b/test/configure | |||
@@ -28,7 +28,7 @@ ROOTDIR="/tmp/chroot" # default chroot directory | |||
28 | DEFAULT_FILES="/bin/bash /bin/sh " # basic chroot files | 28 | DEFAULT_FILES="/bin/bash /bin/sh " # basic chroot files |
29 | DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group " | 29 | DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group " |
30 | DEFAULT_FILES+=`find /lib -name libnss*` # files required by glibc | 30 | DEFAULT_FILES+=`find /lib -name libnss*` # files required by glibc |
31 | DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /usr/bin/touch /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount" | 31 | DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /usr/bin/touch /bin/ip /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount" |
32 | 32 | ||
33 | rm -fr $ROOTDIR | 33 | rm -fr $ROOTDIR |
34 | mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc} | 34 | mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc} |
diff --git a/test/dns.exp b/test/dns.exp deleted file mode 100755 index 96513f278..000000000 --- a/test/dns.exp +++ /dev/null | |||
@@ -1,69 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 30 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # no chroot | ||
8 | send -- "firejail --trace --dns=208.67.222.222 wget -q debian.org\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
11 | "Child process initialized" | ||
12 | } | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
15 | "1:wget:connect 208.67.222.222:53" | ||
16 | } | ||
17 | sleep 1 | ||
18 | |||
19 | send -- "rm index.html\r" | ||
20 | sleep 1 | ||
21 | |||
22 | # with chroot | ||
23 | send -- "firejail --chroot=/tmp/chroot --trace --dns=208.67.222.222 wget -q debian.org\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
26 | "Child process initialized" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
30 | "1:wget:connect 208.67.222.222:53" | ||
31 | } | ||
32 | sleep 1 | ||
33 | |||
34 | send -- "rm index.html\r" | ||
35 | sleep 1 | ||
36 | |||
37 | # net eth0 | ||
38 | send -- "firejail --net=eth0 --trace --dns=208.67.222.222 wget -q debian.org\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
41 | "Child process initialized" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
45 | "1:wget:connect 208.67.222.222:53" | ||
46 | } | ||
47 | sleep 1 | ||
48 | |||
49 | send -- "rm index.html\r" | ||
50 | sleep 1 | ||
51 | |||
52 | # net eth0 and chroot | ||
53 | send -- "firejail --net=eth0 --chroot=/tmp/chroot --trace --dns=208.67.222.222 wget -q debian.org\r" | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
56 | "Child process initialized" | ||
57 | } | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 4.2\n";exit} | ||
60 | "1:wget:connect 208.67.222.222:53" | ||
61 | } | ||
62 | sleep 1 | ||
63 | |||
64 | send -- "rm index.html\r" | ||
65 | sleep 1 | ||
66 | |||
67 | |||
68 | puts "\n" | ||
69 | |||
diff --git a/test/environment/allow-debuggers.exp b/test/environment/allow-debuggers.exp new file mode 100755 index 000000000..8a404decb --- /dev/null +++ b/test/environment/allow-debuggers.exp | |||
@@ -0,0 +1,40 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | cd /home | ||
5 | spawn $env(SHELL) | ||
6 | match_max 100000 | ||
7 | |||
8 | send -- "firejail --profile=/etc/firejail/firefox.profile --allow-debuggers strace ls\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "Child process initialized" | ||
12 | } | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 1\n";exit} | ||
15 | "ioctl" | ||
16 | } | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 2\n";exit} | ||
19 | "exit_group" | ||
20 | } | ||
21 | after 100 | ||
22 | |||
23 | send -- "firejail --allow-debuggers --profile=/etc/firejail/firefox.profile strace ls\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3\n";exit} | ||
26 | "Child process initialized" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 4\n";exit} | ||
30 | "ioctl" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 5\n";exit} | ||
34 | "exit_group" | ||
35 | } | ||
36 | after 100 | ||
37 | |||
38 | |||
39 | puts "\nall done\n" | ||
40 | |||
diff --git a/test/shell_csh.exp b/test/environment/csh.exp index a2634f633..46e4bb3ca 100755 --- a/test/shell_csh.exp +++ b/test/environment/csh.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -11,16 +14,13 @@ expect { | |||
11 | } | 14 | } |
12 | sleep 1 | 15 | sleep 1 |
13 | 16 | ||
14 | send -- "ls -al;pwd\r" | 17 | send -- "find /home\r" |
15 | expect { | 18 | expect { |
16 | timeout {puts "TESTING ERROR 1\n";exit} | 19 | timeout {puts "TESTING ERROR 1\n";exit} |
17 | ".cshrc" | 20 | ".cshrc" |
18 | } | 21 | } |
19 | expect { | 22 | |
20 | timeout {puts "TESTING ERROR 1.1\n";exit} | 23 | send -- "env | grep SHELL\r" |
21 | "home" | ||
22 | } | ||
23 | send -- "env | grep SHELL;pwd\r" | ||
24 | expect { | 24 | expect { |
25 | timeout {puts "TESTING ERROR 2\n";exit} | 25 | timeout {puts "TESTING ERROR 2\n";exit} |
26 | "SHELL" | 26 | "SHELL" |
@@ -29,12 +29,8 @@ expect { | |||
29 | timeout {puts "TESTING ERROR 2.1\n";exit} | 29 | timeout {puts "TESTING ERROR 2.1\n";exit} |
30 | "/bin/csh" | 30 | "/bin/csh" |
31 | } | 31 | } |
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
34 | "home" | ||
35 | } | ||
36 | send -- "exit\r" | 32 | send -- "exit\r" |
37 | sleep 1 | 33 | after 100 |
38 | 34 | ||
39 | puts "\n" | 35 | puts "\n" |
40 | 36 | ||
diff --git a/test/shell_dash.exp b/test/environment/dash.exp index f5a60719e..cd051ea7c 100755 --- a/test/shell_dash.exp +++ b/test/environment/dash.exp | |||
@@ -1,6 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | 2 | ||
3 | set timeout 10 | 3 | set timeout 10 |
4 | cd /home | ||
4 | spawn $env(SHELL) | 5 | spawn $env(SHELL) |
5 | match_max 100000 | 6 | match_max 100000 |
6 | 7 | ||
@@ -35,7 +36,7 @@ expect { | |||
35 | "home" | 36 | "home" |
36 | } | 37 | } |
37 | send -- "exit\r" | 38 | send -- "exit\r" |
38 | sleep 1 | 39 | after 100 |
39 | 40 | ||
40 | puts "\n" | 41 | puts "\n" |
41 | 42 | ||
diff --git a/test/environment/dns.exp b/test/environment/dns.exp new file mode 100755 index 000000000..0d12a82f2 --- /dev/null +++ b/test/environment/dns.exp | |||
@@ -0,0 +1,76 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 30 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --dns=8.8.4.4 --dns=8.8.8.8 --dns=4.2.2.1\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "cat /etc/resolv.conf\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
17 | "nameserver 8.8.4.4" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2.3\n";exit} | ||
21 | "nameserver 8.8.8.8" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 2.4\n";exit} | ||
25 | "nameserver 4.2.2.1" | ||
26 | } | ||
27 | after 100 | ||
28 | send -- "exit\r" | ||
29 | sleep 1 | ||
30 | |||
31 | |||
32 | send -- "firejail --profile=dns.profile\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 12.1\n";exit} | ||
35 | "Child process initialized" | ||
36 | } | ||
37 | sleep 1 | ||
38 | |||
39 | send -- "cat /etc/resolv.conf\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 12.2\n";exit} | ||
42 | "nameserver 8.8.4.4" | ||
43 | } | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 12.3\n";exit} | ||
46 | "nameserver 8.8.8.8" | ||
47 | } | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 12.4\n";exit} | ||
50 | "nameserver 4.2.2.1" | ||
51 | } | ||
52 | after 100 | ||
53 | send -- "exit\r" | ||
54 | sleep 1 | ||
55 | |||
56 | send -- "firejail --trace --dns=208.67.222.222 wget -q debian.org\r" | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
59 | "connect" | ||
60 | } | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
63 | "208.67.222.222" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
67 | "53" | ||
68 | } | ||
69 | after 100 | ||
70 | |||
71 | send -- "rm index.html\r" | ||
72 | after 100 | ||
73 | send -- "exit\r" | ||
74 | sleep 1 | ||
75 | |||
76 | puts "\nall done\n" | ||
diff --git a/test/environment/dns.profile b/test/environment/dns.profile new file mode 100644 index 000000000..d1b842c86 --- /dev/null +++ b/test/environment/dns.profile | |||
@@ -0,0 +1,3 @@ | |||
1 | dns 8.8.4.4 | ||
2 | dns 8.8.8.8 | ||
3 | dns 4.2.2.1 | ||
diff --git a/test/doubledash.exp b/test/environment/doubledash.exp index 668468980..2eaa7d9ce 100755 --- a/test/doubledash.exp +++ b/test/environment/doubledash.exp | |||
@@ -36,25 +36,25 @@ expect { | |||
36 | sleep 3 | 36 | sleep 3 |
37 | 37 | ||
38 | spawn $env(SHELL) | 38 | spawn $env(SHELL) |
39 | send -- "firejail --list;pwd\r" | 39 | send -- "firejail --list;ls -d /tmp\r" |
40 | expect { | 40 | expect { |
41 | timeout {puts "TESTING ERROR 6\n";exit} | 41 | timeout {puts "TESTING ERROR 6\n";exit} |
42 | "name=testing" | 42 | "name=testing" |
43 | } | 43 | } |
44 | expect { | 44 | expect { |
45 | timeout {puts "TESTING ERROR 7\n";exit} | 45 | timeout {puts "TESTING ERROR 7\n";exit} |
46 | "home" | 46 | "/tmp" |
47 | } | 47 | } |
48 | send -- "firejail --list;pwd\r" | 48 | send -- "firejail --list;ls -d /tmp\r" |
49 | expect { | 49 | expect { |
50 | timeout {puts "TESTING ERROR 8 (join)\n";exit} | 50 | timeout {puts "TESTING ERROR 8 (join)\n";exit} |
51 | "join=testing" | 51 | "join=testing" |
52 | } | 52 | } |
53 | expect { | 53 | expect { |
54 | timeout {puts "TESTING ERROR 9\n";exit} | 54 | timeout {puts "TESTING ERROR 9\n";exit} |
55 | "home" | 55 | "/tmp" |
56 | } | 56 | } |
57 | 57 | ||
58 | sleep 1 | 58 | after 100 |
59 | 59 | ||
60 | puts "\n" | 60 | puts "\n" |
diff --git a/test/env.exp b/test/environment/env.exp index d7aee3c64..8f72400b0 100755 --- a/test/env.exp +++ b/test/environment/env.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -28,7 +31,7 @@ expect { | |||
28 | "ENV3" | 31 | "ENV3" |
29 | } | 32 | } |
30 | send -- "exit\r" | 33 | send -- "exit\r" |
31 | sleep 1 | 34 | after 100 |
32 | 35 | ||
33 | #*********************************************** | 36 | #*********************************************** |
34 | send -- "firejail --profile=env.profile\r" | 37 | send -- "firejail --profile=env.profile\r" |
diff --git a/test/env.profile b/test/environment/env.profile index ba66e6210..ba66e6210 100644 --- a/test/env.profile +++ b/test/environment/env.profile | |||
diff --git a/test/environment/environment.sh b/test/environment/environment.sh new file mode 100755 index 000000000..2bb5a249e --- /dev/null +++ b/test/environment/environment.sh | |||
@@ -0,0 +1,113 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | |||
10 | echo "TESTING: DNS (test/environment/dns.exp)" | ||
11 | ./dns.exp | ||
12 | |||
13 | echo "TESTING: doubledash (test/environment/doubledash.exp" | ||
14 | mkdir -- -testdir | ||
15 | touch -- -testdir/ttt | ||
16 | cp -- /bin/bash -testdir/. | ||
17 | ./doubledash.exp | ||
18 | rm -fr -- -testdir | ||
19 | |||
20 | echo "TESTING: output (test/environment/output.exp)" | ||
21 | ./output.exp | ||
22 | |||
23 | echo "TESTING: extract command (extract_command.exp)" | ||
24 | ./extract_command.exp | ||
25 | |||
26 | echo "TESTING: environment variables (test/environment/env.exp)" | ||
27 | ./env.exp | ||
28 | |||
29 | echo "TESTING: shell none(test/environment/shell-none.exp)" | ||
30 | ./shell-none.exp | ||
31 | |||
32 | which dash | ||
33 | if [ "$?" -eq 0 ]; | ||
34 | then | ||
35 | echo "TESTING: dash (test/environment/dash.exp)" | ||
36 | ./dash.exp | ||
37 | else | ||
38 | echo "TESTING SKIP: dash not found" | ||
39 | fi | ||
40 | |||
41 | which csh | ||
42 | if [ "$?" -eq 0 ]; | ||
43 | then | ||
44 | echo "TESTING: csh (test/environment/csh.exp)" | ||
45 | ./csh.exp | ||
46 | else | ||
47 | echo "TESTING SKIP: csh not found" | ||
48 | fi | ||
49 | |||
50 | which zsh | ||
51 | if [ "$?" -eq 0 ]; | ||
52 | then | ||
53 | echo "TESTING: zsh (test/environment/zsh.exp)" | ||
54 | ./zsh.exp | ||
55 | else | ||
56 | echo "TESTING SKIP: zsh not found" | ||
57 | fi | ||
58 | |||
59 | echo "TESTING: firejail in firejail - single sandbox (test/environment/firejail-in-firejail.exp)" | ||
60 | ./firejail-in-firejail.exp | ||
61 | |||
62 | echo "TESTING: firejail in firejail - force new sandbox (test/environment/firejail-in-firejail2.exp)" | ||
63 | ./firejail-in-firejail2.exp | ||
64 | |||
65 | which aplay | ||
66 | if [ "$?" -eq 0 ]; | ||
67 | then | ||
68 | echo "TESTING: sound (test/environment/sound.exp)" | ||
69 | ./sound.exp | ||
70 | else | ||
71 | echo "TESTING SKIP: aplay not found" | ||
72 | fi | ||
73 | |||
74 | echo "TESTING: nice (test/environment/nice.exp)" | ||
75 | ./nice.exp | ||
76 | |||
77 | echo "TESTING: quiet (test/environment/quiet.exp)" | ||
78 | ./quiet.exp | ||
79 | |||
80 | which strace | ||
81 | if [ "$?" -eq 0 ]; | ||
82 | then | ||
83 | echo "TESTING: --allow-debuggers (test/environment/allow-debuggers.exp)" | ||
84 | ./allow-debuggers.exp | ||
85 | else | ||
86 | echo "TESTING SKIP: strace not found" | ||
87 | fi | ||
88 | |||
89 | # to install ibus: | ||
90 | # $ sudo apt-get install ibus-table-array30 | ||
91 | # $ ibus-setup | ||
92 | |||
93 | find ~/.config/ibus/bus | grep unix-0 | ||
94 | if [ "$?" -eq 0 ]; | ||
95 | then | ||
96 | echo "TESTING: ibus (test/environment/ibus.exp)" | ||
97 | ./ibus.exp | ||
98 | else | ||
99 | echo "TESTING SKIP: ibus not configured" | ||
100 | fi | ||
101 | |||
102 | echo "TESTING: rlimit (test/rlimit/rlimit.exp)" | ||
103 | ./rlimit.exp | ||
104 | |||
105 | echo "TESTING: rlimit profile (test/rlimit/rlimit-profile.exp)" | ||
106 | ./rlimit-profile.exp | ||
107 | |||
108 | echo "TESTING: rlimit errors (test/rlimit/rlimit-bad.exp)" | ||
109 | ./rlimit-bad.exp | ||
110 | |||
111 | echo "TESTING: rlimit errors profile (test/rlimit/rlimit-bad-profile.exp)" | ||
112 | ./rlimit-bad-profile.exp | ||
113 | |||
diff --git a/test/extract_command.exp b/test/environment/extract_command.exp index 99c1cc134..266f66ff5 100755 --- a/test/extract_command.exp +++ b/test/environment/extract_command.exp | |||
@@ -7,7 +7,7 @@ match_max 100000 | |||
7 | send -- "firejail --debug ls -al\r" | 7 | send -- "firejail --debug ls -al\r" |
8 | expect { | 8 | expect { |
9 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
10 | "Reading profile /etc/firejail/generic.profile" | 10 | "Reading profile /etc/firejail/default.profile" |
11 | } | 11 | } |
12 | expect { | 12 | expect { |
13 | timeout {puts "TESTING ERROR 2\n";exit} | 13 | timeout {puts "TESTING ERROR 2\n";exit} |
@@ -17,7 +17,7 @@ expect { | |||
17 | timeout {puts "TESTING ERROR 2\n";exit} | 17 | timeout {puts "TESTING ERROR 2\n";exit} |
18 | "Parent is shutting down, bye" | 18 | "Parent is shutting down, bye" |
19 | } | 19 | } |
20 | sleep 1 | 20 | after 100 |
21 | 21 | ||
22 | puts "\nall done\n" | 22 | puts "\nall done\n" |
23 | 23 | ||
diff --git a/test/environment/firejail-in-firejail.exp b/test/environment/firejail-in-firejail.exp new file mode 100755 index 000000000..2b851ee72 --- /dev/null +++ b/test/environment/firejail-in-firejail.exp | |||
@@ -0,0 +1,49 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "firejail\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 2\n";exit} | ||
20 | "Warning: an existing sandbox was detected" | ||
21 | } | ||
22 | after 100 | ||
23 | |||
24 | send -- "exit\r" | ||
25 | after 100 | ||
26 | |||
27 | send -- "firejail --force\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 3\n";exit} | ||
30 | "cannot rise privileges" | ||
31 | } | ||
32 | after 100 | ||
33 | |||
34 | send -- "firejail --version\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 4\n";exit} | ||
37 | "firejail version" | ||
38 | } | ||
39 | after 100 | ||
40 | |||
41 | send -- "firejail --version --force\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 5\n";exit} | ||
44 | "firejail version" | ||
45 | } | ||
46 | after 100 | ||
47 | |||
48 | |||
49 | puts "\nall done\n" | ||
diff --git a/test/environment/firejail-in-firejail2.exp b/test/environment/firejail-in-firejail2.exp new file mode 100755 index 000000000..330e5e372 --- /dev/null +++ b/test/environment/firejail-in-firejail2.exp | |||
@@ -0,0 +1,51 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --noprofile\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "firejail\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 2\n";exit} | ||
20 | "Warning: an existing sandbox was detected" | ||
21 | } | ||
22 | after 100 | ||
23 | |||
24 | send -- "exit\r" | ||
25 | after 100 | ||
26 | |||
27 | send -- "firejail --force\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 3\n";exit} | ||
30 | "Child process initialized" | ||
31 | } | ||
32 | after 100 | ||
33 | |||
34 | send -- "exit\r" | ||
35 | after 100 | ||
36 | |||
37 | send -- "firejail --version\r" | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 4\n";exit} | ||
40 | "firejail version" | ||
41 | } | ||
42 | after 100 | ||
43 | |||
44 | send -- "firejail --version --force\r" | ||
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 5\n";exit} | ||
47 | "firejail version" | ||
48 | } | ||
49 | after 100 | ||
50 | |||
51 | puts "\nall done\n" | ||
diff --git a/test/sysrq-trigger.exp b/test/environment/ibus.exp index 18fb4a01a..4344011a6 100755 --- a/test/sysrq-trigger.exp +++ b/test/environment/ibus.exp | |||
@@ -1,6 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | 2 | ||
3 | set timeout 10 | 3 | set timeout 10 |
4 | cd /home | ||
4 | spawn $env(SHELL) | 5 | spawn $env(SHELL) |
5 | match_max 100000 | 6 | match_max 100000 |
6 | 7 | ||
@@ -9,13 +10,19 @@ expect { | |||
9 | timeout {puts "TESTING ERROR 0\n";exit} | 10 | timeout {puts "TESTING ERROR 0\n";exit} |
10 | "Child process initialized" | 11 | "Child process initialized" |
11 | } | 12 | } |
12 | sleep 1 | 13 | after 100 |
13 | 14 | ||
14 | send -- "echo b > /proc/sysrq-trigger\r" | 15 | send -- "env | grep IBUS\r" |
15 | expect { | 16 | expect { |
16 | timeout {puts "TESTING ERROR 1\n";exit} | 17 | timeout {puts "TESTING ERROR 1\n";exit} |
17 | "Read-only file system" | 18 | "IBUS_ADDRESS" |
18 | } | 19 | } |
19 | sleep 1 | 20 | expect { |
21 | timeout {puts "TESTING ERROR 2\n";exit} | ||
22 | "IBUS_DAEMON_PID" | ||
23 | } | ||
24 | after 100 | ||
25 | |||
26 | |||
27 | puts "\nall done\n" | ||
20 | 28 | ||
21 | puts "\n" | ||
diff --git a/test/nice.exp b/test/environment/nice.exp index f4afb547d..2e0e95ea1 100755 --- a/test/nice.exp +++ b/test/environment/nice.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -14,7 +17,7 @@ sleep 1 | |||
14 | send -- "top -b -n 1\r" | 17 | send -- "top -b -n 1\r" |
15 | expect { | 18 | expect { |
16 | timeout {puts "TESTING ERROR 1\n";exit} | 19 | timeout {puts "TESTING ERROR 1\n";exit} |
17 | "netblue" | 20 | $env(USER) |
18 | } | 21 | } |
19 | expect { | 22 | expect { |
20 | timeout {puts "TESTING ERROR 2\n";exit} | 23 | timeout {puts "TESTING ERROR 2\n";exit} |
@@ -26,7 +29,7 @@ expect { | |||
26 | } | 29 | } |
27 | expect { | 30 | expect { |
28 | timeout {puts "TESTING ERROR 4\n";exit} | 31 | timeout {puts "TESTING ERROR 4\n";exit} |
29 | "netblu" | 32 | $env(USER) |
30 | } | 33 | } |
31 | expect { | 34 | expect { |
32 | timeout {puts "TESTING ERROR 5\n";exit} | 35 | timeout {puts "TESTING ERROR 5\n";exit} |
@@ -39,7 +42,7 @@ expect { | |||
39 | 42 | ||
40 | sleep 1 | 43 | sleep 1 |
41 | send -- "exit\r" | 44 | send -- "exit\r" |
42 | sleep 1 | 45 | after 100 |
43 | 46 | ||
44 | send -- "firejail --profile=nice.profile\r" | 47 | send -- "firejail --profile=nice.profile\r" |
45 | expect { | 48 | expect { |
@@ -51,7 +54,7 @@ sleep 1 | |||
51 | send -- "top -b -n 1\r" | 54 | send -- "top -b -n 1\r" |
52 | expect { | 55 | expect { |
53 | timeout {puts "TESTING ERROR 11\n";exit} | 56 | timeout {puts "TESTING ERROR 11\n";exit} |
54 | "netblue" | 57 | $env(USER) |
55 | } | 58 | } |
56 | expect { | 59 | expect { |
57 | timeout {puts "TESTING ERROR 12\n";exit} | 60 | timeout {puts "TESTING ERROR 12\n";exit} |
@@ -63,7 +66,7 @@ expect { | |||
63 | } | 66 | } |
64 | expect { | 67 | expect { |
65 | timeout {puts "TESTING ERROR 14\n";exit} | 68 | timeout {puts "TESTING ERROR 14\n";exit} |
66 | "netblu" | 69 | $env(USER) |
67 | } | 70 | } |
68 | expect { | 71 | expect { |
69 | timeout {puts "TESTING ERROR 15\n";exit} | 72 | timeout {puts "TESTING ERROR 15\n";exit} |
diff --git a/test/nice.profile b/test/environment/nice.profile index d02c8f58b..d02c8f58b 100644 --- a/test/nice.profile +++ b/test/environment/nice.profile | |||
diff --git a/test/output.exp b/test/environment/output.exp index 90a9d64b6..10c325832 100755 --- a/test/output.exp +++ b/test/environment/output.exp | |||
@@ -59,8 +59,7 @@ expect { | |||
59 | timeout {puts "TESTING ERROR 7\n";exit} | 59 | timeout {puts "TESTING ERROR 7\n";exit} |
60 | "logfile.5" | 60 | "logfile.5" |
61 | } | 61 | } |
62 | sleep 1 | 62 | after 100 |
63 | send -- "rm -f logfile*\r" | 63 | send -- "rm -f logfile*\r" |
64 | sleep 1 | 64 | after 100 |
65 | 65 | puts "\nall done\n" | |
66 | puts "\n" | ||
diff --git a/test/output.sh b/test/environment/output.sh index 2be188e3a..2be188e3a 100755 --- a/test/output.sh +++ b/test/environment/output.sh | |||
diff --git a/test/environment/quiet.exp b/test/environment/quiet.exp new file mode 100755 index 000000000..8d7c8d4c0 --- /dev/null +++ b/test/environment/quiet.exp | |||
@@ -0,0 +1,21 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 4 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # check ip address | ||
11 | send -- "firejail --quiet echo done\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "Reading profile" {puts "TESTING ERROR 2\n";exit} | ||
15 | "Child process initialized" {puts "TESTING ERROR 3\n";exit} | ||
16 | "done" | ||
17 | } | ||
18 | after 100 | ||
19 | |||
20 | puts "\nall done\n" | ||
21 | |||
diff --git a/test/environment/rlimit-bad-profile.exp b/test/environment/rlimit-bad-profile.exp new file mode 100755 index 000000000..80693a4a0 --- /dev/null +++ b/test/environment/rlimit-bad-profile.exp | |||
@@ -0,0 +1,35 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | |||
8 | send -- "firejail --profile=rlimit-bad1.profile\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 4\n";exit} | ||
11 | "Invalid rlimit option" | ||
12 | } | ||
13 | after 100 | ||
14 | |||
15 | send -- "firejail --profile=rlimit-bad2.profile\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 5\n";exit} | ||
18 | "Invalid rlimit option" | ||
19 | } | ||
20 | after 100 | ||
21 | |||
22 | send -- "firejail --profile=rlimit-bad3.profile\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 6\n";exit} | ||
25 | "Invalid rlimit option" | ||
26 | } | ||
27 | after 100 | ||
28 | send -- "firejail --profile=rlimit-bad4.profile\r" | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 7\n";exit} | ||
31 | "Invalid rlimit option" | ||
32 | } | ||
33 | after 100 | ||
34 | |||
35 | puts "\nall done\n" | ||
diff --git a/test/environment/rlimit-bad.exp b/test/environment/rlimit-bad.exp new file mode 100755 index 000000000..574e7e174 --- /dev/null +++ b/test/environment/rlimit-bad.exp | |||
@@ -0,0 +1,34 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --rlimit-fsize=-1024\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "invalid rlimt fsize" | ||
11 | } | ||
12 | after 100 | ||
13 | |||
14 | send -- "firejail --rlimit-nofile=asdf\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "invalid rlimt nofile" | ||
18 | } | ||
19 | after 100 | ||
20 | |||
21 | send -- "firejail --rlimit-nproc=100.23\r" | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 2\n";exit} | ||
24 | "invalid rlimt nproc" | ||
25 | } | ||
26 | after 100 | ||
27 | send -- "firejail --rlimit-sigpending=2345-78\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 3\n";exit} | ||
30 | "invalid rlimt sigpending" | ||
31 | } | ||
32 | after 100 | ||
33 | |||
34 | puts "\nall done\n" | ||
diff --git a/test/environment/rlimit-bad1.profile b/test/environment/rlimit-bad1.profile new file mode 100644 index 000000000..b6d3340d8 --- /dev/null +++ b/test/environment/rlimit-bad1.profile | |||
@@ -0,0 +1 @@ | |||
rlimit-fsize -1024 | |||
diff --git a/test/environment/rlimit-bad2.profile b/test/environment/rlimit-bad2.profile new file mode 100644 index 000000000..ef3f243c6 --- /dev/null +++ b/test/environment/rlimit-bad2.profile | |||
@@ -0,0 +1 @@ | |||
rlimit-nofile asdf | |||
diff --git a/test/environment/rlimit-bad3.profile b/test/environment/rlimit-bad3.profile new file mode 100644 index 000000000..af016a29f --- /dev/null +++ b/test/environment/rlimit-bad3.profile | |||
@@ -0,0 +1 @@ | |||
rlimit-nproc 100.23 | |||
diff --git a/test/environment/rlimit-bad4.profile b/test/environment/rlimit-bad4.profile new file mode 100644 index 000000000..aabe3d008 --- /dev/null +++ b/test/environment/rlimit-bad4.profile | |||
@@ -0,0 +1 @@ | |||
rlimit-sigpending 67asd56 \ No newline at end of file | |||
diff --git a/test/profile_rlimit.exp b/test/environment/rlimit-profile.exp index 7d2637444..a9e54a405 100755 --- a/test/profile_rlimit.exp +++ b/test/environment/rlimit-profile.exp | |||
@@ -1,6 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | 2 | ||
3 | set timeout 10 | 3 | set timeout 10 |
4 | #cd /home | ||
4 | spawn $env(SHELL) | 5 | spawn $env(SHELL) |
5 | match_max 100000 | 6 | match_max 100000 |
6 | 7 | ||
@@ -11,7 +12,7 @@ expect { | |||
11 | } | 12 | } |
12 | sleep 1 | 13 | sleep 1 |
13 | 14 | ||
14 | send -- "cat /proc/self/limits; pwd\r" | 15 | send -- "cat /proc/self/limits\r" |
15 | expect { | 16 | expect { |
16 | timeout {puts "TESTING ERROR 1.1\n";exit} | 17 | timeout {puts "TESTING ERROR 1.1\n";exit} |
17 | "Max file size 1024 1024" | 18 | "Max file size 1024 1024" |
@@ -28,9 +29,5 @@ expect { | |||
28 | timeout {puts "TESTING ERROR 1.4\n";exit} | 29 | timeout {puts "TESTING ERROR 1.4\n";exit} |
29 | "Max pending signals 200 200" | 30 | "Max pending signals 200 200" |
30 | } | 31 | } |
31 | expect { | 32 | after 100 |
32 | timeout {puts "TESTING ERROR 1.5\n";exit} | 33 | puts "\nall done\n" |
33 | "home" | ||
34 | } | ||
35 | sleep 1 | ||
36 | puts "\n" | ||
diff --git a/test/option_rlimit.exp b/test/environment/rlimit.exp index 17d2bd9d1..611f69821 100755 --- a/test/option_rlimit.exp +++ b/test/environment/rlimit.exp | |||
@@ -1,6 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | 2 | ||
3 | set timeout 10 | 3 | set timeout 10 |
4 | cd /home | ||
4 | spawn $env(SHELL) | 5 | spawn $env(SHELL) |
5 | match_max 100000 | 6 | match_max 100000 |
6 | 7 | ||
@@ -32,5 +33,5 @@ expect { | |||
32 | timeout {puts "TESTING ERROR 1.5\n";exit} | 33 | timeout {puts "TESTING ERROR 1.5\n";exit} |
33 | "home" | 34 | "home" |
34 | } | 35 | } |
35 | sleep 1 | 36 | after 100 |
36 | puts "\n" | 37 | puts "\n" |
diff --git a/test/rlimit.profile b/test/environment/rlimit.profile index 271891c03..271891c03 100644 --- a/test/rlimit.profile +++ b/test/environment/rlimit.profile | |||
diff --git a/test/environment/shell-none.exp b/test/environment/shell-none.exp new file mode 100755 index 000000000..8f3df794f --- /dev/null +++ b/test/environment/shell-none.exp | |||
@@ -0,0 +1,48 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --shell=none\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "shell=none configured, but no program specified" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "firejail --profile=shell-none.profile\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "shell=none configured, but no program specified" | ||
21 | } | ||
22 | after 100 | ||
23 | |||
24 | send -- "firejail --shell=none ls\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "Child process initialized" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 3\n";exit} | ||
31 | "environment.sh" | ||
32 | } | ||
33 | after 100 | ||
34 | |||
35 | send -- "firejail --profile=shell-none.profile ls\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 4\n";exit} | ||
38 | "Child process initialized" | ||
39 | } | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 5\n";exit} | ||
42 | "environment.sh" | ||
43 | } | ||
44 | after 100 | ||
45 | |||
46 | |||
47 | puts "\nall done\n" | ||
48 | |||
diff --git a/test/environment/shell-none.profile b/test/environment/shell-none.profile new file mode 100644 index 000000000..f16ebe3a0 --- /dev/null +++ b/test/environment/shell-none.profile | |||
@@ -0,0 +1 @@ | |||
shell none | |||
diff --git a/test/sound.exp b/test/environment/sound.exp index 078f8b416..dd55add89 100755 --- a/test/sound.exp +++ b/test/environment/sound.exp | |||
@@ -1,4 +1,8 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
2 | 6 | ||
3 | set timeout 10 | 7 | set timeout 10 |
4 | spawn $env(SHELL) | 8 | spawn $env(SHELL) |
@@ -73,7 +77,7 @@ expect { | |||
73 | timeout {puts "TESTING ERROR 25\n";exit} | 77 | timeout {puts "TESTING ERROR 25\n";exit} |
74 | "Parent is shutting down" | 78 | "Parent is shutting down" |
75 | } | 79 | } |
76 | sleep 2 | 80 | after 100 |
77 | 81 | ||
78 | puts "\n" | 82 | puts "\nall done\n" |
79 | 83 | ||
diff --git a/test/sound.profile b/test/environment/sound.profile index 2f83a0bbb..2f83a0bbb 100644 --- a/test/sound.profile +++ b/test/environment/sound.profile | |||
diff --git a/test/shell_zsh.exp b/test/environment/zsh.exp index 1d73fd926..578951ce0 100755 --- a/test/shell_zsh.exp +++ b/test/environment/zsh.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -11,15 +14,12 @@ expect { | |||
11 | } | 14 | } |
12 | sleep 1 | 15 | sleep 1 |
13 | 16 | ||
14 | send -- "ls -al;pwd\r" | 17 | send -- "find /home\r" |
15 | expect { | 18 | expect { |
16 | timeout {puts "TESTING ERROR 1\n";exit} | 19 | timeout {puts "TESTING ERROR 1\n";exit} |
17 | ".zshrc" | 20 | ".zshrc" |
18 | } | 21 | } |
19 | expect { | 22 | |
20 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
21 | "home" | ||
22 | } | ||
23 | send -- "env | grep SHELL;pwd\r" | 23 | send -- "env | grep SHELL;pwd\r" |
24 | expect { | 24 | expect { |
25 | timeout {puts "TESTING ERROR 2\n";exit} | 25 | timeout {puts "TESTING ERROR 2\n";exit} |
@@ -27,14 +27,10 @@ expect { | |||
27 | } | 27 | } |
28 | expect { | 28 | expect { |
29 | timeout {puts "TESTING ERROR 2.1\n";exit} | 29 | timeout {puts "TESTING ERROR 2.1\n";exit} |
30 | "/usr/bin/zsh" | 30 | "/bin/zsh" |
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
34 | "home" | ||
35 | } | 31 | } |
36 | send -- "exit\r" | 32 | send -- "exit\r" |
37 | sleep 1 | 33 | after 100 |
38 | 34 | ||
39 | puts "\n" | 35 | puts "\nall done\n" |
40 | 36 | ||
diff --git a/test/fcopy/cmdline.exp b/test/fcopy/cmdline.exp new file mode 100755 index 000000000..24bb19351 --- /dev/null +++ b/test/fcopy/cmdline.exp | |||
@@ -0,0 +1,46 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "/usr/lib/firejail/fcopy\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "files missing" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Usage:" | ||
18 | } | ||
19 | after 100 | ||
20 | |||
21 | send -- "/usr/lib/firejail/fcopy foo\r" | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 2\n";exit} | ||
24 | "files missing" | ||
25 | } | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 3\n";exit} | ||
28 | "Usage:" | ||
29 | } | ||
30 | after 100 | ||
31 | |||
32 | send -- "/usr/lib/firejail/fcopy f%oo1 foo2\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 4\n";exit} | ||
35 | "invalid file name" | ||
36 | } | ||
37 | after 100 | ||
38 | |||
39 | send -- "/usr/lib/firejail/fcopy foo1 f,oo2\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 5\n";exit} | ||
42 | "invalid file name" | ||
43 | } | ||
44 | after 100 | ||
45 | |||
46 | puts "\nall done\n" | ||
diff --git a/test/fcopy/dircopy.exp b/test/fcopy/dircopy.exp new file mode 100755 index 000000000..00b0204ae --- /dev/null +++ b/test/fcopy/dircopy.exp | |||
@@ -0,0 +1,106 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | # | ||
7 | # copy directory src to dest | ||
8 | # | ||
9 | set timeout 10 | ||
10 | spawn $env(SHELL) | ||
11 | match_max 100000 | ||
12 | |||
13 | send -- "rm -fr dest/*\r" | ||
14 | after 100 | ||
15 | |||
16 | send -- "/usr/lib/firejail/fcopy src dest\r" | ||
17 | after 100 | ||
18 | |||
19 | send -- "find dest\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 0\n";exit} | ||
22 | "dest/" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 1\n";exit} | ||
26 | "dest/a" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 2\n";exit} | ||
30 | "dest/a/b" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 3\n";exit} | ||
34 | "dest/a/b/file4" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 4\n";exit} | ||
38 | "dest/a/file3" | ||
39 | } | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 5\n";exit} | ||
42 | "dest/dircopy.exp" | ||
43 | } | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 6\n";exit} | ||
46 | "dest/file2" | ||
47 | } | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 7\n";exit} | ||
50 | "dest/file1" | ||
51 | } | ||
52 | after 100 | ||
53 | |||
54 | |||
55 | send -- "ls -al dest\r" | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 8\n";exit} | ||
58 | "drwxr-xr-x" | ||
59 | } | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 9\n";exit} | ||
62 | "a" | ||
63 | } | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 10\n";exit} | ||
66 | "lrwxrwxrwx" | ||
67 | } | ||
68 | expect { | ||
69 | timeout {puts "TESTING ERROR 11\n";exit} | ||
70 | "dircopy.exp" | ||
71 | } | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 12\n";exit} | ||
74 | "rwxr-xr-x" | ||
75 | } | ||
76 | expect { | ||
77 | timeout {puts "TESTING ERROR 13\n";exit} | ||
78 | "file1" | ||
79 | } | ||
80 | expect { | ||
81 | timeout {puts "TESTING ERROR 14\n";exit} | ||
82 | "rw-r--r--" | ||
83 | } | ||
84 | expect { | ||
85 | timeout {puts "TESTING ERROR 15\n";exit} | ||
86 | "file2" | ||
87 | } | ||
88 | after 100 | ||
89 | |||
90 | send -- "diff -q src/a/b/file4 dest/a/b/file4; echo done\r" | ||
91 | expect { | ||
92 | timeout {puts "TESTING ERROR 16\n";exit} | ||
93 | "differ" {puts "TESTING ERROR 17\n";exit} | ||
94 | "done" | ||
95 | } | ||
96 | |||
97 | send -- "file dest/dircopy.exp\r" | ||
98 | expect { | ||
99 | timeout {puts "TESTING ERROR 18\n";exit} | ||
100 | "symbolic link" | ||
101 | } | ||
102 | |||
103 | send -- "rm -fr dest/*\r" | ||
104 | after 100 | ||
105 | |||
106 | puts "\nall done\n" | ||
diff --git a/test/fcopy/fcopy.sh b/test/fcopy/fcopy.sh new file mode 100755 index 000000000..dcda5ca31 --- /dev/null +++ b/test/fcopy/fcopy.sh | |||
@@ -0,0 +1,23 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | mkdir dest | ||
10 | |||
11 | echo "TESTING: fcopy cmdline (test/fcopy/cmdline.exp)" | ||
12 | ./cmdline.exp | ||
13 | |||
14 | echo "TESTING: fcopy directory (test/fcopy/dircopy.exp)" | ||
15 | ./dircopy.exp | ||
16 | |||
17 | echo "TESTING: fcopy file (test/fcopy/filecopy.exp)" | ||
18 | ./filecopy.exp | ||
19 | |||
20 | echo "TESTING: fcopy link (test/fcopy/linkcopy.exp)" | ||
21 | ./linkcopy.exp | ||
22 | |||
23 | rm -fr dest/* | ||
diff --git a/test/fcopy/filecopy.exp b/test/fcopy/filecopy.exp new file mode 100755 index 000000000..d1f0a4424 --- /dev/null +++ b/test/fcopy/filecopy.exp | |||
@@ -0,0 +1,54 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | # | ||
7 | # copy directory src to dest | ||
8 | # | ||
9 | set timeout 10 | ||
10 | spawn $env(SHELL) | ||
11 | match_max 100000 | ||
12 | |||
13 | send -- "rm -fr dest/*\r" | ||
14 | after 100 | ||
15 | |||
16 | send -- "/usr/lib/firejail/fcopy dircopy.exp dest\r" | ||
17 | after 100 | ||
18 | |||
19 | send -- "find dest\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 0\n";exit} | ||
22 | "dest/" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 1\n";exit} | ||
26 | "dest/dircopy.exp" | ||
27 | } | ||
28 | after 100 | ||
29 | |||
30 | |||
31 | send -- "ls -al dest\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 2\n";exit} | ||
34 | "rwxr-xr-x" | ||
35 | } | ||
36 | after 100 | ||
37 | |||
38 | send -- "diff -q dircopy.exp dest/dircopy.exp; echo done\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 3\n";exit} | ||
41 | "differ" {puts "TESTING ERROR 4\n";exit} | ||
42 | "done" | ||
43 | } | ||
44 | |||
45 | send -- "file dest/dircopy.exp\r" | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 5\n";exit} | ||
48 | "ASCII text" | ||
49 | } | ||
50 | |||
51 | send -- "rm -fr dest/*\r" | ||
52 | after 100 | ||
53 | |||
54 | puts "\nall done\n" | ||
diff --git a/test/fcopy/linkcopy.exp b/test/fcopy/linkcopy.exp new file mode 100755 index 000000000..9927e18fe --- /dev/null +++ b/test/fcopy/linkcopy.exp | |||
@@ -0,0 +1,54 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | # | ||
7 | # copy directory src to dest | ||
8 | # | ||
9 | set timeout 10 | ||
10 | spawn $env(SHELL) | ||
11 | match_max 100000 | ||
12 | |||
13 | send -- "rm -fr dest/*\r" | ||
14 | after 100 | ||
15 | |||
16 | send -- "/usr/lib/firejail/fcopy src/dircopy.exp dest\r" | ||
17 | after 100 | ||
18 | |||
19 | send -- "find dest\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 0\n";exit} | ||
22 | "dest/" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 1\n";exit} | ||
26 | "dest/dircopy.exp" | ||
27 | } | ||
28 | after 100 | ||
29 | |||
30 | |||
31 | send -- "ls -al dest\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 2\n";exit} | ||
34 | "lrwxrwxrwx" | ||
35 | } | ||
36 | after 100 | ||
37 | |||
38 | send -- "diff -q dircopy.exp dest/dircopy.exp; echo done\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 3\n";exit} | ||
41 | "differ" {puts "TESTING ERROR 4\n";exit} | ||
42 | "done" | ||
43 | } | ||
44 | |||
45 | send -- "file dest/dircopy.exp\r" | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 5\n";exit} | ||
48 | "symbolic link" | ||
49 | } | ||
50 | |||
51 | send -- "rm -fr dest/*\r" | ||
52 | after 100 | ||
53 | |||
54 | puts "\nall done\n" | ||
diff --git a/test/fcopy/src/a/b/file4 b/test/fcopy/src/a/b/file4 new file mode 100644 index 000000000..ac318d7ab --- /dev/null +++ b/test/fcopy/src/a/b/file4 | |||
@@ -0,0 +1,11 @@ | |||
1 | |||
2 | |||
3 | Lorem ipsum dolor sit amet, consectetur adipiscing elit. Etiam interdum at massa non aliquam. Maecenas molestie id orci volutpat porta. Praesent aliquam nunc quis mi tristique, ac feugiat enim rutrum. Nulla vitae metus sodales, pellentesque risus sit amet, volutpat nisl. Curabitur accumsan arcu congue lacus porta laoreet. Nulla facilisi. Integer nec augue id magna gravida tincidunt id vitae lorem. Curabitur facilisis, tellus vel pellentesque pretium, odio dolor efficitur lorem, et tincidunt dui enim cursus lacus. Cras a orci ac magna semper dapibus nec et velit. Nullam aliquam sollicitudin auctor. | ||
4 | |||
5 | Mauris ac quam vel purus volutpat semper eget a ante. Curabitur arcu nisl, dapibus ac lectus ac, porttitor fermentum metus. Aliquam et sem aliquam magna interdum ultricies at eu orci. Aenean tortor augue, volutpat nec magna nec, rutrum bibendum justo. Vivamus ex quam, auctor ut pellentesque mattis, aliquet a eros. Etiam ac lacus ac ante ullamcorper sollicitudin a quis orci. Suspendisse quis justo ac mauris cursus finibus quis at elit. Vestibulum elementum finibus diam, eget convallis purus aliquet et. Fusce fermentum ornare urna, non ornare nisl tincidunt consectetur. Donec et lacus vitae ex eleifend porttitor id ut odio. Quisque luctus eget lorem et sollicitudin. | ||
6 | |||
7 | Aliquam libero elit, finibus a nisl a, commodo viverra turpis. Nam pulvinar in est sit amet fermentum. Praesent scelerisque tempus lectus, ac porta elit sodales rutrum. Duis faucibus faucibus urna eget accumsan. Vivamus in turpis ut massa rhoncus pretium nec et lorem. Aenean at tellus eget metus porta ornare. Aliquam erat volutpat. Donec hendrerit a massa vel malesuada. Integer varius sapien et orci viverra pretium. In at velit aliquet, vulputate nisi lobortis, aliquam augue. | ||
8 | |||
9 | Ut aliquam turpis ut lorem aliquam, in faucibus elit pulvinar. Vivamus viverra tortor ornare, lacinia leo sit amet, auctor arcu. Sed erat leo, pellentesque vel nibh a, malesuada vehicula purus. Vivamus est dolor, aliquet quis facilisis fermentum, varius in dolor. Nunc quis libero feugiat, imperdiet est vitae, mollis risus. Vestibulum elementum mattis lorem vitae gravida. Nullam id tellus interdum, aliquam erat eu, laoreet nunc. Aliquam ut felis vel mauris maximus pellentesque. | ||
10 | |||
11 | Vestibulum tempus mauris eget ex interdum, vitae vehicula tortor sollicitudin. Pellentesque et dolor cursus dui vulputate laoreet. Morbi eu bibendum quam, at ultrices elit. Vestibulum dictum enim sit amet ultricies imperdiet. Praesent congue magna ac mauris mattis, a iaculis ante aliquet. Vivamus at egestas ex. Suspendisse orci dolor, pharetra at aliquam a, faucibus facilisis leo. Quisque semper lorem eget elit commodo pretium. Aenean posuere augue quis arcu finibus, sit amet fringilla risus congue. Pellentesque rutrum nunc leo, aliquam lobortis lacus molestie nec. Donec convallis congue diam, ullamcorper vestibulum dui varius nec. Praesent pellentesque nisi risus. In aliquam molestie malesuada. Nulla facilisis a risus eu tristique. Morbi molestie et arcu quis efficitur. Curabitur cursus vestibulum luctus. | ||
diff --git a/test/fcopy/src/a/file3 b/test/fcopy/src/a/file3 new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/fcopy/src/a/file3 | |||
diff --git a/test/fcopy/src/dircopy.exp b/test/fcopy/src/dircopy.exp new file mode 120000 index 000000000..2acf88f7b --- /dev/null +++ b/test/fcopy/src/dircopy.exp | |||
@@ -0,0 +1 @@ | |||
../dircopy.exp \ No newline at end of file | |||
diff --git a/test/fcopy/src/file1 b/test/fcopy/src/file1 new file mode 100755 index 000000000..e69de29bb --- /dev/null +++ b/test/fcopy/src/file1 | |||
diff --git a/test/fcopy/src/file2 b/test/fcopy/src/file2 new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/fcopy/src/file2 | |||
diff --git a/test/features/1.2.exp b/test/features/1.2.exp index 6f7cae888..bcb227304 100755 --- a/test/features/1.2.exp +++ b/test/features/1.2.exp | |||
@@ -34,7 +34,7 @@ expect { | |||
34 | } | 34 | } |
35 | expect { | 35 | expect { |
36 | timeout {puts "TESTING ERROR 1.4\n";exit} | 36 | timeout {puts "TESTING ERROR 1.4\n";exit} |
37 | "proc /proc/sysrq-trigger proc" | 37 | "/proc/sysrq-trigger" |
38 | } | 38 | } |
39 | #expect { | 39 | #expect { |
40 | # timeout {puts "TESTING ERROR 1.5\n";exit} | 40 | # timeout {puts "TESTING ERROR 1.5\n";exit} |
@@ -42,11 +42,11 @@ expect { | |||
42 | #} | 42 | #} |
43 | expect { | 43 | expect { |
44 | timeout {puts "TESTING ERROR 1.6\n";exit} | 44 | timeout {puts "TESTING ERROR 1.6\n";exit} |
45 | "proc /proc/irq proc" | 45 | "/proc/irq" |
46 | } | 46 | } |
47 | expect { | 47 | expect { |
48 | timeout {puts "TESTING ERROR 1.7\n";exit} | 48 | timeout {puts "TESTING ERROR 1.7\n";exit} |
49 | "proc /proc/bus proc" | 49 | "/proc/bus" |
50 | } | 50 | } |
51 | after 100 | 51 | after 100 |
52 | send -- "exit\r" | 52 | send -- "exit\r" |
@@ -115,22 +115,22 @@ if { $chroot == "chroot" } { | |||
115 | timeout {puts "TESTING ERROR 5.3\n";exit} | 115 | timeout {puts "TESTING ERROR 5.3\n";exit} |
116 | "proc /proc/sys proc" | 116 | "proc /proc/sys proc" |
117 | } | 117 | } |
118 | expect { | 118 | # expect { |
119 | timeout {puts "TESTING ERROR 5.4\n";exit} | 119 | # timeout {puts "TESTING ERROR 5.4\n";exit} |
120 | "proc /proc/sysrq-trigger proc" | 120 | # "proc /proc/sysrq-trigger proc" |
121 | } | 121 | # } |
122 | # expect { | 122 | # expect { |
123 | # timeout {puts "TESTING ERROR 5.5\n";exit} | 123 | # timeout {puts "TESTING ERROR 5.5\n";exit} |
124 | # "proc /proc/sys/kernel/hotplug" | 124 | # "proc /proc/sys/kernel/hotplug" |
125 | # } | 125 | # } |
126 | expect { | 126 | # expect { |
127 | timeout {puts "TESTING ERROR 5.6\n";exit} | 127 | # timeout {puts "TESTING ERROR 5.6\n";exit} |
128 | "proc /proc/irq proc" | 128 | # "proc /proc/irq proc" |
129 | } | 129 | # } |
130 | expect { | 130 | # expect { |
131 | timeout {puts "TESTING ERROR 5.7\n";exit} | 131 | # timeout {puts "TESTING ERROR 5.7\n";exit} |
132 | "proc /proc/bus proc" | 132 | # "proc /proc/bus proc" |
133 | } | 133 | # } |
134 | after 100 | 134 | after 100 |
135 | send -- "exit\r" | 135 | send -- "exit\r" |
136 | sleep 1 | 136 | sleep 1 |
diff --git a/test/features/1.8.exp b/test/features/1.8.exp index 493a87328..4c6d3f3dc 100755 --- a/test/features/1.8.exp +++ b/test/features/1.8.exp | |||
@@ -20,12 +20,6 @@ expect { | |||
20 | } | 20 | } |
21 | sleep 1 | 21 | sleep 1 |
22 | 22 | ||
23 | send -- "ls /etc/firejail\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 1\n";exit} | ||
26 | "Permission denied" | ||
27 | } | ||
28 | after 100 | ||
29 | send -- "ls ~/.config/firejail\r" | 23 | send -- "ls ~/.config/firejail\r" |
30 | expect { | 24 | expect { |
31 | timeout {puts "TESTING ERROR 1.1\n";exit} | 25 | timeout {puts "TESTING ERROR 1.1\n";exit} |
@@ -77,12 +71,6 @@ if { $overlay == "overlay" } { | |||
77 | "Child process initialized" {puts "normal system\n"} | 71 | "Child process initialized" {puts "normal system\n"} |
78 | } | 72 | } |
79 | sleep 1 | 73 | sleep 1 |
80 | send -- "ls /etc/firejail\r" | ||
81 | expect { | ||
82 | timeout {puts "TESTING ERROR 3\n";exit} | ||
83 | "Permission denied" | ||
84 | } | ||
85 | after 100 | ||
86 | send -- "ls ~/.config/firejail\r" | 74 | send -- "ls ~/.config/firejail\r" |
87 | expect { | 75 | expect { |
88 | timeout {puts "TESTING ERROR 3.1\n";exit} | 76 | timeout {puts "TESTING ERROR 3.1\n";exit} |
@@ -134,12 +122,6 @@ if { $chroot == "chroot" } { | |||
134 | "Child process initialized" | 122 | "Child process initialized" |
135 | } | 123 | } |
136 | sleep 1 | 124 | sleep 1 |
137 | send -- "ls /etc/firejail\r" | ||
138 | expect { | ||
139 | timeout {puts "TESTING ERROR 5\n";exit} | ||
140 | "Permission denied" | ||
141 | } | ||
142 | after 100 | ||
143 | send -- "ls ~/.config/firejail\r" | 125 | send -- "ls ~/.config/firejail\r" |
144 | expect { | 126 | expect { |
145 | timeout {puts "TESTING ERROR 5.1\n";exit} | 127 | timeout {puts "TESTING ERROR 5.1\n";exit} |
diff --git a/test/features/3.5.exp b/test/features/3.5.exp index aed5fe836..f4b544b3d 100755 --- a/test/features/3.5.exp +++ b/test/features/3.5.exp | |||
@@ -22,8 +22,8 @@ sleep 1 | |||
22 | send -- "ls -l /dev | wc -l\r" | 22 | send -- "ls -l /dev | wc -l\r" |
23 | expect { | 23 | expect { |
24 | timeout {puts "TESTING ERROR 1.1\n";exit} | 24 | timeout {puts "TESTING ERROR 1.1\n";exit} |
25 | "12" { puts "Debian\n"} | 25 | "13" { puts "Debian\n"} |
26 | "11" { puts "Centos\n"} | 26 | "12" { puts "Centos\n"} |
27 | } | 27 | } |
28 | 28 | ||
29 | after 100 | 29 | after 100 |
@@ -45,8 +45,8 @@ if { $overlay == "overlay" } { | |||
45 | send -- "ls -l /dev | wc -l\r" | 45 | send -- "ls -l /dev | wc -l\r" |
46 | expect { | 46 | expect { |
47 | timeout {puts "TESTING ERROR 3.1\n";exit} | 47 | timeout {puts "TESTING ERROR 3.1\n";exit} |
48 | "12" { puts "Debian\n"} | 48 | "13" { puts "Debian\n"} |
49 | "11" { puts "Centos\n"} | 49 | "12" { puts "Centos\n"} |
50 | } | 50 | } |
51 | 51 | ||
52 | after 100 | 52 | after 100 |
@@ -68,7 +68,7 @@ if { $chroot == "chroot" } { | |||
68 | send -- "ls -l /dev | wc -l\r" | 68 | send -- "ls -l /dev | wc -l\r" |
69 | expect { | 69 | expect { |
70 | timeout {puts "TESTING ERROR 5.1\n";exit} | 70 | timeout {puts "TESTING ERROR 5.1\n";exit} |
71 | "11" | 71 | "12" |
72 | } | 72 | } |
73 | 73 | ||
74 | after 100 | 74 | after 100 |
diff --git a/test/features/3.6.exp b/test/features/3.6.exp index a00517716..389e63a1d 100755 --- a/test/features/3.6.exp +++ b/test/features/3.6.exp | |||
@@ -60,14 +60,19 @@ if { $chroot == "chroot" } { | |||
60 | expect { | 60 | expect { |
61 | timeout {puts "TESTING ERROR 4\n";exit} | 61 | timeout {puts "TESTING ERROR 4\n";exit} |
62 | "chroot option is not available" {puts "grsecurity\n"; exit} | 62 | "chroot option is not available" {puts "grsecurity\n"; exit} |
63 | "private-etc feature is disabled in chroot" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 5\n";exit} | ||
67 | "chroot option is not available" {puts "grsecurity\n"; exit} | ||
63 | "Child process initialized" | 68 | "Child process initialized" |
64 | } | 69 | } |
65 | sleep 1 | 70 | sleep 1 |
66 | 71 | ||
67 | send -- "ls -al /etc | wc -l\r" | 72 | send -- "ls /etc | grep firejail\r" |
68 | expect { | 73 | expect { |
69 | timeout {puts "TESTING ERROR 5.1\n";exit} | 74 | timeout {puts "TESTING ERROR 6\n";exit} |
70 | "10" | 75 | "firejail" |
71 | } | 76 | } |
72 | 77 | ||
73 | after 100 | 78 | after 100 |
diff --git a/test/features/3.8.exp b/test/features/3.8.exp index 94a1abf67..d941fa9b7 100755 --- a/test/features/3.8.exp +++ b/test/features/3.8.exp | |||
@@ -61,14 +61,18 @@ if { $chroot == "chroot" } { | |||
61 | send -- "firejail --noprofile --chroot=/tmp/chroot --private-bin=bash,cat,cp,ls,wc\r" | 61 | send -- "firejail --noprofile --chroot=/tmp/chroot --private-bin=bash,cat,cp,ls,wc\r" |
62 | expect { | 62 | expect { |
63 | timeout {puts "TESTING ERROR 4\n";exit} | 63 | timeout {puts "TESTING ERROR 4\n";exit} |
64 | "private-bin feature is disabled in chroot" | ||
65 | } | ||
66 | expect { | ||
67 | timeout {puts "TESTING ERROR 5\n";exit} | ||
64 | "Child process initialized" | 68 | "Child process initialized" |
65 | } | 69 | } |
66 | sleep 1 | 70 | sleep 1 |
67 | 71 | ||
68 | send -- "ls -l /usr/bin | wc -l\r" | 72 | send -- "ls -l /usr/bin | wc -l\r" |
69 | expect { | 73 | expect { |
70 | timeout {puts "TESTING ERROR 5.1\n";exit} | 74 | timeout {puts "TESTING ERROR 6\n";exit} |
71 | "6" | 75 | "9" |
72 | } | 76 | } |
73 | 77 | ||
74 | after 100 | 78 | after 100 |
diff --git a/test/filters/caps-print.exp b/test/filters/caps-print.exp new file mode 100755 index 000000000..d9d662239 --- /dev/null +++ b/test/filters/caps-print.exp | |||
@@ -0,0 +1,103 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test --noprofile --caps --debug\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Drop CAP_SYS_MODULE" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Drop CAP_SYS_RAWIO" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "Drop CAP_SYS_BOOT" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | "Drop CAP_SYS_NICE" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 4\n";exit} | ||
29 | "Drop CAP_SYS_TTY_CONFIG" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 5\n";exit} | ||
33 | "Drop CAP_SYSLOG" | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 6\n";exit} | ||
37 | "Drop CAP_MKNOD" | ||
38 | } | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 7\n";exit} | ||
41 | "Drop CAP_SYS_ADMIN" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 8\n";exit} | ||
45 | "Child process initialized" | ||
46 | } | ||
47 | sleep 1 | ||
48 | |||
49 | spawn $env(SHELL) | ||
50 | send -- "firejail --caps.print=test\r" | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 9\n";exit} | ||
53 | "chown - enabled" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 10\n";exit} | ||
57 | "setgid - enabled" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 11\n";exit} | ||
61 | "setuid - enabled" | ||
62 | } | ||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 12\n";exit} | ||
65 | "mknod - disabled" | ||
66 | } | ||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 13\n";exit} | ||
69 | "syslog - disabled" | ||
70 | } | ||
71 | after 100 | ||
72 | |||
73 | send -- "firejail --debug-caps\r" | ||
74 | expect { | ||
75 | timeout {puts "TESTING ERROR 9\n";exit} | ||
76 | "21 - sys_admin" | ||
77 | } | ||
78 | expect { | ||
79 | timeout {puts "TESTING ERROR 9\n";exit} | ||
80 | "22 - sys_boot" | ||
81 | } | ||
82 | expect { | ||
83 | timeout {puts "TESTING ERROR 9\n";exit} | ||
84 | "23 - sys_nice" | ||
85 | } | ||
86 | expect { | ||
87 | timeout {puts "TESTING ERROR 9\n";exit} | ||
88 | "24 - sys_resource" | ||
89 | } | ||
90 | after 100 | ||
91 | |||
92 | send -- "firejail --caps.keep=\"bla bla bla\"\r" | ||
93 | expect { | ||
94 | timeout {puts "TESTING ERROR 10\n";exit} | ||
95 | "capability" | ||
96 | } | ||
97 | expect { | ||
98 | timeout {puts "TESTING ERROR 11\n";exit} | ||
99 | "not found" | ||
100 | } | ||
101 | |||
102 | after 100 | ||
103 | puts "\nall done\n" | ||
diff --git a/test/filters/caps.exp b/test/filters/caps.exp new file mode 100755 index 000000000..2954f2e58 --- /dev/null +++ b/test/filters/caps.exp | |||
@@ -0,0 +1,139 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --caps.keep=chown,fowner --noprofile\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | after 100 | ||
16 | |||
17 | send -- "cat /proc/self/status\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 2\n";exit} | ||
20 | "CapBnd: 0000000000000009" | ||
21 | } | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 3\n";exit} | ||
24 | "Seccomp:" | ||
25 | } | ||
26 | send -- "exit\r" | ||
27 | sleep 1 | ||
28 | |||
29 | send -- "firejail --caps.drop=all --noprofile\r" | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 4\n";exit} | ||
32 | "Child process initialized" | ||
33 | } | ||
34 | after 100 | ||
35 | |||
36 | send -- "cat /proc/self/status\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 5\n";exit} | ||
39 | "CapBnd: 0000000000000000" | ||
40 | } | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 6\n";exit} | ||
43 | "Seccomp:" | ||
44 | } | ||
45 | send -- "exit\r" | ||
46 | sleep 1 | ||
47 | |||
48 | send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r" | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 7\n";exit} | ||
51 | "Child process initialized" | ||
52 | } | ||
53 | after 100 | ||
54 | |||
55 | send -- "cat /proc/self/status\r" | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 8\n";exit} | ||
58 | "CapBnd:" | ||
59 | } | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 9\n";exit} | ||
62 | "fffffff0" | ||
63 | } | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 10\n";exit} | ||
66 | "Seccomp:" | ||
67 | } | ||
68 | send -- "exit\r" | ||
69 | sleep 1 | ||
70 | |||
71 | |||
72 | send -- "firejail --profile=caps1.profile --debug\r" | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 11\n";exit} | ||
75 | "Drop CAP_SYS_MODULE" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 12\n";exit} | ||
79 | "Drop CAP_SYS_ADMIN" | ||
80 | } | ||
81 | expect { | ||
82 | timeout {puts "TESTING ERROR 13\n";exit} | ||
83 | "Drop CAP_" {puts "TESTING ERROR 14\n";exit} | ||
84 | "Child process initialized" | ||
85 | } | ||
86 | after 100 | ||
87 | send -- "exit\r" | ||
88 | sleep 1 | ||
89 | |||
90 | |||
91 | ## tofix: possible problem with caps.keep in profile files | ||
92 | ##send -- "firejail --caps.keep=chown,fowner --noprofile\r" | ||
93 | #send -- "firejail --profile=caps2.profile\r" | ||
94 | #expect { | ||
95 | # timeout {puts "TESTING ERROR 15\n";exit} | ||
96 | # "Child process initialized" | ||
97 | #} | ||
98 | #after 100 | ||
99 | # | ||
100 | #send -- "cat /proc/self/status\r" | ||
101 | #expect { | ||
102 | # timeout {puts "TESTING ERROR 16\n";exit} | ||
103 | # "CapBnd: 0000000000000009" | ||
104 | #} | ||
105 | #expect { | ||
106 | # timeout {puts "TESTING ERROR 17\n";exit} | ||
107 | # "Seccomp:" | ||
108 | #} | ||
109 | #send -- "exit\r" | ||
110 | #sleep 1 | ||
111 | |||
112 | #send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r" | ||
113 | send -- "firejail --profile=caps3.profile\r" | ||
114 | expect { | ||
115 | timeout {puts "TESTING ERROR 18\n";exit} | ||
116 | "Child process initialized" | ||
117 | } | ||
118 | after 100 | ||
119 | |||
120 | send -- "cat /proc/self/status\r" | ||
121 | expect { | ||
122 | timeout {puts "TESTING ERROR 19\n";exit} | ||
123 | "CapBnd:" | ||
124 | } | ||
125 | expect { | ||
126 | timeout {puts "TESTING ERROR 20\n";exit} | ||
127 | "fffffff0" | ||
128 | } | ||
129 | expect { | ||
130 | timeout {puts "TESTING ERROR 21\n";exit} | ||
131 | "Seccomp:" | ||
132 | } | ||
133 | send -- "exit\r" | ||
134 | sleep 1 | ||
135 | |||
136 | |||
137 | |||
138 | after 100 | ||
139 | puts "\nall done\n" | ||
diff --git a/test/filters/caps1.profile b/test/filters/caps1.profile new file mode 100644 index 000000000..8b0c3b340 --- /dev/null +++ b/test/filters/caps1.profile | |||
@@ -0,0 +1 @@ | |||
caps | |||
diff --git a/test/filters/caps2.profile b/test/filters/caps2.profile new file mode 100644 index 000000000..4f0016fad --- /dev/null +++ b/test/filters/caps2.profile | |||
@@ -0,0 +1 @@ | |||
caps.drop chown,dac_override,dac_read_search,fowner \ No newline at end of file | |||
diff --git a/test/filters/caps3.profile b/test/filters/caps3.profile new file mode 100644 index 000000000..4f0016fad --- /dev/null +++ b/test/filters/caps3.profile | |||
@@ -0,0 +1 @@ | |||
caps.drop chown,dac_override,dac_read_search,fowner \ No newline at end of file | |||
diff --git a/test/filters/filters.sh b/test/filters/filters.sh new file mode 100755 index 000000000..fea4a0296 --- /dev/null +++ b/test/filters/filters.sh | |||
@@ -0,0 +1,71 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | echo "TESTING: noroot (test/filters/noroot.exp)" | ||
10 | ./noroot.exp | ||
11 | |||
12 | echo "TESTING: capabilities (test/filters/caps.exp)" | ||
13 | ./caps.exp | ||
14 | |||
15 | echo "TESTING: capabilities print (test/filters/caps-print.exp)" | ||
16 | ./caps-print.exp | ||
17 | |||
18 | rm -f seccomp-test-file | ||
19 | if [ "$(uname -m)" = "x86_64" ]; then | ||
20 | echo "TESTING: fseccomp (test/filters/fseccomp.exp)" | ||
21 | ./fseccomp.exp | ||
22 | else | ||
23 | echo "TESTING SKIP: fseccomp test implemented only for x86_64" | ||
24 | fi | ||
25 | rm -f seccomp-test-file | ||
26 | |||
27 | |||
28 | if [ "$(uname -m)" = "x86_64" ]; then | ||
29 | echo "TESTING: protocol (test/filters/protocol.exp)" | ||
30 | ./protocol.exp | ||
31 | else | ||
32 | echo "TESTING SKIP: protocol, running only on x86_64" | ||
33 | fi | ||
34 | |||
35 | echo "TESTING: seccomp bad empty (test/filters/seccomp-bad-empty.exp)" | ||
36 | ./seccomp-bad-empty.exp | ||
37 | |||
38 | echo "TESTING: seccomp debug (test/filters/seccomp-debug.exp)" | ||
39 | ./seccomp-debug.exp | ||
40 | |||
41 | echo "TESTING: seccomp errno (test/filters/seccomp-errno.exp)" | ||
42 | ./seccomp-errno.exp | ||
43 | |||
44 | echo "TESTING: seccomp su (test/filters/seccomp-su.exp)" | ||
45 | ./seccomp-su.exp | ||
46 | |||
47 | which strace | ||
48 | if [ $? -eq 0 ]; then | ||
49 | echo "TESTING: seccomp ptrace (test/filters/seccomp-ptrace.exp)" | ||
50 | ./seccomp-ptrace.exp | ||
51 | else | ||
52 | echo "TESTING SKIP: ptrace, strace not found" | ||
53 | fi | ||
54 | |||
55 | echo "TESTING: seccomp chmod - seccomp lists (test/filters/seccomp-chmod.exp)" | ||
56 | ./seccomp-chmod.exp | ||
57 | |||
58 | echo "TESTING: seccomp chmod profile - seccomp lists (test/filters/seccomp-chmod-profile.exp)" | ||
59 | ./seccomp-chmod-profile.exp | ||
60 | |||
61 | # todo: fix pwd and add seccomp-chown.exp | ||
62 | |||
63 | echo "TESTING: seccomp empty (test/filters/seccomp-empty.exp)" | ||
64 | ./seccomp-empty.exp | ||
65 | |||
66 | if [ "$(uname -m)" = "x86_64" ]; then | ||
67 | echo "TESTING: seccomp dual filter (test/filters/seccomp-dualfilter.exp)" | ||
68 | ./seccomp-dualfilter.exp | ||
69 | else | ||
70 | echo "TESTING SKIP: seccomp dual, not running on x86_64" | ||
71 | fi | ||
diff --git a/test/filters/fseccomp.exp b/test/filters/fseccomp.exp new file mode 100755 index 000000000..8a9a8f9dc --- /dev/null +++ b/test/filters/fseccomp.exp | |||
@@ -0,0 +1,138 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | after 100 | ||
11 | send -- "/usr/lib/firejail/fseccomp debug-syscalls\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "1 - write" | ||
15 | } | ||
16 | |||
17 | after 100 | ||
18 | send -- "/usr/lib/firejail/fseccomp debug-errnos\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "1 - EPERM" | ||
22 | } | ||
23 | |||
24 | after 100 | ||
25 | send -- "/usr/lib/firejail/fseccomp debug-protocols\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 3\n";exit} | ||
28 | "unix, inet, inet6, netlink, packet," | ||
29 | } | ||
30 | |||
31 | after 100 | ||
32 | send -- "/usr/lib/firejail/fseccomp protocol build unix,inet seccomp-test-file\r" | ||
33 | after 100 | ||
34 | send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
37 | "WHITELIST 41 socket" | ||
38 | } | ||
39 | |||
40 | after 100 | ||
41 | send -- "/usr/lib/firejail/fseccomp secondary 64 seccomp-test-file\r" | ||
42 | after 100 | ||
43 | send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r" | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
46 | "BLACKLIST 165 mount" | ||
47 | } | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 5.2\n";exit} | ||
50 | "BLACKLIST 166 umount2" | ||
51 | } | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 5.3\n";exit} | ||
54 | "RETURN_ALLOW" | ||
55 | } | ||
56 | |||
57 | after 100 | ||
58 | send -- "/usr/lib/firejail/fseccomp default seccomp-test-file\r" | ||
59 | after 100 | ||
60 | send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
63 | "BLACKLIST 165 mount" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
67 | "BLACKLIST 166 umount2" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
71 | "RETURN_ALLOW" | ||
72 | } | ||
73 | |||
74 | after 100 | ||
75 | send -- "/usr/lib/firejail/fseccomp drop seccomp-test-file chmod,chown\r" | ||
76 | after 100 | ||
77 | send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r" | ||
78 | expect { | ||
79 | timeout {puts "TESTING ERROR 7.1\n";exit} | ||
80 | "BLACKLIST 165 mount" {puts "TESTING ERROR 7.2\n";exit} | ||
81 | "BLACKLIST 166 umount2" {puts "TESTING ERROR 7.3\n";exit} | ||
82 | "BLACKLIST 90 chmod" | ||
83 | } | ||
84 | expect { | ||
85 | timeout {puts "TESTING ERROR 7.4\n";exit} | ||
86 | "BLACKLIST 92 chown" | ||
87 | } | ||
88 | expect { | ||
89 | timeout {puts "TESTING ERROR 7.5\n";exit} | ||
90 | "RETURN_ALLOW" | ||
91 | } | ||
92 | |||
93 | after 100 | ||
94 | send -- "/usr/lib/firejail/fseccomp default drop seccomp-test-file chmod,chown\r" | ||
95 | after 100 | ||
96 | send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r" | ||
97 | expect { | ||
98 | timeout {puts "TESTING ERROR 8.1\n";exit} | ||
99 | "BLACKLIST 165 mount" | ||
100 | } | ||
101 | expect { | ||
102 | timeout {puts "TESTING ERROR 8.2\n";exit} | ||
103 | "BLACKLIST 166 umount2" | ||
104 | } | ||
105 | expect { | ||
106 | timeout {puts "TESTING ERROR 8.3\n";exit} | ||
107 | "BLACKLIST 90 chmod" | ||
108 | } | ||
109 | expect { | ||
110 | timeout {puts "TESTING ERROR 8.4\n";exit} | ||
111 | "BLACKLIST 92 chown" | ||
112 | } | ||
113 | expect { | ||
114 | timeout {puts "TESTING ERROR 8.5\n";exit} | ||
115 | "RETURN_ALLOW" | ||
116 | } | ||
117 | after 100 | ||
118 | send -- "/usr/lib/firejail/fseccomp keep seccomp-test-file chmod,chown\r" | ||
119 | after 100 | ||
120 | send -- "/usr/lib/firejail/fseccomp print seccomp-test-file\r" | ||
121 | expect { | ||
122 | timeout {puts "TESTING ERROR 9.1\n";exit} | ||
123 | "WHITELIST 90 chmod" | ||
124 | } | ||
125 | expect { | ||
126 | timeout {puts "TESTING ERROR 9.2\n";exit} | ||
127 | "WHITELIST 92 chown" | ||
128 | } | ||
129 | expect { | ||
130 | timeout {puts "TESTING ERROR 9.3\n";exit} | ||
131 | "KILL_PROCESS" | ||
132 | } | ||
133 | |||
134 | |||
135 | |||
136 | after 100 | ||
137 | puts "\nall done\n" | ||
138 | |||
diff --git a/test/filters/noroot.exp b/test/filters/noroot.exp new file mode 100755 index 000000000..b011f2bf9 --- /dev/null +++ b/test/filters/noroot.exp | |||
@@ -0,0 +1,160 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --noprofile --noroot --caps.drop=all --seccomp\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "cannot create a new user namespace" {puts "TESTING SKIP: user namespace not available\n"; exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 1 | ||
17 | |||
18 | send -- "cat /proc/self/status\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1\n";exit} | ||
21 | "CapBnd: 0000000000000000" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 2\n";exit} | ||
25 | "Seccomp:" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3\n";exit} | ||
29 | "2" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 4\n";exit} | ||
33 | "Cpus_allowed:" | ||
34 | } | ||
35 | puts "\n" | ||
36 | |||
37 | send -- "ping 0\r" | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 5\n";exit} | ||
40 | "Operation not permitted" | ||
41 | } | ||
42 | send -- "whoami\r" | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 6\n";exit} | ||
45 | $env(USER) | ||
46 | } | ||
47 | send -- "sudo -s\r" | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 7\n";exit} | ||
50 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | ||
51 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
52 | "Bad system call" { puts "OK\n";} | ||
53 | } | ||
54 | send -- "cat /proc/self/uid_map | wc -l\r" | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 8\n";exit} | ||
57 | "1" | ||
58 | } | ||
59 | send -- "cat /proc/self/gid_map | wc -l\r" | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 9\n";exit} | ||
62 | "5" | ||
63 | } | ||
64 | |||
65 | puts "\n" | ||
66 | send -- "exit\r" | ||
67 | sleep 2 | ||
68 | |||
69 | |||
70 | |||
71 | send -- "firejail --name=test --noroot --noprofile\r" | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 10\n";exit} | ||
74 | "Child process initialized" | ||
75 | } | ||
76 | sleep 1 | ||
77 | |||
78 | send -- "cat /proc/self/status\r" | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 11\n";exit} | ||
81 | "CapBnd:" | ||
82 | } | ||
83 | expect { | ||
84 | timeout {puts "TESTING ERROR 12\n";exit} | ||
85 | "ffffffff" | ||
86 | } | ||
87 | expect { | ||
88 | timeout {puts "TESTING ERROR 13\n";exit} | ||
89 | "Seccomp:" | ||
90 | } | ||
91 | expect { | ||
92 | timeout {puts "TESTING ERROR 14\n";exit} | ||
93 | "0" | ||
94 | } | ||
95 | expect { | ||
96 | timeout {puts "TESTING ERROR 15\n";exit} | ||
97 | "Cpus_allowed:" | ||
98 | } | ||
99 | puts "\n" | ||
100 | |||
101 | send -- "whoami\r" | ||
102 | expect { | ||
103 | timeout {puts "TESTING ERROR 16\n";exit} | ||
104 | $env(USER) | ||
105 | } | ||
106 | send -- "sudo -s\r" | ||
107 | expect { | ||
108 | timeout {puts "TESTING ERROR 17\n";exit} | ||
109 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | ||
110 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
111 | } | ||
112 | send -- "ping 0\r" | ||
113 | expect { | ||
114 | timeout {puts "TESTING ERROR 18\n";exit} | ||
115 | "Operation not permitted" | ||
116 | } | ||
117 | send -- "cat /proc/self/uid_map | wc -l\r" | ||
118 | expect { | ||
119 | timeout {puts "TESTING ERROR 19\n";exit} | ||
120 | "1" | ||
121 | } | ||
122 | send -- "cat /proc/self/gid_map | wc -l\r" | ||
123 | expect { | ||
124 | timeout {puts "TESTING ERROR 20\n";exit} | ||
125 | "5" | ||
126 | } | ||
127 | |||
128 | |||
129 | |||
130 | spawn $env(SHELL) | ||
131 | send -- "firejail --debug --join=test\r" | ||
132 | expect { | ||
133 | timeout {puts "TESTING ERROR 21\n";exit} | ||
134 | "User namespace detected" | ||
135 | } | ||
136 | expect { | ||
137 | timeout {puts "TESTING ERROR 22\n";exit} | ||
138 | "Joining user namespace" | ||
139 | } | ||
140 | sleep 1 | ||
141 | |||
142 | send -- "sudo -s\r" | ||
143 | expect { | ||
144 | timeout {puts "TESTING ERROR 23\n";exit} | ||
145 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | ||
146 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
147 | "Permission denied" { puts "OK\n";} | ||
148 | } | ||
149 | send -- "cat /proc/self/uid_map | wc -l\r" | ||
150 | expect { | ||
151 | timeout {puts "TESTING ERROR 24\n";exit} | ||
152 | "1" | ||
153 | } | ||
154 | send -- "cat /proc/self/gid_map | wc -l\r" | ||
155 | expect { | ||
156 | timeout {puts "TESTING ERROR 25\n";exit} | ||
157 | "5" | ||
158 | } | ||
159 | after 100 | ||
160 | puts "\nall done\n" | ||
diff --git a/test/protocol.exp b/test/filters/protocol.exp index 018f4cd9b..835f645b2 100755 --- a/test/protocol.exp +++ b/test/filters/protocol.exp | |||
@@ -1,16 +1,21 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
5 | match_max 100000 | 8 | match_max 100000 |
6 | 9 | ||
7 | send -- "firejail --noprofile --protocol=unix ../src/tools/syscall_test socket\r" | 10 | send -- "firejail --noprofile --protocol=unix ./syscall_test socket\r" |
8 | expect { | 11 | expect { |
9 | timeout {puts "TESTING ERROR 1\n";exit} | 12 | timeout {puts "TESTING ERROR 1\n";exit} |
13 | "Permission denied" {puts "TESTING SKIP: permission denied\n"; exit} | ||
10 | "Child process initialized" | 14 | "Child process initialized" |
11 | } | 15 | } |
12 | expect { | 16 | expect { |
13 | timeout {puts "TESTING ERROR 1.1\n";exit} | 17 | timeout {puts "TESTING ERROR 1.1\n";exit} |
18 | "Permission denied" {puts "TESTING SKIP: permission denied\n"; exit} | ||
14 | "socket AF_INET" | 19 | "socket AF_INET" |
15 | } | 20 | } |
16 | expect { | 21 | expect { |
@@ -47,7 +52,7 @@ expect { | |||
47 | } | 52 | } |
48 | sleep 1 | 53 | sleep 1 |
49 | 54 | ||
50 | send -- "firejail --noprofile --protocol=inet6,packet ../src/tools/syscall_test socket\r" | 55 | send -- "firejail --noprofile --protocol=inet6,packet ./syscall_test socket\r" |
51 | expect { | 56 | expect { |
52 | timeout {puts "TESTING ERROR 2\n";exit} | 57 | timeout {puts "TESTING ERROR 2\n";exit} |
53 | "Child process initialized" | 58 | "Child process initialized" |
@@ -91,7 +96,7 @@ expect { | |||
91 | sleep 1 | 96 | sleep 1 |
92 | 97 | ||
93 | # profile testing | 98 | # profile testing |
94 | send -- "firejail --profile=protocol1.profile ../src/tools/syscall_test socket\r" | 99 | send -- "firejail --profile=protocol1.profile ./syscall_test socket\r" |
95 | expect { | 100 | expect { |
96 | timeout {puts "TESTING ERROR 3\n";exit} | 101 | timeout {puts "TESTING ERROR 3\n";exit} |
97 | "Child process initialized" | 102 | "Child process initialized" |
@@ -134,7 +139,7 @@ expect { | |||
134 | } | 139 | } |
135 | sleep 1 | 140 | sleep 1 |
136 | 141 | ||
137 | send -- "firejail --profile=protocol2.profile ../src/tools/syscall_test socket\r" | 142 | send -- "firejail --profile=protocol2.profile ./syscall_test socket\r" |
138 | expect { | 143 | expect { |
139 | timeout {puts "TESTING ERROR 4\n";exit} | 144 | timeout {puts "TESTING ERROR 4\n";exit} |
140 | "Child process initialized" | 145 | "Child process initialized" |
@@ -175,10 +180,6 @@ expect { | |||
175 | timeout {puts "TESTING ERROR 4.9\n";exit} | 180 | timeout {puts "TESTING ERROR 4.9\n";exit} |
176 | "after socket" | 181 | "after socket" |
177 | } | 182 | } |
178 | sleep 1 | 183 | after 100 |
179 | |||
180 | |||
181 | |||
182 | |||
183 | 184 | ||
184 | puts "\nall done\n" | 185 | puts "\nall done\n" |
diff --git a/test/protocol1.profile b/test/filters/protocol1.profile index 3e1ea2a29..3e1ea2a29 100644 --- a/test/protocol1.profile +++ b/test/filters/protocol1.profile | |||
diff --git a/test/protocol2.profile b/test/filters/protocol2.profile index b7eb4ab91..b7eb4ab91 100644 --- a/test/protocol2.profile +++ b/test/filters/protocol2.profile | |||
diff --git a/test/seccomp-bad-empty.exp b/test/filters/seccomp-bad-empty.exp index 631d67743..1bd9c9b1f 100755 --- a/test/seccomp-bad-empty.exp +++ b/test/filters/seccomp-bad-empty.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -33,6 +36,6 @@ expect { | |||
33 | timeout {puts "TESTING ERROR 7\n";exit} | 36 | timeout {puts "TESTING ERROR 7\n";exit} |
34 | "Error: line 1 in seccomp-bad-empty2.profile is invalid" | 37 | "Error: line 1 in seccomp-bad-empty2.profile is invalid" |
35 | } | 38 | } |
36 | sleep 1 | 39 | after 100 |
37 | puts "\nall done\n" | 40 | puts "\nall done\n" |
38 | 41 | ||
diff --git a/test/seccomp-bad-empty.profile b/test/filters/seccomp-bad-empty.profile index 2d4fcde7c..2d4fcde7c 100644 --- a/test/seccomp-bad-empty.profile +++ b/test/filters/seccomp-bad-empty.profile | |||
diff --git a/test/seccomp-bad-empty2.profile b/test/filters/seccomp-bad-empty2.profile index c4e6c9f74..c4e6c9f74 100644 --- a/test/seccomp-bad-empty2.profile +++ b/test/filters/seccomp-bad-empty2.profile | |||
diff --git a/test/ip6.exp b/test/filters/seccomp-chmod-profile.exp index fba47d095..463ce05e9 100755 --- a/test/ip6.exp +++ b/test/filters/seccomp-chmod-profile.exp | |||
@@ -1,43 +1,51 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
5 | match_max 100000 | 8 | match_max 100000 |
6 | 9 | ||
7 | send -- "firejail --debug --noprofile --net=br0 --ip6=2001:0db8:0:f101::1/64 --netfilter6=ipv6.net\r" | 10 | send -- "firejail --profile=seccomp.profile --private\r" |
8 | expect { | 11 | expect { |
9 | timeout {puts "TESTING ERROR 0\n";exit} | 12 | timeout {puts "TESTING ERROR 0\n";exit} |
10 | "Installing network filter" | 13 | "Child process initialized" |
11 | } | 14 | } |
15 | sleep 2 | ||
16 | |||
17 | send -- "cd ~; echo done\r" | ||
12 | expect { | 18 | expect { |
13 | timeout {puts "TESTING ERROR 1\n";exit} | 19 | timeout {puts "TESTING ERROR 1\n";exit} |
14 | "DROP" | 20 | "done" |
15 | } | 21 | } |
22 | |||
23 | send -- "touch testfile; echo done\r" | ||
16 | expect { | 24 | expect { |
17 | timeout {puts "TESTING ERROR 2\n";exit} | 25 | timeout {puts "TESTING ERROR 2\n";exit} |
18 | "2001:db8:1f0a:3ec::2" | 26 | "done" |
19 | } | 27 | } |
28 | |||
29 | send -- "ls -l testfile; echo done\r" | ||
20 | expect { | 30 | expect { |
21 | timeout {puts "TESTING ERROR 3\n";exit} | 31 | timeout {puts "TESTING ERROR 3\n";exit} |
22 | "Child process initialized" | 32 | "testfile" |
23 | } | 33 | } |
24 | sleep 2 | ||
25 | |||
26 | send -- "/sbin/ifconfig\r" | ||
27 | expect { | 34 | expect { |
28 | timeout {puts "TESTING ERROR 4\n";exit} | 35 | timeout {puts "TESTING ERROR 4\n";exit} |
29 | "inet6" | 36 | "done" |
30 | } | 37 | } |
38 | |||
39 | send -- "chmod +x testfile; echo done\r" | ||
31 | expect { | 40 | expect { |
32 | timeout {puts "TESTING ERROR 5\n";exit} | 41 | timeout {puts "TESTING ERROR 5\n";exit} |
33 | "2001:db8:0:f101::1" | 42 | "Bad system call" |
34 | } | 43 | } |
35 | expect { | 44 | expect { |
36 | timeout {puts "TESTING ERROR 6\n";exit} | 45 | timeout {puts "TESTING ERROR 6\n";exit} |
37 | "Scope:Global" { puts "Debian\n"} | 46 | "done" |
38 | "scopeid 0x0<global>" { puts "Arch\n"} | ||
39 | } | 47 | } |
40 | 48 | ||
41 | 49 | send -- "exit\r" | |
50 | after 100 | ||
42 | puts "\nall done\n" | 51 | puts "\nall done\n" |
43 | |||
diff --git a/test/pid.exp b/test/filters/seccomp-chmod.exp index cdeb9d5fb..b17990e3a 100755 --- a/test/pid.exp +++ b/test/filters/seccomp-chmod.exp | |||
@@ -1,49 +1,51 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
5 | match_max 100000 | 8 | match_max 100000 |
6 | 9 | ||
7 | send -- "firejail\r" | 10 | send -- "firejail --seccomp=chmod,fchmod,fchmodat --private\r" |
8 | expect { | 11 | expect { |
9 | timeout {puts "TESTING ERROR 0\n";exit} | 12 | timeout {puts "TESTING ERROR 0\n";exit} |
10 | "Child process initialized" | 13 | "Child process initialized" |
11 | } | 14 | } |
12 | sleep 1 | 15 | sleep 2 |
13 | 16 | ||
14 | # test processes | 17 | send -- "cd ~; echo done\r" |
15 | send -- "bash\r" | ||
16 | sleep 1 | ||
17 | send -- "ps aux; pwd\r" | ||
18 | expect { | 18 | expect { |
19 | timeout {puts "TESTING ERROR 1\n";exit} | 19 | timeout {puts "TESTING ERROR 1\n";exit} |
20 | "/bin/bash" | 20 | "done" |
21 | } | 21 | } |
22 | |||
23 | send -- "touch testfile; echo done\r" | ||
22 | expect { | 24 | expect { |
23 | timeout {puts "TESTING ERROR 2\n";exit} | 25 | timeout {puts "TESTING ERROR 2\n";exit} |
24 | "bash" | 26 | "done" |
25 | } | 27 | } |
28 | |||
29 | send -- "ls -l testfile; echo done\r" | ||
26 | expect { | 30 | expect { |
27 | timeout {puts "TESTING ERROR 3\n";exit} | 31 | timeout {puts "TESTING ERROR 3\n";exit} |
28 | "ps aux" | 32 | "testfile" |
29 | } | 33 | } |
30 | expect { | 34 | expect { |
31 | timeout {puts "TESTING ERROR 4\n";exit} | 35 | timeout {puts "TESTING ERROR 4\n";exit} |
32 | "home" | 36 | "done" |
33 | } | 37 | } |
34 | sleep 1 | ||
35 | |||
36 | 38 | ||
37 | send -- "ps aux |wc -l; pwd\r" | 39 | send -- "chmod +x testfile; echo done\r" |
38 | expect { | 40 | expect { |
39 | timeout {puts "TESTING ERROR 5\n";exit} | 41 | timeout {puts "TESTING ERROR 5\n";exit} |
40 | "6" {puts "normal system\n"} | 42 | "Bad system call" |
41 | "5" {puts "grsecurity\n"} | ||
42 | } | 43 | } |
43 | expect { | 44 | expect { |
44 | timeout {puts "TESTING ERROR 6\n";exit} | 45 | timeout {puts "TESTING ERROR 6\n";exit} |
45 | "home" | 46 | "done" |
46 | } | 47 | } |
47 | sleep 1 | ||
48 | 48 | ||
49 | send -- "exit\r" | ||
50 | after 100 | ||
49 | puts "\nall done\n" | 51 | puts "\nall done\n" |
diff --git a/test/seccomp-chown.exp b/test/filters/seccomp-chown.exp index 69b896700..a54d279f1 100755 --- a/test/seccomp-chown.exp +++ b/test/filters/seccomp-chown.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -42,5 +45,5 @@ expect { | |||
42 | 45 | ||
43 | 46 | ||
44 | send -- "exit\r" | 47 | send -- "exit\r" |
45 | sleep 1 | 48 | after 100 |
46 | puts "\n" | 49 | puts "\nall done\n" |
diff --git a/test/seccomp-debug.exp b/test/filters/seccomp-debug.exp index 1034f040e..dbc0d37a9 100755 --- a/test/seccomp-debug.exp +++ b/test/filters/seccomp-debug.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
diff --git a/test/filters/seccomp-dualfilter.exp b/test/filters/seccomp-dualfilter.exp new file mode 100755 index 000000000..958dab528 --- /dev/null +++ b/test/filters/seccomp-dualfilter.exp | |||
@@ -0,0 +1,55 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 1 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "./syscall_test\r" | ||
11 | expect { | ||
12 | timeout {puts "\nTESTING SKIP: 64-bit support missing\n";exit} | ||
13 | "Usage" | ||
14 | } | ||
15 | |||
16 | send -- "./syscall_test32\r" | ||
17 | expect { | ||
18 | timeout {puts "\nTESTING SKIP: 32-bit support missing\n";exit} | ||
19 | "Usage" | ||
20 | } | ||
21 | |||
22 | set timeout 10 | ||
23 | send -- "firejail ./syscall_test mount\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 0\n";exit} | ||
26 | "Child process initialized" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 1\n";exit} | ||
30 | "before mount" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 2\n";exit} | ||
34 | "after mount" {puts "TESTING ERROR 3\n";exit} | ||
35 | "Parent is shutting down" | ||
36 | } | ||
37 | sleep 1 | ||
38 | |||
39 | send -- "firejail ./syscall_test32 mount\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 4\n";exit} | ||
42 | "Child process initialized" | ||
43 | } | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 5\n";exit} | ||
46 | "before mount" | ||
47 | } | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 6\n";exit} | ||
50 | "after mount" {puts "TESTING ERROR 7\n";exit} | ||
51 | "Parent is shutting down" | ||
52 | } | ||
53 | |||
54 | after 100 | ||
55 | puts "\nall done\n" | ||
diff --git a/test/seccomp-empty.exp b/test/filters/seccomp-empty.exp index 11abf2e00..d150dac7d 100755 --- a/test/seccomp-empty.exp +++ b/test/filters/seccomp-empty.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -141,5 +144,6 @@ expect { | |||
141 | } | 144 | } |
142 | sleep 2 | 145 | sleep 2 |
143 | send -- "exit\r" | 146 | send -- "exit\r" |
147 | after 100 | ||
144 | puts "\n" | 148 | puts "\n" |
145 | 149 | ||
diff --git a/test/seccomp-empty.profile b/test/filters/seccomp-empty.profile index 8f71f55a5..8f71f55a5 100644 --- a/test/seccomp-empty.profile +++ b/test/filters/seccomp-empty.profile | |||
diff --git a/test/filters/seccomp-errno.exp b/test/filters/seccomp-errno.exp new file mode 100755 index 000000000..c3af2fbe9 --- /dev/null +++ b/test/filters/seccomp-errno.exp | |||
@@ -0,0 +1,54 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "touch seccomp-test-file\r" | ||
11 | after 100 | ||
12 | |||
13 | send -- "firejail --seccomp=unlinkat:ENOENT rm seccomp-test-file\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 0\n";exit} | ||
16 | "No such file or directory" | ||
17 | } | ||
18 | sleep 1 | ||
19 | |||
20 | send -- "firejail --seccomp=unlinkat:ENOENT --debug rm seccomp-test-file\r" | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 1\n";exit} | ||
23 | "unlinkat 2 ENOENT" | ||
24 | } | ||
25 | sleep 1 | ||
26 | |||
27 | send -- "firejail --seccomp=unlinkat:ENOENT,mkdir:ENOENT\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 2\n";exit} | ||
30 | "Child process initialized" | ||
31 | } | ||
32 | sleep 1 | ||
33 | send -- "rm seccomp-test-file\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 3\n";exit} | ||
36 | "No such file or directory" | ||
37 | } | ||
38 | after 100 | ||
39 | puts "\n" | ||
40 | |||
41 | send -- "mkdir seccomp-test-dir\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "No such file or directory" | ||
45 | } | ||
46 | after 100 | ||
47 | puts "\n" | ||
48 | |||
49 | send -- "exit\r" | ||
50 | sleep 1 | ||
51 | |||
52 | send -- "rm seccomp-test-file\r" | ||
53 | after 100 | ||
54 | puts "all done\n" | ||
diff --git a/test/seccomp-ptrace.exp b/test/filters/seccomp-ptrace.exp index 9a9b7430e..bb87b96ea 100755 --- a/test/seccomp-ptrace.exp +++ b/test/filters/seccomp-ptrace.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -19,5 +22,5 @@ expect { | |||
19 | } | 22 | } |
20 | 23 | ||
21 | send -- "exit\r" | 24 | send -- "exit\r" |
22 | sleep 1 | 25 | after 100 |
23 | puts "all done\n" | 26 | puts "all done\n" |
diff --git a/test/seccomp-su.exp b/test/filters/seccomp-su.exp index dcae6f869..3feabc20f 100755 --- a/test/seccomp-su.exp +++ b/test/filters/seccomp-su.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -14,21 +17,24 @@ sleep 2 | |||
14 | send -- "sudo su -\r" | 17 | send -- "sudo su -\r" |
15 | expect { | 18 | expect { |
16 | timeout {puts "TESTING ERROR 1\n";exit} | 19 | timeout {puts "TESTING ERROR 1\n";exit} |
17 | "effective uid is not 0" | 20 | "effective uid is not 0" {puts "OK\n"} |
21 | "Bad system call" {puts "OK\n"} | ||
18 | } | 22 | } |
19 | 23 | ||
20 | send -- "sudo ls\r" | 24 | send -- "sudo ls\r" |
21 | expect { | 25 | expect { |
22 | timeout {puts "TESTING ERROR 2\n";exit} | 26 | timeout {puts "TESTING ERROR 2\n";exit} |
23 | "effective uid is not 0" | 27 | "effective uid is not 0" {puts "OK\n"} |
28 | "Bad system call" {puts "OK\n"} | ||
24 | } | 29 | } |
25 | 30 | ||
26 | send -- "ping google.com\r" | 31 | send -- "ping google.com\r" |
27 | expect { | 32 | expect { |
28 | timeout {puts "TESTING ERROR 2\n";exit} | 33 | timeout {puts "TESTING ERROR 3\n";exit} |
29 | "Operation not permitted" | 34 | "Operation not permitted" {puts "OK\n"} |
35 | "unknown host" {puts "OK\n"} | ||
30 | } | 36 | } |
31 | 37 | ||
32 | send -- "exit\r" | 38 | send -- "exit\r" |
33 | sleep 1 | 39 | after 100 |
34 | puts "all done\n" | 40 | puts "all done\n" |
diff --git a/test/seccomp.profile b/test/filters/seccomp.profile index cb0b15aee..cb0b15aee 100644 --- a/test/seccomp.profile +++ b/test/filters/seccomp.profile | |||
diff --git a/test/filters/syscall_test b/test/filters/syscall_test new file mode 100755 index 000000000..bf29c5b99 --- /dev/null +++ b/test/filters/syscall_test | |||
Binary files differ | |||
diff --git a/test/filters/syscall_test.c b/test/filters/syscall_test.c new file mode 100644 index 000000000..422af619d --- /dev/null +++ b/test/filters/syscall_test.c | |||
@@ -0,0 +1,82 @@ | |||
1 | // This file is part of Firejail project | ||
2 | // Copyright (C) 2014-2016 Firejail Authors | ||
3 | // License GPL v2 | ||
4 | |||
5 | #include <stdlib.h> | ||
6 | #include <stdio.h> | ||
7 | #include <unistd.h> | ||
8 | #include <sys/types.h> | ||
9 | #include <sys/socket.h> | ||
10 | #include <linux/netlink.h> | ||
11 | #include <net/ethernet.h> | ||
12 | #include <sys/mount.h> | ||
13 | |||
14 | int main(int argc, char **argv) { | ||
15 | if (argc != 2) { | ||
16 | printf("Usage: test [sleep|socket|mkdir|mount]\n"); | ||
17 | return 1; | ||
18 | } | ||
19 | |||
20 | if (strcmp(argv[1], "sleep") == 0) { | ||
21 | printf("before sleep\n"); | ||
22 | sleep(1); | ||
23 | printf("after sleep\n"); | ||
24 | } | ||
25 | else if (strcmp(argv[1], "socket") == 0) { | ||
26 | int sock; | ||
27 | |||
28 | printf("testing socket AF_INET\n"); | ||
29 | if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { | ||
30 | perror("socket"); | ||
31 | } | ||
32 | else | ||
33 | close(sock); | ||
34 | |||
35 | printf("testing socket AF_INET6\n"); | ||
36 | if ((sock = socket(AF_INET6, SOCK_STREAM, 0)) < 0) { | ||
37 | perror("socket"); | ||
38 | } | ||
39 | else | ||
40 | close(sock); | ||
41 | |||
42 | printf("testing socket AF_NETLINK\n"); | ||
43 | if ((sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE)) < 0) { | ||
44 | perror("socket"); | ||
45 | } | ||
46 | else | ||
47 | close(sock); | ||
48 | |||
49 | printf("testing socket AF_UNIX\n"); | ||
50 | if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) { | ||
51 | perror("socket"); | ||
52 | } | ||
53 | else | ||
54 | close(sock); | ||
55 | |||
56 | // root needed to be able to handle this | ||
57 | printf("testing socket AF_PACKETX\n"); | ||
58 | if ((sock = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ARP))) < 0) { | ||
59 | perror("socket"); | ||
60 | } | ||
61 | else | ||
62 | close(sock); | ||
63 | printf("after socket\n"); | ||
64 | } | ||
65 | else if (strcmp(argv[1], "mkdir") == 0) { | ||
66 | printf("before mkdir\n"); | ||
67 | mkdir("tmp", 0777); | ||
68 | printf("after mkdir\n"); | ||
69 | } | ||
70 | else if (strcmp(argv[1], "mount") == 0) { | ||
71 | printf("before mount\n"); | ||
72 | if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) { | ||
73 | perror("mount"); | ||
74 | } | ||
75 | printf("after mount\n"); | ||
76 | } | ||
77 | else { | ||
78 | fprintf(stderr, "Error: invalid argument\n"); | ||
79 | return 1; | ||
80 | } | ||
81 | return 0; | ||
82 | } | ||
diff --git a/test/filters/syscall_test32 b/test/filters/syscall_test32 new file mode 100755 index 000000000..8d72f58c4 --- /dev/null +++ b/test/filters/syscall_test32 | |||
Binary files differ | |||
diff --git a/test/firejail-in-firejail.exp b/test/firejail-in-firejail.exp deleted file mode 100755 index 5ba18d1fa..000000000 --- a/test/firejail-in-firejail.exp +++ /dev/null | |||
@@ -1,21 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 1\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "firejail\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Warning: an existing sandbox was detected" | ||
18 | } | ||
19 | sleep 1 | ||
20 | |||
21 | puts "\nall done\n" | ||
diff --git a/test/firejail-in-firejail2.exp b/test/firejail-in-firejail2.exp deleted file mode 100755 index b0fed0dae..000000000 --- a/test/firejail-in-firejail2.exp +++ /dev/null | |||
@@ -1,21 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --noprofile\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 1\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "firejail --force\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 1 | ||
20 | |||
21 | puts "\nall done\n" | ||
diff --git a/test/fs/fs.sh b/test/fs/fs.sh new file mode 100755 index 000000000..611b62b09 --- /dev/null +++ b/test/fs/fs.sh | |||
@@ -0,0 +1,116 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | rm -fr ~/_firejail_test_* | ||
10 | echo "TESTING: mkdir/mkfile (test/fs/mkdir_mkfile.exp)" | ||
11 | ./mkdir_mkfile.exp | ||
12 | rm -fr ~/_firejail_test_* | ||
13 | |||
14 | mkdir ~/_firejail_test_dir | ||
15 | touch ~/_firejail_test_dir/a | ||
16 | mkdir ~/_firejail_test_dir/test1 | ||
17 | touch ~/_firejail_test_dir/test1/b | ||
18 | echo "TESTING: read/write (test/fs/read-write.exp)" | ||
19 | ./read-write.exp | ||
20 | rm -fr ~/_firejail_test_* | ||
21 | |||
22 | echo "TESTING: /sys/fs access (test/fs/sys_fs.exp)" | ||
23 | ./sys_fs.exp | ||
24 | |||
25 | echo "TESTING: kmsg access (test/fs/kmsg.exp)" | ||
26 | ./kmsg.exp | ||
27 | |||
28 | echo "TESTING: read/write /var/tmp (test/fs/fs_var_tmp.exp)" | ||
29 | ./fs_var_tmp.exp | ||
30 | |||
31 | echo "TESTING: read/write /var/lock (test/fs/fs_var_lock.exp)" | ||
32 | ./fs_var_lock.exp | ||
33 | |||
34 | echo "TESTING: read/write /dev/shm (test/fs/fs_dev_shm.exp)" | ||
35 | ./fs_dev_shm.exp | ||
36 | |||
37 | echo "TESTING: private (test/fs/private.exp)" | ||
38 | ./private.exp | ||
39 | |||
40 | echo "TESTING: private home (test/fs/private-home.exp)" | ||
41 | ./private-home.exp | ||
42 | |||
43 | echo "TESTING: private home dir (test/fs/private-home-dir.exp)" | ||
44 | ./private-home-dir.exp | ||
45 | |||
46 | echo "TESTING: private home dir same as user home (test/fs/private-homedir.exp)" | ||
47 | ./private-homedir.exp | ||
48 | |||
49 | echo "TESTING: private-etc (test/fs/private-etc.exp)" | ||
50 | ./private-etc.exp | ||
51 | |||
52 | echo "TESTING: empty private-etc (test/fs/private-etc-empty.exp)" | ||
53 | ./private-etc-empty.exp | ||
54 | |||
55 | echo "TESTING: private-bin (test/fs/private-bin.exp)" | ||
56 | ./private-bin.exp | ||
57 | |||
58 | echo "TESTING: whitelist empty (test/fs/whitelist-empty.exp)" | ||
59 | ./whitelist-empty.exp | ||
60 | |||
61 | echo "TESTING: private whitelist (test/fs/private-whitelist.exp)" | ||
62 | ./private-whitelist.exp | ||
63 | |||
64 | echo "TESTING: whitelist ~/Downloads (test/fs/whitelist-downloads.exp)" | ||
65 | ./whitelist-downloads.exp | ||
66 | |||
67 | echo "TESTING: invalid filename (test/fs/invalid_filename.exp)" | ||
68 | ./invalid_filename.exp | ||
69 | |||
70 | echo "TESTING: blacklist directory (test/fs/option_blacklist.exp)" | ||
71 | ./option_blacklist.exp | ||
72 | |||
73 | echo "TESTING: blacklist file (test/fs/option_blacklist_file.exp)" | ||
74 | ./option_blacklist_file.exp | ||
75 | |||
76 | echo "TESTING: blacklist glob (test/fs/option_blacklist_glob.exp)" | ||
77 | ./option_blacklist_glob.exp | ||
78 | |||
79 | echo "TESTING: bind as user (test/fs/option_bind_user.exp)" | ||
80 | ./option_bind_user.exp | ||
81 | |||
82 | echo "TESTING: recursive mkdir (test/fs/mkdir.exp)" | ||
83 | ./mkdir.exp | ||
84 | |||
85 | echo "TESTING: double whitelist (test/fs/whitelist-double.exp)" | ||
86 | ./whitelist-double.exp | ||
87 | |||
88 | echo "TESTING: whitelist (test/fs/whitelist.exp)" | ||
89 | ./whitelist.exp | ||
90 | |||
91 | echo "TESTING: whitelist dev, var(test/fs/whitelist-dev.exp)" | ||
92 | ./whitelist-dev.exp | ||
93 | |||
94 | echo "TESTING: fscheck --bind non root (test/fs/fscheck-bindnoroot.exp)" | ||
95 | ./fscheck-bindnoroot.exp | ||
96 | |||
97 | echo "TESTING: fscheck --tmpfs non root (test/fs/fscheck-tmpfs.exp)" | ||
98 | ./fscheck-tmpfs.exp | ||
99 | |||
100 | echo "TESTING: fscheck --private= (test/fs/fscheck-private.exp)" | ||
101 | ./fscheck-private.exp | ||
102 | |||
103 | echo "TESTING: fscheck --read-only= (test/fs/fscheck-readonly.exp)" | ||
104 | ./fscheck-readonly.exp | ||
105 | |||
106 | #cleanup | ||
107 | rm -fr ~/fjtest-dir | ||
108 | rm -fr ~/fjtest-dir-lnk | ||
109 | rm -f ~/fjtest-file | ||
110 | rm -f ~/fjtest-file-lnk | ||
111 | rm -f /tmp/fjtest-file | ||
112 | rm -fr /tmp/fjtest-dir | ||
113 | rm -fr ~/_firejail_test_* | ||
114 | |||
115 | |||
116 | |||
diff --git a/test/fs_dev_shm.exp b/test/fs/fs_dev_shm.exp index b54f24eb5..8150dfa61 100755 --- a/test/fs_dev_shm.exp +++ b/test/fs/fs_dev_shm.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -12,33 +15,33 @@ expect { | |||
12 | } | 15 | } |
13 | sleep 1 | 16 | sleep 1 |
14 | 17 | ||
15 | send -- "echo mytest > /dev/shm/ttt;pwd\r" | 18 | send -- "echo mytest > /dev/shm/ttt;echo done\r" |
16 | expect { | 19 | expect { |
17 | timeout {puts "TESTING ERROR 1\n";exit} | 20 | timeout {puts "TESTING ERROR 1\n";exit} |
18 | "home" | 21 | "done" |
19 | } | 22 | } |
20 | 23 | ||
21 | send -- "cat /dev/shm/ttt;pwd\r" | 24 | send -- "cat /dev/shm/ttt;echo done\r" |
22 | expect { | 25 | expect { |
23 | timeout {puts "TESTING ERROR 2.1\n";exit} | 26 | timeout {puts "TESTING ERROR 2\n";exit} |
24 | "mytest" | 27 | "mytest" |
25 | } | 28 | } |
26 | expect { | 29 | expect { |
27 | timeout {puts "TESTING ERROR 2\n";exit} | 30 | timeout {puts "TESTING ERROR 3\n";exit} |
28 | "home" | 31 | "done" |
29 | } | 32 | } |
30 | 33 | ||
31 | send -- "rm /dev/shm/ttt;pwd\r" | 34 | send -- "rm /dev/shm/ttt;echo done\r" |
32 | expect { | 35 | expect { |
33 | timeout {puts "TESTING ERROR 3\n";exit} | 36 | timeout {puts "TESTING ERROR 4\n";exit} |
34 | "home" | 37 | "done" |
35 | } | 38 | } |
36 | 39 | ||
37 | send -- "cat /dev/shm/ttt;pwd\r" | 40 | send -- "cat /dev/shm/ttt;echo done\r" |
38 | expect { | 41 | expect { |
39 | timeout {puts "TESTING ERROR 4\n";exit} | 42 | timeout {puts "TESTING ERROR 5\n";exit} |
40 | "mytest" {puts "TESTING ERROR 4.1\n";exit} | 43 | "mytest" {puts "TESTING ERROR 6\n";exit} |
41 | "home" | 44 | "done" |
42 | } | 45 | } |
43 | 46 | ||
44 | sleep 1 | 47 | sleep 1 |
@@ -48,40 +51,40 @@ sleep 1 | |||
48 | # redo the test with --private | 51 | # redo the test with --private |
49 | send -- "firejail\r" | 52 | send -- "firejail\r" |
50 | expect { | 53 | expect { |
51 | timeout {puts "TESTING ERROR 10\n";exit} | 54 | timeout {puts "TESTING ERROR 7\n";exit} |
52 | "Child process initialized" | 55 | "Child process initialized" |
53 | } | 56 | } |
54 | sleep 1 | 57 | sleep 1 |
55 | 58 | ||
56 | send -- "echo mytest > /dev/shm/ttt;pwd\r" | 59 | send -- "echo mytest > /dev/shm/ttt;echo done\r" |
57 | expect { | 60 | expect { |
58 | timeout {puts "TESTING ERROR 11\n";exit} | 61 | timeout {puts "TESTING ERROR 8\n";exit} |
59 | "home" | 62 | "done" |
60 | } | 63 | } |
61 | 64 | ||
62 | send -- "cat /dev/shm/ttt;pwd\r" | 65 | send -- "cat /dev/shm/ttt;echo done\r" |
63 | expect { | 66 | expect { |
64 | timeout {puts "TESTING ERROR 12.1\n";exit} | 67 | timeout {puts "TESTING ERROR 9\n";exit} |
65 | "mytest" | 68 | "mytest" |
66 | } | 69 | } |
67 | expect { | 70 | expect { |
68 | timeout {puts "TESTING ERROR 12\n";exit} | 71 | timeout {puts "TESTING ERROR 10\n";exit} |
69 | "home" | 72 | "done" |
70 | } | 73 | } |
71 | 74 | ||
72 | send -- "rm /dev/shm/ttt;pwd\r" | 75 | send -- "rm /dev/shm/ttt;echo done\r" |
73 | expect { | 76 | expect { |
74 | timeout {puts "TESTING ERROR 13\n";exit} | 77 | timeout {puts "TESTING ERROR 11\n";exit} |
75 | "home" | 78 | "done" |
76 | } | 79 | } |
77 | 80 | ||
78 | send -- "cat /dev/shm/ttt;pwd\r" | 81 | send -- "cat /dev/shm/ttt;echo done\r" |
79 | expect { | 82 | expect { |
80 | timeout {puts "TESTING ERROR 14\n";exit} | 83 | timeout {puts "TESTING ERROR 12\n";exit} |
81 | "mytest" {puts "TESTING ERROR 14.1\n";exit} | 84 | "mytest" {puts "TESTING ERROR 13\n";exit} |
82 | "home" | 85 | "done" |
83 | } | 86 | } |
84 | 87 | ||
85 | sleep 1 | 88 | after 100 |
86 | 89 | ||
87 | puts "\n" | 90 | puts "\nall done\n" |
diff --git a/test/fs/fs_var_lock.exp b/test/fs/fs_var_lock.exp new file mode 100755 index 000000000..5879dca52 --- /dev/null +++ b/test/fs/fs_var_lock.exp | |||
@@ -0,0 +1,90 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # testing read-write /var/lock | ||
11 | send -- "firejail\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 1 | ||
17 | |||
18 | send -- "echo mytest > /var/lock/ttt;echo done\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1\n";exit} | ||
21 | "done" | ||
22 | } | ||
23 | |||
24 | send -- "cat /var/lock/ttt;echo done\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "mytest" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 3\n";exit} | ||
31 | "done" | ||
32 | } | ||
33 | |||
34 | send -- "rm /var/lock/ttt;echo done\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 4\n";exit} | ||
37 | "done" | ||
38 | } | ||
39 | |||
40 | send -- "cat /var/lock/ttt;echo done\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 5\n";exit} | ||
43 | "mytest" {puts "TESTING ERROR 6\n";exit} | ||
44 | "done" | ||
45 | } | ||
46 | |||
47 | sleep 1 | ||
48 | send -- "exit\r" | ||
49 | sleep 1 | ||
50 | |||
51 | # redo the test with --private | ||
52 | send -- "firejail\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 7\n";exit} | ||
55 | "Child process initialized" | ||
56 | } | ||
57 | sleep 1 | ||
58 | |||
59 | send -- "echo mytest > /var/lock/ttt;echo done\r" | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 8\n";exit} | ||
62 | "done" | ||
63 | } | ||
64 | |||
65 | send -- "cat /var/lock/ttt;echo done\r" | ||
66 | expect { | ||
67 | timeout {puts "TESTING ERROR 9\n";exit} | ||
68 | "mytest" | ||
69 | } | ||
70 | expect { | ||
71 | timeout {puts "TESTING ERROR 10\n";exit} | ||
72 | "done" | ||
73 | } | ||
74 | |||
75 | send -- "rm /var/lock/ttt;echo done\r" | ||
76 | expect { | ||
77 | timeout {puts "TESTING ERROR 11\n";exit} | ||
78 | "done" | ||
79 | } | ||
80 | |||
81 | send -- "cat /var/lock/ttt;echo done\r" | ||
82 | expect { | ||
83 | timeout {puts "TESTING ERROR 12\n";exit} | ||
84 | "mytest" {puts "TESTING ERROR 13\n";exit} | ||
85 | "done" | ||
86 | } | ||
87 | |||
88 | after 100 | ||
89 | |||
90 | puts "\nall done\n" | ||
diff --git a/test/fs_var_tmp.exp b/test/fs/fs_var_tmp.exp index 95ceeb2a4..a3bc5afe2 100755 --- a/test/fs_var_tmp.exp +++ b/test/fs/fs_var_tmp.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -12,33 +15,33 @@ expect { | |||
12 | } | 15 | } |
13 | sleep 1 | 16 | sleep 1 |
14 | 17 | ||
15 | send -- "echo mytest > /var/tmp/ttt;pwd\r" | 18 | send -- "echo mytest > /var/tmp/ttt;echo done\r" |
16 | expect { | 19 | expect { |
17 | timeout {puts "TESTING ERROR 1\n";exit} | 20 | timeout {puts "TESTING ERROR 1\n";exit} |
18 | "home" | 21 | "done" |
19 | } | 22 | } |
20 | 23 | ||
21 | send -- "cat /var/tmp/ttt;pwd\r" | 24 | send -- "cat /var/tmp/ttt;echo done\r" |
22 | expect { | 25 | expect { |
23 | timeout {puts "TESTING ERROR 2.1\n";exit} | 26 | timeout {puts "TESTING ERROR 2\n";exit} |
24 | "mytest" | 27 | "mytest" |
25 | } | 28 | } |
26 | expect { | 29 | expect { |
27 | timeout {puts "TESTING ERROR 2\n";exit} | 30 | timeout {puts "TESTING ERROR 3\n";exit} |
28 | "home" | 31 | "done" |
29 | } | 32 | } |
30 | 33 | ||
31 | send -- "rm /var/tmp/ttt;pwd\r" | 34 | send -- "rm /var/tmp/ttt;echo done\r" |
32 | expect { | 35 | expect { |
33 | timeout {puts "TESTING ERROR 3\n";exit} | 36 | timeout {puts "TESTING ERROR 4\n";exit} |
34 | "home" | 37 | "done" |
35 | } | 38 | } |
36 | 39 | ||
37 | send -- "cat /var/tmp/ttt;pwd\r" | 40 | send -- "cat /var/tmp/ttt;echo done\r" |
38 | expect { | 41 | expect { |
39 | timeout {puts "TESTING ERROR 4\n";exit} | 42 | timeout {puts "TESTING ERROR 5\n";exit} |
40 | "mytest" {puts "TESTING ERROR 4.1\n";exit} | 43 | "mytest" {puts "TESTING ERROR 6\n";exit} |
41 | "home" | 44 | "done" |
42 | } | 45 | } |
43 | 46 | ||
44 | sleep 1 | 47 | sleep 1 |
@@ -48,40 +51,40 @@ sleep 1 | |||
48 | # redo the test with --private | 51 | # redo the test with --private |
49 | send -- "firejail\r" | 52 | send -- "firejail\r" |
50 | expect { | 53 | expect { |
51 | timeout {puts "TESTING ERROR 10\n";exit} | 54 | timeout {puts "TESTING ERROR 7\n";exit} |
52 | "Child process initialized" | 55 | "Child process initialized" |
53 | } | 56 | } |
54 | sleep 1 | 57 | sleep 1 |
55 | 58 | ||
56 | send -- "echo mytest > /var/tmp/ttt;pwd\r" | 59 | send -- "echo mytest > /var/tmp/ttt;echo done\r" |
57 | expect { | 60 | expect { |
58 | timeout {puts "TESTING ERROR 11\n";exit} | 61 | timeout {puts "TESTING ERROR 8\n";exit} |
59 | "home" | 62 | "done" |
60 | } | 63 | } |
61 | 64 | ||
62 | send -- "cat /var/tmp/ttt;pwd\r" | 65 | send -- "cat /var/tmp/ttt;echo done\r" |
63 | expect { | 66 | expect { |
64 | timeout {puts "TESTING ERROR 12.1\n";exit} | 67 | timeout {puts "TESTING ERROR 9\n";exit} |
65 | "mytest" | 68 | "mytest" |
66 | } | 69 | } |
67 | expect { | 70 | expect { |
68 | timeout {puts "TESTING ERROR 12\n";exit} | 71 | timeout {puts "TESTING ERROR 10\n";exit} |
69 | "home" | 72 | "done" |
70 | } | 73 | } |
71 | 74 | ||
72 | send -- "rm /var/tmp/ttt;pwd\r" | 75 | send -- "rm /var/tmp/ttt;echo done\r" |
73 | expect { | 76 | expect { |
74 | timeout {puts "TESTING ERROR 13\n";exit} | 77 | timeout {puts "TESTING ERROR 11\n";exit} |
75 | "home" | 78 | "done" |
76 | } | 79 | } |
77 | 80 | ||
78 | send -- "cat /var/tmp/ttt;pwd\r" | 81 | send -- "cat /var/tmp/ttt;echo done\r" |
79 | expect { | 82 | expect { |
80 | timeout {puts "TESTING ERROR 14\n";exit} | 83 | timeout {puts "TESTING ERROR 12\n";exit} |
81 | "mytest" {puts "TESTING ERROR 14.1\n";exit} | 84 | "mytest" {puts "TESTING ERROR 13\n";exit} |
82 | "home" | 85 | "done" |
83 | } | 86 | } |
84 | 87 | ||
85 | sleep 1 | 88 | after 100 |
86 | 89 | ||
87 | puts "\n" | 90 | puts "\nall done\n" |
diff --git a/test/fscheck-bindnoroot.exp b/test/fs/fscheck-bindnoroot.exp index 796a7d975..8cbe2b8af 100755 --- a/test/fscheck-bindnoroot.exp +++ b/test/fs/fscheck-bindnoroot.exp | |||
@@ -5,10 +5,13 @@ spawn $env(SHELL) | |||
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
7 | # dir | 7 | # dir |
8 | send -- "firejail --net=br0 --bind=fscheck-dir,/etc\r" | 8 | send -- "firejail --net=br0 --bind=testdir1,/etc\r" |
9 | expect { | 9 | expect { |
10 | timeout {puts "TESTING ERROR 0\n";exit} | 10 | timeout {puts "TESTING ERROR 0\n";exit} |
11 | "Error" | 11 | "Error" |
12 | } | 12 | } |
13 | after 100 | 13 | after 100 |
14 | 14 | ||
15 | puts "\nall done\n" | ||
16 | |||
17 | |||
diff --git a/test/fs/fscheck-private.exp b/test/fs/fscheck-private.exp new file mode 100755 index 000000000..28c921538 --- /dev/null +++ b/test/fs/fscheck-private.exp | |||
@@ -0,0 +1,50 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | |||
8 | |||
9 | # file link | ||
10 | #send -- "firejail --private=fscheck-file-link\r" | ||
11 | #expect { | ||
12 | # timeout {puts "TESTING ERROR 2\n";exit} | ||
13 | # "Error" | ||
14 | #} | ||
15 | #after 100 | ||
16 | |||
17 | # file | ||
18 | send -- "firejail --private=testfile1\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
21 | "Error" | ||
22 | } | ||
23 | after 100 | ||
24 | |||
25 | # .. | ||
26 | send -- "firejail --private=../fs/testfile1\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
29 | "Error" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | # no file | ||
34 | send -- "firejail --private=../test/nodir\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 3\n";exit} | ||
37 | "Error" | ||
38 | } | ||
39 | after 100 | ||
40 | |||
41 | # same owner | ||
42 | send -- "firejail --private=/etc\r" | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 4\n";exit} | ||
45 | "Error" | ||
46 | } | ||
47 | after 100 | ||
48 | |||
49 | puts "\nall done\n" | ||
50 | |||
diff --git a/test/fscheck-readonly.exp b/test/fs/fscheck-readonly.exp index e0f0a8a1d..4d7528e50 100755 --- a/test/fscheck-readonly.exp +++ b/test/fs/fscheck-readonly.exp | |||
@@ -5,10 +5,11 @@ spawn $env(SHELL) | |||
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
7 | # dir | 7 | # dir |
8 | send -- "firejail --net=br0 --read-only=../test/fscheck-dir\r" | 8 | send -- "firejail --read-only=../test/testdir1\r" |
9 | expect { | 9 | expect { |
10 | timeout {puts "TESTING ERROR 0\n";exit} | 10 | timeout {puts "TESTING ERROR 0\n";exit} |
11 | "Error" | 11 | "Error" |
12 | } | 12 | } |
13 | after 100 | 13 | after 100 |
14 | 14 | ||
15 | puts "\nall done\n" | ||
diff --git a/test/fscheck-tmpfs.exp b/test/fs/fscheck-tmpfs.exp index d5bbccd96..deac5a631 100755 --- a/test/fscheck-tmpfs.exp +++ b/test/fs/fscheck-tmpfs.exp | |||
@@ -5,7 +5,7 @@ spawn $env(SHELL) | |||
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
7 | # .. | 7 | # .. |
8 | send -- "firejail --net=br0 --tmpfs=../test/fscheck-dir\r" | 8 | send -- "firejail --tmpfs=fscheck-dir\r" |
9 | expect { | 9 | expect { |
10 | timeout {puts "TESTING ERROR 0.1\n";exit} | 10 | timeout {puts "TESTING ERROR 0.1\n";exit} |
11 | "Error" | 11 | "Error" |
diff --git a/test/invalid_filename.exp b/test/fs/invalid_filename.exp index fe8bd8c25..a6efc24b6 100755 --- a/test/invalid_filename.exp +++ b/test/fs/invalid_filename.exp | |||
@@ -1,23 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | 2 | # This file is part of Firejail project | |
3 | #invalid_filename checks: | 3 | # Copyright (C) 2014-2016 Firejail Authors |
4 | # | 4 | # License GPL v2 |
5 | #--bind (two files) - profile.c - Note: The test is not implemented here, need to be root to test it | ||
6 | #--blacklist - profile.c | ||
7 | #--cgroup - cgroup.c | ||
8 | #--chroot - main.c | ||
9 | #--netfilter - netfilter.c | ||
10 | #--output - output.c | ||
11 | #--private - fs_home.c | ||
12 | #--privte-bin (list) - fs_bin.c | ||
13 | #--private-home (list) - fs_home.c | ||
14 | #--private-etc (list) - fs_etc.c | ||
15 | #--profile - main.c | ||
16 | #--read_only - profile.c | ||
17 | #--shell - main.c | ||
18 | #--tmpfs - profile.c | ||
19 | #--white-list | ||
20 | |||
21 | 5 | ||
22 | set timeout 10 | 6 | set timeout 10 |
23 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -125,6 +109,21 @@ expect { | |||
125 | } | 109 | } |
126 | after 100 | 110 | after 100 |
127 | 111 | ||
112 | send -- "firejail --debug-check-filename --noprofile --private-home=\"bla&&bla\"\r" | ||
113 | expect { | ||
114 | timeout {puts "TESTING ERROR 8.1\n";exit} | ||
115 | "Checking filename bla&&bla" | ||
116 | } | ||
117 | expect { | ||
118 | timeout {puts "TESTING ERROR 8.2\n";exit} | ||
119 | "Error:" | ||
120 | } | ||
121 | expect { | ||
122 | timeout {puts "TESTING ERROR 8.3\n";exit} | ||
123 | "is an invalid filename" | ||
124 | } | ||
125 | after 100 | ||
126 | |||
128 | send -- "firejail --debug-check-filename --noprofile --private-etc=\"bla&&bla\"\r" | 127 | send -- "firejail --debug-check-filename --noprofile --private-etc=\"bla&&bla\"\r" |
129 | expect { | 128 | expect { |
130 | timeout {puts "TESTING ERROR 9.1\n";exit} | 129 | timeout {puts "TESTING ERROR 9.1\n";exit} |
@@ -201,7 +200,5 @@ expect { | |||
201 | } | 200 | } |
202 | after 100 | 201 | after 100 |
203 | 202 | ||
204 | |||
205 | |||
206 | puts "\nall done\n" | 203 | puts "\nall done\n" |
207 | 204 | ||
diff --git a/test/kmsg.exp b/test/fs/kmsg.exp index 096bdb708..abc711aee 100755 --- a/test/kmsg.exp +++ b/test/fs/kmsg.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -16,14 +19,14 @@ expect { | |||
16 | timeout {puts "TESTING ERROR 2\n";exit} | 19 | timeout {puts "TESTING ERROR 2\n";exit} |
17 | "Permission denied" | 20 | "Permission denied" |
18 | } | 21 | } |
19 | sleep 1 | 22 | after 100 |
20 | 23 | ||
21 | send -- "cat /proc/kmsg\r" | 24 | send -- "cat /proc/kmsg\r" |
22 | expect { | 25 | expect { |
23 | timeout {puts "TESTING ERROR 3\n";exit} | 26 | timeout {puts "TESTING ERROR 3\n";exit} |
24 | "Permission denied" | 27 | "Permission denied" |
25 | } | 28 | } |
26 | sleep 1 | 29 | after 100 |
27 | 30 | ||
28 | puts "\nall done\n" | 31 | puts "\nall done\n" |
29 | 32 | ||
diff --git a/test/fs/mkdir.exp b/test/fs/mkdir.exp new file mode 100755 index 000000000..111db06db --- /dev/null +++ b/test/fs/mkdir.exp | |||
@@ -0,0 +1,20 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 3 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --profile=mkdir.profile find ~/.firejail_test\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
13 | "Warning: cannot create" { puts "TESTING ERROR 1.2\n";exit} | ||
14 | "No such file or directory" { puts "TESTING ERROR 1.3\n";exit} | ||
15 | ".firejail_test/a/b/c/d.txt" | ||
16 | } | ||
17 | send -- "rm -rf ~/.firejail_test\r" | ||
18 | after 100 | ||
19 | |||
20 | puts "\nall done\n" | ||
diff --git a/test/fs/mkdir.profile b/test/fs/mkdir.profile new file mode 100644 index 000000000..61b44c9ac --- /dev/null +++ b/test/fs/mkdir.profile | |||
@@ -0,0 +1,2 @@ | |||
1 | mkdir ~/.firejail_test/a/b/c | ||
2 | mkfile ~/.firejail_test/a/b/c/d.txt | ||
diff --git a/test/fs/mkdir_mkfile.exp b/test/fs/mkdir_mkfile.exp new file mode 100755 index 000000000..98163bf77 --- /dev/null +++ b/test/fs/mkdir_mkfile.exp | |||
@@ -0,0 +1,46 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | |||
11 | # testing profile and private | ||
12 | send -- "firejail --private --profile=mkdir_mkfile.profile\r" | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 0\n";exit} | ||
15 | "Child process initialized" | ||
16 | } | ||
17 | sleep 1 | ||
18 | |||
19 | send -- "find ~\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "_firejail_test_file" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 1\n";exit} | ||
26 | "_firejail_test_dir" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 1\n";exit} | ||
30 | "_firejail_test_dir/dir1" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 1\n";exit} | ||
34 | "_firejail_test_dir/dir1/dir2" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 1\n";exit} | ||
38 | "_firejail_test_dir/dir1/dir2/dir3" | ||
39 | } | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 1\n";exit} | ||
42 | "_firejail_test_dir/dir1/dir2/dir3/file1" | ||
43 | } | ||
44 | after 100 | ||
45 | |||
46 | puts "all done\n" | ||
diff --git a/test/fs/mkdir_mkfile.profile b/test/fs/mkdir_mkfile.profile new file mode 100644 index 000000000..d179c62ac --- /dev/null +++ b/test/fs/mkdir_mkfile.profile | |||
@@ -0,0 +1,4 @@ | |||
1 | mkdir ~/_firejail_test_dir | ||
2 | mkfile ~/_firejail_test_file | ||
3 | mkdir ~/_firejail_test_dir/dir1/dir2/dir3 | ||
4 | mkfile ~/_firejail_test_dir/dir1/dir2/dir3/file1 | ||
diff --git a/test/option_bind_user.exp b/test/fs/option_bind_user.exp index 9d2d17d7f..a2912968e 100755 --- a/test/option_bind_user.exp +++ b/test/fs/option_bind_user.exp | |||
@@ -9,7 +9,7 @@ expect { | |||
9 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
10 | "bind option is available only if running as root" | 10 | "bind option is available only if running as root" |
11 | } | 11 | } |
12 | sleep 1 | 12 | after 100 |
13 | 13 | ||
14 | puts "\n" | 14 | puts "\n" |
15 | 15 | ||
diff --git a/test/option_blacklist.exp b/test/fs/option_blacklist.exp index b80d0cc60..6554d438f 100755 --- a/test/option_blacklist.exp +++ b/test/fs/option_blacklist.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -11,25 +14,25 @@ expect { | |||
11 | } | 14 | } |
12 | sleep 1 | 15 | sleep 1 |
13 | 16 | ||
14 | send -- "ls -l /var;pwd\r" | 17 | send -- "ls -l /var;echo done\r" |
15 | expect { | 18 | expect { |
16 | timeout {puts "TESTING ERROR 1\n";exit} | 19 | timeout {puts "TESTING ERROR 1\n";exit} |
17 | "Permission denied" | 20 | "Permission denied" |
18 | } | 21 | } |
19 | expect { | 22 | expect { |
20 | timeout {puts "TESTING ERROR 2\n";exit} | 23 | timeout {puts "TESTING ERROR 2\n";exit} |
21 | "home" | 24 | "done" |
22 | } | 25 | } |
23 | send -- "cd /var;pwd\r" | 26 | send -- "cd /var;echo done\r" |
24 | expect { | 27 | expect { |
25 | timeout {puts "TESTING ERROR 3\n";exit} | 28 | timeout {puts "TESTING ERROR 3\n";exit} |
26 | "Permission denied" | 29 | "Permission denied" |
27 | } | 30 | } |
28 | expect { | 31 | expect { |
29 | timeout {puts "TESTING ERROR 4\n";exit} | 32 | timeout {puts "TESTING ERROR 4\n";exit} |
30 | "home" | 33 | "done" |
31 | } | 34 | } |
32 | sleep 1 | 35 | after 100 |
33 | 36 | ||
34 | puts "\n" | 37 | puts "\n" |
35 | 38 | ||
diff --git a/test/option_blacklist_file.exp b/test/fs/option_blacklist_file.exp index ecdfe3b82..b0164136c 100755 --- a/test/option_blacklist_file.exp +++ b/test/fs/option_blacklist_file.exp | |||
@@ -11,16 +11,16 @@ expect { | |||
11 | } | 11 | } |
12 | sleep 1 | 12 | sleep 1 |
13 | 13 | ||
14 | send -- "cat /etc/passwd;pwd\r" | 14 | send -- "cat /etc/passwd;echo done\r" |
15 | expect { | 15 | expect { |
16 | timeout {puts "TESTING ERROR 1\n";exit} | 16 | timeout {puts "TESTING ERROR 1\n";exit} |
17 | "Permission denied" | 17 | "Permission denied" |
18 | } | 18 | } |
19 | expect { | 19 | expect { |
20 | timeout {puts "TESTING ERROR 2\n";exit} | 20 | timeout {puts "TESTING ERROR 2\n";exit} |
21 | "home" | 21 | "done" |
22 | } | 22 | } |
23 | sleep 1 | 23 | after 100 |
24 | 24 | ||
25 | puts "\n" | 25 | puts "\n" |
26 | 26 | ||
diff --git a/test/fs/option_blacklist_glob.exp b/test/fs/option_blacklist_glob.exp new file mode 100755 index 000000000..5a96cacc9 --- /dev/null +++ b/test/fs/option_blacklist_glob.exp | |||
@@ -0,0 +1,33 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --blacklist=testdir1/*\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | send -- "cd testdir1\r" | ||
17 | sleep 1 | ||
18 | |||
19 | send -- "cat .file\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "Permission denied" | ||
23 | } | ||
24 | |||
25 | send -- "ls .directory\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 2\n";exit} | ||
28 | "Permission denied" | ||
29 | } | ||
30 | after 100 | ||
31 | |||
32 | puts "\n" | ||
33 | |||
diff --git a/test/private-bin.exp b/test/fs/private-bin.exp index a82d2b213..f7181d218 100755 --- a/test/private-bin.exp +++ b/test/fs/private-bin.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -62,10 +65,29 @@ expect { | |||
62 | "sh" | 65 | "sh" |
63 | } | 66 | } |
64 | send -- "exit\r" | 67 | send -- "exit\r" |
68 | after 100 | ||
65 | 69 | ||
66 | 70 | ||
71 | send -- "firejail --private-bin=/etc/shadow\r" | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 8\n";exit} | ||
74 | "invalid filename" | ||
75 | } | ||
76 | after 100 | ||
67 | 77 | ||
78 | send -- "firejail --private-bin=\"bla;bla\"\r" | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 9\n";exit} | ||
81 | "is an invalid filename" | ||
82 | } | ||
83 | after 100 | ||
68 | 84 | ||
69 | sleep 1 | 85 | send -- "firejail --private-etc=../bin/ls\r" |
86 | expect { | ||
87 | timeout {puts "TESTING ERROR 10\n";exit} | ||
88 | "is an invalid filename" | ||
89 | } | ||
90 | |||
91 | after 100 | ||
70 | puts "\nall done\n" | 92 | puts "\nall done\n" |
71 | 93 | ||
diff --git a/test/private-bin.profile b/test/fs/private-bin.profile index 24cf5929a..24cf5929a 100644 --- a/test/private-bin.profile +++ b/test/fs/private-bin.profile | |||
diff --git a/test/fs/private-etc-empty.exp b/test/fs/private-etc-empty.exp new file mode 100755 index 000000000..5ddce8678 --- /dev/null +++ b/test/fs/private-etc-empty.exp | |||
@@ -0,0 +1,42 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --private-etc=blablabla\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "ls -l /etc | wc -l\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "0" {puts "Debian\n"} | ||
21 | "1" {puts "Arch\n"} | ||
22 | } | ||
23 | send -- "exit\r" | ||
24 | sleep 1 | ||
25 | |||
26 | send -- "firejail --profile=private-etc-empty.profile\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 0\n";exit} | ||
29 | "Child process initialized" | ||
30 | } | ||
31 | sleep 1 | ||
32 | |||
33 | send -- "ls -l /etc | wc -l\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 1\n";exit} | ||
36 | "0" {puts "Debian\n"} | ||
37 | "1" {puts "Arch\n"} | ||
38 | |||
39 | } | ||
40 | |||
41 | after 100 | ||
42 | puts "\nall done\n" | ||
diff --git a/test/fs/private-etc-empty.profile b/test/fs/private-etc-empty.profile new file mode 100644 index 000000000..38aa8cd68 --- /dev/null +++ b/test/fs/private-etc-empty.profile | |||
@@ -0,0 +1 @@ | |||
private-etc blablabla | |||
diff --git a/test/fs/private-etc.exp b/test/fs/private-etc.exp new file mode 100755 index 000000000..36b5d247c --- /dev/null +++ b/test/fs/private-etc.exp | |||
@@ -0,0 +1,73 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # directory with ~ | ||
11 | send -- "firejail --private-etc=passwd,group,resolv.conf,X11\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 1 | ||
17 | |||
18 | send -- "LC_ALL=C ls -al /etc\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3\n";exit} | ||
21 | "X11" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 4\n";exit} | ||
25 | "group" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 5\n";exit} | ||
29 | "passwd" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 6\n";exit} | ||
33 | "resolv.conf" | ||
34 | } | ||
35 | |||
36 | |||
37 | send -- "file /etc/shadow\r" | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 7\n";exit} | ||
40 | "No such file or directory" | ||
41 | } | ||
42 | after 100 | ||
43 | send -- "exit\r" | ||
44 | sleep 1 | ||
45 | |||
46 | send -- "firejail --private-etc=shadow\r" | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 8\n";exit} | ||
49 | "invalid file type" | ||
50 | } | ||
51 | after 100 | ||
52 | |||
53 | send -- "firejail --private-etc=\"bla;bla\"\r" | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 9\n";exit} | ||
56 | "is an invalid filename" | ||
57 | } | ||
58 | after 100 | ||
59 | |||
60 | send -- "firejail --private-etc=../bin/ls\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 10\n";exit} | ||
63 | "is an invalid filename" | ||
64 | } | ||
65 | after 100 | ||
66 | |||
67 | |||
68 | |||
69 | |||
70 | |||
71 | after 100 | ||
72 | puts "\nall done\n" | ||
73 | |||
diff --git a/test/fs/private-home-dir.exp b/test/fs/private-home-dir.exp new file mode 100755 index 000000000..5491be834 --- /dev/null +++ b/test/fs/private-home-dir.exp | |||
@@ -0,0 +1,70 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | |||
11 | if {[file exists ~/.asoundrc]} { | ||
12 | puts "found .asoundrc file\n" | ||
13 | } else { | ||
14 | send -- "touch ~/.asoundrc\r" | ||
15 | } | ||
16 | after 100 | ||
17 | |||
18 | if {[file exists ~/.Xauthority]} { | ||
19 | puts "found .Xauthority file\n" | ||
20 | } else { | ||
21 | send -- "touch ~/.Xauthority\r" | ||
22 | } | ||
23 | after 100 | ||
24 | send -- "mkdir ~/_firejail_test_dir_\r" | ||
25 | sleep 1 | ||
26 | |||
27 | # testing profile and private | ||
28 | send -- "firejail --private=~/_firejail_test_dir_\r" | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 0\n";exit} | ||
31 | "Child process initialized" | ||
32 | } | ||
33 | sleep 1 | ||
34 | |||
35 | send -- "ls -l ~\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 1\n";exit} | ||
38 | "total 0" | ||
39 | } | ||
40 | after 100 | ||
41 | |||
42 | send -- "ls -al ~\r" | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 2\n";exit} | ||
45 | ".asoundrc" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 3\n";exit} | ||
49 | ".bashrc" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 4\n";exit} | ||
53 | ".Xauthority" | ||
54 | } | ||
55 | after 100 | ||
56 | |||
57 | send -- "exit\r" | ||
58 | sleep 1 | ||
59 | |||
60 | |||
61 | # testing profile and private | ||
62 | send -- "firejail --private=/etc\r" | ||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 5\n";exit} | ||
65 | "private directory should be owned by the current user" | ||
66 | } | ||
67 | sleep 1 | ||
68 | |||
69 | |||
70 | puts "all done\n" | ||
diff --git a/test/fs/private-home.exp b/test/fs/private-home.exp new file mode 100755 index 000000000..3840d1cb8 --- /dev/null +++ b/test/fs/private-home.exp | |||
@@ -0,0 +1,103 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # create some test files in user home directory | ||
11 | send -- "touch ~/_firejail_test_file1\r" | ||
12 | after 100 | ||
13 | send -- "touch ~/_firejail_test_file2\r" | ||
14 | after 100 | ||
15 | send -- "mkdir ~/_firejail_test_dir1\r" | ||
16 | after 100 | ||
17 | send -- "mkdir ~/_firejail_test_dir1/_firejail_test_dir2\r" | ||
18 | after 100 | ||
19 | send -- "touch ~/_firejail_test_dir1/_firejail_test_dir2/_firejail_test_file3\r" | ||
20 | after 100 | ||
21 | send -- "ln -s /etc ~/_firejail_test_link1\r" | ||
22 | after 100 | ||
23 | send -- "ln -s ~/_firejail_test_dir1 ~/_firejail_test_link2\r" | ||
24 | after 100 | ||
25 | |||
26 | send -- "firejail --private-home=_firejail_test_file1,_firejail_test_file2,_firejail_test_dir1\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 1\n";exit} | ||
29 | "Child process initialized" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | send -- "find ~\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 2\n";exit} | ||
36 | "_firejail_test_file3" | ||
37 | } | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 3\n";exit} | ||
40 | "_firejail_test_file2" | ||
41 | } | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "_firejail_test_file1" | ||
45 | } | ||
46 | after 100 | ||
47 | |||
48 | send -- "exit\r" | ||
49 | sleep 1 | ||
50 | |||
51 | send -- "firejail --private-home=\"bla;bla\"\r" | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 5\n";exit} | ||
54 | "is an invalid filename" | ||
55 | } | ||
56 | after 100 | ||
57 | |||
58 | send -- "firejail --private-home=/etc/shadow\r" | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 6\n";exit} | ||
61 | "invalid file" | ||
62 | } | ||
63 | after 100 | ||
64 | |||
65 | send -- "firejail --private-home=/etc/passwd\r" | ||
66 | expect { | ||
67 | timeout {puts "TESTING ERROR 7\n";exit} | ||
68 | "invalid file" | ||
69 | } | ||
70 | after 100 | ||
71 | |||
72 | send -- "firejail --private-home=../../etc/passwd\r" | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 8\n";exit} | ||
75 | "invalid file" | ||
76 | } | ||
77 | after 100 | ||
78 | |||
79 | send -- "firejail --private-home=_firejail_test_link1\r" | ||
80 | expect { | ||
81 | timeout {puts "TESTING ERROR 9\n";exit} | ||
82 | "to file or directory not owned by the user" | ||
83 | } | ||
84 | after 100 | ||
85 | |||
86 | send -- "firejail --private-home=_firejail_test_link2\r" | ||
87 | expect { | ||
88 | timeout {puts "TESTING ERROR 10\n";exit} | ||
89 | "Child process initialized" | ||
90 | } | ||
91 | after 100 | ||
92 | send -- "file file ~/_firejail_test_link2\r" | ||
93 | expect { | ||
94 | timeout {puts "TESTING ERROR 11\n";exit} | ||
95 | "broken symbolic link" | ||
96 | } | ||
97 | send -- "exit\r" | ||
98 | |||
99 | send -- "rm -f ~/_firejail_test*\r" | ||
100 | after 100 | ||
101 | |||
102 | puts "\nall done\n" | ||
103 | |||
diff --git a/test/fs/private-homedir.exp b/test/fs/private-homedir.exp new file mode 100755 index 000000000..35085948a --- /dev/null +++ b/test/fs/private-homedir.exp | |||
@@ -0,0 +1,25 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --private=~\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | after 100 | ||
16 | |||
17 | send -- "ls -l ~\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 2\n";exit} | ||
20 | "total 0" | ||
21 | } | ||
22 | after 100 | ||
23 | |||
24 | puts "\nall done\n" | ||
25 | |||
diff --git a/test/private-whitelist.exp b/test/fs/private-whitelist.exp index 7379241ef..4dadeacb1 100755 --- a/test/private-whitelist.exp +++ b/test/fs/private-whitelist.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -9,26 +12,28 @@ expect { | |||
9 | timeout {puts "TESTING ERROR 1\n";exit} | 12 | timeout {puts "TESTING ERROR 1\n";exit} |
10 | "Child process initialized" | 13 | "Child process initialized" |
11 | } | 14 | } |
12 | sleep 1 | 15 | after 100 |
13 | 16 | ||
14 | send -- "ls -al /tmp\r" | 17 | send -- "ls -al /tmp\r" |
15 | expect { | 18 | expect { |
16 | timeout {puts "TESTING ERROR 2\n";exit} | 19 | timeout {puts "TESTING ERROR 2\n";exit} |
17 | ".X11-unix" | 20 | ".X11-unix" |
18 | } | 21 | } |
19 | sleep 1 | 22 | after 100 |
20 | 23 | ||
21 | send -- "ls -a /tmp | wc -l\r" | 24 | send -- "ls -a /tmp | wc -l\r" |
22 | expect { | 25 | expect { |
23 | timeout {puts "TESTING ERROR 3\n";exit} | 26 | timeout {puts "TESTING ERROR 3\n";exit} |
24 | "3" | 27 | "3" |
25 | } | 28 | } |
26 | sleep 1 | 29 | after 100 |
27 | 30 | ||
28 | send -- "ls -a ~ | wc -l\r" | 31 | send -- "ls -a ~ | wc -l\r" |
29 | expect { | 32 | expect { |
30 | timeout {puts "TESTING ERROR 4\n";exit} | 33 | timeout {puts "TESTING ERROR 4\n";exit} |
31 | "5" | 34 | "3" {puts "3\n"} |
35 | "4" {puts "4\n"} | ||
36 | "5" {puts "5\n"} | ||
32 | } | 37 | } |
33 | 38 | ||
34 | sleep 1 | 39 | sleep 1 |
diff --git a/test/fs/private.exp b/test/fs/private.exp new file mode 100755 index 000000000..8114ee45d --- /dev/null +++ b/test/fs/private.exp | |||
@@ -0,0 +1,58 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | |||
11 | if {[file exists ~/.asoundrc]} { | ||
12 | puts "found .asoundrc file\n" | ||
13 | } else { | ||
14 | send -- "touch ~/.asoundrc\r" | ||
15 | } | ||
16 | after 100 | ||
17 | |||
18 | if {[file exists ~/.Xauthority]} { | ||
19 | puts "found .Xauthority file\n" | ||
20 | } else { | ||
21 | send -- "touch ~/.Xauthority\r" | ||
22 | } | ||
23 | after 100 | ||
24 | |||
25 | # testing profile and private | ||
26 | send -- "firejail --private\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 0\n";exit} | ||
29 | "Child process initialized" | ||
30 | } | ||
31 | sleep 1 | ||
32 | |||
33 | send -- "ls -l ~\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 1\n";exit} | ||
36 | "total 0" | ||
37 | } | ||
38 | after 100 | ||
39 | |||
40 | send -- "ls -al ~\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 2\n";exit} | ||
43 | ".asoundrc" | ||
44 | } | ||
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 3\n";exit} | ||
47 | ".bashrc" | ||
48 | } | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 4\n";exit} | ||
51 | ".Xauthority" | ||
52 | } | ||
53 | after 100 | ||
54 | |||
55 | send -- "exit\r" | ||
56 | sleep 1 | ||
57 | |||
58 | puts "all done\n" | ||
diff --git a/test/fs/read-write.exp b/test/fs/read-write.exp new file mode 100755 index 000000000..19a915f66 --- /dev/null +++ b/test/fs/read-write.exp | |||
@@ -0,0 +1,35 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | |||
11 | send -- "firejail --read-only=~/_firejail_test_dir --read-write=~/_firejail_test_dir/test1\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 1 | ||
17 | |||
18 | send -- "echo mytest > ~/_firejail_test_dir/a\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 5\n";exit} | ||
21 | "Read-only file system" | ||
22 | } | ||
23 | after 100 | ||
24 | |||
25 | send -- "echo mytest > ~/_firejail_test_dir/test1/b\r" | ||
26 | sleep 1 | ||
27 | |||
28 | send -- "cat ~/_firejail_test_dir/test1/b\r" | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 5\n";exit} | ||
31 | "mytest" | ||
32 | } | ||
33 | |||
34 | after 100 | ||
35 | puts "\nall done\n" | ||
diff --git a/test/fs/sys_fs.exp b/test/fs/sys_fs.exp new file mode 100755 index 000000000..f512776d9 --- /dev/null +++ b/test/fs/sys_fs.exp | |||
@@ -0,0 +1,44 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "ls /sys/fs\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 2\n";exit} | ||
20 | "Permission denied" | ||
21 | } | ||
22 | after 100 | ||
23 | |||
24 | send -- "exit\r" | ||
25 | sleep 1 | ||
26 | |||
27 | send -- "firejail --noblacklist=/sys/fs\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 1\n";exit} | ||
30 | "Child process initialized" | ||
31 | } | ||
32 | sleep 1 | ||
33 | |||
34 | send -- "ls /sys/fs\r" | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 2\n";exit} | ||
37 | "cgroup" | ||
38 | } | ||
39 | after 100 | ||
40 | send -- "exit\r" | ||
41 | after 100 | ||
42 | |||
43 | puts "\nall done\n" | ||
44 | |||
diff --git a/test/fs/testdir1/.directory/file b/test/fs/testdir1/.directory/file new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/fs/testdir1/.directory/file | |||
diff --git a/test/fs/testdir1/.file b/test/fs/testdir1/.file new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/fs/testdir1/.file | |||
diff --git a/test/fs/testfile1 b/test/fs/testfile1 new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/fs/testfile1 | |||
diff --git a/test/fs/user-dirs.dirs b/test/fs/user-dirs.dirs new file mode 100644 index 000000000..0d19da4e4 --- /dev/null +++ b/test/fs/user-dirs.dirs | |||
@@ -0,0 +1,15 @@ | |||
1 | # This file is written by xdg-user-dirs-update | ||
2 | # If you want to change or add directories, just edit the line you're | ||
3 | # interested in. All local changes will be retained on the next run | ||
4 | # Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped | ||
5 | # homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an | ||
6 | # absolute path. No other format is supported. | ||
7 | # | ||
8 | XDG_DESKTOP_DIR="$HOME/Desktop" | ||
9 | XDG_DOWNLOAD_DIR="$HOME/Downloads" | ||
10 | XDG_TEMPLATES_DIR="$HOME/Templates" | ||
11 | XDG_PUBLICSHARE_DIR="$HOME/Public" | ||
12 | XDG_DOCUMENTS_DIR="$HOME/Documents" | ||
13 | XDG_MUSIC_DIR="$HOME/Music" | ||
14 | XDG_PICTURES_DIR="$HOME/Pictures" | ||
15 | XDG_VIDEOS_DIR="$HOME/Videos" | ||
diff --git a/test/fs/whitelist-dev.exp b/test/fs/whitelist-dev.exp new file mode 100755 index 000000000..a19d5cedf --- /dev/null +++ b/test/fs/whitelist-dev.exp | |||
@@ -0,0 +1,47 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --whitelist=/dev/null --debug\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "ls -l /dev | find /dev | wc -l\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "2" | ||
21 | } | ||
22 | after 100 | ||
23 | send -- "exit\r" | ||
24 | sleep 1 | ||
25 | |||
26 | send -- "firejail --whitelist=/var/tmp --debug\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 0\n";exit} | ||
29 | "Child process initialized" | ||
30 | } | ||
31 | sleep 1 | ||
32 | |||
33 | send -- "ls -l /dev | find /dev | wc -l\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 1\n";exit} | ||
36 | "2" | ||
37 | } | ||
38 | after 100 | ||
39 | send -- "exit\r" | ||
40 | sleep 1 | ||
41 | |||
42 | |||
43 | |||
44 | |||
45 | after 100 | ||
46 | puts "\nall done\n" | ||
47 | |||
diff --git a/test/fs/whitelist-double.exp b/test/fs/whitelist-double.exp new file mode 100755 index 000000000..fc05f9322 --- /dev/null +++ b/test/fs/whitelist-double.exp | |||
@@ -0,0 +1,42 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "echo 123 > /tmp/firejal-deleteme\r" | ||
11 | sleep 1 | ||
12 | |||
13 | send -- "firejail --whitelist=/tmp/firejal-deleteme --whitelist=/tmp/firejal-deleteme\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 0\n";exit} | ||
16 | "Child process initialized" | ||
17 | } | ||
18 | sleep 1 | ||
19 | |||
20 | send -- "cat /tmp/firejal-deleteme\r" | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 1\n";exit} | ||
23 | "123" | ||
24 | } | ||
25 | |||
26 | send -- "exit\r" | ||
27 | sleep 1 | ||
28 | |||
29 | send -- "cat /tmp/firejal-deleteme\r" | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 2\n";exit} | ||
32 | "123" | ||
33 | } | ||
34 | |||
35 | send -- "rm /tmp/firejal-deleteme\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 3\n";exit} | ||
38 | "0" | ||
39 | } | ||
40 | after 100 | ||
41 | |||
42 | puts "\nall done\n" | ||
diff --git a/test/fs/whitelist-downloads.exp b/test/fs/whitelist-downloads.exp new file mode 100755 index 000000000..6af318d2b --- /dev/null +++ b/test/fs/whitelist-downloads.exp | |||
@@ -0,0 +1,49 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "cp user-dirs.dirs /tmp/.\r" | ||
11 | after 100 | ||
12 | |||
13 | send -- "firejail --private --noprofile\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 0\n";exit} | ||
16 | "Child process initialized" | ||
17 | } | ||
18 | after 100 | ||
19 | |||
20 | send -- "firejail --force --profile=/etc/firejail/firefox.profile\r" | ||
21 | expect { | ||
22 | timeout {puts "TESTING ERROR 1\n";exit} | ||
23 | "cannot whitelist Downloads directory" | ||
24 | } | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "Child process initialized" | ||
28 | } | ||
29 | after 100 | ||
30 | |||
31 | send -- "exit\r" | ||
32 | after 100 | ||
33 | |||
34 | send -- "cp /tmp/user-dirs.dirs ~/.config/.\r" | ||
35 | after 100 | ||
36 | |||
37 | send -- "firejail --force --profile=/etc/firejail/firefox.profile\r" | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 3\n";exit} | ||
40 | "cannot whitelist Downloads directory" | ||
41 | } | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 4\n";exit} | ||
44 | "Child process initialized" | ||
45 | } | ||
46 | after 100 | ||
47 | |||
48 | puts "\nall done\n" | ||
49 | |||
diff --git a/test/whitelist-empty.exp b/test/fs/whitelist-empty.exp index 226b019db..71bb8f914 100755 --- a/test/whitelist-empty.exp +++ b/test/fs/whitelist-empty.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 30 | 6 | set timeout 30 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -46,5 +49,6 @@ expect { | |||
46 | "0" | 49 | "0" |
47 | } | 50 | } |
48 | 51 | ||
52 | after 100 | ||
49 | 53 | ||
50 | puts "\nall done\n" | 54 | puts "\nall done\n" |
diff --git a/test/fs/whitelist.exp b/test/fs/whitelist.exp new file mode 100755 index 000000000..9b631b884 --- /dev/null +++ b/test/fs/whitelist.exp | |||
@@ -0,0 +1,226 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # cleanup | ||
11 | send -- "rm -fr ~/fjtest-dir\r" | ||
12 | after 200 | ||
13 | send -- "rm -fr ~/fjtest-dir-lnk\r" | ||
14 | after 200 | ||
15 | send -- "rm ~/fjtest-file\r" | ||
16 | after 200 | ||
17 | send -- "rm ~/fjtest-file-lnk\r" | ||
18 | after 200 | ||
19 | send -- "rm /tmp/fjtest-file\r" | ||
20 | after 200 | ||
21 | send -- "rm -fr /tmp/fjtest-dir\r" | ||
22 | after 200 | ||
23 | |||
24 | |||
25 | # simple files and directories | ||
26 | send -- "mkdir -p ~/fjtest-dir/fjtest-dir\r" | ||
27 | after 200 | ||
28 | send -- "echo 123 > ~/fjtest-file\r" | ||
29 | after 200 | ||
30 | send -- "echo 123 > ~/fjtest-dir/fjtest-file\r" | ||
31 | after 200 | ||
32 | send -- "echo 123 > ~/fjtest-dir/fjtest-dir/fjtest-file\r" | ||
33 | after 200 | ||
34 | send -- "ln -s ~/fjtest-file ~/fjtest-file-lnk\r" | ||
35 | after 200 | ||
36 | send -- "ln -s ~/fjtest-dir ~/fjtest-dir-lnk\r" | ||
37 | after 200 | ||
38 | |||
39 | send -- "firejail --whitelist=~/fjtest-file --whitelist=~/fjtest-dir --debug\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 0\n";exit} | ||
42 | "Child process initialized" | ||
43 | } | ||
44 | sleep 1 | ||
45 | |||
46 | send -- "ls -l ~/ | grep -v total | wc -l\r" | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 1\n";exit} | ||
49 | "2" | ||
50 | } | ||
51 | |||
52 | send -- "cat ~/fjtest-file\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 2\n";exit} | ||
55 | "123" | ||
56 | } | ||
57 | |||
58 | send -- "cat ~/fjtest-dir/fjtest-file\r" | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 3\n";exit} | ||
61 | "123" | ||
62 | } | ||
63 | |||
64 | send -- "cat ~/fjtest-dir/fjtest-dir/fjtest-file\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 4\n";exit} | ||
67 | "123" | ||
68 | } | ||
69 | |||
70 | send -- "exit\r" | ||
71 | sleep 1 | ||
72 | |||
73 | |||
74 | |||
75 | # simple files and directories | ||
76 | send -- "firejail --whitelist=~/fjtest-dir/fjtest-dir/fjtest-file\r" | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 10\n";exit} | ||
79 | "Child process initialized" | ||
80 | } | ||
81 | sleep 1 | ||
82 | |||
83 | send -- "ls -l ~/ | grep -v total | wc -l\r" | ||
84 | expect { | ||
85 | timeout {puts "TESTING ERROR 11\n";exit} | ||
86 | "1" | ||
87 | } | ||
88 | |||
89 | send -- "cat ~/fjtest-dir/fjtest-dir/fjtest-file\r" | ||
90 | expect { | ||
91 | timeout {puts "TESTING ERROR 12\n";exit} | ||
92 | "123" | ||
93 | } | ||
94 | |||
95 | send -- "exit\r" | ||
96 | sleep 1 | ||
97 | |||
98 | |||
99 | |||
100 | # symlinks | ||
101 | send -- "firejail --whitelist=~/fjtest-file-lnk --whitelist=~/fjtest-dir-lnk\r" | ||
102 | expect { | ||
103 | timeout {puts "TESTING ERROR 20\n";exit} | ||
104 | "Child process initialized" | ||
105 | } | ||
106 | sleep 1 | ||
107 | |||
108 | send -- "ls -l ~/ | grep -v total | wc -l\r" | ||
109 | expect { | ||
110 | timeout {puts "TESTING ERROR 21\n";exit} | ||
111 | "4" | ||
112 | } | ||
113 | |||
114 | send -- "cat ~/fjtest-file\r" | ||
115 | expect { | ||
116 | timeout {puts "TESTING ERROR 22\n";exit} | ||
117 | "123" | ||
118 | } | ||
119 | |||
120 | send -- "cat ~/fjtest-dir/fjtest-file\r" | ||
121 | expect { | ||
122 | timeout {puts "TESTING ERROR 23\n";exit} | ||
123 | "123" | ||
124 | } | ||
125 | |||
126 | send -- "cat ~/fjtest-dir/fjtest-dir/fjtest-file\r" | ||
127 | expect { | ||
128 | timeout {puts "TESTING ERROR 24\n";exit} | ||
129 | "123" | ||
130 | } | ||
131 | |||
132 | send -- "cat ~/fjtest-file-lnk\r" | ||
133 | expect { | ||
134 | timeout {puts "TESTING ERROR 25\n";exit} | ||
135 | "123" | ||
136 | } | ||
137 | |||
138 | send -- "cat ~/fjtest-dir-lnk/fjtest-file\r" | ||
139 | expect { | ||
140 | timeout {puts "TESTING ERROR 26\n";exit} | ||
141 | "123" | ||
142 | } | ||
143 | |||
144 | send -- "cat ~/fjtest-dir-lnk/fjtest-dir/fjtest-file\r" | ||
145 | expect { | ||
146 | timeout {puts "TESTING ERROR 27\n";exit} | ||
147 | "123" | ||
148 | } | ||
149 | send -- "exit\r" | ||
150 | sleep 1 | ||
151 | |||
152 | # symlinks outside home to a file we don't own | ||
153 | send -- "rm ~/fjtest-file-lnk\r" | ||
154 | after 200 | ||
155 | send -- "ln -s /etc/passwd ~/fjtest-file-lnk\r" | ||
156 | after 200 | ||
157 | send -- "firejail --whitelist=~/fjtest-file-lnk --whitelist=~/fjtest-dir-lnk\r" | ||
158 | expect { | ||
159 | timeout {puts "TESTING ERROR 30\n";exit} | ||
160 | "invalid whitelist path" | ||
161 | } | ||
162 | expect { | ||
163 | timeout {puts "TESTING ERROR 31\n";exit} | ||
164 | "exiting" | ||
165 | } | ||
166 | sleep 1 | ||
167 | |||
168 | # symlinks outside home to a file we own | ||
169 | send -- "rm -fr ~/fjtest-dir-lnk\r" | ||
170 | after 200 | ||
171 | send -- "rm ~/fjtest-file-lnk\r" | ||
172 | after 200 | ||
173 | send -- "echo 123 > /tmp/fjtest-file\r" | ||
174 | after 200 | ||
175 | send -- "mkdir /tmp/fjtest-dir\r" | ||
176 | after 200 | ||
177 | send -- "echo 123 > /tmp/fjtest-dir/fjtest-file\r" | ||
178 | after 200 | ||
179 | send -- "ln -s /tmp/fjtest-file ~/fjtest-file-lnk\r" | ||
180 | after 200 | ||
181 | send -- "ln -s /tmp/fjtest-dir ~/fjtest-dir-lnk\r" | ||
182 | after 200 | ||
183 | send -- "firejail --whitelist=~/fjtest-file-lnk --whitelist=~/fjtest-dir-lnk\r" | ||
184 | expect { | ||
185 | timeout {puts "TESTING ERROR 40\n";exit} | ||
186 | "Child process initialized" | ||
187 | } | ||
188 | sleep 1 | ||
189 | |||
190 | send -- "ls -l ~/ | grep -v total | wc -l\r" | ||
191 | expect { | ||
192 | timeout {puts "TESTING ERROR 41\n";exit} | ||
193 | "2" | ||
194 | } | ||
195 | |||
196 | send -- "cat ~/fjtest-file-lnk\r" | ||
197 | expect { | ||
198 | timeout {puts "TESTING ERROR 42\n";exit} | ||
199 | "123" | ||
200 | } | ||
201 | |||
202 | send -- "cat ~/fjtest-dir-lnk/fjtest-file\r" | ||
203 | expect { | ||
204 | timeout {puts "TESTING ERROR 43\n";exit} | ||
205 | "123" | ||
206 | } | ||
207 | send -- "exit\r" | ||
208 | sleep 1 | ||
209 | |||
210 | # cleanup | ||
211 | send -- "rm -fr ~/fjtest-dir\r" | ||
212 | after 200 | ||
213 | send -- "rm -fr ~/fjtest-dir-lnk\r" | ||
214 | after 200 | ||
215 | send -- "rm ~/fjtest-file\r" | ||
216 | after 200 | ||
217 | send -- "rm ~/fjtest-file-lnk\r" | ||
218 | after 200 | ||
219 | send -- "rm /tmp/fjtest-file\r" | ||
220 | after 200 | ||
221 | send -- "rm -fr /tmp/fjtest-dir\r" | ||
222 | after 200 | ||
223 | |||
224 | |||
225 | puts "\nall done\n" | ||
226 | |||
diff --git a/test/fs_var_lock.exp b/test/fs_var_lock.exp deleted file mode 100755 index dfcf571f4..000000000 --- a/test/fs_var_lock.exp +++ /dev/null | |||
@@ -1,87 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # testing read-write /var/lock | ||
8 | send -- "firejail\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 0\n";exit} | ||
11 | "Child process initialized" | ||
12 | } | ||
13 | sleep 1 | ||
14 | |||
15 | send -- "echo mytest > /var/lock/ttt;pwd\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "home" | ||
19 | } | ||
20 | |||
21 | send -- "cat /var/lock/ttt;pwd\r" | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
24 | "mytest" | ||
25 | } | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 2\n";exit} | ||
28 | "home" | ||
29 | } | ||
30 | |||
31 | send -- "rm /var/lock/ttt;pwd\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 3\n";exit} | ||
34 | "home" | ||
35 | } | ||
36 | |||
37 | send -- "cat /var/lock/ttt;pwd\r" | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 4\n";exit} | ||
40 | "mytest" {puts "TESTING ERROR 4.1\n";exit} | ||
41 | "home" | ||
42 | } | ||
43 | |||
44 | sleep 1 | ||
45 | send -- "exit\r" | ||
46 | sleep 1 | ||
47 | |||
48 | # redo the test with --private | ||
49 | send -- "firejail\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 10\n";exit} | ||
52 | "Child process initialized" | ||
53 | } | ||
54 | sleep 1 | ||
55 | |||
56 | send -- "echo mytest > /var/lock/ttt;pwd\r" | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 11\n";exit} | ||
59 | "home" | ||
60 | } | ||
61 | |||
62 | send -- "cat /var/lock/ttt;pwd\r" | ||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 12.1\n";exit} | ||
65 | "mytest" | ||
66 | } | ||
67 | expect { | ||
68 | timeout {puts "TESTING ERROR 12\n";exit} | ||
69 | "home" | ||
70 | } | ||
71 | |||
72 | send -- "rm /var/lock/ttt;pwd\r" | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 13\n";exit} | ||
75 | "home" | ||
76 | } | ||
77 | |||
78 | send -- "cat /var/lock/ttt;pwd\r" | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 14\n";exit} | ||
81 | "mytest" {puts "TESTING ERROR 14.1\n";exit} | ||
82 | "home" | ||
83 | } | ||
84 | |||
85 | sleep 1 | ||
86 | |||
87 | puts "\n" | ||
diff --git a/test/fscheck-private.exp b/test/fscheck-private.exp deleted file mode 100755 index 8e485cc03..000000000 --- a/test/fscheck-private.exp +++ /dev/null | |||
@@ -1,70 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | |||
8 | # .. | ||
9 | #send -- "firejail --net=br0 --private=../test/fscheck-dir\r" | ||
10 | #expect { | ||
11 | # timeout {puts "TESTING ERROR 0.1\n";exit} | ||
12 | # "Error" | ||
13 | #} | ||
14 | #after 100 | ||
15 | |||
16 | # dir link | ||
17 | #send -- "firejail --net=br0 --private=fscheck-dir-link\r" | ||
18 | #expect { | ||
19 | # timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | # "Error" | ||
21 | #} | ||
22 | #after 100 | ||
23 | |||
24 | # .. | ||
25 | #send -- "firejail --net=br0 --private=../test/fscheck-dir-link\r" | ||
26 | #expect { | ||
27 | # timeout {puts "TESTING ERROR 1.1\n";exit} | ||
28 | # "Error" | ||
29 | #} | ||
30 | #after 100 | ||
31 | |||
32 | # file link | ||
33 | send -- "firejail --net=br0 --private=fscheck-file-link\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 2\n";exit} | ||
36 | "Error" | ||
37 | } | ||
38 | after 100 | ||
39 | |||
40 | # file | ||
41 | send -- "firejail --net=br0 --private=fscheck-file\r" | ||
42 | expect { | ||
43 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
44 | "Error" | ||
45 | } | ||
46 | after 100 | ||
47 | |||
48 | # .. | ||
49 | send -- "firejail --net=br0 --private=../test/fscheck-file\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
52 | "Error" | ||
53 | } | ||
54 | after 100 | ||
55 | |||
56 | # no file | ||
57 | send -- "firejail --net=br0 --private=../test/nodir\r" | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 3\n";exit} | ||
60 | "Error" | ||
61 | } | ||
62 | after 100 | ||
63 | |||
64 | # same owner | ||
65 | send -- "firejail --net=br0 --private=/etc\r" | ||
66 | expect { | ||
67 | timeout {puts "TESTING ERROR 4\n";exit} | ||
68 | "Error" | ||
69 | } | ||
70 | after 100 | ||
diff --git a/test/google-chrome.exp b/test/google-chrome.exp deleted file mode 100755 index 389988e3c..000000000 --- a/test/google-chrome.exp +++ /dev/null | |||
@@ -1,80 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail google-chrome www.gentoo.org\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Reading profile /etc/firejail/google-chrome.profile" | ||
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 10 | ||
17 | |||
18 | spawn $env(SHELL) | ||
19 | send -- "firejail --list\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 3\n";exit} | ||
22 | ":firejail" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
26 | "google-chrome" | ||
27 | } | ||
28 | sleep 1 | ||
29 | |||
30 | # grsecurity exit | ||
31 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
34 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
35 | "cannot open" {puts "grsecurity not present\n"} | ||
36 | } | ||
37 | |||
38 | send -- "firejail --name=blablabla\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 4\n";exit} | ||
41 | "Child process initialized" | ||
42 | } | ||
43 | sleep 2 | ||
44 | |||
45 | spawn $env(SHELL) | ||
46 | send -- "firemon --seccomp\r" | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 5\n";exit} | ||
49 | ":firejail google-chrome" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
53 | "Seccomp: 0" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
57 | "name=blablabla" | ||
58 | } | ||
59 | sleep 1 | ||
60 | send -- "firemon --caps\r" | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 6\n";exit} | ||
63 | ":firejail google-chrome" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
67 | "CapBnd:" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
71 | "fffffffff" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
75 | "name=blablabla" | ||
76 | } | ||
77 | sleep 1 | ||
78 | |||
79 | puts "\n" | ||
80 | |||
diff --git a/test/net_interface.exp b/test/net_interface.exp deleted file mode 100755 index 4b55187ff..000000000 --- a/test/net_interface.exp +++ /dev/null | |||
@@ -1,88 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "ip link add link eth0 name eth0.100 type vlan id 100\r" | ||
8 | sleep 1 | ||
9 | send -- "ip link add link eth0 name eth0.101 type vlan id 101\r" | ||
10 | sleep 1 | ||
11 | send -- "ip link add link eth0 name eth0.102 type vlan id 102\r" | ||
12 | sleep 1 | ||
13 | send -- "ip link add link eth0 name eth0.103 type vlan id 103\r" | ||
14 | sleep 1 | ||
15 | send -- "ip link add link eth0 name eth0.104 type vlan id 104\r" | ||
16 | sleep 1 | ||
17 | puts "\n" | ||
18 | |||
19 | send -- "/sbin/ifconfig eth0.100 10.200.0.1/24\r" | ||
20 | sleep 1 | ||
21 | send -- "/sbin/ifconfig eth0.101 10.200.1.1/24\r" | ||
22 | sleep 1 | ||
23 | send -- "/sbin/ifconfig eth0.102 10.200.2.1/24\r" | ||
24 | sleep 1 | ||
25 | send -- "/sbin/ifconfig eth0.103 10.200.3.1/24\r" | ||
26 | sleep 1 | ||
27 | send -- "/sbin/ifconfig eth0.104 10.200.4.1/24\r" | ||
28 | sleep 1 | ||
29 | puts "\n" | ||
30 | |||
31 | |||
32 | |||
33 | send -- "firejail --noprofile --interface=eth0.100 --interface=eth0.101 --interface=eth0.102 --interface=eth0.103 --interface=eth0.104\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 0\n";exit} | ||
36 | "maximum 4 interfaces are allowed" | ||
37 | } | ||
38 | sleep 1 | ||
39 | |||
40 | send -- "firejail --noprofile --interface=eth0.100 --interface=eth0.101 --interface=eth0.102 --interface=eth0.103\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 1\n";exit} | ||
43 | "eth0.100" | ||
44 | } | ||
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
47 | "UP" | ||
48 | } | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 2\n";exit} | ||
51 | "eth0.101" | ||
52 | } | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
55 | "UP" | ||
56 | } | ||
57 | expect { | ||
58 | timeout {puts "TESTING ERROR 3\n";exit} | ||
59 | "eth0.102" | ||
60 | } | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
63 | "UP" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 4\n";exit} | ||
67 | "eth0.103" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
71 | "UP" | ||
72 | } | ||
73 | sleep 1 | ||
74 | send -- "exit\r" | ||
75 | sleep 1 | ||
76 | |||
77 | send -- "firejail --noprofile --interface=eth0.104\r" | ||
78 | expect { | ||
79 | timeout {puts "TESTING ERROR 5\n";exit} | ||
80 | "eth0.104" | ||
81 | } | ||
82 | expect { | ||
83 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
84 | "UP" | ||
85 | } | ||
86 | |||
87 | puts "all done\n" | ||
88 | |||
diff --git a/test/4bridges_arp.exp b/test/network/4bridges_arp.exp index 6a3e6db2a..6383aad5e 100755 --- a/test/4bridges_arp.exp +++ b/test/network/4bridges_arp.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -26,9 +29,9 @@ expect { | |||
26 | timeout {puts "TESTING ERROR 0.4\n";exit} | 29 | timeout {puts "TESTING ERROR 0.4\n";exit} |
27 | "Child process initialized" | 30 | "Child process initialized" |
28 | } | 31 | } |
29 | sleep 2 | 32 | sleep 1 |
30 | send -- "exit\r" | 33 | send -- "exit\r" |
31 | sleep 2 | 34 | sleep 1 |
32 | 35 | ||
33 | # check eth1 | 36 | # check eth1 |
34 | send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" | 37 | send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" |
@@ -52,9 +55,9 @@ expect { | |||
52 | timeout {puts "TESTING ERROR 1.4\n";exit} | 55 | timeout {puts "TESTING ERROR 1.4\n";exit} |
53 | "Child process initialized" | 56 | "Child process initialized" |
54 | } | 57 | } |
55 | sleep 2 | 58 | sleep 1 |
56 | send -- "exit\r" | 59 | send -- "exit\r" |
57 | sleep 2 | 60 | sleep 1 |
58 | 61 | ||
59 | 62 | ||
60 | # check eth2 | 63 | # check eth2 |
@@ -79,9 +82,9 @@ expect { | |||
79 | timeout {puts "TESTING ERROR 2.4\n";exit} | 82 | timeout {puts "TESTING ERROR 2.4\n";exit} |
80 | "Child process initialized" | 83 | "Child process initialized" |
81 | } | 84 | } |
82 | sleep 2 | 85 | sleep 1 |
83 | send -- "exit\r" | 86 | send -- "exit\r" |
84 | sleep 2 | 87 | sleep 1 |
85 | 88 | ||
86 | 89 | ||
87 | 90 | ||
@@ -107,9 +110,9 @@ expect { | |||
107 | timeout {puts "TESTING ERROR 4\n";exit} | 110 | timeout {puts "TESTING ERROR 4\n";exit} |
108 | "Child process initialized" | 111 | "Child process initialized" |
109 | } | 112 | } |
110 | sleep 2 | 113 | sleep 1 |
111 | send -- "exit\r" | 114 | send -- "exit\r" |
112 | sleep 2 | 115 | sleep 1 |
113 | 116 | ||
114 | 117 | ||
115 | 118 | ||
@@ -164,7 +167,8 @@ expect { | |||
164 | timeout {puts "TESTING ERROR 10.2\n";exit} | 167 | timeout {puts "TESTING ERROR 10.2\n";exit} |
165 | "10.10.50.0/24 dev eth3 proto kernel scope link" | 168 | "10.10.50.0/24 dev eth3 proto kernel scope link" |
166 | } | 169 | } |
167 | sleep 1 | 170 | send -- "exit\r" |
171 | after 100 | ||
168 | 172 | ||
169 | puts "\nall done\n" | 173 | puts "\nall done\n" |
170 | 174 | ||
diff --git a/test/4bridges_ip.exp b/test/network/4bridges_ip.exp index 8068aeebb..e762ac285 100755 --- a/test/4bridges_ip.exp +++ b/test/network/4bridges_ip.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -26,9 +29,9 @@ expect { | |||
26 | timeout {puts "TESTING ERROR 0.4\n";exit} | 29 | timeout {puts "TESTING ERROR 0.4\n";exit} |
27 | "Child process initialized" | 30 | "Child process initialized" |
28 | } | 31 | } |
29 | sleep 2 | 32 | sleep 1 |
30 | send -- "exit\r" | 33 | send -- "exit\r" |
31 | sleep 2 | 34 | sleep 1 |
32 | 35 | ||
33 | # check eth1 | 36 | # check eth1 |
34 | send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" | 37 | send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" |
@@ -52,9 +55,9 @@ expect { | |||
52 | timeout {puts "TESTING ERROR 1.4\n";exit} | 55 | timeout {puts "TESTING ERROR 1.4\n";exit} |
53 | "Child process initialized" | 56 | "Child process initialized" |
54 | } | 57 | } |
55 | sleep 2 | 58 | sleep 1 |
56 | send -- "exit\r" | 59 | send -- "exit\r" |
57 | sleep 2 | 60 | sleep 1 |
58 | 61 | ||
59 | 62 | ||
60 | # check eth2 | 63 | # check eth2 |
@@ -79,9 +82,9 @@ expect { | |||
79 | timeout {puts "TESTING ERROR 2.4\n";exit} | 82 | timeout {puts "TESTING ERROR 2.4\n";exit} |
80 | "Child process initialized" | 83 | "Child process initialized" |
81 | } | 84 | } |
82 | sleep 2 | 85 | sleep 1 |
83 | send -- "exit\r" | 86 | send -- "exit\r" |
84 | sleep 2 | 87 | sleep 1 |
85 | 88 | ||
86 | 89 | ||
87 | 90 | ||
@@ -107,9 +110,9 @@ expect { | |||
107 | timeout {puts "TESTING ERROR 4\n";exit} | 110 | timeout {puts "TESTING ERROR 4\n";exit} |
108 | "Child process initialized" | 111 | "Child process initialized" |
109 | } | 112 | } |
110 | sleep 2 | 113 | sleep 1 |
111 | send -- "exit\r" | 114 | send -- "exit\r" |
112 | sleep 2 | 115 | sleep 1 |
113 | 116 | ||
114 | 117 | ||
115 | 118 | ||
@@ -168,7 +171,8 @@ expect { | |||
168 | "10.10.50.0/24 dev eth3 proto kernel scope link" | 171 | "10.10.50.0/24 dev eth3 proto kernel scope link" |
169 | } | 172 | } |
170 | 173 | ||
171 | sleep 1 | 174 | send -- "exit\r" |
175 | after 100 | ||
172 | 176 | ||
173 | puts "\nall done\n" | 177 | puts "\nall done\n" |
174 | 178 | ||
diff --git a/test/network/README b/test/network/README new file mode 100644 index 000000000..4404c53b0 --- /dev/null +++ b/test/network/README | |||
@@ -0,0 +1,14 @@ | |||
1 | Warning: this test requires root access to configure a number of bridge, mac | ||
2 | and vlan devices. Please take a look at configure file. By the time you are | ||
3 | finished testing, you'll probably have to reboot the computer to get your | ||
4 | networking subsytem back to normal. | ||
5 | |||
6 | Limitations - to be investigated and fixed: | ||
7 | - the test is assuming an eth0 wired interface to be present | ||
8 | - using netstat and ifconfig - this needs to be moved to iproute2 | ||
9 | - configure script inserts an entry in system netfilter configuration | ||
10 | - the test will probably not work on grsecurity settings | ||
11 | - macvlan interfaces don't seem to work correctly under VirtualBox | ||
12 | |||
13 | Run the test: | ||
14 | $ ./network.sh | grep TESTING | ||
diff --git a/test/bandwidth.exp b/test/network/bandwidth.exp index 33b351296..8a2e46e04 100755 --- a/test/bandwidth.exp +++ b/test/network/bandwidth.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -9,13 +12,13 @@ expect { | |||
9 | timeout {puts "TESTING ERROR 0\n";exit} | 12 | timeout {puts "TESTING ERROR 0\n";exit} |
10 | "Child process initialized" | 13 | "Child process initialized" |
11 | } | 14 | } |
12 | sleep 2 | 15 | sleep 1 |
13 | 16 | ||
14 | spawn $env(SHELL) | 17 | spawn $env(SHELL) |
15 | send -- "firejail --bandwidth=test status\r" | 18 | send -- "firejail --bandwidth=test status\r" |
16 | expect { | 19 | expect { |
17 | timeout {puts "TESTING ERROR 1\n";exit} | 20 | timeout {puts "TESTING ERROR 1\n";exit} |
18 | "qdisc noqueue 0: dev eth0" | 21 | "qdisc * 0: dev eth0" |
19 | } | 22 | } |
20 | sleep 1 | 23 | sleep 1 |
21 | 24 | ||
@@ -51,12 +54,12 @@ expect { | |||
51 | } | 54 | } |
52 | sleep 1 | 55 | sleep 1 |
53 | 56 | ||
54 | send -- "firejail --bandwidth=test status; pwd\r" | 57 | send -- "firejail --bandwidth=test status; echo done\r" |
55 | expect { | 58 | expect { |
56 | timeout {puts "TESTING ERROR 8\n";exit} | 59 | timeout {puts "TESTING ERROR 8\n";exit} |
57 | "rate 80Kbit burst 10Kb" {puts "TESTING ERROR 9\n";exit} | 60 | "rate 80Kbit burst 10Kb" {puts "TESTING ERROR 9\n";exit} |
58 | "home" {puts "ok\n"} | 61 | "done" |
59 | } | 62 | } |
60 | sleep 1 | 63 | after 100 |
61 | 64 | ||
62 | puts "\nall done\n" | 65 | puts "\nall done\n" |
diff --git a/test/network/configure b/test/network/configure new file mode 100755 index 000000000..35d938340 --- /dev/null +++ b/test/network/configure | |||
@@ -0,0 +1,27 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | brctl addbr br0 | ||
7 | ifconfig br0 10.10.20.1/29 up | ||
8 | # NAT masquerade | ||
9 | iptables -t nat -A POSTROUTING -o eth0 -s 10.10.20.0/29 -j MASQUERADE | ||
10 | # port forwarding | ||
11 | # iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.10.20.2:80 | ||
12 | |||
13 | brctl addbr br1 | ||
14 | ifconfig br1 10.10.30.1/24 up | ||
15 | brctl addbr br2 | ||
16 | ifconfig br2 10.10.40.1/24 up | ||
17 | brctl addbr br3 | ||
18 | ifconfig br3 10.10.50.1/24 up | ||
19 | brctl addbr br4 | ||
20 | ifconfig br4 10.10.60.1/24 up | ||
21 | ip link add link eth0 name eth0.5 type vlan id 5 | ||
22 | /sbin/ifconfig eth0.5 10.10.205.10/24 up | ||
23 | ip link add link eth0 name eth0.6 type vlan id 6 | ||
24 | /sbin/ifconfig eth0.6 10.10.206.10/24 up | ||
25 | ip link add link eth0 name eth0.7 type vlan id 7 | ||
26 | /sbin/ifconfig eth0.7 10.10.207.10/24 up | ||
27 | |||
diff --git a/test/network/dns-print.exp b/test/network/dns-print.exp new file mode 100755 index 000000000..9cdc14a6d --- /dev/null +++ b/test/network/dns-print.exp | |||
@@ -0,0 +1,31 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --name=test-dns --net=eth0 --dns=1.2.3.4 --dns=2.3.4.5 --dns=3.4.5.6\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 1\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "firejail --dns.print=test-dns\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 2\n";exit} | ||
18 | "nameserver 1.2.3.4" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 2\n";exit} | ||
22 | "nameserver 2.3.4.5" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 2\n";exit} | ||
26 | "nameserver 3.4.5.6" | ||
27 | } | ||
28 | |||
29 | after 100 | ||
30 | |||
31 | puts "\nall done\n" | ||
diff --git a/test/network/firemon-arp.exp b/test/network/firemon-arp.exp new file mode 100755 index 000000000..71fa1660f --- /dev/null +++ b/test/network/firemon-arp.exp | |||
@@ -0,0 +1,50 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | #send -- "ping -c 3 192.168.1.1\r" | ||
8 | #expect { | ||
9 | # timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | # "3 packets transmitted" | ||
11 | #} | ||
12 | #sleep 1 | ||
13 | |||
14 | send -- "firejail --name=test1\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 1 | ||
20 | |||
21 | spawn $env(SHELL) | ||
22 | send -- "firejail --name=test2\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 2\n";exit} | ||
25 | "Child process initialized" | ||
26 | } | ||
27 | sleep 1 | ||
28 | |||
29 | spawn $env(SHELL) | ||
30 | send -- "firemon --arp\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 3\n";exit} | ||
33 | "name=test1" | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 4\n";exit} | ||
37 | "192.168.1.1 dev eth0 lladdr" {puts "Debian testing\n";} | ||
38 | "192.168.1.1 dev enp0s3 lladdr" {puts "Centos 7 testing\n";} | ||
39 | } | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 5\n";exit} | ||
42 | "REACHABLE" | ||
43 | } | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 6\n";exit} | ||
46 | "name=test2" | ||
47 | } | ||
48 | after 100 | ||
49 | |||
50 | puts "\nall done\n" | ||
diff --git a/test/network/firemon-interfaces.exp b/test/network/firemon-interfaces.exp new file mode 100755 index 000000000..deb8594af --- /dev/null +++ b/test/network/firemon-interfaces.exp | |||
@@ -0,0 +1,67 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --net=eth0 --name=test1\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 9\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | spawn $env(SHELL) | ||
18 | send -- "firejail --net=eth0 --name=test2\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 9\n";exit} | ||
21 | "Child process initialized" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | spawn $env(SHELL) | ||
26 | send -- "firemon --interface\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 9\n";exit} | ||
29 | "Link status" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 9\n";exit} | ||
33 | "lo UP" | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 9\n";exit} | ||
37 | "eth0-" | ||
38 | } | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 9\n";exit} | ||
41 | "IPv4 status" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 9\n";exit} | ||
45 | "lo UP" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 9\n";exit} | ||
49 | "eth0-" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 9\n";exit} | ||
53 | "IPv6 status" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 9\n";exit} | ||
57 | "lo UP" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 9\n";exit} | ||
61 | "eth0-" | ||
62 | } | ||
63 | |||
64 | after 100 | ||
65 | |||
66 | puts "\n" | ||
67 | |||
diff --git a/test/firemon-route.exp b/test/network/firemon-route.exp index a48116675..19a705778 100755 --- a/test/firemon-route.exp +++ b/test/network/firemon-route.exp | |||
@@ -4,7 +4,7 @@ set timeout 10 | |||
4 | spawn $env(SHELL) | 4 | spawn $env(SHELL) |
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
7 | send -- "firejail\r" | 7 | send -- "firejail --name=test1\r" |
8 | expect { | 8 | expect { |
9 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
10 | "Child process initialized" | 10 | "Child process initialized" |
@@ -12,22 +12,38 @@ expect { | |||
12 | sleep 1 | 12 | sleep 1 |
13 | 13 | ||
14 | spawn $env(SHELL) | 14 | spawn $env(SHELL) |
15 | send -- "firemon --route\r" | 15 | send -- "firejail --name=test2\r" |
16 | expect { | 16 | expect { |
17 | timeout {puts "TESTING ERROR 1\n";exit} | 17 | timeout {puts "TESTING ERROR 1\n";exit} |
18 | "Child process initialized" | ||
19 | } | ||
20 | sleep 1 | ||
21 | |||
22 | spawn $env(SHELL) | ||
23 | send -- "firemon --route\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 2\n";exit} | ||
26 | "name=test1" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 3\n";exit} | ||
18 | "0.0.0.0/0 via 192.168.1.1, dev eth0, metric 0" {puts "Debian testing\n";} | 30 | "0.0.0.0/0 via 192.168.1.1, dev eth0, metric 0" {puts "Debian testing\n";} |
19 | "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 1024" {puts "Centos 7 testing\n";} | 31 | "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 1024" {puts "Centos 7 testing\n";} |
20 | "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 0" {puts "OpenSUSE testing\n";} | 32 | "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 0" {puts "OpenSUSE testing\n";} |
21 | "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 100" {puts "Arch testing\n";} | 33 | "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 100" {puts "Arch testing\n";} |
22 | } | 34 | } |
23 | expect { | 35 | expect { |
24 | timeout {puts "TESTING ERROR 2\n";exit} | 36 | timeout {puts "TESTING ERROR 4\n";exit} |
25 | "10.10.30.0/24, dev br1, scope link src 10.10.30.1" | 37 | "10.10.30.0/24, dev br1, scope link src 10.10.30.1" |
26 | } | 38 | } |
27 | expect { | 39 | expect { |
28 | timeout {puts "TESTING ERROR 3\n";exit} | 40 | timeout {puts "TESTING ERROR 5\n";exit} |
29 | "10.10.50.0/24, dev br3, scope link src 10.10.50.1" | 41 | "10.10.50.0/24, dev br3, scope link src 10.10.50.1" |
30 | } | 42 | } |
31 | sleep 1 | 43 | expect { |
44 | timeout {puts "TESTING ERROR 6\n";exit} | ||
45 | "name=test2" | ||
46 | } | ||
47 | after 100 | ||
32 | 48 | ||
33 | puts "\n" | 49 | puts "\nalldone\n" |
diff --git a/test/hostname.exp b/test/network/hostname.exp index 4e5c7e073..73d06725f 100755 --- a/test/hostname.exp +++ b/test/network/hostname.exp | |||
@@ -1,25 +1,29 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
5 | match_max 100000 | 8 | match_max 100000 |
6 | 9 | ||
7 | send -- "firejail --hostname=baluba --noprofile\r" | 10 | send -- "firejail --hostname=bingo --noprofile\r" |
8 | expect { | 11 | expect { |
9 | timeout {puts "TESTING ERROR 1\n";exit} | 12 | timeout {puts "TESTING ERROR 1\n";exit} |
10 | "Child process initialized" | 13 | "Child process initialized" |
11 | } | 14 | } |
12 | sleep 1 | 15 | sleep 1 |
13 | 16 | ||
14 | send -- "ping -c 3 baluba;pwd\r" | 17 | send -- "ping -c 3 bingo; echo done\r" |
15 | expect { | 18 | expect { |
16 | timeout {puts "TESTING ERROR 2\n";exit} | 19 | timeout {puts "TESTING ERROR 2\n";exit} |
17 | "3 packets transmitted, 3 received" | 20 | "3 packets transmitted, 3 received" |
18 | } | 21 | } |
19 | expect { | 22 | expect { |
20 | timeout {puts "TESTING ERROR 3\n";exit} | 23 | timeout {puts "TESTING ERROR 3\n";exit} |
21 | "home" | 24 | "done" |
22 | } | 25 | } |
23 | sleep 1 | 26 | send -- "exit\r" |
27 | after 100 | ||
24 | 28 | ||
25 | puts "all done\n" | 29 | puts "all done\n" |
diff --git a/test/network/interface.exp b/test/network/interface.exp new file mode 100755 index 000000000..bd8777c33 --- /dev/null +++ b/test/network/interface.exp | |||
@@ -0,0 +1,66 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # | ||
3 | # interface | ||
4 | # | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | set overlay [lindex $argv 0] | ||
10 | set chroot [lindex $argv 1] | ||
11 | |||
12 | # | ||
13 | # N | ||
14 | # | ||
15 | # todo: seems to be unable to find interface eth0.7 | ||
16 | #send -- "firejail --noprofile --interface=eth0.5 --interface=eth0.6 --interface=eth0.7\r" | ||
17 | send -- "firejail --noprofile --interface=eth0.5 --interface=eth0.6\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 0\n";exit} | ||
20 | "Child process initialized" | ||
21 | } | ||
22 | sleep 1 | ||
23 | |||
24 | send -- "/sbin/ifconfig\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 1\n";exit} | ||
27 | "eth0.5" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 2n";exit} | ||
31 | "Link" | ||
32 | } | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 3\n";exit} | ||
35 | "10.10.205.10" | ||
36 | } | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 4\n";exit} | ||
39 | "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" | ||
40 | } | ||
41 | after 100 | ||
42 | |||
43 | send -- "/sbin/ifconfig\r" | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 5\n";exit} | ||
46 | "eth0.6" | ||
47 | } | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 6\n";exit} | ||
50 | "Link" | ||
51 | } | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 7\n";exit} | ||
54 | "10.10.206.10" | ||
55 | } | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 8\n";exit} | ||
58 | "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" | ||
59 | } | ||
60 | after 100 | ||
61 | |||
62 | send -- "exit\r" | ||
63 | sleep 1 | ||
64 | |||
65 | |||
66 | puts "\nall done\n" | ||
diff --git a/test/network/ip6.exp b/test/network/ip6.exp new file mode 100755 index 000000000..1db16c28a --- /dev/null +++ b/test/network/ip6.exp | |||
@@ -0,0 +1,89 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --debug --noprofile --net=br0 --ip6=2001:0db8:0:f101::1/64 --netfilter6=ipv6.net\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Installing network filter" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "DROP" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "unable to initialize table 'filter'" {puts "\nTESTING SKIP 2: no IPv6 support\n"; exit} | ||
22 | "2001:db8:1f0a:3ec::2" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3\n";exit} | ||
26 | "Child process initialized" | ||
27 | } | ||
28 | sleep 2 | ||
29 | |||
30 | send -- "/sbin/ifconfig\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 4\n";exit} | ||
33 | "inet6" | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 5\n";exit} | ||
37 | "2001:db8:0:f101::1" | ||
38 | } | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 6\n";exit} | ||
41 | "Scope:Global" { puts "Debian\n"} | ||
42 | "scopeid 0x0<global>" { puts "Arch\n"} | ||
43 | } | ||
44 | |||
45 | send -- "exit\r" | ||
46 | sleep 2 | ||
47 | |||
48 | |||
49 | send -- "firejail --debug --profile=ip6.profile\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 10\n";exit} | ||
52 | "Installing network filter" | ||
53 | } | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 11\n";exit} | ||
56 | "DROP" | ||
57 | } | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 12\n";exit} | ||
60 | "unable to initialize table 'filter'" {puts "\nTESTING SKIP 2: no IPv6 support\n"; exit} | ||
61 | "2001:db8:1f0a:3ec::2" | ||
62 | } | ||
63 | expect { | ||
64 | timeout {puts "TESTING ERROR 13\n";exit} | ||
65 | "Child process initialized" | ||
66 | } | ||
67 | sleep 2 | ||
68 | |||
69 | send -- "/sbin/ifconfig\r" | ||
70 | expect { | ||
71 | timeout {puts "TESTING ERROR 14\n";exit} | ||
72 | "inet6" | ||
73 | } | ||
74 | expect { | ||
75 | timeout {puts "TESTING ERROR 15\n";exit} | ||
76 | "2001:db8:0:f101::1" | ||
77 | } | ||
78 | expect { | ||
79 | timeout {puts "TESTING ERROR 16\n";exit} | ||
80 | "Scope:Global" { puts "Debian\n"} | ||
81 | "scopeid 0x0<global>" { puts "Arch\n"} | ||
82 | } | ||
83 | |||
84 | send -- "exit\r" | ||
85 | |||
86 | after 100 | ||
87 | |||
88 | puts "\nall done\n" | ||
89 | |||
diff --git a/test/network/ip6.profile b/test/network/ip6.profile new file mode 100644 index 000000000..87afa3941 --- /dev/null +++ b/test/network/ip6.profile | |||
@@ -0,0 +1,3 @@ | |||
1 | net br0 | ||
2 | ip6 2001:0db8:0:f101::1/64 | ||
3 | netfilter6 ipv6.net | ||
diff --git a/test/network/iprange.exp b/test/network/iprange.exp new file mode 100755 index 000000000..a1b2ccab4 --- /dev/null +++ b/test/network/iprange.exp | |||
@@ -0,0 +1,103 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --net=br1 --iprange=10.10.30.50,10.10.30.55\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "eth0" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "10.10.30.50" {puts "10.10.30.50\n"} | ||
18 | "10.10.30.51" {puts "10.10.30.51\n"} | ||
19 | "10.10.30.52" {puts "10.10.30.52\n"} | ||
20 | "10.10.30.53" {puts "10.10.30.53\n"} | ||
21 | "10.10.30.54" {puts "10.10.30.54\n"} | ||
22 | "10.10.30.55" {puts "10.10.30.55\n"} | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 2\n";exit} | ||
26 | "255.255.255.0" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 3\n";exit} | ||
30 | "Child process initialized" | ||
31 | } | ||
32 | sleep 1 | ||
33 | send -- "exit\r" | ||
34 | sleep 2 | ||
35 | |||
36 | send -- "firejail --profile=iprange.profile\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 5\n";exit} | ||
39 | "eth0" | ||
40 | } | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 6\n";exit} | ||
43 | "10.10.30.50" {puts "10.10.30.50\n"} | ||
44 | "10.10.30.51" {puts "10.10.30.51\n"} | ||
45 | "10.10.30.52" {puts "10.10.30.52\n"} | ||
46 | "10.10.30.53" {puts "10.10.30.53\n"} | ||
47 | "10.10.30.54" {puts "10.10.30.54\n"} | ||
48 | "10.10.30.55" {puts "10.10.30.55\n"} | ||
49 | } | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 7\n";exit} | ||
52 | "255.255.255.0" | ||
53 | } | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 8\n";exit} | ||
56 | "Child process initialized" | ||
57 | } | ||
58 | sleep 1 | ||
59 | send -- "exit\r" | ||
60 | sleep 2 | ||
61 | |||
62 | |||
63 | |||
64 | send -- "firejail --iprange=10.10.30.50,10.10.30.55\r" | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 9\n";exit} | ||
67 | "no network device configured" | ||
68 | } | ||
69 | after 100 | ||
70 | |||
71 | send -- "firejail --net=br1 --iprange=10.10.30.50,10.10.30.55 --iprange=10.10.30.50,10.10.30.55\r" | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 10\n";exit} | ||
74 | "cannot configure the IP range twice for the same interface" | ||
75 | } | ||
76 | after 100 | ||
77 | |||
78 | send -- "firejail --net=br1 --iprange=10.10.30.50\r" | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 11\n";exit} | ||
81 | "invalid IP range" | ||
82 | } | ||
83 | after 100 | ||
84 | |||
85 | send -- "firejail --net=br0 --iprange=10.10.30.50,10.10.30.55\r" | ||
86 | expect { | ||
87 | timeout {puts "TESTING ERROR 12\n";exit} | ||
88 | "IP range addresses not in network range" | ||
89 | } | ||
90 | after 100 | ||
91 | |||
92 | send -- "firejail --net=br1 --iprange=10.10.30.55,10.10.30.50\r" | ||
93 | expect { | ||
94 | timeout {puts "TESTING ERROR 12\n";exit} | ||
95 | "invalid IP range" | ||
96 | } | ||
97 | after 100 | ||
98 | |||
99 | |||
100 | after 100 | ||
101 | |||
102 | puts "\nall done\n" | ||
103 | |||
diff --git a/test/network/iprange.profile b/test/network/iprange.profile new file mode 100644 index 000000000..ecc01cd93 --- /dev/null +++ b/test/network/iprange.profile | |||
@@ -0,0 +1,2 @@ | |||
1 | net br1 | ||
2 | iprange 10.10.30.50,10.10.30.55 | ||
diff --git a/test/ipv6.net b/test/network/ipv6.net index cc8f22943..cc8f22943 100644 --- a/test/ipv6.net +++ b/test/network/ipv6.net | |||
diff --git a/test/network/net-profile.profile b/test/network/net-profile.profile new file mode 100644 index 000000000..05052b6dc --- /dev/null +++ b/test/network/net-profile.profile | |||
@@ -0,0 +1,10 @@ | |||
1 | net br0 | ||
2 | mac 00:11:22:33:44:55 | ||
3 | mtu 1000 | ||
4 | net br1 | ||
5 | ip 10.10.30.50 | ||
6 | net br2 | ||
7 | ip 10.10.40.100 | ||
8 | net br3 | ||
9 | defaultgw 10.10.20.2 | ||
10 | |||
diff --git a/test/net_arp.exp b/test/network/net_arp.exp index 9e07744f3..fdd30f218 100755 --- a/test/net_arp.exp +++ b/test/network/net_arp.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -66,6 +69,6 @@ expect { | |||
66 | "sleep 20" | 69 | "sleep 20" |
67 | } | 70 | } |
68 | 71 | ||
69 | # wait for snadboxes to be shutdown | 72 | # wait for sandboxes to be shutdown |
70 | sleep 30 | 73 | sleep 30 |
71 | puts "\n" | 74 | puts "\n" |
diff --git a/test/net_badip.exp b/test/network/net_badip.exp index 71b69e104..d13a6144e 100755 --- a/test/net_badip.exp +++ b/test/network/net_badip.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -10,7 +13,7 @@ expect { | |||
10 | timeout {puts "TESTING ERROR 0.0\n";exit} | 13 | timeout {puts "TESTING ERROR 0.0\n";exit} |
11 | "the IP address is not" | 14 | "the IP address is not" |
12 | } | 15 | } |
13 | sleep 1 | 16 | after 100 |
14 | 17 | ||
15 | puts "\n" | 18 | puts "\n" |
16 | 19 | ||
diff --git a/test/net_defaultgw.exp b/test/network/net_defaultgw.exp index 840f2ccac..6291ae5ba 100755 --- a/test/net_defaultgw.exp +++ b/test/network/net_defaultgw.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -40,7 +43,8 @@ expect { | |||
40 | timeout {puts "TESTING ERROR 10.2\n";exit} | 43 | timeout {puts "TESTING ERROR 10.2\n";exit} |
41 | "10.10.20.0/29 dev eth0 proto kernel scope link" | 44 | "10.10.20.0/29 dev eth0 proto kernel scope link" |
42 | } | 45 | } |
43 | sleep 1 | 46 | send -- "exit\r" |
47 | after 100 | ||
44 | 48 | ||
45 | puts "\nall done\n" | 49 | puts "\nall done\n" |
46 | 50 | ||
diff --git a/test/net_defaultgw2.exp b/test/network/net_defaultgw2.exp index db14e17cb..7620e4899 100755 --- a/test/net_defaultgw2.exp +++ b/test/network/net_defaultgw2.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -34,7 +37,8 @@ expect { | |||
34 | timeout {puts "TESTING ERROR 10.3\n";exit} | 37 | timeout {puts "TESTING ERROR 10.3\n";exit} |
35 | "10.10.30.0/24 dev eth1 proto kernel scope link" | 38 | "10.10.30.0/24 dev eth1 proto kernel scope link" |
36 | } | 39 | } |
37 | sleep 1 | 40 | send -- "exit\r" |
41 | after 100 | ||
38 | 42 | ||
39 | puts "\nall done\n" | 43 | puts "\nall done\n" |
40 | 44 | ||
diff --git a/test/net_defaultgw3.exp b/test/network/net_defaultgw3.exp index 64da9dfca..a47324adc 100755 --- a/test/net_defaultgw3.exp +++ b/test/network/net_defaultgw3.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -11,7 +14,8 @@ expect { | |||
11 | "default gateway 10.10.95.89 is not in the range of any network" | 14 | "default gateway 10.10.95.89 is not in the range of any network" |
12 | } | 15 | } |
13 | 16 | ||
14 | sleep 1 | 17 | after 100 |
18 | |||
15 | 19 | ||
16 | puts "\n" | 20 | puts "\n" |
17 | 21 | ||
diff --git a/test/net_ip.exp b/test/network/net_ip.exp index f5d487ecc..0fa84243a 100755 --- a/test/net_ip.exp +++ b/test/network/net_ip.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -26,9 +29,9 @@ expect { | |||
26 | timeout {puts "TESTING ERROR 4\n";exit} | 29 | timeout {puts "TESTING ERROR 4\n";exit} |
27 | "Child process initialized" | 30 | "Child process initialized" |
28 | } | 31 | } |
29 | sleep 2 | 32 | sleep 1 |
30 | send -- "exit\r" | 33 | send -- "exit\r" |
31 | sleep 2 | 34 | sleep 1 |
32 | 35 | ||
33 | # check loopback | 36 | # check loopback |
34 | send -- "firejail --net=br0 --ip=10.10.20.5 --protocol=unix,inet,netlink\r" | 37 | send -- "firejail --net=br0 --ip=10.10.20.5 --protocol=unix,inet,netlink\r" |
@@ -66,7 +69,8 @@ expect { | |||
66 | timeout {puts "TESTING ERROR 10\n";exit} | 69 | timeout {puts "TESTING ERROR 10\n";exit} |
67 | "10.10.20.0/29 dev eth0 proto kernel scope link" | 70 | "10.10.20.0/29 dev eth0 proto kernel scope link" |
68 | } | 71 | } |
69 | sleep 1 | 72 | send -- "exit\r" |
73 | after 100 | ||
70 | 74 | ||
71 | puts "\n" | 75 | puts "\n" |
72 | 76 | ||
diff --git a/test/net_local.exp b/test/network/net_local.exp index 642213658..d58135785 100755 --- a/test/net_local.exp +++ b/test/network/net_local.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -14,9 +17,9 @@ expect { | |||
14 | timeout {puts "TESTING ERROR 4\n";exit} | 17 | timeout {puts "TESTING ERROR 4\n";exit} |
15 | "Child process initialized" | 18 | "Child process initialized" |
16 | } | 19 | } |
17 | sleep 2 | 20 | sleep 1 |
18 | send -- "exit\r" | 21 | send -- "exit\r" |
19 | sleep 2 | 22 | sleep 1 |
20 | 23 | ||
21 | # check loopback | 24 | # check loopback |
22 | send -- "firejail --noprofile\r" | 25 | send -- "firejail --noprofile\r" |
@@ -40,6 +43,8 @@ expect { | |||
40 | timeout {puts "TESTING ERROR 7\n";exit} | 43 | timeout {puts "TESTING ERROR 7\n";exit} |
41 | "255.0.0.0" | 44 | "255.0.0.0" |
42 | } | 45 | } |
46 | send -- "exit\r" | ||
47 | after 100 | ||
43 | 48 | ||
44 | puts "all done\n" | 49 | puts "all done\n" |
45 | 50 | ||
diff --git a/test/net_mac.exp b/test/network/net_mac.exp index 076634730..d3cd8163f 100755 --- a/test/net_mac.exp +++ b/test/network/net_mac.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -30,7 +33,8 @@ expect { | |||
30 | timeout {puts "TESTING ERROR 4\n";exit} | 33 | timeout {puts "TESTING ERROR 4\n";exit} |
31 | "Child process initialized" | 34 | "Child process initialized" |
32 | } | 35 | } |
33 | sleep 1 | 36 | send -- "exit\r" |
37 | after 100 | ||
34 | 38 | ||
35 | puts "\nall done\n" | 39 | puts "\nall done\n" |
36 | 40 | ||
diff --git a/test/network/net_macvlan2.exp b/test/network/net_macvlan2.exp new file mode 100755 index 000000000..7f21fc083 --- /dev/null +++ b/test/network/net_macvlan2.exp | |||
@@ -0,0 +1,43 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --net=eth0 --net=eth0 --net=eth0 --net=eth0\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
13 | "eth0-" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 0.2\n";exit} | ||
17 | "eth1-" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 0.3\n";exit} | ||
21 | "eth2-" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 0.4\n";exit} | ||
25 | "eth3-" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 0.5\n";exit} | ||
29 | "Default gateway 192.168.1.1" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 0.6\n";exit} | ||
33 | "Child process initialized" | ||
34 | } | ||
35 | after 100 | ||
36 | send -- "exit\r" | ||
37 | sleep 1 | ||
38 | |||
39 | |||
40 | after 100 | ||
41 | |||
42 | puts "\nall done\n" | ||
43 | |||
diff --git a/test/net_mtu.exp b/test/network/net_mtu.exp index 7943b2866..eb9c5d08c 100755 --- a/test/net_mtu.exp +++ b/test/network/net_mtu.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -25,6 +28,8 @@ expect { | |||
25 | timeout {puts "TESTING ERROR 4\n";exit} | 28 | timeout {puts "TESTING ERROR 4\n";exit} |
26 | "state UP" | 29 | "state UP" |
27 | } | 30 | } |
31 | send -- "exit\r" | ||
32 | after 100 | ||
28 | 33 | ||
29 | puts "\nall done\n" | 34 | puts "\nall done\n" |
30 | 35 | ||
diff --git a/test/net_netfilter.exp b/test/network/net_netfilter.exp index 989fcc407..737485d07 100755 --- a/test/net_netfilter.exp +++ b/test/network/net_netfilter.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -26,7 +29,7 @@ expect { | |||
26 | timeout {puts "TESTING ERROR 4\n";exit} | 29 | timeout {puts "TESTING ERROR 4\n";exit} |
27 | "Child process initialized" | 30 | "Child process initialized" |
28 | } | 31 | } |
29 | sleep 2 | 32 | sleep 1 |
30 | send -- "exit\r" | 33 | send -- "exit\r" |
31 | sleep 1 | 34 | sleep 1 |
32 | 35 | ||
@@ -40,7 +43,7 @@ expect { | |||
40 | "ACCEPT icmp -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} | 43 | "ACCEPT icmp -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} |
41 | "Child process initialized" | 44 | "Child process initialized" |
42 | } | 45 | } |
43 | sleep 2 | 46 | sleep 1 |
44 | send -- "exit\r" | 47 | send -- "exit\r" |
45 | sleep 1 | 48 | sleep 1 |
46 | 49 | ||
@@ -54,7 +57,7 @@ expect { | |||
54 | timeout {puts "TESTING ERROR 6.1\n";exit} | 57 | timeout {puts "TESTING ERROR 6.1\n";exit} |
55 | "Child process initialized" | 58 | "Child process initialized" |
56 | } | 59 | } |
57 | sleep 2 | 60 | sleep 1 |
58 | send -- "ping -c 1 -w 3 10.10.20.1\r" | 61 | send -- "ping -c 1 -w 3 10.10.20.1\r" |
59 | expect { | 62 | expect { |
60 | timeout {puts "TESTING ERROR 6.2\n";exit} | 63 | timeout {puts "TESTING ERROR 6.2\n";exit} |
diff --git a/test/net_noip.exp b/test/network/net_noip.exp index 8d28adb39..b557d116c 100755 --- a/test/net_noip.exp +++ b/test/network/net_noip.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -16,25 +19,26 @@ send -- "bash\r" | |||
16 | sleep 1 | 19 | sleep 1 |
17 | 20 | ||
18 | # no default gateway configured | 21 | # no default gateway configured |
19 | send -- "netstat -rn;pwd\r" | 22 | send -- "netstat -rn;echo done\r" |
20 | expect { | 23 | expect { |
21 | timeout {puts "TESTING ERROR 2\n";exit} | 24 | timeout {puts "TESTING ERROR 2\n";exit} |
22 | "0.0.0.0" {puts "TESTING ERROR 3\n";exit} | 25 | "0.0.0.0" {puts "TESTING ERROR 3\n";exit} |
23 | "eth0" {puts "TESTING ERROR 4\n";exit} | 26 | "eth0" {puts "TESTING ERROR 4\n";exit} |
24 | "home" | 27 | "done" |
25 | } | 28 | } |
26 | sleep 1 | 29 | sleep 1 |
27 | 30 | ||
28 | # eth0 configured | 31 | # eth0 configured |
29 | send -- "/sbin/ifconfig;pwd\r" | 32 | send -- "/sbin/ifconfig;echo done\r" |
30 | expect { | 33 | expect { |
31 | timeout {puts "TESTING ERROR 5\n";exit} | 34 | timeout {puts "TESTING ERROR 5\n";exit} |
32 | "eth0" | 35 | "eth0" |
33 | } | 36 | } |
34 | expect { | 37 | expect { |
35 | timeout {puts "TESTING ERROR 6\n";exit} | 38 | timeout {puts "TESTING ERROR 6\n";exit} |
36 | "home" | 39 | "done" |
37 | } | 40 | } |
41 | send -- "exit\r" | ||
38 | after 100 | 42 | after 100 |
39 | 43 | ||
40 | puts "all done\n" | 44 | puts "all done\n" |
diff --git a/test/net_noip2.exp b/test/network/net_noip2.exp index 58f90422b..c86ea4900 100755 --- a/test/net_noip2.exp +++ b/test/network/net_noip2.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -16,25 +19,26 @@ send -- "bash\r" | |||
16 | sleep 1 | 19 | sleep 1 |
17 | 20 | ||
18 | # no default gateway configured | 21 | # no default gateway configured |
19 | send -- "netstat -rn;pwd\r" | 22 | send -- "netstat -rn;echo done\r" |
20 | expect { | 23 | expect { |
21 | timeout {puts "TESTING ERROR 2\n";exit} | 24 | timeout {puts "TESTING ERROR 2\n";exit} |
22 | "0.0.0.0" {puts "TESTING ERROR 3\n";exit} | 25 | "0.0.0.0" {puts "TESTING ERROR 3\n";exit} |
23 | "eth0" {puts "TESTING ERROR 4\n";exit} | 26 | "eth0" {puts "TESTING ERROR 4\n";exit} |
24 | "home" | 27 | "done" |
25 | } | 28 | } |
26 | sleep 1 | 29 | sleep 1 |
27 | 30 | ||
28 | # eth0 configured | 31 | # eth0 configured |
29 | send -- "/sbin/ifconfig;pwd\r" | 32 | send -- "/sbin/ifconfig;echo done\r" |
30 | expect { | 33 | expect { |
31 | timeout {puts "TESTING ERROR 5\n";exit} | 34 | timeout {puts "TESTING ERROR 5\n";exit} |
32 | "eth0" | 35 | "eth0" |
33 | } | 36 | } |
34 | expect { | 37 | expect { |
35 | timeout {puts "TESTING ERROR 6\n";exit} | 38 | timeout {puts "TESTING ERROR 6\n";exit} |
36 | "home" | 39 | "done" |
37 | } | 40 | } |
41 | send -- "exit\r" | ||
38 | after 100 | 42 | after 100 |
39 | 43 | ||
40 | puts "all done\n" | 44 | puts "all done\n" |
diff --git a/test/net_none.exp b/test/network/net_none.exp index 54b6cb946..1761eb423 100755 --- a/test/net_none.exp +++ b/test/network/net_none.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -16,20 +19,20 @@ sleep 1 | |||
16 | # test default gw | 19 | # test default gw |
17 | send -- "bash\r" | 20 | send -- "bash\r" |
18 | sleep 1 | 21 | sleep 1 |
19 | send -- "netstat -rn; pwd\r" | 22 | send -- "netstat -rn; echo done\r" |
20 | expect { | 23 | expect { |
21 | timeout {puts "TESTING ERROR 1\n";exit} | 24 | timeout {puts "TESTING ERROR 1\n";exit} |
22 | "0.0.0.0" {puts "TESTING ERROR 1.1\n";exit} | 25 | "0.0.0.0" {puts "TESTING ERROR 1.1\n";exit} |
23 | "home" | 26 | "done" |
24 | } | 27 | } |
25 | sleep 1 | 28 | sleep 1 |
26 | 29 | ||
27 | # check again devices | 30 | # check again devices |
28 | send -- "cat /proc/1/net/dev;pwd\r" | 31 | send -- "cat /proc/1/net/dev;echo done\r" |
29 | expect { | 32 | expect { |
30 | timeout {puts "TESTING ERROR 2\n";exit} | 33 | timeout {puts "TESTING ERROR 2\n";exit} |
31 | "eth0" {puts "TESTING ERROR 2.1\n";exit} | 34 | "eth0" {puts "TESTING ERROR 2.1\n";exit} |
32 | "home" | 35 | "done" |
33 | } | 36 | } |
34 | send -- "exit\r" | 37 | send -- "exit\r" |
35 | sleep 1 | 38 | sleep 1 |
@@ -48,21 +51,22 @@ sleep 1 | |||
48 | # test default gw | 51 | # test default gw |
49 | send -- "bash\r" | 52 | send -- "bash\r" |
50 | sleep 1 | 53 | sleep 1 |
51 | send -- "netstat -rn; pwd\r" | 54 | send -- "netstat -rn; echo done\r" |
52 | expect { | 55 | expect { |
53 | timeout {puts "TESTING ERROR 4\n";exit} | 56 | timeout {puts "TESTING ERROR 4\n";exit} |
54 | "0.0.0.0" {puts "TESTING ERROR 4.1\n";exit} | 57 | "0.0.0.0" {puts "TESTING ERROR 4.1\n";exit} |
55 | "home" | 58 | "done" |
56 | } | 59 | } |
57 | sleep 1 | 60 | sleep 1 |
58 | 61 | ||
59 | # check again devices | 62 | # check again devices |
60 | send -- "cat /proc/1/net/dev;pwd\r" | 63 | send -- "cat /proc/1/net/dev;echo done\r" |
61 | expect { | 64 | expect { |
62 | timeout {puts "TESTING ERROR 5\n";exit} | 65 | timeout {puts "TESTING ERROR 5\n";exit} |
63 | "eth0" {puts "TESTING ERROR 5.1\n";exit} | 66 | "eth0" {puts "TESTING ERROR 5.1\n";exit} |
64 | "home" | 67 | "done" |
65 | } | 68 | } |
66 | sleep 1 | 69 | send -- "exit\r" |
70 | after 100 | ||
67 | 71 | ||
68 | puts "\n" | 72 | puts "\nall done\n" |
diff --git a/test/net_none.profile b/test/network/net_none.profile index 079c08ea8..079c08ea8 100644 --- a/test/net_none.profile +++ b/test/network/net_none.profile | |||
diff --git a/test/network/net_profile.exp b/test/network/net_profile.exp new file mode 100755 index 000000000..29008d811 --- /dev/null +++ b/test/network/net_profile.exp | |||
@@ -0,0 +1,77 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # check eth0 | ||
11 | send -- "firejail --profile=net-profile.profile\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0.0\n";exit} | ||
14 | "eth0" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
18 | "00:11:22:33:44:55" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
22 | "10.10.20" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 0.2\n";exit} | ||
26 | "255.255.255.248" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 0.3\n";exit} | ||
30 | "UP" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 0.4\n";exit} | ||
34 | "Child process initialized" | ||
35 | } | ||
36 | sleep 1 | ||
37 | |||
38 | send -- "ip route show\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 1\n";exit} | ||
41 | "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" | ||
42 | } | ||
43 | |||
44 | send -- "ip route show\r" | ||
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 2\n";exit} | ||
47 | "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" | ||
48 | } | ||
49 | |||
50 | |||
51 | # check default gw | ||
52 | send -- "ip route show\r" | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 3\n";exit} | ||
55 | "default via 10.10.20.2 dev eth0" | ||
56 | } | ||
57 | |||
58 | # check mtu | ||
59 | send -- "ip link show\r" | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 4\n";exit} | ||
62 | "eth0" | ||
63 | } | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 5\n";exit} | ||
66 | "mtu 1000" | ||
67 | } | ||
68 | expect { | ||
69 | timeout {puts "TESTING ERROR 6\n";exit} | ||
70 | "state UP" | ||
71 | } | ||
72 | |||
73 | send -- "exit\r" | ||
74 | after 100 | ||
75 | |||
76 | puts "\nall done\n" | ||
77 | |||
diff --git a/test/network/net_scan.exp b/test/network/net_scan.exp new file mode 100755 index 000000000..5afbbeea6 --- /dev/null +++ b/test/network/net_scan.exp | |||
@@ -0,0 +1,75 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # | ||
11 | send -- "firejail --net=br1 --ip=10.10.30.50\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "eth0" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "10.10.30.50" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 2\n";exit} | ||
22 | "255.255.255.0" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3\n";exit} | ||
26 | "Child process initialized" | ||
27 | } | ||
28 | sleep 1 | ||
29 | |||
30 | spawn $env(SHELL) | ||
31 | send -- "firejail --net=br1 --ip=10.10.30.51\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 4\n";exit} | ||
34 | "eth0" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 5\n";exit} | ||
38 | "10.10.30.51" | ||
39 | } | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 6\n";exit} | ||
42 | "255.255.255.0" | ||
43 | } | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 7\n";exit} | ||
46 | "Child process initialized" | ||
47 | } | ||
48 | sleep 1 | ||
49 | |||
50 | spawn $env(SHELL) | ||
51 | send -- "firejail --net=br1 --scan\r" | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 8\n";exit} | ||
54 | "eth0" | ||
55 | } | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 9\n";exit} | ||
58 | "10.10.30.50" | ||
59 | } | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 10\n";exit} | ||
62 | "10.10.30.51" | ||
63 | } | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 11\n";exit} | ||
66 | "Child process initialized" | ||
67 | } | ||
68 | sleep 1 | ||
69 | |||
70 | |||
71 | |||
72 | after 100 | ||
73 | |||
74 | puts "\nall done\n" | ||
75 | |||
diff --git a/test/network/net_veth.exp b/test/network/net_veth.exp new file mode 100755 index 000000000..04091047b --- /dev/null +++ b/test/network/net_veth.exp | |||
@@ -0,0 +1,142 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --net=eth0\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "lo" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 2\n";exit} | ||
17 | "127.0.0.1" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3\n";exit} | ||
21 | "255.0.0.0" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 4\n";exit} | ||
25 | "UP" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 5\n";exit} | ||
29 | "eth0-" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 6\n";exit} | ||
33 | "255.255.255.0" | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 7\n";exit} | ||
37 | "UP" | ||
38 | } | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 8\n";exit} | ||
41 | "Default gateway" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 9\n";exit} | ||
45 | "Child process initialized" | ||
46 | } | ||
47 | sleep 1 | ||
48 | send -- "exit\r" | ||
49 | sleep 1 | ||
50 | |||
51 | send -- "firejail --net=eth0 --net=eth0 --net=eth0 --net=eth0\r" | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 11\n";exit} | ||
54 | "lo" | ||
55 | } | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 12\n";exit} | ||
58 | "127.0.0.1" | ||
59 | } | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 13\n";exit} | ||
62 | "255.0.0.0" | ||
63 | } | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 14\n";exit} | ||
66 | "UP" | ||
67 | } | ||
68 | expect { | ||
69 | timeout {puts "TESTING ERROR 15\n";exit} | ||
70 | "eth0-" | ||
71 | } | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 16\n";exit} | ||
74 | "255.255.255.0" | ||
75 | } | ||
76 | expect { | ||
77 | timeout {puts "TESTING ERROR 17\n";exit} | ||
78 | "UP" | ||
79 | } | ||
80 | expect { | ||
81 | timeout {puts "TESTING ERROR 18\n";exit} | ||
82 | "eth1-" | ||
83 | } | ||
84 | expect { | ||
85 | timeout {puts "TESTING ERROR 19\n";exit} | ||
86 | "255.255.255.0" | ||
87 | } | ||
88 | expect { | ||
89 | timeout {puts "TESTING ERROR 20\n";exit} | ||
90 | "UP" | ||
91 | } | ||
92 | expect { | ||
93 | timeout {puts "TESTING ERROR 5\n";exit} | ||
94 | "eth2-" | ||
95 | } | ||
96 | expect { | ||
97 | timeout {puts "TESTING ERROR 21\n";exit} | ||
98 | "255.255.255.0" | ||
99 | } | ||
100 | expect { | ||
101 | timeout {puts "TESTING ERROR 22\n";exit} | ||
102 | "UP" | ||
103 | } | ||
104 | expect { | ||
105 | timeout {puts "TESTING ERROR 23\n";exit} | ||
106 | "eth3-" | ||
107 | } | ||
108 | expect { | ||
109 | timeout {puts "TESTING ERROR 24\n";exit} | ||
110 | "255.255.255.0" | ||
111 | } | ||
112 | expect { | ||
113 | timeout {puts "TESTING ERROR 25\n";exit} | ||
114 | "UP" | ||
115 | } | ||
116 | expect { | ||
117 | timeout {puts "TESTING ERROR 26\n";exit} | ||
118 | "Default gateway" | ||
119 | } | ||
120 | expect { | ||
121 | timeout {puts "TESTING ERROR 27\n";exit} | ||
122 | "Child process initialized" | ||
123 | } | ||
124 | sleep 1 | ||
125 | send -- "exit\r" | ||
126 | sleep 1 | ||
127 | |||
128 | send -- "firejail --net=eth0 --ip=10.10.20.1\r" | ||
129 | expect { | ||
130 | timeout {puts "TESTING ERROR 27\n";exit} | ||
131 | "the IP address is not in the interface range" | ||
132 | } | ||
133 | |||
134 | |||
135 | |||
136 | |||
137 | |||
138 | |||
139 | after 100 | ||
140 | |||
141 | puts "\n" | ||
142 | |||
diff --git a/test/netfilter.filter b/test/network/netfilter.filter index 3e232065c..3e232065c 100644 --- a/test/netfilter.filter +++ b/test/network/netfilter.filter | |||
diff --git a/test/netfilter.profile b/test/network/netfilter.profile index 824c6cd0f..824c6cd0f 100644 --- a/test/netfilter.profile +++ b/test/network/netfilter.profile | |||
diff --git a/test/network/netstats.exp b/test/network/netstats.exp new file mode 100755 index 000000000..41232061d --- /dev/null +++ b/test/network/netstats.exp | |||
@@ -0,0 +1,39 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --net=eth0 --name=test1\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 9\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | spawn $env(SHELL) | ||
18 | send -- "firejail --net=eth0 --name=test2\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 9\n";exit} | ||
21 | "Child process initialized" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | spawn $env(SHELL) | ||
26 | send -- "firejail --netstats\r" | ||
27 | sleep 4 | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 9\n";exit} | ||
30 | "name=test1" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 9\n";exit} | ||
34 | "name=test2" | ||
35 | } | ||
36 | after 100 | ||
37 | |||
38 | puts "\n" | ||
39 | |||
diff --git a/test/network/network.sh b/test/network/network.sh new file mode 100755 index 000000000..94df9935e --- /dev/null +++ b/test/network/network.sh | |||
@@ -0,0 +1,100 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | sudo ./configure | ||
10 | |||
11 | echo "TESTING: firemon interface (firemon-interfaces.exp)" | ||
12 | sudo ./firemon-interfaces.exp | ||
13 | |||
14 | echo "TESTING: print dns (dns-print.exp)" | ||
15 | ./dns-print.exp | ||
16 | |||
17 | echo "TESTING: firemon arp (firemon-arp.exp)" | ||
18 | ./firemon-arp.exp | ||
19 | |||
20 | echo "TESTING: firemon netstats (netstats.exp)" | ||
21 | ./netstats.exp | ||
22 | |||
23 | echo "TESTING: firemon route (firemon-route.exp)" | ||
24 | ./firemon-route.exp | ||
25 | |||
26 | echo "TESTING: network profile (net_profile.exp)" | ||
27 | ./net_profile.exp | ||
28 | |||
29 | echo "TESTING: bandwidth (bandwidth.exp)" | ||
30 | ./bandwidth.exp | ||
31 | |||
32 | echo "TESTING: IPv6 support (ip6.exp)" | ||
33 | ./ip6.exp | ||
34 | |||
35 | echo "TESTING: local network (net_local.exp)" | ||
36 | ./net_local.exp | ||
37 | |||
38 | echo "TESTING: no network (net_none.exp)" | ||
39 | ./net_none.exp | ||
40 | |||
41 | echo "TESTING: network IP (net_ip.exp)" | ||
42 | ./net_ip.exp | ||
43 | |||
44 | echo "TESTING: network MAC (net_mac.exp)" | ||
45 | sleep 2 | ||
46 | ./net_mac.exp | ||
47 | |||
48 | echo "TESTING: network MTU (net_mtu.exp)" | ||
49 | ./net_mtu.exp | ||
50 | |||
51 | echo "TESTING: network hostname (hostname.exp)" | ||
52 | ./hostname.exp | ||
53 | |||
54 | echo "TESTING: network bad IP (net_badip.exp)" | ||
55 | ./net_badip.exp | ||
56 | |||
57 | echo "TESTING: network no IP test 1 (net_noip.exp)" | ||
58 | ./net_noip.exp | ||
59 | |||
60 | echo "TESTING: network no IP test 2 (net_noip2.exp)" | ||
61 | ./net_noip2.exp | ||
62 | |||
63 | echo "TESTING: network default gateway test 1 (net_defaultgw.exp)" | ||
64 | ./net_defaultgw.exp | ||
65 | |||
66 | echo "TESTING: network default gateway test 2 (net_defaultgw2.exp)" | ||
67 | ./net_defaultgw2.exp | ||
68 | |||
69 | echo "TESTING: network default gateway test 3 (net_defaultgw3.exp)" | ||
70 | ./net_defaultgw3.exp | ||
71 | |||
72 | echo "TESTING: scan (net_scan.exp)" | ||
73 | ./net_scan.exp | ||
74 | |||
75 | echo "TESTING: mtu (mtu.exp)" | ||
76 | ./mtu.exp | ||
77 | |||
78 | echo "TESTING: interface (interface.exp)" | ||
79 | ./interface.exp | ||
80 | |||
81 | echo "TESTING: veth (net_veth.exp)" | ||
82 | ./net_veth.exp | ||
83 | |||
84 | echo "TESTING: netfilter (net_netfilter.exp)" | ||
85 | ./net_netfilter.exp | ||
86 | |||
87 | echo "TESTING: iprange (iprange.exp)" | ||
88 | ./iprange.exp | ||
89 | |||
90 | echo "TESTING: veth-name (veth-name.exp)" | ||
91 | ./veth-name.exp | ||
92 | |||
93 | echo "TESTING: macvlan2 (net_macvlan2.exp)" | ||
94 | ./net_macvlan2.exp | ||
95 | |||
96 | echo "TESTING: 4 bridges ARP (4bridges_arp.exp)" | ||
97 | ./4bridges_arp.exp | ||
98 | |||
99 | echo "TESTING: 4 bridges IP (4bridges_ip.exp)" | ||
100 | ./4bridges_ip.exp | ||
diff --git a/test/network/veth-name.exp b/test/network/veth-name.exp new file mode 100755 index 000000000..36ed41d92 --- /dev/null +++ b/test/network/veth-name.exp | |||
@@ -0,0 +1,77 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | # | ||
11 | send -- "firejail --net=br1 --ip=10.10.30.50 --veth-name=blablabla\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "eth0" | ||
15 | } | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "10.10.30.50" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 2\n";exit} | ||
22 | "255.255.255.0" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3\n";exit} | ||
26 | "Child process initialized" | ||
27 | } | ||
28 | sleep 1 | ||
29 | |||
30 | spawn $env(SHELL) | ||
31 | send -- "ip link show\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 4\n";exit} | ||
34 | "blablabla" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 5\n";exit} | ||
38 | "master br1 state UP" | ||
39 | } | ||
40 | sleep 1 | ||
41 | |||
42 | |||
43 | send -- "firejail --profile=veth-name.profile\r" | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 6\n";exit} | ||
46 | "eth0" | ||
47 | } | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 7\n";exit} | ||
50 | "10.10.60.51" | ||
51 | } | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 8\n";exit} | ||
54 | "255.255.255.0" | ||
55 | } | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 9\n";exit} | ||
58 | "Child process initialized" | ||
59 | } | ||
60 | sleep 1 | ||
61 | |||
62 | spawn $env(SHELL) | ||
63 | send -- "ip link show\r" | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 10\n";exit} | ||
66 | "bingo" | ||
67 | } | ||
68 | expect { | ||
69 | timeout {puts "TESTING ERROR 11\n";exit} | ||
70 | "master br4 state UP" | ||
71 | } | ||
72 | sleep 1 | ||
73 | |||
74 | |||
75 | after 100 | ||
76 | puts "\nall done\n" | ||
77 | |||
diff --git a/test/network/veth-name.profile b/test/network/veth-name.profile new file mode 100644 index 000000000..f00a74d63 --- /dev/null +++ b/test/network/veth-name.profile | |||
@@ -0,0 +1,3 @@ | |||
1 | net br4 | ||
2 | ip 10.10.60.51 | ||
3 | veth-name bingo | ||
diff --git a/test/noroot.exp b/test/noroot.exp deleted file mode 100755 index 37d55fe78..000000000 --- a/test/noroot.exp +++ /dev/null | |||
@@ -1,117 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --debug --noprofile --noroot --caps.drop=all --seccomp --cpu=0,1 --name=noroot-sandbox\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "cat /proc/self/status\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "CapBnd:" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
21 | "0000000000000000" | ||
22 | } | ||
23 | |||
24 | send -- "cat /proc/self/status\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "Cpus_allowed:" | ||
28 | } | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
31 | "3" | ||
32 | } | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
35 | "Cpus_allowed_list:" | ||
36 | } | ||
37 | puts "\n" | ||
38 | |||
39 | send -- "cat /proc/self/status\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 2\n";exit} | ||
42 | "Seccomp:" | ||
43 | } | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
46 | "2" | ||
47 | } | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 2.2\n";exit} | ||
50 | "Cpus_allowed:" | ||
51 | } | ||
52 | puts "\n" | ||
53 | |||
54 | send -- "ping 0\r" | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 4\n";exit} | ||
57 | "Operation not permitted" | ||
58 | } | ||
59 | puts "\n" | ||
60 | |||
61 | send -- "whoami\r" | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 55\\n";exit} | ||
64 | "netblue" | ||
65 | } | ||
66 | puts "\n" | ||
67 | send -- "exit\r" | ||
68 | sleep 2 | ||
69 | |||
70 | |||
71 | send -- "firejail --noroot --noprofile\r" | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 6\n";exit} | ||
74 | "Child process initialized" | ||
75 | } | ||
76 | sleep 1 | ||
77 | send -- "whoami\r" | ||
78 | expect { | ||
79 | timeout {puts "TESTING ERROR 7\n";exit} | ||
80 | "netblue" | ||
81 | } | ||
82 | send -- "sudo -s\r" | ||
83 | expect { | ||
84 | timeout {puts "TESTING ERROR 8\n";exit} | ||
85 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | ||
86 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
87 | } | ||
88 | puts "\n" | ||
89 | send -- "exit\r" | ||
90 | sleep 2 | ||
91 | |||
92 | send -- "firejail --name=test --noroot --noprofile\r" | ||
93 | expect { | ||
94 | timeout {puts "TESTING ERROR 9\n";exit} | ||
95 | "Child process initialized" | ||
96 | } | ||
97 | sleep 1 | ||
98 | |||
99 | spawn $env(SHELL) | ||
100 | send -- "firejail --debug --join=test\r" | ||
101 | expect { | ||
102 | timeout {puts "TESTING ERROR 9\n";exit} | ||
103 | "User namespace detected" | ||
104 | } | ||
105 | expect { | ||
106 | timeout {puts "TESTING ERROR 9\n";exit} | ||
107 | "Joining user namespace" | ||
108 | } | ||
109 | sleep 1 | ||
110 | |||
111 | send -- "sudo -s\r" | ||
112 | expect { | ||
113 | timeout {puts "TESTING ERROR 8\n";exit} | ||
114 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | ||
115 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | ||
116 | } | ||
117 | puts "all done\n" | ||
diff --git a/test/notes b/test/notes deleted file mode 100644 index 864cd5519..000000000 --- a/test/notes +++ /dev/null | |||
@@ -1,13 +0,0 @@ | |||
1 | Testing --nosound | ||
2 | |||
3 | Get a list of active PulseAudio clients: | ||
4 | $ pacmd info | grep application.process.binary | ||
5 | application.process.binary = "lxpanel" | ||
6 | application.process.binary = "plugin-container" | ||
7 | application.process.binary = "plugin-container" | ||
8 | |||
9 | Find active PulseAudio socket: | ||
10 | $ netstat -l | grep pulse | ||
11 | unix 2 [ ACC ] STREAM LISTENING 10669 /tmp/pulse-WwG6ohxIJmGO/cli | ||
12 | unix 2 [ ACC ] STREAM LISTENING 12584 /tmp/pulse-WwG6ohxIJmGO/dbus-socket | ||
13 | unix 2 [ ACC ] STREAM LISTENING 12581 /tmp/pulse-WwG6ohxIJmGO/native | ||
diff --git a/test/option-join-profile.exp b/test/option-join-profile.exp deleted file mode 100755 index 9200980a1..000000000 --- a/test/option-join-profile.exp +++ /dev/null | |||
@@ -1,39 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --profile=name.profile\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 3 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "firejail --join=jointesting;pwd\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "Switching to pid" | ||
19 | } | ||
20 | sleep 3 | ||
21 | |||
22 | |||
23 | spawn $env(SHELL) | ||
24 | send -- "firejail --shutdown=jointesting;pwd\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 3\n";exit} | ||
27 | "home" | ||
28 | } | ||
29 | sleep 5 | ||
30 | |||
31 | send -- "firejail --list;pwd\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 4\n";exit} | ||
34 | "jointesting" {puts "TESTING ERROR 5\n";exit} | ||
35 | "home" | ||
36 | } | ||
37 | sleep 1 | ||
38 | |||
39 | puts "\nall done\n" | ||
diff --git a/test/option-join.exp b/test/option-join.exp deleted file mode 100755 index 6250e87a2..000000000 --- a/test/option-join.exp +++ /dev/null | |||
@@ -1,39 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --name=svntesting\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 3 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "firejail --join=svntesting;pwd\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "Switching to pid" | ||
19 | } | ||
20 | sleep 1 | ||
21 | |||
22 | |||
23 | spawn $env(SHELL) | ||
24 | send -- "firejail --shutdown=svntesting;pwd\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 3\n";exit} | ||
27 | "home" | ||
28 | } | ||
29 | sleep 1 | ||
30 | |||
31 | send -- "firejail --list;pwd\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 4\n";exit} | ||
34 | "svntesting" {puts "TESTING ERROR 5\n";exit} | ||
35 | "home" | ||
36 | } | ||
37 | sleep 1 | ||
38 | |||
39 | puts "\nall done\n" | ||
diff --git a/test/option-join2.exp b/test/option-join2.exp deleted file mode 100755 index 630b62d9e..000000000 --- a/test/option-join2.exp +++ /dev/null | |||
@@ -1,39 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --name=\"svn testing\"\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 3 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "firejail --join=\"svn testing\";pwd\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "Switching to pid" | ||
19 | } | ||
20 | sleep 1 | ||
21 | |||
22 | |||
23 | spawn $env(SHELL) | ||
24 | send -- "firejail --shutdown=\"svn testing\";pwd\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 3\n";exit} | ||
27 | "home" | ||
28 | } | ||
29 | sleep 1 | ||
30 | |||
31 | send -- "firejail --list;pwd\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 4\n";exit} | ||
34 | "svn testing" {puts "TESTING ERROR 5\n";exit} | ||
35 | "home" | ||
36 | } | ||
37 | sleep 1 | ||
38 | |||
39 | puts "\nall done\n" | ||
diff --git a/test/option-join3.exp b/test/option-join3.exp deleted file mode 100755 index aa8a445df..000000000 --- a/test/option-join3.exp +++ /dev/null | |||
@@ -1,39 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --name=svn\\ testing\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 3 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "firejail --join=svn\\ testing;pwd\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 1\n";exit} | ||
18 | "Switching to pid" | ||
19 | } | ||
20 | sleep 1 | ||
21 | |||
22 | |||
23 | spawn $env(SHELL) | ||
24 | send -- "firejail --shutdown=svn\\ testing;pwd\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 3\n";exit} | ||
27 | "home" | ||
28 | } | ||
29 | sleep 1 | ||
30 | |||
31 | send -- "firejail --list;pwd\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 4\n";exit} | ||
34 | "svn testing" {puts "TESTING ERROR 5\n";exit} | ||
35 | "home" | ||
36 | } | ||
37 | sleep 1 | ||
38 | |||
39 | puts "\nall done\n" | ||
diff --git a/test/option-shutdown.exp b/test/option-shutdown.exp deleted file mode 100755 index e869f7611..000000000 --- a/test/option-shutdown.exp +++ /dev/null | |||
@@ -1,30 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --name=shutdowntesting\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 3 | ||
13 | |||
14 | spawn $env(SHELL) | ||
15 | send -- "firejail --shutdown=shutdowntesting;pwd\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 4\n";exit} | ||
18 | "home" | ||
19 | } | ||
20 | sleep 1 | ||
21 | |||
22 | send -- "firejail --list;pwd\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 5\n";exit} | ||
25 | "shutdowntesting" {puts "TESTING ERROR 6\n";exit} | ||
26 | "home" | ||
27 | } | ||
28 | sleep 1 | ||
29 | |||
30 | puts "\nalldone\n" | ||
diff --git a/test/option-trace.exp b/test/option-trace.exp deleted file mode 100755 index 38038b58e..000000000 --- a/test/option-trace.exp +++ /dev/null | |||
@@ -1,25 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --trace\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "bash:open /dev/tty" {puts "64bit\n"} | ||
15 | "bash:open64 /dev/tty" {puts "32bit\n"} | ||
16 | } | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 3\n";exit} | ||
19 | "bash:access /etc/terminfo/x/xterm" {puts "debian\n"} | ||
20 | "bash:access /usr/share/terminfo/x/xterm" {puts "arch\n"} | ||
21 | } | ||
22 | |||
23 | sleep 1 | ||
24 | |||
25 | puts "\nall done\n" | ||
diff --git a/test/overlay/firefox-x11-xorg.exp b/test/overlay/firefox-x11-xorg.exp new file mode 100755 index 000000000..76c0e55fc --- /dev/null +++ b/test/overlay/firefox-x11-xorg.exp | |||
@@ -0,0 +1,90 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --overlay --name=test --x11=xorg firefox -no-remote www.gentoo.org\r" | ||
11 | sleep 10 | ||
12 | |||
13 | spawn $env(SHELL) | ||
14 | send -- "firejail --list\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 3\n";exit} | ||
17 | ":firejail" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
21 | "firefox" {puts "firefox detected\n";} | ||
22 | "iceweasel" {puts "iceweasel detected\n";} | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
26 | "no-remote" | ||
27 | } | ||
28 | sleep 1 | ||
29 | # grsecurity exit | ||
30 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
33 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
34 | "cannot open" {puts "grsecurity not present\n"} | ||
35 | } | ||
36 | send -- "firejail --overlay --name=blablabla\r" | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 4\n";exit} | ||
39 | "Child process initialized" | ||
40 | } | ||
41 | sleep 2 | ||
42 | |||
43 | spawn $env(SHELL) | ||
44 | send -- "firemon --seccomp\r" | ||
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 5\n";exit} | ||
47 | " firefox" {puts "firefox detected\n";} | ||
48 | " iceweasel" {puts "iceweasel detected\n";} | ||
49 | } | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
52 | "no-remote" | ||
53 | } | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
56 | "Seccomp: 2" | ||
57 | } | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
60 | "name=blablabla" | ||
61 | } | ||
62 | sleep 1 | ||
63 | send -- "firemon --caps\r" | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 6\n";exit} | ||
66 | " firefox" {puts "firefox detected\n";} | ||
67 | " iceweasel" {puts "iceweasel detected\n";} | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
71 | "no-remote" | ||
72 | } | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
75 | "CapBnd:" | ||
76 | } | ||
77 | expect { | ||
78 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
79 | "0000000000000000" | ||
80 | } | ||
81 | expect { | ||
82 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
83 | "name=blablabla" | ||
84 | } | ||
85 | sleep 1 | ||
86 | send -- "firejail --shutdown=test\r" | ||
87 | sleep 3 | ||
88 | |||
89 | puts "\nall done\n" | ||
90 | |||
diff --git a/test/firefox-x11.exp b/test/overlay/firefox-x11.exp index 7e30437db..aa248f328 100755 --- a/test/firefox-x11.exp +++ b/test/overlay/firefox-x11.exp | |||
@@ -1,10 +1,13 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
5 | match_max 100000 | 8 | match_max 100000 |
6 | 9 | ||
7 | send -- "firejail --name=test --x11 --net=br0 firefox -no-remote www.gentoo.org\r" | 10 | send -- "firejail --overlay --name=test --x11 firefox -no-remote www.gentoo.org\r" |
8 | sleep 10 | 11 | sleep 10 |
9 | 12 | ||
10 | spawn $env(SHELL) | 13 | spawn $env(SHELL) |
@@ -30,7 +33,7 @@ expect { | |||
30 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | 33 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} |
31 | "cannot open" {puts "grsecurity not present\n"} | 34 | "cannot open" {puts "grsecurity not present\n"} |
32 | } | 35 | } |
33 | send -- "firejail --name=blablabla\r" | 36 | send -- "firejail --name=blablabla --overlay\r" |
34 | expect { | 37 | expect { |
35 | timeout {puts "TESTING ERROR 4\n";exit} | 38 | timeout {puts "TESTING ERROR 4\n";exit} |
36 | "Child process initialized" | 39 | "Child process initialized" |
diff --git a/test/overlay/firefox.exp b/test/overlay/firefox.exp new file mode 100755 index 000000000..6ef23558d --- /dev/null +++ b/test/overlay/firefox.exp | |||
@@ -0,0 +1,99 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --overlay firefox -no-remote www.gentoo.org\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Reading profile /etc/firejail/firefox.profile" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "Child process initialized" | ||
18 | } | ||
19 | sleep 10 | ||
20 | |||
21 | spawn $env(SHELL) | ||
22 | send -- "firejail --list\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | ":firejail" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
29 | "firefox" {puts "firefox detected\n";} | ||
30 | "iceweasel" {puts "iceweasel detected\n";} | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
34 | "no-remote" | ||
35 | } | ||
36 | after 100 | ||
37 | |||
38 | # grsecurity exit | ||
39 | send -- "file /proc/sys/kernel/grsecurity\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR - grsecurity detection\n";exit} | ||
42 | "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} | ||
43 | "cannot open" {puts "grsecurity not present\n"} | ||
44 | } | ||
45 | |||
46 | |||
47 | send -- "firejail --name=blablabla --overlay\r" | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 4\n";exit} | ||
50 | "Child process initialized" | ||
51 | } | ||
52 | sleep 2 | ||
53 | |||
54 | spawn $env(SHELL) | ||
55 | send -- "firemon --seccomp\r" | ||
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 5\n";exit} | ||
58 | " firefox" {puts "firefox detected\n";} | ||
59 | " iceweasel" {puts "iceweasel detected\n";} | ||
60 | } | ||
61 | expect { | ||
62 | timeout {puts "TESTING ERROR 5.0\n";exit} | ||
63 | "no-remote" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} | ||
67 | "Seccomp: 2" | ||
68 | } | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 5.1\n";exit} | ||
71 | "name=blablabla" | ||
72 | } | ||
73 | after 100 | ||
74 | send -- "firemon --caps\r" | ||
75 | expect { | ||
76 | timeout {puts "TESTING ERROR 6\n";exit} | ||
77 | " firefox" {puts "firefox detected\n";} | ||
78 | " iceweasel" {puts "iceweasel detected\n";} | ||
79 | } | ||
80 | expect { | ||
81 | timeout {puts "TESTING ERROR 6.0\n";exit} | ||
82 | "no-remote" | ||
83 | } | ||
84 | expect { | ||
85 | timeout {puts "TESTING ERROR 6.1\n";exit} | ||
86 | "CapBnd:" | ||
87 | } | ||
88 | expect { | ||
89 | timeout {puts "TESTING ERROR 6.2\n";exit} | ||
90 | "0000000000000000" | ||
91 | } | ||
92 | expect { | ||
93 | timeout {puts "TESTING ERROR 6.3\n";exit} | ||
94 | "name=blablabla" | ||
95 | } | ||
96 | after 100 | ||
97 | |||
98 | puts "\nall done\n" | ||
99 | |||
diff --git a/test/overlay/fs-named.exp b/test/overlay/fs-named.exp new file mode 100755 index 000000000..2ccb22bb1 --- /dev/null +++ b/test/overlay/fs-named.exp | |||
@@ -0,0 +1,66 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --overlay-named=firejail-test\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 2\n";exit} | ||
10 | "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit} | ||
11 | "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit} | ||
12 | "Child process initialized" {puts "found\n"} | ||
13 | } | ||
14 | sleep 1 | ||
15 | |||
16 | send -- "echo xyzxyzxyz > ~/_firejail_test_file; echo done\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 3\n";exit} | ||
19 | "done" | ||
20 | } | ||
21 | after 100 | ||
22 | |||
23 | send -- "cat ~/_firejail_test_file; echo done\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 4\n";exit} | ||
26 | "xyzxyzxyz" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
30 | "done" | ||
31 | } | ||
32 | after 100 | ||
33 | |||
34 | send -- "exit\r" | ||
35 | sleep 2 | ||
36 | |||
37 | send -- "cat ~/_firejail_test_file; echo done\r" | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 5\n";exit} | ||
40 | "xyzxyzxyz" {puts "TESTING ERROR 5.1\n";exit} | ||
41 | "done" | ||
42 | } | ||
43 | after 100 | ||
44 | |||
45 | send -- "firejail --overlay-named=firejail-test\r" | ||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 2\n";exit} | ||
48 | "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit} | ||
49 | "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit} | ||
50 | "Child process initialized" {puts "found\n"} | ||
51 | } | ||
52 | sleep 1 | ||
53 | |||
54 | send -- "cat ~/_firejail_test_file; echo done\r" | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 4\n";exit} | ||
57 | "xyzxyzxyz" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
61 | "done" | ||
62 | } | ||
63 | after 100 | ||
64 | |||
65 | puts "\nall done\n" | ||
66 | |||
diff --git a/test/fs_overlay.exp b/test/overlay/fs-tmpfs.exp index b7eeba80f..658d16779 100755 --- a/test/fs_overlay.exp +++ b/test/overlay/fs-tmpfs.exp | |||
@@ -4,63 +4,59 @@ set timeout 10 | |||
4 | spawn $env(SHELL) | 4 | spawn $env(SHELL) |
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
7 | send -- "rm -f /tmp/firejail-overlay-test;pwd\r" | 7 | send -- "firejail --overlay-clean\r" |
8 | after 100 | ||
9 | send -- "file ~/.firejail\r" | ||
8 | expect { | 10 | expect { |
9 | timeout {puts "TESTING ERROR 0\n";exit} | 11 | timeout {puts "TESTING ERROR 0\n";exit} |
10 | "home" | 12 | "cannot open" |
11 | } | 13 | } |
14 | after 100 | ||
12 | 15 | ||
13 | send -- "ls > /tmp/firejail-overlay-test;pwd\r" | 16 | send -- "firejail --overlay-tmpfs\r" |
14 | expect { | 17 | expect { |
15 | timeout {puts "TESTING ERROR 1\n";exit} | 18 | timeout {puts "TESTING ERROR 1\n";exit} |
16 | "home" | ||
17 | } | ||
18 | |||
19 | send -- "firejail --noprofile --overlay\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 2\n";exit} | ||
22 | "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit} | 19 | "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit} |
23 | "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit} | 20 | "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit} |
24 | "Child process initialized" {puts "found\n"} | 21 | "Child process initialized" {puts "found\n"} |
25 | } | 22 | } |
26 | sleep 1 | 23 | sleep 1 |
27 | 24 | ||
28 | send -- "echo xyzxyzxyz > /tmp/firejail-overlay-test;pwd\r" | 25 | send -- "echo xyzxyzxyz > ~/_firejail_test_file; echo done\r" |
29 | expect { | 26 | expect { |
30 | timeout {puts "TESTING ERROR 3\n";exit} | 27 | timeout {puts "TESTING ERROR 2\n";exit} |
31 | "home" | 28 | "done" |
32 | } | 29 | } |
33 | sleep 1 | 30 | after 100 |
34 | 31 | ||
35 | send -- "cat /tmp/firejail-overlay-test;pwd\r" | 32 | send -- "cat ~/_firejail_test_file; echo done\r" |
36 | expect { | 33 | expect { |
37 | timeout {puts "TESTING ERROR 4\n";exit} | 34 | timeout {puts "TESTING ERROR 3\n";exit} |
38 | "xyzxyzxyz" | 35 | "xyzxyzxyz" |
39 | } | 36 | } |
40 | expect { | 37 | expect { |
41 | timeout {puts "TESTING ERROR 4.1\n";exit} | 38 | timeout {puts "TESTING ERROR 4\n";exit} |
42 | "home" | 39 | "done" |
43 | } | 40 | } |
44 | sleep 1 | 41 | after 100 |
45 | 42 | ||
46 | send -- "exit\r" | 43 | send -- "exit\r" |
47 | sleep 2 | 44 | sleep 1 |
48 | 45 | ||
49 | send -- "cat /tmp/firejail-overlay-test;pwd\r" | 46 | send -- "cat ~/_firejail_test_file; echo done\r" |
50 | expect { | 47 | expect { |
51 | timeout {puts "TESTING ERROR 5\n";exit} | 48 | timeout {puts "TESTING ERROR 5\n";exit} |
52 | "xyzxyzxyz" {puts "TESTING ERROR 5.1\n";exit} | 49 | "xyzxyzxyz" {puts "TESTING ERROR 6\n";exit} |
53 | "home" | 50 | "done" |
54 | } | 51 | } |
52 | after 100 | ||
55 | 53 | ||
56 | sleep 1 | 54 | send -- "file ~/.firejail\r" |
57 | send -- "rm -f /tmp/firejail-overlay-test;pwd\r" | ||
58 | expect { | 55 | expect { |
59 | timeout {puts "TESTING ERROR 0\n";exit} | 56 | timeout {puts "TESTING ERROR 7\n";exit} |
60 | "home" | 57 | "cannot open" |
61 | } | 58 | } |
59 | after 100 | ||
62 | 60 | ||
63 | 61 | puts "\nall done\n" | |
64 | sleep 1 | ||
65 | puts "all done \n" | ||
66 | 62 | ||
diff --git a/test/overlay/fs.exp b/test/overlay/fs.exp new file mode 100755 index 000000000..15ada9203 --- /dev/null +++ b/test/overlay/fs.exp | |||
@@ -0,0 +1,46 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --overlay\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 2\n";exit} | ||
10 | "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit} | ||
11 | "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit} | ||
12 | "Child process initialized" {puts "found\n"} | ||
13 | } | ||
14 | sleep 1 | ||
15 | |||
16 | send -- "echo xyzxyzxyz > ~/_firejail_test_file; echo done\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 3\n";exit} | ||
19 | "done" | ||
20 | } | ||
21 | after 100 | ||
22 | |||
23 | send -- "cat ~/_firejail_test_file; echo done\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 4\n";exit} | ||
26 | "xyzxyzxyz" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
30 | "done" | ||
31 | } | ||
32 | after 100 | ||
33 | |||
34 | send -- "exit\r" | ||
35 | sleep 2 | ||
36 | |||
37 | send -- "cat ~/_firejail_test_file; echo done\r" | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 5\n";exit} | ||
40 | "xyzxyzxyz" {puts "TESTING ERROR 5.1\n";exit} | ||
41 | "done" | ||
42 | } | ||
43 | |||
44 | after 100 | ||
45 | puts "\nall done\n" | ||
46 | |||
diff --git a/test/overlay/overlay.sh b/test/overlay/overlay.sh new file mode 100755 index 000000000..4c9ebe5b0 --- /dev/null +++ b/test/overlay/overlay.sh | |||
@@ -0,0 +1,67 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | echo "TESTING: overlay fs (test/overlay/fs.exp)" | ||
10 | rm -fr ~/_firejail_test_* | ||
11 | ./fs.exp | ||
12 | rm -fr ~/_firejail_test_* | ||
13 | |||
14 | echo "TESTING: overlay named fs (test/overlay/fs-named.exp)" | ||
15 | rm -fr ~/_firejail_test_* | ||
16 | ./fs-named.exp | ||
17 | rm -fr ~/_firejail_test_* | ||
18 | |||
19 | echo "TESTING: overlay tmpfs fs (test/overlay/fs-tmpfs.exp)" | ||
20 | rm -fr ~/_firejail_test_* | ||
21 | ./fs-tmpfs.exp | ||
22 | rm -fr ~/_firejail_test_* | ||
23 | |||
24 | which firefox | ||
25 | if [ "$?" -eq 0 ]; | ||
26 | then | ||
27 | echo "TESTING: overlay firefox" | ||
28 | ./firefox.exp | ||
29 | else | ||
30 | echo "TESTING SKIP: firefox not found" | ||
31 | fi | ||
32 | |||
33 | which firefox | ||
34 | if [ "$?" -eq 0 ]; | ||
35 | then | ||
36 | echo "TESTING: overlay firefox x11 xorg" | ||
37 | ./firefox.exp | ||
38 | else | ||
39 | echo "TESTING SKIP: firefox not found" | ||
40 | fi | ||
41 | |||
42 | |||
43 | # check xpra/xephyr | ||
44 | which xpra | ||
45 | if [ "$?" -eq 0 ]; | ||
46 | then | ||
47 | echo "xpra found" | ||
48 | else | ||
49 | echo "xpra not found" | ||
50 | which Xephyr | ||
51 | if [ "$?" -eq 0 ]; | ||
52 | then | ||
53 | echo "Xephyr found" | ||
54 | else | ||
55 | echo "TESTING SKIP: xpra and/or Xephyr not found" | ||
56 | exit | ||
57 | fi | ||
58 | fi | ||
59 | |||
60 | which firefox | ||
61 | if [ "$?" -eq 0 ]; | ||
62 | then | ||
63 | echo "TESTING: overlay firefox x11" | ||
64 | ./firefox-x11.exp | ||
65 | else | ||
66 | echo "TESTING SKIP: firefox not found" | ||
67 | fi | ||
diff --git a/test/private-etc.exp b/test/private-etc.exp deleted file mode 100755 index db1d1df3a..000000000 --- a/test/private-etc.exp +++ /dev/null | |||
@@ -1,42 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # directory with ~ | ||
8 | send -- "firejail --private-etc=passwd,group,resolv.conf,X11\r" | ||
9 | expect { | ||
10 | timeout {puts "TESTING ERROR 1\n";exit} | ||
11 | "Child process initialized" | ||
12 | } | ||
13 | sleep 1 | ||
14 | |||
15 | send -- "ls -al /etc\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 3\n";exit} | ||
18 | "group" | ||
19 | } | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 4\n";exit} | ||
22 | "passwd" | ||
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 5\n";exit} | ||
26 | "resolv.conf" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 6\n";exit} | ||
30 | "X11" | ||
31 | } | ||
32 | |||
33 | send -- "ls -al /etc\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 7\n";exit} | ||
36 | "shadow" {puts "TESTING ERROR 8\n";exit} | ||
37 | "X11" | ||
38 | } | ||
39 | |||
40 | sleep 1 | ||
41 | puts "\nall done\n" | ||
42 | |||
diff --git a/test/private.exp b/test/private.exp deleted file mode 100755 index a5920c37b..000000000 --- a/test/private.exp +++ /dev/null | |||
@@ -1,97 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | if { $argc != 1 } { | ||
8 | puts "TESTING ERROR: argument missing" | ||
9 | puts "Usage: private.exp username" | ||
10 | puts "where username is the name of the current user" | ||
11 | exit | ||
12 | } | ||
13 | |||
14 | # testing profile and private | ||
15 | send -- "firejail --private --profile=/etc/firejail/generic.profile\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 0\n";exit} | ||
18 | "Child process initialized" | ||
19 | } | ||
20 | sleep 1 | ||
21 | send -- "exit\r" | ||
22 | sleep 1 | ||
23 | |||
24 | send -- "firejail --private --noprofile\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 0\n";exit} | ||
27 | "Child process initialized" | ||
28 | } | ||
29 | |||
30 | sleep 1 | ||
31 | send -- "ls -al; pwd\r" | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
34 | ".bashrc" | ||
35 | } | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 0.2\n";exit} | ||
38 | [lindex $argv 0] | ||
39 | } | ||
40 | send -- "ls -al; pwd\r" | ||
41 | expect { | ||
42 | timeout { | ||
43 | # OpenSUSE doesn't use .Xauthority from user home directory | ||
44 | send -- "env | grep XAUTHORITY\r" | ||
45 | |||
46 | expect { | ||
47 | timeout {puts "TESTING ERROR 0.3\n";exit} | ||
48 | "/run/lightdm/netblue/xauthority" | ||
49 | } | ||
50 | } | ||
51 | ".Xauthority" | ||
52 | } | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 0.4\n";exit} | ||
55 | [lindex $argv 0] | ||
56 | } | ||
57 | |||
58 | |||
59 | # testing private only | ||
60 | send -- "bash\r" | ||
61 | sleep 1 | ||
62 | # owner /home/netblue | ||
63 | send -- "ls -l /home;pwd\r" | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 1\n";exit} | ||
66 | [lindex $argv 0] | ||
67 | } | ||
68 | expect { | ||
69 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
70 | [lindex $argv 0] | ||
71 | } | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
74 | [lindex $argv 0] | ||
75 | } | ||
76 | expect { | ||
77 | timeout {puts "TESTING ERROR 1.3\n";exit} | ||
78 | "home" | ||
79 | } | ||
80 | sleep 1 | ||
81 | |||
82 | # owner /tmp | ||
83 | send -- "stat -c %U%a /tmp;pwd\r" | ||
84 | expect { | ||
85 | timeout {puts "TESTING ERROR 2\n";exit} | ||
86 | "root777" {puts "version 1\n";} | ||
87 | "root1777" {puts "version 2\n";} | ||
88 | "nobody777" {puts "version 3\n";} | ||
89 | "nobody1777" {puts "version 4\n";} | ||
90 | } | ||
91 | expect { | ||
92 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
93 | "home" | ||
94 | } | ||
95 | sleep 1 | ||
96 | |||
97 | puts "all done\n" | ||
diff --git a/test/private_dir.exp b/test/private_dir.exp index 9dfb2ea9f..a4beeba27 100755 --- a/test/private_dir.exp +++ b/test/private_dir.exp | |||
@@ -42,7 +42,7 @@ expect { | |||
42 | send -- "ls -al | wc -l;pwd\r" | 42 | send -- "ls -al | wc -l;pwd\r" |
43 | expect { | 43 | expect { |
44 | timeout {puts "TESTING ERROR 1\n";exit} | 44 | timeout {puts "TESTING ERROR 1\n";exit} |
45 | "7" {puts "normal system\n";} | 45 | "6" {puts "normal system\n";} |
46 | "5" {puts "OpenSUSE\n";} | 46 | "5" {puts "OpenSUSE\n";} |
47 | } | 47 | } |
48 | expect { | 48 | expect { |
diff --git a/test/private_dir_profile.exp b/test/private_dir_profile.exp index 5b38ad0bb..8d1c74444 100755 --- a/test/private_dir_profile.exp +++ b/test/private_dir_profile.exp | |||
@@ -42,7 +42,7 @@ expect { | |||
42 | send -- "ls -al | wc -l;pwd\r" | 42 | send -- "ls -al | wc -l;pwd\r" |
43 | expect { | 43 | expect { |
44 | timeout {puts "TESTING ERROR 1\n";exit} | 44 | timeout {puts "TESTING ERROR 1\n";exit} |
45 | "7" {puts "normal system\n";} | 45 | "6" {puts "normal system\n";} |
46 | "5" {puts "OpenSUSE\n";} | 46 | "5" {puts "OpenSUSE\n";} |
47 | } | 47 | } |
48 | expect { | 48 | expect { |
diff --git a/test/profile_tmpfs.exp b/test/profile_tmpfs.exp deleted file mode 100755 index a2faa32f7..000000000 --- a/test/profile_tmpfs.exp +++ /dev/null | |||
@@ -1,37 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "mkdir /tmp/firejailtestdir\r" | ||
8 | sleep 1 | ||
9 | send -- "ls > /tmp/firejailtestdir/tmpfile\r" | ||
10 | sleep 1 | ||
11 | |||
12 | send -- "firejail --profile=tmpfs.profile\r" | ||
13 | expect { | ||
14 | timeout {puts "TESTING ERROR 0\n";exit} | ||
15 | "Child process initialized" | ||
16 | } | ||
17 | |||
18 | # testing private only | ||
19 | send -- "bash\r" | ||
20 | sleep 1 | ||
21 | |||
22 | send -- "ls -l /tmp/firejailtestdir;pwd\r" | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
25 | "tmpfile" {puts "TESTING ERROR 1\n";exit} | ||
26 | "home" | ||
27 | } | ||
28 | sleep 1 | ||
29 | send -- "exit\r" | ||
30 | sleep 1 | ||
31 | send -- "exit\r" | ||
32 | sleep 1 | ||
33 | send -- "rm -fr /tmp/firejailtestdir\r" | ||
34 | |||
35 | sleep 1 | ||
36 | |||
37 | puts "\n" | ||
diff --git a/test/ignore.exp b/test/profiles/ignore.exp index c5ea25684..0c5691e9a 100755 --- a/test/ignore.exp +++ b/test/profiles/ignore.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -43,5 +46,5 @@ expect { | |||
43 | "Child process initialized" | 46 | "Child process initialized" |
44 | } | 47 | } |
45 | 48 | ||
46 | 49 | after 100 | |
47 | puts "\nall done\n" | 50 | puts "\nall done\n" |
diff --git a/test/ignore.profile b/test/profiles/ignore.profile index aec231ad2..aec231ad2 100644 --- a/test/ignore.profile +++ b/test/profiles/ignore.profile | |||
diff --git a/test/ignore2.profile b/test/profiles/ignore2.profile index 49fcd8324..49fcd8324 100644 --- a/test/ignore2.profile +++ b/test/profiles/ignore2.profile | |||
diff --git a/test/profile_followlnk.exp b/test/profiles/profile_followlnk.exp index e2ede2865..eb3d04852 100755 --- a/test/profile_followlnk.exp +++ b/test/profiles/profile_followlnk.exp | |||
@@ -5,34 +5,22 @@ spawn $env(SHELL) | |||
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
7 | send -- "mkdir /tmp/firejailtestdir\r" | 7 | send -- "mkdir /tmp/firejailtestdir\r" |
8 | sleep 1 | ||
9 | send -- "ln -s /tmp/firejailtestdir /tmp/firejailtestdirlnk\r" | 8 | send -- "ln -s /tmp/firejailtestdir /tmp/firejailtestdirlnk\r" |
10 | sleep 1 | ||
11 | send -- "touch /tmp/firejailtestfile\r" | 9 | send -- "touch /tmp/firejailtestfile\r" |
12 | sleep 1 | ||
13 | send -- "ln -s /tmp/firejailtestfile /tmp/firejailtestfilelnk\r" | 10 | send -- "ln -s /tmp/firejailtestfile /tmp/firejailtestfilelnk\r" |
14 | sleep 1 | 11 | sleep 1 |
15 | 12 | ||
16 | send -- "firejail --profile=readonly-lnk.profile --debug\r" | 13 | send -- "firejail --profile=readonly-lnk.profile\r" |
17 | expect { | 14 | expect { |
18 | timeout {puts "TESTING ERROR 0\n";exit} | 15 | timeout {puts "TESTING ERROR 0\n";exit} |
19 | "Child process initialized" | 16 | "Child process initialized" |
20 | } | 17 | } |
21 | 18 | ||
22 | # testing private only | 19 | send -- "ls > /tmp/firejailtestdirlnk/ttt\r" |
23 | send -- "bash\r" | ||
24 | sleep 1 | ||
25 | |||
26 | |||
27 | send -- "ls > /tmp/firejailtestdirlnk/ttt;pwd\r" | ||
28 | expect { | 20 | expect { |
29 | timeout {puts "TESTING ERROR 1\n";exit} | 21 | timeout {puts "TESTING ERROR 1\n";exit} |
30 | "Read-only file system" | 22 | "Read-only file system" |
31 | } | 23 | } |
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
34 | "home" | ||
35 | } | ||
36 | sleep 1 | 24 | sleep 1 |
37 | 25 | ||
38 | send -- "ls > /tmp/firejailtestfilelnk;pwd\r" | 26 | send -- "ls > /tmp/firejailtestfilelnk;pwd\r" |
@@ -40,29 +28,11 @@ expect { | |||
40 | timeout {puts "TESTING ERROR 2\n";exit} | 28 | timeout {puts "TESTING ERROR 2\n";exit} |
41 | "Read-only file system" | 29 | "Read-only file system" |
42 | } | 30 | } |
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
45 | "home" | ||
46 | } | ||
47 | sleep 1 | 31 | sleep 1 |
48 | 32 | ||
49 | send -- "exit\r" | 33 | send -- "exit\r" |
50 | sleep 1 | 34 | after 100 |
51 | send -- "pwd\r" | ||
52 | expect { | ||
53 | timeout {puts "TESTING ERROR 3\n";exit} | ||
54 | "home" | ||
55 | } | ||
56 | sleep 1 | ||
57 | send -- "exit\r" | ||
58 | sleep 1 | ||
59 | send -- "pwd\r" | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 4\n";exit} | ||
62 | "home" | ||
63 | } | ||
64 | sleep 2 | ||
65 | send -- "rm -fr /tmp/firejailtest*\r" | 35 | send -- "rm -fr /tmp/firejailtest*\r" |
66 | sleep 1 | 36 | after 100 |
67 | 37 | ||
68 | puts "\n" | 38 | puts "\nall done\n" |
diff --git a/test/profile_noperm.exp b/test/profiles/profile_noperm.exp index b3ed558bc..b3b031cb2 100755 --- a/test/profile_noperm.exp +++ b/test/profiles/profile_noperm.exp | |||
@@ -9,5 +9,5 @@ expect { | |||
9 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
10 | "cannot access profile" | 10 | "cannot access profile" |
11 | } | 11 | } |
12 | sleep 1 | 12 | after 100 |
13 | puts "\n" | 13 | puts "\nall done\n" |
diff --git a/test/profile_readonly.exp b/test/profiles/profile_readonly.exp index 046b0d738..c1c9544a6 100755 --- a/test/profile_readonly.exp +++ b/test/profiles/profile_readonly.exp | |||
@@ -5,7 +5,6 @@ spawn $env(SHELL) | |||
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
7 | send -- "mkdir /tmp/firejailtestdir\r" | 7 | send -- "mkdir /tmp/firejailtestdir\r" |
8 | sleep 1 | ||
9 | send -- "touch /tmp/firejailtestfile\r" | 8 | send -- "touch /tmp/firejailtestfile\r" |
10 | sleep 1 | 9 | sleep 1 |
11 | 10 | ||
@@ -14,51 +13,24 @@ expect { | |||
14 | timeout {puts "TESTING ERROR 0\n";exit} | 13 | timeout {puts "TESTING ERROR 0\n";exit} |
15 | "Child process initialized" | 14 | "Child process initialized" |
16 | } | 15 | } |
16 | sleep 2 | ||
17 | 17 | ||
18 | # testing private only | 18 | send -- "ls > /tmp/firejailtestdir/ttt\r" |
19 | send -- "bash\r" | ||
20 | sleep 1 | ||
21 | |||
22 | |||
23 | send -- "ls > /tmp/firejailtestdir/ttt;pwd\r" | ||
24 | expect { | 19 | expect { |
25 | timeout {puts "TESTING ERROR 1\n";exit} | 20 | timeout {puts "TESTING ERROR 1\n";exit} |
26 | "Read-only file system" | 21 | "Read-only file system" |
27 | } | 22 | } |
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
30 | "home" | ||
31 | } | ||
32 | sleep 1 | 23 | sleep 1 |
33 | 24 | ||
34 | send -- "ls > /tmp/firejailtestfile;pwd\r" | 25 | send -- "ls > /tmp/firejailtestfile\r" |
35 | expect { | 26 | expect { |
36 | timeout {puts "TESTING ERROR 2\n";exit} | 27 | timeout {puts "TESTING ERROR 2\n";exit} |
37 | "Read-only file system" | 28 | "Read-only file system" |
38 | } | 29 | } |
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
41 | "home" | ||
42 | } | ||
43 | sleep 1 | ||
44 | |||
45 | send -- "exit\r" | ||
46 | sleep 1 | ||
47 | send -- "pwd\r" | ||
48 | expect { | ||
49 | timeout {puts "TESTING ERROR 3\n";exit} | ||
50 | "home" | ||
51 | } | ||
52 | sleep 1 | ||
53 | send -- "exit\r" | 30 | send -- "exit\r" |
54 | sleep 1 | 31 | after 100 |
55 | send -- "pwd\r" | 32 | |
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 4\n";exit} | ||
58 | "home" | ||
59 | } | ||
60 | sleep 2 | ||
61 | send -- "rm -fr /tmp/firejailtest*\r" | 33 | send -- "rm -fr /tmp/firejailtest*\r" |
62 | sleep 1 | 34 | after 100 |
63 | 35 | ||
64 | puts "\n" | 36 | puts "\nall done\n" |
diff --git a/test/profile_syntax.exp b/test/profiles/profile_syntax.exp index 559947276..d1be2074a 100755 --- a/test/profile_syntax.exp +++ b/test/profiles/profile_syntax.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -22,42 +25,30 @@ sleep 1 | |||
22 | send -- "ls -l /etc/shadow\r" | 25 | send -- "ls -l /etc/shadow\r" |
23 | expect { | 26 | expect { |
24 | timeout {puts "TESTING ERROR 3\n";exit} | 27 | timeout {puts "TESTING ERROR 3\n";exit} |
25 | "root root 0" | 28 | "root root" |
26 | } | 29 | } |
27 | 30 | ||
28 | sleep 1 | 31 | sleep 1 |
29 | send -- "rmdir;pwd\r" | 32 | send -- "rmdir\r" |
30 | expect { | 33 | expect { |
31 | timeout {puts "TESTING ERROR 4\n";exit} | 34 | timeout {puts "TESTING ERROR 4\n";exit} |
32 | "Permission denied" | 35 | "Permission denied" |
33 | } | 36 | } |
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 5\n";exit} | ||
36 | "home" | ||
37 | } | ||
38 | 37 | ||
39 | sleep 1 | 38 | sleep 1 |
40 | send -- "mount;pwd\r" | 39 | send -- "mount\r" |
41 | expect { | 40 | expect { |
42 | timeout {puts "TESTING ERROR 6\n";exit} | 41 | timeout {puts "TESTING ERROR 6\n";exit} |
43 | "Permission denied" | 42 | "Permission denied" |
44 | } | 43 | } |
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 7\n";exit} | ||
47 | "home" | ||
48 | } | ||
49 | 44 | ||
50 | sleep 1 | 45 | sleep 1 |
51 | send -- "umount;pwd\r" | 46 | send -- "umount\r" |
52 | expect { | 47 | expect { |
53 | timeout {puts "TESTING ERROR 8\n";exit} | 48 | timeout {puts "TESTING ERROR 8\n";exit} |
54 | "Permission denied" | 49 | "Permission denied" |
55 | } | 50 | } |
56 | expect { | ||
57 | timeout {puts "TESTING ERROR 9\n";exit} | ||
58 | "home" | ||
59 | } | ||
60 | send -- "exit\r" | 51 | send -- "exit\r" |
61 | 52 | ||
62 | sleep 1 | 53 | after 100 |
63 | puts "\n" | 54 | puts "\nall done\n" |
diff --git a/test/profile_syntax2.exp b/test/profiles/profile_syntax2.exp index 96e85ba93..9dca35ca2 100755 --- a/test/profile_syntax2.exp +++ b/test/profiles/profile_syntax2.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -42,6 +45,6 @@ expect { | |||
42 | timeout {puts "TESTING ERROR 8\n";exit} | 45 | timeout {puts "TESTING ERROR 8\n";exit} |
43 | "Child process initialized" | 46 | "Child process initialized" |
44 | } | 47 | } |
45 | 48 | send -- "exit\r" | |
46 | sleep 1 | 49 | after 100 |
47 | puts "\nall done\n" | 50 | puts "\nall done\n" |
diff --git a/test/profiles/profiles.sh b/test/profiles/profiles.sh new file mode 100755 index 000000000..ca0b9fb29 --- /dev/null +++ b/test/profiles/profiles.sh | |||
@@ -0,0 +1,34 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | echo "TESTING: default profiles installed in /etc" | ||
10 | PROFILES=`ls /etc/firejail/*.profile` | ||
11 | for PROFILE in $PROFILES | ||
12 | do | ||
13 | echo "TESTING: $PROFILE" | ||
14 | ./test-profile.exp $PROFILE | ||
15 | done | ||
16 | |||
17 | echo "TESTING: profile syntax (test/profiles/profile_syntax.exp)" | ||
18 | ./profile_syntax.exp | ||
19 | |||
20 | echo "TESTING: profile syntax 2 (test/profiles/profile_syntax2.exp)" | ||
21 | ./profile_syntax2.exp | ||
22 | |||
23 | echo "TESTING: ignore command (test/profiles/ignore.exp)" | ||
24 | ./ignore.exp | ||
25 | |||
26 | echo "TESTING: profile read-only (test/profiles/profile_readonly.exp)" | ||
27 | ./profile_readonly.exp | ||
28 | |||
29 | echo "TESTING: profile read-only links (test/profiles/profile_readonly.exp)" | ||
30 | ./profile_followlnk.exp | ||
31 | |||
32 | echo "TESTING: profile no permissions (test/profiles/profile_noperm.exp)" | ||
33 | ./profile_noperm.exp | ||
34 | |||
diff --git a/test/readonly-lnk.profile b/test/profiles/readonly-lnk.profile index 71ffb1a26..71ffb1a26 100644 --- a/test/readonly-lnk.profile +++ b/test/profiles/readonly-lnk.profile | |||
diff --git a/test/readonly.profile b/test/profiles/readonly.profile index 55d89e3d7..55d89e3d7 100644 --- a/test/readonly.profile +++ b/test/profiles/readonly.profile | |||
diff --git a/test/test-profile.exp b/test/profiles/test-profile.exp index a03e8db31..a6b4a5aad 100755 --- a/test/test-profile.exp +++ b/test/profiles/test-profile.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -10,10 +13,10 @@ if { $argc != 1 } { | |||
10 | exit | 13 | exit |
11 | } | 14 | } |
12 | 15 | ||
13 | send -- "firejail --profile=$argv /bin/bash\r" | 16 | send -- "firejail --profile=$argv echo done\r" |
14 | expect { | 17 | expect { |
15 | timeout {puts "TESTING ERROR 0\n";exit} | 18 | timeout {puts "TESTING ERROR 0\n";exit} |
16 | "Child process initialized" | 19 | "done" |
17 | } | 20 | } |
18 | send -- "exit\r" | 21 | send -- "exit\r" |
19 | after 100 | 22 | after 100 |
diff --git a/test/test.profile b/test/profiles/test.profile index 1d69cc960..1d69cc960 100644 --- a/test/test.profile +++ b/test/profiles/test.profile | |||
diff --git a/test/test2.profile b/test/profiles/test2.profile index d7e1a1f21..d7e1a1f21 100644 --- a/test/test2.profile +++ b/test/profiles/test2.profile | |||
diff --git a/test/quiet.exp b/test/quiet.exp deleted file mode 100755 index fa46aebf2..000000000 --- a/test/quiet.exp +++ /dev/null | |||
@@ -1,17 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 4 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # check ip address | ||
8 | send -- "firejail --net=br0 --quiet\r" | ||
9 | expect { | ||
10 | "Child process initialized" {puts "TESTING ERROR 1\n";exit} | ||
11 | "Interface" {puts "TESTING ERROR 1\n";exit} | ||
12 | } | ||
13 | sleep 1 | ||
14 | send -- "\r" | ||
15 | |||
16 | puts "\nall done\n" | ||
17 | |||
diff --git a/test/servers3.exp b/test/root/apache2.exp index eccdaa1d9..0b102bad5 100755 --- a/test/servers3.exp +++ b/test/root/apache2.exp | |||
@@ -4,16 +4,6 @@ set timeout 5 | |||
4 | spawn $env(SHELL) | 4 | spawn $env(SHELL) |
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
7 | send -- "sudo ls; sudo whoami; sudo pwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
10 | "root" | ||
11 | } | ||
12 | |||
13 | send -- "pkill apache\r" | ||
14 | sleep 2 | ||
15 | |||
16 | |||
17 | send -- "firejail --name=apache /etc/init.d/apache2 start\r" | 7 | send -- "firejail --name=apache /etc/init.d/apache2 start\r" |
18 | expect { | 8 | expect { |
19 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
diff --git a/test/root/firecfg.exp b/test/root/firecfg.exp new file mode 100755 index 000000000..b4864988d --- /dev/null +++ b/test/root/firecfg.exp | |||
@@ -0,0 +1,46 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firecfg\r" | ||
11 | sleep 1 | ||
12 | |||
13 | send -- "firecfg --clean\r" | ||
14 | expect { | ||
15 | timeout {puts "TESTING ERROR 0\n";exit} | ||
16 | "/usr/local/bin/firefox removed" | ||
17 | } | ||
18 | after 100 | ||
19 | send -- "file /usr/local/bin/firefox; echo done\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "symbolic link to /usr/bin/firejail" {puts "TESTING ERROR 2\n";exit} | ||
23 | "done" | ||
24 | } | ||
25 | after 100 | ||
26 | |||
27 | send -- "firecfg\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 3\n";exit} | ||
30 | "/usr/local/bin/firefox created" | ||
31 | } | ||
32 | after 100 | ||
33 | send -- "file /usr/local/bin/firefox\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4\n";exit} | ||
36 | "symbolic link to /usr/bin/firejail" | ||
37 | } | ||
38 | after 100 | ||
39 | |||
40 | send -- "firecfg --list\r" | ||
41 | expect { | ||
42 | timeout {puts "TESTING ERROR 5\n";exit} | ||
43 | "/usr/local/bin/firefox" | ||
44 | } | ||
45 | after 100 | ||
46 | puts "\nall done\n" | ||
diff --git a/test/root/firejail.config b/test/root/firejail.config new file mode 100644 index 000000000..71ff2f4e9 --- /dev/null +++ b/test/root/firejail.config | |||
@@ -0,0 +1,20 @@ | |||
1 | bind yes | ||
2 | chroot yes | ||
3 | chroot-desktop yes | ||
4 | file-transfer yes | ||
5 | force-nonewprivs no | ||
6 | network yes | ||
7 | overlayfs yes | ||
8 | private-bin-no-local no | ||
9 | private-home yes | ||
10 | quiet-by-default no | ||
11 | remount-proc-sys yes | ||
12 | restricted-network no | ||
13 | # netfilter-default /etc/iptables.iptables.rules | ||
14 | seccomp yes | ||
15 | userns yes | ||
16 | whitelist yes | ||
17 | x11 yes | ||
18 | xephyr-screen 800x600 | ||
19 | xephyr-window-title yes | ||
20 | xephyr-extra-params -grayscale | ||
diff --git a/test/root/firemon-events.exp b/test/root/firemon-events.exp new file mode 100755 index 000000000..4f305e51d --- /dev/null +++ b/test/root/firemon-events.exp | |||
@@ -0,0 +1,72 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | # start firemon | ||
8 | set firemon_id $spawn_id | ||
9 | send -- "firemon\r" | ||
10 | sleep 1 | ||
11 | |||
12 | # start firejail | ||
13 | spawn $env(SHELL) | ||
14 | set firejail_id $spawn_id | ||
15 | send -- "firejail\r" | ||
16 | expect { | ||
17 | timeout {puts "TESTING ERROR 0\n";exit} | ||
18 | "Child process initialized" | ||
19 | } | ||
20 | |||
21 | # get messages on firemon | ||
22 | set spawn_id $firemon_id | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 1\n";exit} | ||
25 | "exec" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 2\n";exit} | ||
29 | "/bin/bash -c /bin/bash" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 3\n";exit} | ||
33 | "exec" | ||
34 | } | ||
35 | expect { | ||
36 | timeout {puts "TESTING ERROR 4\n";exit} | ||
37 | "/bin/bash" | ||
38 | } | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 5\n";exit} | ||
41 | "fork" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 6\n";exit} | ||
45 | "child" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 7\n";exit} | ||
49 | "/bin/bash" | ||
50 | } | ||
51 | after 100 | ||
52 | |||
53 | # exit firejail | ||
54 | set spawn_id $firejail_id | ||
55 | send -- "exit\r" | ||
56 | sleep 1 | ||
57 | |||
58 | # get messages on firemon | ||
59 | set spawn_id $firemon_id | ||
60 | expect { | ||
61 | timeout {puts "TESTING ERROR 8\n";exit} | ||
62 | "exit" | ||
63 | } | ||
64 | |||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 9\n";exit} | ||
67 | "EXIT SANDBOX" | ||
68 | } | ||
69 | |||
70 | |||
71 | puts "\nall done\n" | ||
72 | |||
diff --git a/test/servers4.exp b/test/root/isc-dhcp.exp index 86500707a..5d9597e7c 100755 --- a/test/servers4.exp +++ b/test/root/isc-dhcp.exp | |||
@@ -4,15 +4,6 @@ set timeout 5 | |||
4 | spawn $env(SHELL) | 4 | spawn $env(SHELL) |
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
7 | send -- "sudo ls; sudo whoami; sudo pwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
10 | "root" | ||
11 | } | ||
12 | |||
13 | send -- "pkill dhcpd\r" | ||
14 | sleep 2 | ||
15 | |||
16 | send -- "firejail --name=dhcpd /etc/init.d/isc-dhcp-server start\r" | 7 | send -- "firejail --name=dhcpd /etc/init.d/isc-dhcp-server start\r" |
17 | expect { | 8 | expect { |
18 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
diff --git a/test/root/join.exp b/test/root/join.exp new file mode 100755 index 000000000..e4a4e87af --- /dev/null +++ b/test/root/join.exp | |||
@@ -0,0 +1,52 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | cd /home | ||
8 | spawn $env(SHELL) | ||
9 | match_max 100000 | ||
10 | |||
11 | send -- "firejail --name=jointesting --cpu=0 --nice=2\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 2 | ||
17 | |||
18 | spawn $env(SHELL) | ||
19 | send -- "firejail --join=jointesting\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "Switching to pid" | ||
23 | } | ||
24 | sleep 1 | ||
25 | send -- "ps aux\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 2\n";exit} | ||
28 | "/bin/bash" | ||
29 | } | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 3\n";exit} | ||
32 | "/bin/bash" | ||
33 | } | ||
34 | |||
35 | send -- "exit\r" | ||
36 | sleep 1 | ||
37 | send -- "firejail --join-network=jointesting\r" | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 4\n";exit} | ||
40 | "Child process initialized" | ||
41 | } | ||
42 | send -- "exit\r" | ||
43 | sleep 1 | ||
44 | send -- "firejail --join-filesystem=jointesting\r" | ||
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 5\n";exit} | ||
47 | "Child process initialized" | ||
48 | } | ||
49 | |||
50 | after 100 | ||
51 | |||
52 | puts "\nall done\n" | ||
diff --git a/test/servers6.exp b/test/root/nginx.exp index 9ef4ea514..82ebe0ee7 100755 --- a/test/servers6.exp +++ b/test/root/nginx.exp | |||
@@ -4,16 +4,6 @@ set timeout 5 | |||
4 | spawn $env(SHELL) | 4 | spawn $env(SHELL) |
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
7 | send -- "sudo ls; sudo whoami; sudo pwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
10 | "root" | ||
11 | } | ||
12 | |||
13 | send -- "pkill nginx\r" | ||
14 | sleep 2 | ||
15 | |||
16 | |||
17 | send -- "firejail --name=nginx /etc/init.d/nginx start\r" | 7 | send -- "firejail --name=nginx /etc/init.d/nginx start\r" |
18 | expect { | 8 | expect { |
19 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
diff --git a/test/option_bind_directory.exp b/test/root/option_bind_directory.exp index 3233c68de..3233c68de 100755 --- a/test/option_bind_directory.exp +++ b/test/root/option_bind_directory.exp | |||
diff --git a/test/option_bind_file.exp b/test/root/option_bind_file.exp index 8926e0391..8926e0391 100755 --- a/test/option_bind_file.exp +++ b/test/root/option_bind_file.exp | |||
diff --git a/test/option_tmpfs.exp b/test/root/option_tmpfs.exp index 6522ef2d3..3d492dfdb 100755 --- a/test/option_tmpfs.exp +++ b/test/root/option_tmpfs.exp | |||
@@ -16,13 +16,9 @@ expect { | |||
16 | timeout {puts "TESTING ERROR 1\n";exit} | 16 | timeout {puts "TESTING ERROR 1\n";exit} |
17 | "total 0" | 17 | "total 0" |
18 | } | 18 | } |
19 | expect { | 19 | after 100 |
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "/root" | ||
22 | } | ||
23 | sleep 1 | ||
24 | send -- "exit\r" | 20 | send -- "exit\r" |
25 | sleep 2 | 21 | sleep 1 |
26 | 22 | ||
27 | send -- "firejail --debug-check-filename --tmpfs=\"bla&&bla\"\r" | 23 | send -- "firejail --debug-check-filename --tmpfs=\"bla&&bla\"\r" |
28 | expect { | 24 | expect { |
@@ -40,5 +36,5 @@ expect { | |||
40 | after 100 | 36 | after 100 |
41 | 37 | ||
42 | 38 | ||
43 | puts "\nalldone\n" | 39 | puts "\nall done\n" |
44 | 40 | ||
diff --git a/test/root/private.exp b/test/root/private.exp new file mode 100755 index 000000000..9ce9716f9 --- /dev/null +++ b/test/root/private.exp | |||
@@ -0,0 +1,90 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --private\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 2 | ||
16 | |||
17 | send -- "ls -l /home\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "total 0" | ||
21 | } | ||
22 | after 100 | ||
23 | |||
24 | send -- "ls -l /root\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "total 0" | ||
28 | } | ||
29 | after 100 | ||
30 | |||
31 | send -- "exit\r" | ||
32 | sleep 1 | ||
33 | |||
34 | |||
35 | |||
36 | send -- "touch /opt/firejail-test-file\r" | ||
37 | after 100 | ||
38 | send -- "mkdir /opt/firejail-test-dir\r" | ||
39 | after 100 | ||
40 | send -- "touch /opt/firejail-test-dir/firejail-test-file\r" | ||
41 | after 100 | ||
42 | send -- "firejail --private-opt=firejail-test-file,firejail-test-dir --debug\r" | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 3\n";exit} | ||
45 | "Child process initialized" | ||
46 | } | ||
47 | sleep 1 | ||
48 | |||
49 | send -- "find /opt | wc -l\r" | ||
50 | expect { | ||
51 | timeout {puts "TESTING ERROR 4\n";exit} | ||
52 | "4" | ||
53 | } | ||
54 | after 100 | ||
55 | send -- "exit\r" | ||
56 | sleep 1 | ||
57 | |||
58 | |||
59 | send -- "touch /srv/firejail-test-file\r" | ||
60 | after 100 | ||
61 | send -- "mkdir /srv/firejail-test-dir\r" | ||
62 | after 100 | ||
63 | send -- "touch /srv/firejail-test-dir/firejail-test-file\r" | ||
64 | after 100 | ||
65 | send -- "firejail --private-srv=firejail-test-file,firejail-test-dir --debug\r" | ||
66 | expect { | ||
67 | timeout {puts "TESTING ERROR 5\n";exit} | ||
68 | "Child process initialized" | ||
69 | } | ||
70 | sleep 1 | ||
71 | |||
72 | send -- "find /srv | wc -l\r" | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 6\n";exit} | ||
75 | "4" | ||
76 | } | ||
77 | after 100 | ||
78 | send -- "exit\r" | ||
79 | sleep 1 | ||
80 | |||
81 | |||
82 | |||
83 | |||
84 | |||
85 | |||
86 | |||
87 | |||
88 | |||
89 | |||
90 | puts "\nall done\n" | ||
diff --git a/test/root/profile_tmpfs.exp b/test/root/profile_tmpfs.exp new file mode 100755 index 000000000..25f73b50b --- /dev/null +++ b/test/root/profile_tmpfs.exp | |||
@@ -0,0 +1,40 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --profile=tmpfs.profile\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "ls -l /var;pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "total 0" | ||
18 | } | ||
19 | after 100 | ||
20 | send -- "exit\r" | ||
21 | sleep 1 | ||
22 | |||
23 | send -- "firejail --debug-check-filename --profile=tmpfs-bad.profile\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 13.1\n";exit} | ||
26 | "Checking filename bla&&bla" | ||
27 | } | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 13.2\n";exit} | ||
30 | "Error:" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 13.3\n";exit} | ||
34 | "is an invalid filename" | ||
35 | } | ||
36 | after 100 | ||
37 | |||
38 | |||
39 | puts "\nall done\n" | ||
40 | |||
diff --git a/test/root/root.sh b/test/root/root.sh new file mode 100755 index 000000000..9764b3804 --- /dev/null +++ b/test/root/root.sh | |||
@@ -0,0 +1,114 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | # set a new firejail config file | ||
4 | cp firejail.config /etc/firejail/firejail.config | ||
5 | |||
6 | #******************************** | ||
7 | # servers | ||
8 | #******************************** | ||
9 | if [ -f /etc/init.d/snmpd ] | ||
10 | then | ||
11 | echo "TESTING: snmpd (test/root/snmpd.exp)" | ||
12 | ./snmpd.exp | ||
13 | else | ||
14 | echo "TESTING SKIP: snmpd not found" | ||
15 | fi | ||
16 | |||
17 | |||
18 | if [ -f /etc/init.d/apache2 ] | ||
19 | then | ||
20 | echo "TESTING: apache2 (test/root/apache2.exp)" | ||
21 | ./apache2.exp | ||
22 | else | ||
23 | echo "TESTING SKIP: apache2 not found" | ||
24 | fi | ||
25 | |||
26 | if [ -f /etc/init.d/isc-dhcp-server ] | ||
27 | then | ||
28 | echo "TESTING: isc dhcp server (test/root/isc-dhscp.exp)" | ||
29 | ./isc-dhcp.exp | ||
30 | else | ||
31 | echo "TESTING SKIP: isc dhcp server not found" | ||
32 | fi | ||
33 | |||
34 | if [ -f /etc/init.d/unbound ] | ||
35 | then | ||
36 | echo "TESTING: unbound (test/root/unbound.exp)" | ||
37 | ./unbound.exp | ||
38 | else | ||
39 | echo "TESTING SKIP: unbound not found" | ||
40 | fi | ||
41 | |||
42 | if [ -f /etc/init.d/nginx ] | ||
43 | then | ||
44 | echo "TESTING: nginx (test/root/nginx.exp)" | ||
45 | ./nginx.exp | ||
46 | else | ||
47 | echo "TESTING SKIP: nginx not found" | ||
48 | fi | ||
49 | |||
50 | #******************************** | ||
51 | # filesystem | ||
52 | #******************************** | ||
53 | echo "TESTING: fs private (test/root/private.exp)" | ||
54 | ./private.exp | ||
55 | |||
56 | echo "TESTING: fs whitelist mnt, opt, media (test/root/whitelist-mnt.exp)" | ||
57 | ./whitelist.exp | ||
58 | |||
59 | #******************************** | ||
60 | # utils | ||
61 | #******************************** | ||
62 | echo "TESTING: join (test/root/join.exp)" | ||
63 | ./join.exp | ||
64 | |||
65 | #******************************** | ||
66 | # seccomp | ||
67 | #******************************** | ||
68 | echo "TESTING: seccomp umount (test/root/seccomp-umount.exp)" | ||
69 | ./seccomp-umount.exp | ||
70 | |||
71 | echo "TESTING: seccomp chmod (test/root/seccomp-chmod.exp)" | ||
72 | ./seccomp-chmod.exp | ||
73 | |||
74 | echo "TESTING: seccomp chown (test/root/seccomp-chown.exp)" | ||
75 | ./seccomp-chown.exp | ||
76 | |||
77 | #******************************** | ||
78 | # command line options | ||
79 | #******************************** | ||
80 | echo "TESTING: tmpfs (test/root/option_tmpfs.exp)" | ||
81 | ./option_tmpfs.exp | ||
82 | |||
83 | echo "TESTING: profile tmpfs (test/root/profile_tmpfs)" | ||
84 | ./profile_tmpfs.exp | ||
85 | |||
86 | echo "TESTING: bind directory (test/root/option_bind_directory.exp)" | ||
87 | ./option_bind_directory.exp | ||
88 | |||
89 | echo "TESTING: bind file (test/root/option_bind_file.exp)" | ||
90 | echo hello > tmpfile | ||
91 | ./option_bind_file.exp | ||
92 | rm -f tmpfile | ||
93 | |||
94 | #******************************** | ||
95 | # firemon | ||
96 | #******************************** | ||
97 | echo "TESTING: firemon events (test/root/firemon-events.exp)" | ||
98 | ./firemon-events.exp | ||
99 | |||
100 | #******************************** | ||
101 | # firecfg | ||
102 | #******************************** | ||
103 | which firefox | ||
104 | if [ "$?" -eq 0 ]; | ||
105 | then | ||
106 | echo "TESTING: firecfg (test/root/firecfg.exp)" | ||
107 | ./firecfg.exp | ||
108 | else | ||
109 | echo "TESTING SKIP: firecfg, firefox not found" | ||
110 | fi | ||
111 | |||
112 | # restore the default config file | ||
113 | cp ../../etc/firejail.config /etc/firejail/firejail.config | ||
114 | |||
diff --git a/test/root/seccomp-chmod.exp b/test/root/seccomp-chmod.exp new file mode 100755 index 000000000..b17990e3a --- /dev/null +++ b/test/root/seccomp-chmod.exp | |||
@@ -0,0 +1,51 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --seccomp=chmod,fchmod,fchmodat --private\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 2 | ||
16 | |||
17 | send -- "cd ~; echo done\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "done" | ||
21 | } | ||
22 | |||
23 | send -- "touch testfile; echo done\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 2\n";exit} | ||
26 | "done" | ||
27 | } | ||
28 | |||
29 | send -- "ls -l testfile; echo done\r" | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 3\n";exit} | ||
32 | "testfile" | ||
33 | } | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4\n";exit} | ||
36 | "done" | ||
37 | } | ||
38 | |||
39 | send -- "chmod +x testfile; echo done\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 5\n";exit} | ||
42 | "Bad system call" | ||
43 | } | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 6\n";exit} | ||
46 | "done" | ||
47 | } | ||
48 | |||
49 | send -- "exit\r" | ||
50 | after 100 | ||
51 | puts "\nall done\n" | ||
diff --git a/test/seccomp-chmod.exp b/test/root/seccomp-chown.exp index b4a213206..a54d279f1 100755 --- a/test/seccomp-chmod.exp +++ b/test/root/seccomp-chown.exp | |||
@@ -1,10 +1,13 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
5 | match_max 100000 | 8 | match_max 100000 |
6 | 9 | ||
7 | send -- "firejail --seccomp=chmod,fchmod,fchmodat --private\r" | 10 | send -- "firejail --seccomp=chown,fchown,fchownat,lchown --private\r" |
8 | expect { | 11 | expect { |
9 | timeout {puts "TESTING ERROR 0\n";exit} | 12 | timeout {puts "TESTING ERROR 0\n";exit} |
10 | "Child process initialized" | 13 | "Child process initialized" |
@@ -29,7 +32,7 @@ expect { | |||
29 | "/home" | 32 | "/home" |
30 | } | 33 | } |
31 | 34 | ||
32 | send -- "chmod +x testfile;pwd\r" | 35 | send -- "chown netblue:netblue testfile;pwd\r" |
33 | expect { | 36 | expect { |
34 | timeout {puts "TESTING ERROR 2\n";exit} | 37 | timeout {puts "TESTING ERROR 2\n";exit} |
35 | "Bad system call" | 38 | "Bad system call" |
@@ -42,5 +45,5 @@ expect { | |||
42 | 45 | ||
43 | 46 | ||
44 | send -- "exit\r" | 47 | send -- "exit\r" |
45 | sleep 1 | 48 | after 100 |
46 | puts "\n" | 49 | puts "\nall done\n" |
diff --git a/test/seccomp-umount.exp b/test/root/seccomp-umount.exp index c0107a084..c441c5fc4 100755 --- a/test/seccomp-umount.exp +++ b/test/root/seccomp-umount.exp | |||
@@ -1,16 +1,13 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
5 | match_max 100000 | 8 | match_max 100000 |
6 | 9 | ||
7 | send -- "sudo ls; sudo whoami; sudo pwd\r" | 10 | send -- "firejail --seccomp --noprofile\r" |
8 | expect { | ||
9 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
10 | "root" | ||
11 | } | ||
12 | |||
13 | send -- "firejail --net=br0 --ip=10.10.20.5 --seccomp --noprofile\r" | ||
14 | expect { | 11 | expect { |
15 | timeout {puts "TESTING ERROR 0\n";exit} | 12 | timeout {puts "TESTING ERROR 0\n";exit} |
16 | "Child process initialized" | 13 | "Child process initialized" |
@@ -24,5 +21,5 @@ expect { | |||
24 | } | 21 | } |
25 | 22 | ||
26 | send -- "exit\r" | 23 | send -- "exit\r" |
27 | sleep 1 | 24 | after 100 |
28 | puts "\n" | 25 | puts "\n" |
diff --git a/test/servers2.exp b/test/root/snmpd.exp index 90e34470f..610fdb13a 100755 --- a/test/servers2.exp +++ b/test/root/snmpd.exp | |||
@@ -4,16 +4,6 @@ set timeout 5 | |||
4 | spawn $env(SHELL) | 4 | spawn $env(SHELL) |
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
7 | send -- "sudo ls; sudo whoami; sudo pwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
10 | "root" | ||
11 | } | ||
12 | |||
13 | send -- "pkill snmpd\r" | ||
14 | sleep 2 | ||
15 | |||
16 | |||
17 | send -- "firejail --name=snmpd /etc/init.d/snmpd start\r" | 7 | send -- "firejail --name=snmpd /etc/init.d/snmpd start\r" |
18 | expect { | 8 | expect { |
19 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
diff --git a/test/root/tmpfs-bad.profile b/test/root/tmpfs-bad.profile new file mode 100644 index 000000000..7264e18ff --- /dev/null +++ b/test/root/tmpfs-bad.profile | |||
@@ -0,0 +1 @@ | |||
tmpfs bla&&bla | |||
diff --git a/test/root/tmpfs.profile b/test/root/tmpfs.profile new file mode 100644 index 000000000..55a6f7ebc --- /dev/null +++ b/test/root/tmpfs.profile | |||
@@ -0,0 +1 @@ | |||
tmpfs /var | |||
diff --git a/test/servers5.exp b/test/root/unbound.exp index 193e662ff..9c496306a 100755 --- a/test/servers5.exp +++ b/test/root/unbound.exp | |||
@@ -4,15 +4,6 @@ set timeout 5 | |||
4 | spawn $env(SHELL) | 4 | spawn $env(SHELL) |
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
7 | send -- "sudo ls; sudo whoami; sudo pwd\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit} | ||
10 | "root" | ||
11 | } | ||
12 | |||
13 | send -- "pkill unbound\r" | ||
14 | sleep 2 | ||
15 | |||
16 | send -- "firejail --name=unbound unbound\r" | 7 | send -- "firejail --name=unbound unbound\r" |
17 | expect { | 8 | expect { |
18 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
diff --git a/test/root/whitelist.exp b/test/root/whitelist.exp new file mode 100755 index 000000000..f6936c048 --- /dev/null +++ b/test/root/whitelist.exp | |||
@@ -0,0 +1,118 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "touch /mnt/firejail-test-file\r" | ||
11 | after 100 | ||
12 | send -- "mkdir /mnt/firejail-test-dir\r" | ||
13 | after 100 | ||
14 | send -- "touch /mnt/firejail-test-dir/firejail-test-file\r" | ||
15 | after 100 | ||
16 | send -- "firejail --whitelist=/mnt/firejail-test-file --whitelist=/mnt/firejail-test-dir --debug\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 0\n";exit} | ||
19 | "Child process initialized" | ||
20 | } | ||
21 | sleep 1 | ||
22 | |||
23 | send -- "find /mnt | wc -l\r" | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 1\n";exit} | ||
26 | "4" | ||
27 | } | ||
28 | after 100 | ||
29 | send -- "exit\r" | ||
30 | sleep 1 | ||
31 | |||
32 | |||
33 | send -- "touch /opt/firejail-test-file\r" | ||
34 | after 100 | ||
35 | send -- "mkdir /opt/firejail-test-dir\r" | ||
36 | after 100 | ||
37 | send -- "touch /opt/firejail-test-dir/firejail-test-file\r" | ||
38 | after 100 | ||
39 | send -- "firejail --whitelist=/opt/firejail-test-file --whitelist=/opt/firejail-test-dir --debug\r" | ||
40 | expect { | ||
41 | timeout {puts "TESTING ERROR 2\n";exit} | ||
42 | "Child process initialized" | ||
43 | } | ||
44 | sleep 1 | ||
45 | |||
46 | send -- "find /opt | wc -l\r" | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 3\n";exit} | ||
49 | "4" | ||
50 | } | ||
51 | after 100 | ||
52 | send -- "exit\r" | ||
53 | sleep 1 | ||
54 | |||
55 | send -- "touch /media/firejail-test-file\r" | ||
56 | after 100 | ||
57 | send -- "mkdir /media/firejail-test-dir\r" | ||
58 | after 100 | ||
59 | send -- "touch /media/firejail-test-dir/firejail-test-file\r" | ||
60 | after 100 | ||
61 | send -- "firejail --whitelist=/media/firejail-test-file --whitelist=/media/firejail-test-dir --debug\r" | ||
62 | expect { | ||
63 | timeout {puts "TESTING ERROR 4\n";exit} | ||
64 | "Child process initialized" | ||
65 | } | ||
66 | sleep 1 | ||
67 | |||
68 | send -- "find /media | wc -l\r" | ||
69 | expect { | ||
70 | timeout {puts "TESTING ERROR 5\n";exit} | ||
71 | "4" | ||
72 | } | ||
73 | after 100 | ||
74 | send -- "exit\r" | ||
75 | sleep 1 | ||
76 | |||
77 | |||
78 | send -- "firejail --whitelist=/var/run --whitelist=/var/lock --debug\r" | ||
79 | expect { | ||
80 | timeout {puts "TESTING ERROR 6\n";exit} | ||
81 | "Child process initialized" | ||
82 | } | ||
83 | sleep 1 | ||
84 | |||
85 | send -- "find /var | wc -l\r" | ||
86 | expect { | ||
87 | timeout {puts "TESTING ERROR 7\n";exit} | ||
88 | "" | ||
89 | } | ||
90 | after 100 | ||
91 | send -- "exit\r" | ||
92 | sleep 1 | ||
93 | |||
94 | send -- "touch /srv/firejail-test-file\r" | ||
95 | after 100 | ||
96 | send -- "mkdir /srv/firejail-test-dir\r" | ||
97 | after 100 | ||
98 | send -- "touch /srv/firejail-test-dir/firejail-test-file\r" | ||
99 | after 100 | ||
100 | send -- "firejail --whitelist=/srv/firejail-test-file --whitelist=/srv/firejail-test-dir --debug\r" | ||
101 | expect { | ||
102 | timeout {puts "TESTING ERROR 8\n";exit} | ||
103 | "Child process initialized" | ||
104 | } | ||
105 | sleep 1 | ||
106 | |||
107 | send -- "find /srv | wc -l\r" | ||
108 | expect { | ||
109 | timeout {puts "TESTING ERROR 9\n";exit} | ||
110 | "4" | ||
111 | } | ||
112 | after 100 | ||
113 | send -- "exit\r" | ||
114 | |||
115 | |||
116 | after 100 | ||
117 | puts "\nall done\n" | ||
118 | |||
diff --git a/test/seccomp-chmod-profile.exp b/test/seccomp-chmod-profile.exp deleted file mode 100755 index 098328cea..000000000 --- a/test/seccomp-chmod-profile.exp +++ /dev/null | |||
@@ -1,46 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --profile=seccomp.profile --private\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 0\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 2 | ||
13 | |||
14 | send -- "touch testfile;pwd\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "/root" {puts "running as root"} | ||
18 | "/home" | ||
19 | } | ||
20 | |||
21 | send -- "ls -l testfile;pwd\r" | ||
22 | expect { | ||
23 | timeout {puts "TESTING ERROR 2\n";exit} | ||
24 | "testfile" | ||
25 | } | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 3\n";exit} | ||
28 | "/root" {puts "running as root"} | ||
29 | "/home" | ||
30 | } | ||
31 | |||
32 | send -- "chmod +x testfile;pwd\r" | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 2\n";exit} | ||
35 | "Bad system call" | ||
36 | } | ||
37 | expect { | ||
38 | timeout {puts "TESTING ERROR 3\n";exit} | ||
39 | "/root" {puts "running as root"} | ||
40 | "/home" | ||
41 | } | ||
42 | |||
43 | |||
44 | send -- "exit\r" | ||
45 | sleep 1 | ||
46 | puts "\n" | ||
diff --git a/test/seccomp-errno.exp b/test/seccomp-errno.exp deleted file mode 100755 index e6678ab8f..000000000 --- a/test/seccomp-errno.exp +++ /dev/null | |||
@@ -1,87 +0,0 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "touch seccomp-test-file\r" | ||
8 | sleep 1 | ||
9 | |||
10 | send -- "firejail --seccomp.enoent=unlinkat rm seccomp-test-file\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "No such file or directory" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | send -- "firejail --seccomp.enoent=unlinkat --debug rm seccomp-test-file\r" | ||
18 | expect { | ||
19 | timeout {puts "TESTING ERROR 1\n";exit} | ||
20 | "unlinkat 2 ENOENT" | ||
21 | } | ||
22 | sleep 1 | ||
23 | |||
24 | send -- "firejail --seccomp.enoent=unlinkat,mkdir\r" | ||
25 | expect { | ||
26 | timeout {puts "TESTING ERROR 2\n";exit} | ||
27 | "Child process initialized" | ||
28 | } | ||
29 | sleep 1 | ||
30 | send -- "rm seccomp-test-file\r" | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 3\n";exit} | ||
33 | "No such file or directory" | ||
34 | } | ||
35 | after 100 | ||
36 | puts "\n" | ||
37 | |||
38 | send -- "mkdir seccomp-test-dir\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 4\n";exit} | ||
41 | "No such file or directory" | ||
42 | } | ||
43 | after 100 | ||
44 | puts "\n" | ||
45 | |||
46 | send -- "exit\r" | ||
47 | sleep 1 | ||
48 | |||
49 | |||
50 | send -- "firejail --seccomp.enoent=unlinkat --seccomp.enoent=mkdir\r" | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 5\n";exit} | ||
53 | "errno enoent already configured" | ||
54 | } | ||
55 | sleep 1 | ||
56 | |||
57 | send -- "firejail --seccomp.enoent=unlinkat --seccomp.eperm=mkdir\r" | ||
58 | expect { | ||
59 | timeout {puts "TESTING ERROR 6\n";exit} | ||
60 | "Child process initialized" | ||
61 | } | ||
62 | sleep 1 | ||
63 | send -- "rm seccomp-test-file\r" | ||
64 | expect { | ||
65 | timeout {puts "TESTING ERROR 7\n";exit} | ||
66 | "No such file or directory" | ||
67 | } | ||
68 | after 100 | ||
69 | puts "\n" | ||
70 | |||
71 | send -- "mkdir seccomp-test-dir\r" | ||
72 | expect { | ||
73 | timeout {puts "TESTING ERROR 8\n";exit} | ||
74 | "Operation not permitted" | ||
75 | } | ||
76 | after 100 | ||
77 | puts "\n" | ||
78 | |||
79 | send -- "exit\r" | ||
80 | sleep 1 | ||
81 | |||
82 | |||
83 | |||
84 | |||
85 | send -- "rm seccomp-test-file\r" | ||
86 | sleep 1 | ||
87 | puts "all done\n" | ||
diff --git a/test/net_macvlan.exp b/test/stress/net_macvlan.exp index 20d022de9..6ea4a6adf 100755 --- a/test/net_macvlan.exp +++ b/test/stress/net_macvlan.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -9,7 +12,7 @@ spawn $env(SHELL) | |||
9 | send -- "firejail --net=eth0 --ip=192.168.1.60\r" | 12 | send -- "firejail --net=eth0 --ip=192.168.1.60\r" |
10 | expect { | 13 | expect { |
11 | timeout {puts "TESTING ERROR 1.1\n";puts "Please open a sandbox on 192.168.1.60\n";exit} | 14 | timeout {puts "TESTING ERROR 1.1\n";puts "Please open a sandbox on 192.168.1.60\n";exit} |
12 | "the address 192.168.1.60 is already in use" | 15 | "192.168.1.60 is interface eth0 address" |
13 | } | 16 | } |
14 | 17 | ||
15 | 18 | ||
@@ -83,6 +86,8 @@ while { $i <= $MAXi } { | |||
83 | after 100 | 86 | after 100 |
84 | # sleep 1 | 87 | # sleep 1 |
85 | } | 88 | } |
89 | send -- "exit\r" | ||
90 | after 100 | ||
86 | 91 | ||
87 | puts "\n" | 92 | puts "\n" |
88 | 93 | ||
diff --git a/test/stress/stress.sh b/test/stress/stress.sh new file mode 100755 index 000000000..35c846071 --- /dev/null +++ b/test/stress/stress.sh | |||
@@ -0,0 +1,11 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | echo "TESTING: macvlan (net_macvlan.exp)" | ||
10 | ./net_macvlan.exp | ||
11 | |||
diff --git a/test/sysutils/cpio.exp b/test/sysutils/cpio.exp new file mode 100755 index 000000000..9755d8737 --- /dev/null +++ b/test/sysutils/cpio.exp | |||
@@ -0,0 +1,26 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "find /usr/share/doc/firejail | /bin/cpio -ov > firejail_t1\r" | ||
11 | sleep 1 | ||
12 | |||
13 | send -- "find /usr/share/doc/firejail | firejail /bin/cpio -ov > firejail_t2\r" | ||
14 | sleep 1 | ||
15 | |||
16 | send -- "diff -s firejail_t1 firejail_t2\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 1\n";exit} | ||
19 | "firejail_t1 and firejail_t2 are identical" | ||
20 | } | ||
21 | |||
22 | send -- "rm firejail_t*\r" | ||
23 | sleep 1 | ||
24 | |||
25 | |||
26 | puts "\nall done\n" | ||
diff --git a/test/sysutils/file.exp b/test/sysutils/file.exp new file mode 100755 index 000000000..a8ad84d12 --- /dev/null +++ b/test/sysutils/file.exp | |||
@@ -0,0 +1,18 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "echo 'test string for firejail test' > /tmp/firejail_test.txt; firejail file /tmp/firejail_test.txt\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "ASCII text" | ||
14 | } | ||
15 | send -- "rm /tmp/firejail_test.txt\r" | ||
16 | sleep 1 | ||
17 | |||
18 | puts "\nall done\n" | ||
diff --git a/test/sysutils/gzip.exp b/test/sysutils/gzip.exp new file mode 100755 index 000000000..ab0e727de --- /dev/null +++ b/test/sysutils/gzip.exp | |||
@@ -0,0 +1,26 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "/bin/gzip -c /usr/bin/firejail > firejail_t1\r" | ||
11 | sleep 1 | ||
12 | |||
13 | send -- "firejail /bin/gzip -c /usr/bin/firejail > firejail_t2\r" | ||
14 | sleep 1 | ||
15 | |||
16 | send -- "diff -s firejail_t1 firejail_t2\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 1\n";exit} | ||
19 | "firejail_t1 and firejail_t2 are identical" | ||
20 | } | ||
21 | |||
22 | send -- "rm firejail_t*\r" | ||
23 | sleep 1 | ||
24 | |||
25 | |||
26 | puts "\nall done\n" | ||
diff --git a/test/sysutils/less.exp b/test/sysutils/less.exp new file mode 100755 index 000000000..720830304 --- /dev/null +++ b/test/sysutils/less.exp | |||
@@ -0,0 +1,20 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail less ../../Makefile.in\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1\n";exit} | ||
13 | "MYLIBS" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 2\n";exit} | ||
17 | "APPS" | ||
18 | } | ||
19 | |||
20 | puts "\nall done\n" | ||
diff --git a/test/sysutils/strings.exp b/test/sysutils/strings.exp new file mode 100755 index 000000000..1fd0f5dc0 --- /dev/null +++ b/test/sysutils/strings.exp | |||
@@ -0,0 +1,26 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "/usr/bin/strings /usr/bin/firejail > firejail_t1\r" | ||
11 | sleep 1 | ||
12 | |||
13 | send -- "firejail /usr/bin/strings /usr/bin/firejail > firejail_t2\r" | ||
14 | sleep 1 | ||
15 | |||
16 | send -- "diff -s firejail_t1 firejail_t2\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 1\n";exit} | ||
19 | "firejail_t1 and firejail_t2 are identical" | ||
20 | } | ||
21 | |||
22 | send -- "rm firejail_t*\r" | ||
23 | sleep 1 | ||
24 | |||
25 | |||
26 | puts "\nall done\n" | ||
diff --git a/test/sysutils/sysutils.sh b/test/sysutils/sysutils.sh new file mode 100755 index 000000000..99939133d --- /dev/null +++ b/test/sysutils/sysutils.sh | |||
@@ -0,0 +1,80 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | which cpio | ||
10 | if [ "$?" -eq 0 ]; | ||
11 | then | ||
12 | echo "TESTING: cpio" | ||
13 | ./cpio.exp | ||
14 | else | ||
15 | echo "TESTING SKIP: cpio not found" | ||
16 | fi | ||
17 | |||
18 | #which strings | ||
19 | #if [ "$?" -eq 0 ]; | ||
20 | #then | ||
21 | # echo "TESTING: strings" | ||
22 | # ./strings.exp | ||
23 | #else | ||
24 | # echo "TESTING SKIP: strings not found" | ||
25 | #fi | ||
26 | |||
27 | which gzip | ||
28 | if [ "$?" -eq 0 ]; | ||
29 | then | ||
30 | echo "TESTING: gzip" | ||
31 | ./gzip.exp | ||
32 | else | ||
33 | echo "TESTING SKIP: gzip not found" | ||
34 | fi | ||
35 | |||
36 | which xzdec | ||
37 | if [ "$?" -eq 0 ]; | ||
38 | then | ||
39 | echo "TESTING: xzdec" | ||
40 | ./xzdec.exp | ||
41 | else | ||
42 | echo "TESTING SKIP: xzdec not found" | ||
43 | fi | ||
44 | |||
45 | which xz | ||
46 | if [ "$?" -eq 0 ]; | ||
47 | then | ||
48 | echo "TESTING: xz" | ||
49 | ./xz.exp | ||
50 | else | ||
51 | echo "TESTING SKIP: xz not found" | ||
52 | fi | ||
53 | |||
54 | which less | ||
55 | if [ "$?" -eq 0 ]; | ||
56 | then | ||
57 | echo "TESTING: less" | ||
58 | ./less.exp | ||
59 | else | ||
60 | echo "TESTING SKIP: less not found" | ||
61 | fi | ||
62 | |||
63 | which file | ||
64 | if [ "$?" -eq 0 ]; | ||
65 | then | ||
66 | echo "TESTING: file" | ||
67 | ./file.exp | ||
68 | else | ||
69 | echo "TESTING SKIP: file not found" | ||
70 | fi | ||
71 | |||
72 | which tar | ||
73 | if [ "$?" -eq 0 ]; | ||
74 | then | ||
75 | echo "TESTING: tar" | ||
76 | ./tar.exp | ||
77 | else | ||
78 | echo "TESTING SKIP: tar not found" | ||
79 | fi | ||
80 | |||
diff --git a/test/sysutils/tar.exp b/test/sysutils/tar.exp new file mode 100755 index 000000000..f41d67d6f --- /dev/null +++ b/test/sysutils/tar.exp | |||
@@ -0,0 +1,46 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail /bin/tar -cjvf firejail_t2 /usr/share/doc/firejail\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 1.1\n";exit} | ||
13 | "Error" {puts "TESTING ERROR 1.2\n";exit} | ||
14 | "/usr/share/doc/firejail/README" | ||
15 | } | ||
16 | after 100 | ||
17 | |||
18 | send -- "stat -c '|%s|' firejail_t2; uname -s\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2.1\n";exit} | ||
21 | "|0|" {puts "TESTING ERROR 2.2\n";exit} | ||
22 | "Linux" | ||
23 | } | ||
24 | sleep 1 | ||
25 | |||
26 | send -- "firejail /bin/tar --compare --file=firejail_t2 -C / | wc\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 3.1\n";exit} | ||
29 | "This does not look like a tar archive" {puts "TESTING ERROR 3.2\n"; exit} | ||
30 | " 0 0 0" | ||
31 | } | ||
32 | sleep 1 | ||
33 | send -- "/bin/tar --compare --file=firejail_t2 -C / | wc\r" | ||
34 | expect { | ||
35 | timeout {puts "TESTING ERROR 4.1\n";exit} | ||
36 | "This does not look like a tar archive" {puts "TESTING ERROR 4.2\n"; exit} | ||
37 | " 0 0 0" | ||
38 | } | ||
39 | sleep 1 | ||
40 | |||
41 | |||
42 | send -- "rm firejail_t*\r" | ||
43 | sleep 1 | ||
44 | |||
45 | |||
46 | puts "\nall done\n" | ||
diff --git a/test/sysutils/xz.exp b/test/sysutils/xz.exp new file mode 100755 index 000000000..11d0e560c --- /dev/null +++ b/test/sysutils/xz.exp | |||
@@ -0,0 +1,26 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "/usr/bin/xz -c /usr/bin/firejail > firejail_t1\r" | ||
11 | sleep 1 | ||
12 | |||
13 | send -- "firejail /usr/bin/xz -c /usr/bin/firejail > firejail_t2\r" | ||
14 | sleep 1 | ||
15 | |||
16 | send -- "diff -s firejail_t1 firejail_t2\r" | ||
17 | expect { | ||
18 | timeout {puts "TESTING ERROR 1\n";exit} | ||
19 | "firejail_t1 and firejail_t2 are identical" | ||
20 | } | ||
21 | |||
22 | send -- "rm firejail_t*\r" | ||
23 | sleep 1 | ||
24 | |||
25 | |||
26 | puts "\nall done\n" | ||
diff --git a/test/sysutils/xzdec.exp b/test/sysutils/xzdec.exp new file mode 100755 index 000000000..0ea6f5fb0 --- /dev/null +++ b/test/sysutils/xzdec.exp | |||
@@ -0,0 +1,29 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "/usr/bin/xz -c /usr/bin/firejail > firejail_t3\r" | ||
11 | sleep 1 | ||
12 | |||
13 | send -- "/usr/bin/xzdec -c firejail_t3 > firejail_t1\r" | ||
14 | sleep 1 | ||
15 | |||
16 | send -- "firejail /usr/bin/xzdec -c firejail_t3 > firejail_t2\r" | ||
17 | sleep 1 | ||
18 | |||
19 | send -- "diff -s firejail_t1 firejail_t2\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "firejail_t1 and firejail_t2 are identical" | ||
23 | } | ||
24 | |||
25 | send -- "rm firejail_t*\r" | ||
26 | sleep 1 | ||
27 | |||
28 | |||
29 | puts "\nall done\n" | ||
diff --git a/test/test-apps-x11.sh b/test/test-apps-x11.sh deleted file mode 100755 index 6521fa2b0..000000000 --- a/test/test-apps-x11.sh +++ /dev/null | |||
@@ -1,29 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | which firefox | ||
4 | if [ "$?" -eq 0 ]; | ||
5 | then | ||
6 | echo "TESTING: firefox x11" | ||
7 | ./firefox-x11.exp | ||
8 | else | ||
9 | echo "TESTING: firefox not found" | ||
10 | fi | ||
11 | |||
12 | which chromium | ||
13 | if [ "$?" -eq 0 ]; | ||
14 | then | ||
15 | echo "TESTING: chromium x11" | ||
16 | ./chromium-x11.exp | ||
17 | else | ||
18 | echo "TESTING: chromium not found" | ||
19 | fi | ||
20 | |||
21 | which transmission-gtk | ||
22 | if [ "$?" -eq 0 ]; | ||
23 | then | ||
24 | echo "TESTING: transmission-gtk x11" | ||
25 | ./transmission-gtk.exp | ||
26 | else | ||
27 | echo "TESTING: transmission-gtk not found" | ||
28 | fi | ||
29 | |||
diff --git a/test/test-nonet.sh b/test/test-nonet.sh deleted file mode 100755 index 3df8b2d4e..000000000 --- a/test/test-nonet.sh +++ /dev/null | |||
@@ -1,44 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | echo "TESTING: version" | ||
4 | ./option_version.exp | ||
5 | |||
6 | echo "TESTING: help" | ||
7 | ./option_help.exp | ||
8 | |||
9 | echo "TESTING: man" | ||
10 | ./option_man.exp | ||
11 | |||
12 | echo "TESTING: list" | ||
13 | ./option_list.exp | ||
14 | |||
15 | echo "TESTING: PID" | ||
16 | ./pid.exp | ||
17 | |||
18 | echo "TESTING: profile no permissions" | ||
19 | ./profile_noperm.exp | ||
20 | |||
21 | echo "TESTING: profile syntax" | ||
22 | ./profile_syntax.exp | ||
23 | |||
24 | echo "TESTING: profile read-only" | ||
25 | ./profile_readonly.exp | ||
26 | |||
27 | echo "TESTING: profile tmpfs" | ||
28 | ./profile_tmpfs.exp | ||
29 | |||
30 | echo "TESTING: private" | ||
31 | ./private.exp `whoami` | ||
32 | |||
33 | echo "TESTING: read/write /var/tmp" | ||
34 | ./fs_var_tmp.exp | ||
35 | |||
36 | echo "TESTING: read/write /var/run" | ||
37 | ./fs_var_run.exp | ||
38 | |||
39 | echo "TESTING: read/write /var/lock" | ||
40 | ./fs_var_lock.exp | ||
41 | |||
42 | echo "TESTING: read/write /dev/shm" | ||
43 | ./fs_dev_shm.exp | ||
44 | |||
diff --git a/test/test-profiles.sh b/test/test-profiles.sh deleted file mode 100755 index d9142885b..000000000 --- a/test/test-profiles.sh +++ /dev/null | |||
@@ -1,10 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | echo "TESTING: default profiles installed in /etc" | ||
4 | PROFILES=`ls /etc/firejail/*.profile` | ||
5 | for PROFILE in $PROFILES | ||
6 | do | ||
7 | echo "TESTING: $PROFILE" | ||
8 | ./test-profile.exp $PROFILE | ||
9 | done | ||
10 | |||
diff --git a/test/test-root.sh b/test/test-root.sh deleted file mode 100755 index 7e1a0b968..000000000 --- a/test/test-root.sh +++ /dev/null | |||
@@ -1,82 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | ./chk_config.exp | ||
4 | |||
5 | echo "TESTING: tmpfs (option_tmpfs.exp)" | ||
6 | ./option_tmpfs.exp | ||
7 | |||
8 | echo "TESTING: profile tmpfs (profile_tmpfs)" | ||
9 | ./profile_tmpfs.exp | ||
10 | |||
11 | echo "TESTING: network interfaces (net_interface.exp)" | ||
12 | ./net_interface.exp | ||
13 | |||
14 | echo "TESTING: chroot (fs_chroot_asroot.exp)" | ||
15 | ./fs_chroot_asroot.exp | ||
16 | |||
17 | if [ -f /etc/init.d/snmpd ] | ||
18 | then | ||
19 | echo "TESTING: servers snmpd, private-dev (servers2.exp)" | ||
20 | ./servers2.exp | ||
21 | fi | ||
22 | |||
23 | if [ -f /etc/init.d/apache2 ] | ||
24 | then | ||
25 | echo "TESTING: servers apache2, private-dev, private-tmp (servers3.exp)" | ||
26 | ./servers3.exp | ||
27 | fi | ||
28 | |||
29 | if [ -f /etc/init.d/isc-dhcp-server ] | ||
30 | then | ||
31 | echo "TESTING: servers isc dhcp server, private-dev (servers4.exp)" | ||
32 | ./servers4.exp | ||
33 | fi | ||
34 | |||
35 | if [ -f /etc/init.d/unbound ] | ||
36 | then | ||
37 | echo "TESTING: servers unbound, private-dev, private-tmp (servers5.exp)" | ||
38 | ./servers5.exp | ||
39 | fi | ||
40 | |||
41 | if [ -f /etc/init.d/nginx ] | ||
42 | then | ||
43 | echo "TESTING: servers nginx, private-dev, private-tmp (servers6.exp)" | ||
44 | ./servers6.exp | ||
45 | fi | ||
46 | |||
47 | echo "TESTING: /proc/sysrq-trigger reset disabled (sysrq-trigger.exp)" | ||
48 | ./sysrq-trigger.exp | ||
49 | |||
50 | echo "TESTING: seccomp umount (seccomp-umount.exp)" | ||
51 | ./seccomp-umount.exp | ||
52 | |||
53 | echo "TESTING: seccomp chmod (seccomp-chmod.exp)" | ||
54 | ./seccomp-chmod.exp | ||
55 | |||
56 | echo "TESTING: seccomp chown (seccomp-chown.exp)" | ||
57 | ./seccomp-chown.exp | ||
58 | |||
59 | echo "TESTING: bind directory (option_bind_directory.exp)" | ||
60 | ./option_bind_directory.exp | ||
61 | |||
62 | echo "TESTING: bind file (option_bind_file.exp)" | ||
63 | echo hello > tmpfile | ||
64 | ./option_bind_file.exp | ||
65 | rm -f tmpfile | ||
66 | |||
67 | echo "TESTING: firemon --interface (firemon-interface.exp)" | ||
68 | ./firemon-interface.exp | ||
69 | |||
70 | if [ -f /sys/fs/cgroup/g1/tasks ] | ||
71 | then | ||
72 | echo "TESTING: firemon --cgroup (firemon-cgroup.exp)" | ||
73 | ./firemon-cgroup.exp | ||
74 | fi | ||
75 | |||
76 | echo "TESTING: chroot resolv.conf (chroot-resolvconf.exp)" | ||
77 | rm -f tmpfile | ||
78 | touch tmpfile | ||
79 | rm -f /tmp/chroot/etc/resolv.conf | ||
80 | ln -s tmp /tmp/chroot/etc/resolv.conf | ||
81 | ./chroot-resolvconf.exp | ||
82 | rm -f tmpfile | ||
diff --git a/test/test.sh b/test/test.sh index c6fe4f299..4b7d5bb6d 100755 --- a/test/test.sh +++ b/test/test.sh | |||
@@ -1,70 +1,15 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | ./chk_config.exp | 6 | ./chk_config.exp |
4 | 7 | ||
5 | ./test-profiles.sh | ||
6 | |||
7 | ./fscheck.sh | 8 | ./fscheck.sh |
8 | 9 | ||
9 | echo "TESTING: cpu.print (cpu-print.exp)" | ||
10 | echo "TESTING: failing under VirtualBox where there is only one CPU" | ||
11 | ./cpu-print.exp | ||
12 | |||
13 | echo "TESTING: bandwidth (bandwidth.exp)" | ||
14 | ./bandwidth.exp | ||
15 | |||
16 | echo "TESTING: file transfer (ls.exp)" | ||
17 | ./ls.exp | ||
18 | |||
19 | echo "TESTING: fs.print (fs-print.exp)" | ||
20 | ./fs-print.exp | ||
21 | |||
22 | echo "TESTING: dns.print (dns-print.exp)" | ||
23 | ./dns-print.exp | ||
24 | |||
25 | echo "TESTING: caps.print (caps-print.exp)" | ||
26 | ./caps-print.exp | ||
27 | |||
28 | echo "TESTING: seccomp.print (seccomp-print.exp)" | ||
29 | ./seccomp-print.exp | ||
30 | |||
31 | echo "TESTING: protocol.print (protocol-print.exp)" | ||
32 | ./protocol-print.exp | ||
33 | |||
34 | echo "TESTING: sound (sound.exp)" | ||
35 | ./sound.exp | ||
36 | |||
37 | echo "TESTING: nice (nice.exp)" | ||
38 | ./nice.exp | ||
39 | |||
40 | echo "TESTING: tty (tty.exp)" | 10 | echo "TESTING: tty (tty.exp)" |
41 | ./tty.exp | 11 | ./tty.exp |
42 | 12 | ||
43 | echo "TESTING: protocol (protocol.exp)" | ||
44 | ./protocol.exp | ||
45 | |||
46 | echo "TESTING: invalid filename (invalid_filename.exp)" | ||
47 | ./invalid_filename.exp | ||
48 | |||
49 | echo "TESTING: environment variables (env.exp)" | ||
50 | ./env.exp | ||
51 | |||
52 | echo "TESTING: whitelist empty (whitelist-empty.exp)" | ||
53 | ./whitelist-empty.exp | ||
54 | |||
55 | echo "TESTING: ignore command (ignore.exp)" | ||
56 | ./ignore.exp | ||
57 | |||
58 | echo "TESTING: private-etc (private-etc.exp)" | ||
59 | ./private-etc.exp | ||
60 | |||
61 | echo "TESTING: private-bin (private-bin.exp)" | ||
62 | ./private-bin.exp | ||
63 | |||
64 | echo "TESTING: private whitelist (private-whitelist.exp)" | ||
65 | echo "TESTING: failing on OpenSUSE" | ||
66 | ./private-whitelist.exp | ||
67 | |||
68 | sleep 1 | 13 | sleep 1 |
69 | rm -fr dir\ with\ space | 14 | rm -fr dir\ with\ space |
70 | mkdir dir\ with\ space | 15 | mkdir dir\ with\ space |
@@ -82,102 +27,9 @@ rm -fr auto2 | |||
82 | rm -fr auto3 | 27 | rm -fr auto3 |
83 | rm -fr auto4 | 28 | rm -fr auto4 |
84 | 29 | ||
85 | |||
86 | echo "TESTING: version (option_version.exp)" | ||
87 | ./option_version.exp | ||
88 | |||
89 | echo "TESTING: help (option_help.exp)" | ||
90 | ./option_help.exp | ||
91 | |||
92 | echo "TESTING: man (option_man.exp)" | ||
93 | ./option_man.exp | ||
94 | |||
95 | echo "TESTING: list (option_list.exp)" | ||
96 | ./option_list.exp | ||
97 | |||
98 | echo "TESTING: tree (option_tree.exp)" | ||
99 | ./option_tree.exp | ||
100 | |||
101 | if [ -f /proc/self/uid_map ]; | ||
102 | then | ||
103 | echo "TESTING: noroot (noroot.exp)" | ||
104 | ./noroot.exp | ||
105 | else | ||
106 | echo "TESTING: user namespaces not available" | ||
107 | fi | ||
108 | |||
109 | echo "TESTING: doubledash" | ||
110 | mkdir -- -testdir | ||
111 | touch -- -testdir/ttt | ||
112 | cp -- /bin/bash -testdir/. | ||
113 | ./doubledash.exp | ||
114 | rm -fr -- -testdir | ||
115 | |||
116 | echo "TESTING: trace1 (option-trace.exp)" | ||
117 | ./option-trace.exp | ||
118 | |||
119 | echo "TESTING: trace2 (trace.exp)" | ||
120 | rm -f index.html* | ||
121 | ./trace.exp | ||
122 | rm -f index.html* | ||
123 | |||
124 | echo "TESTING: extract command (extract_command.exp)" | ||
125 | ./extract_command.exp | ||
126 | |||
127 | echo "TESTING: kmsg access (kmsg.exp)" | ||
128 | ./kmsg.exp | ||
129 | |||
130 | echo "TESTING: rlimit (option_rlimit.exp)" | ||
131 | ./option_rlimit.exp | ||
132 | |||
133 | echo "TESTING: shutdown (option_shutdown.exp)" | ||
134 | ./option-shutdown.exp | ||
135 | |||
136 | echo "TESTING: shutdown2 (option_shutdown2.exp)" | ||
137 | ./option-shutdown2.exp | ||
138 | |||
139 | echo "TESTING: shutdown3 (option_shutdown3.exp)" | ||
140 | ./option-shutdown3.exp | ||
141 | |||
142 | echo "TESTING: shutdown4 (option_shutdown4.exp)" | ||
143 | ./option-shutdown4.exp | ||
144 | |||
145 | echo "TESTING: join (option-join.exp)" | ||
146 | ./option-join.exp | ||
147 | |||
148 | echo "TESTING: join2 (option-join2.exp)" | ||
149 | ./option-join2.exp | ||
150 | |||
151 | echo "TESTING: join3 (option-join3.exp)" | ||
152 | ./option-join3.exp | ||
153 | |||
154 | echo "TESTING: join profile (option-join-profile.exp)" | ||
155 | ./option-join-profile.exp | ||
156 | |||
157 | echo "TESTING: firejail in firejail - single sandbox (firejail-in-firejail.exp)" | ||
158 | ./firejail-in-firejail.exp | ||
159 | |||
160 | echo "TESTING: firejail in firejail - force new sandbox (firejail-in-firejail2.exp)" | ||
161 | ./firejail-in-firejail2.exp | ||
162 | |||
163 | echo "TESTING: chroot overlay (option_chroot_overlay.exp)" | 30 | echo "TESTING: chroot overlay (option_chroot_overlay.exp)" |
164 | ./option_chroot_overlay.exp | 31 | ./option_chroot_overlay.exp |
165 | 32 | ||
166 | echo "TESTING: blacklist directory (option_blacklist.exp)" | ||
167 | ./option_blacklist.exp | ||
168 | |||
169 | echo "TESTING: blacklist file (opiton_blacklist_file.exp)" | ||
170 | ./option_blacklist_file.exp | ||
171 | |||
172 | echo "TESTING: bind as user (option_bind_user.exp)" | ||
173 | ./option_bind_user.exp | ||
174 | |||
175 | if [ -d /home/bingo ]; | ||
176 | then | ||
177 | echo "TESTING: home sanitize (opiton_version.exp)" | ||
178 | ./option_version.exp | ||
179 | fi | ||
180 | |||
181 | echo "TESTING: chroot as user (fs_chroot.exp)" | 33 | echo "TESTING: chroot as user (fs_chroot.exp)" |
182 | ./fs_chroot.exp | 34 | ./fs_chroot.exp |
183 | 35 | ||
@@ -190,47 +42,7 @@ ls -al > tmpreadonly | |||
190 | sleep 5 | 42 | sleep 5 |
191 | rm -f tmpreadonly | 43 | rm -f tmpreadonly |
192 | 44 | ||
193 | echo "TESTING: zsh (shell_zsh.exp)" | ||
194 | ./shell_zsh.exp | ||
195 | |||
196 | echo "TESTING: csh (shell_csh.exp)" | ||
197 | ./shell_csh.exp | ||
198 | |||
199 | which dash | ||
200 | if [ "$?" -eq 0 ]; | ||
201 | then | ||
202 | echo "TESTING: dash (shell_dash.exp)" | ||
203 | ./shell_dash.exp | ||
204 | else | ||
205 | echo "TESTING: dash not found" | ||
206 | fi | ||
207 | |||
208 | ./test-apps.sh | ||
209 | ./test-apps-x11.sh | ||
210 | |||
211 | echo "TESTING: PID (pid.exp)" | ||
212 | ./pid.exp | ||
213 | |||
214 | echo "TESTING: output (output.exp)" | ||
215 | ./output.exp | ||
216 | |||
217 | echo "TESTING: profile no permissions (profile_noperm.exp)" | ||
218 | ./profile_noperm.exp | ||
219 | |||
220 | echo "TESTING: profile syntax (profile_syntax.exp)" | ||
221 | ./profile_syntax.exp | ||
222 | |||
223 | echo "TESTING: profile syntax 2 (profile_syntax2.exp)" | ||
224 | ./profile_syntax2.exp | ||
225 | |||
226 | echo "TESTING: profile rlimit (profile_rlimit.exp)" | ||
227 | ./profile_rlimit.exp | ||
228 | 45 | ||
229 | echo "TESTING: profile read-only (profile_readonly.exp)" | ||
230 | ./profile_readonly.exp | ||
231 | |||
232 | echo "TESTING: private (private.exp)" | ||
233 | ./private.exp `whoami` | ||
234 | 46 | ||
235 | echo "TESTING: private directory (private_dir.exp)" | 47 | echo "TESTING: private directory (private_dir.exp)" |
236 | rm -fr dirprivate | 48 | rm -fr dirprivate |
@@ -247,113 +59,13 @@ rm -fr dirprivate | |||
247 | echo "TESTING: overlayfs (fs_overlay.exp)" | 59 | echo "TESTING: overlayfs (fs_overlay.exp)" |
248 | ./fs_overlay.exp | 60 | ./fs_overlay.exp |
249 | 61 | ||
250 | echo "TESTING: seccomp debug (seccomp-debug.exp)" | ||
251 | ./seccomp-debug.exp | ||
252 | |||
253 | echo "TESTING: seccomp errno (seccomp-errno.exp)" | ||
254 | ./seccomp-errno.exp | ||
255 | |||
256 | echo "TESTING: seccomp su (seccomp-su.exp)" | ||
257 | ./seccomp-su.exp | ||
258 | |||
259 | echo "TESTING: seccomp ptrace (seccomp-ptrace.exp)" | ||
260 | ./seccomp-ptrace.exp | ||
261 | |||
262 | echo "TESTING: seccomp chmod - seccomp lists (seccomp-chmod.exp)" | ||
263 | ./seccomp-chmod.exp | ||
264 | |||
265 | echo "TESTING: seccomp chmod profile - seccomp lists (seccomp-chmod-profile.exp)" | ||
266 | ./seccomp-chmod-profile.exp | ||
267 | |||
268 | echo "TESTING: seccomp empty (seccomp-empty.exp)" | ||
269 | ./seccomp-empty.exp | ||
270 | |||
271 | echo "TESTING: seccomp bad empty (seccomp-bad-empty.exp)" | ||
272 | ./seccomp-bad-empty.exp | ||
273 | |||
274 | echo "TESTING: seccomp dual filter (seccomp-dualfilter.exp)" | ||
275 | ./seccomp-dualfilter.exp | ||
276 | |||
277 | echo "TESTING: read/write /var/tmp (fs_var_tmp.exp)" | ||
278 | ./fs_var_tmp.exp | ||
279 | |||
280 | echo "TESTING: read/write /var/lock (fs_var_lock.exp)" | ||
281 | ./fs_var_lock.exp | ||
282 | |||
283 | echo "TESTING: read/write /dev/shm (fs_dev_shm.exp)" | ||
284 | ./fs_dev_shm.exp | ||
285 | |||
286 | echo "TESTING: quiet (quiet.exp)" | ||
287 | ./quiet.exp | ||
288 | |||
289 | echo "TESTING: IPv6 support (ip6.exp)" | ||
290 | echo "TESTING: broken on Centos - todo" | ||
291 | ./ip6.exp | ||
292 | |||
293 | echo "TESTING: local network (net_local.exp)" | ||
294 | ./net_local.exp | ||
295 | |||
296 | echo "TESTING: no network (net_none.exp)" | ||
297 | ./net_none.exp | ||
298 | |||
299 | echo "TESTING: network IP (net_ip.exp)" | ||
300 | ./net_ip.exp | ||
301 | |||
302 | echo "TESTING: network MAC (net_mac.exp)" | ||
303 | sleep 2 | ||
304 | ./net_mac.exp | ||
305 | |||
306 | echo "TESTING: network MTU (net_mtu.exp)" | ||
307 | ./net_mtu.exp | ||
308 | |||
309 | echo "TESTING: network hostname (hostname.exp)" | ||
310 | ./hostname.exp | ||
311 | |||
312 | echo "TESTING: network bad IP (net_badip.exp)" | ||
313 | ./net_badip.exp | ||
314 | |||
315 | echo "TESTING: network no IP test 1 (net_noip.exp)" | ||
316 | ./net_noip.exp | ||
317 | |||
318 | echo "TESTING: network no IP test 2 (net_noip2.exp)" | ||
319 | ./net_noip2.exp | ||
320 | |||
321 | echo "TESTING: network default gateway test 1 (net_defaultgw.exp)" | ||
322 | ./net_defaultgw.exp | ||
323 | |||
324 | echo "TESTING: network default gateway test 2 (net_defaultgw2.exp)" | ||
325 | ./net_defaultgw2.exp | ||
326 | |||
327 | echo "TESTING: network default gateway test 3 (net_defaultgw3.exp)" | ||
328 | ./net_defaultgw3.exp | ||
329 | |||
330 | echo "TESTING: netfilter (net_netfilter.exp)" | ||
331 | ./net_netfilter.exp | ||
332 | |||
333 | echo "TESTING: 4 bridges ARP (4bridges_arp.exp)" | ||
334 | ./4bridges_arp.exp | ||
335 | |||
336 | echo "TESTING: 4 bridges IP (4bridges_ip.exp)" | ||
337 | ./4bridges_ip.exp | ||
338 | |||
339 | echo "TESTING: login SSH (login_ssh.exp)" | 62 | echo "TESTING: login SSH (login_ssh.exp)" |
340 | ./login_ssh.exp | 63 | ./login_ssh.exp |
341 | 64 | ||
342 | echo "TESTING: ARP (net_arp.exp)" | ||
343 | ./net_arp.exp | ||
344 | |||
345 | echo "TESTING: DNS (dns.exp)" | ||
346 | ./dns.exp | ||
347 | |||
348 | echo "TESTING: firemon --arp (firemon-arp.exp)" | 65 | echo "TESTING: firemon --arp (firemon-arp.exp)" |
349 | ./firemon-arp.exp | 66 | ./firemon-arp.exp |
350 | 67 | ||
351 | echo "TESTING: firemon --route (firemon-route.exp)" | 68 | echo "TESTING: firemon --route (firemon-route.exp)" |
352 | ./firemon-route.exp | 69 | ./firemon-route.exp |
353 | 70 | ||
354 | echo "TESTING: firemon --seccomp (firemon-seccomp.exp)" | ||
355 | ./firemon-seccomp.exp | ||
356 | |||
357 | echo "TESTING: firemon --caps (firemon-caps.exp)" | ||
358 | ./firemon-caps.exp | ||
359 | 71 | ||
diff --git a/test/tmpfs.profile b/test/tmpfs.profile deleted file mode 100644 index 0680f4d69..000000000 --- a/test/tmpfs.profile +++ /dev/null | |||
@@ -1 +0,0 @@ | |||
1 | tmpfs /tmp/firejailtestdir \ No newline at end of file | ||
diff --git a/test/utils/audit.exp b/test/utils/audit.exp new file mode 100755 index 000000000..931b46981 --- /dev/null +++ b/test/utils/audit.exp | |||
@@ -0,0 +1,79 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --audit\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Firejail Audit" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 1\n";exit} | ||
17 | "is running in a PID namespace" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "container/sandbox firejail" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 3\n";exit} | ||
25 | "seccomp BPF enabled" | ||
26 | } | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 4\n";exit} | ||
29 | "all capabilities are disabled" | ||
30 | } | ||
31 | expect { | ||
32 | timeout {puts "TESTING ERROR 5\n";exit} | ||
33 | "dev directory seems to be fully populated" | ||
34 | } | ||
35 | after 100 | ||
36 | |||
37 | |||
38 | send -- "firejail --audit=/usr/lib/firejail/faudit\r" | ||
39 | expect { | ||
40 | timeout {puts "TESTING ERROR 6\n";exit} | ||
41 | "Firejail Audit" | ||
42 | } | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 7\n";exit} | ||
45 | "is running in a PID namespace" | ||
46 | } | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 8\n";exit} | ||
49 | "container/sandbox firejail" | ||
50 | } | ||
51 | expect { | ||
52 | timeout {puts "TESTING ERROR 9\n";exit} | ||
53 | "seccomp BPF enabled" | ||
54 | } | ||
55 | expect { | ||
56 | timeout {puts "TESTING ERROR 10\n";exit} | ||
57 | "all capabilities are disabled" | ||
58 | } | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 11\n";exit} | ||
61 | "dev directory seems to be fully populated" | ||
62 | } | ||
63 | after 100 | ||
64 | |||
65 | send -- "firejail --audit=blablabla\r" | ||
66 | expect { | ||
67 | timeout {puts "TESTING ERROR 12\n";exit} | ||
68 | "cannot find the audit program" | ||
69 | } | ||
70 | after 100 | ||
71 | |||
72 | send -- "firejail --audit=\r" | ||
73 | expect { | ||
74 | timeout {puts "TESTING ERROR 12\n";exit} | ||
75 | "invalid audit program" | ||
76 | } | ||
77 | after 100 | ||
78 | |||
79 | puts "\nall done\n" | ||
diff --git a/test/caps-print.exp b/test/utils/caps-print.exp index 39e5ec50a..fa5239da2 100755 --- a/test/caps-print.exp +++ b/test/utils/caps-print.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -25,5 +28,5 @@ expect { | |||
25 | timeout {puts "TESTING ERROR 3\n";exit} | 28 | timeout {puts "TESTING ERROR 3\n";exit} |
26 | "net_raw - disabled" | 29 | "net_raw - disabled" |
27 | } | 30 | } |
28 | sleep 1 | 31 | after 100 |
29 | puts "\nall done\n" | 32 | puts "\nall done\n" |
diff --git a/test/caps1.profile b/test/utils/caps1.profile index e14655b2e..e14655b2e 100644 --- a/test/caps1.profile +++ b/test/utils/caps1.profile | |||
diff --git a/test/caps2.profile b/test/utils/caps2.profile index cb2258c52..cb2258c52 100644 --- a/test/caps2.profile +++ b/test/utils/caps2.profile | |||
diff --git a/test/catchsignal-master.sh b/test/utils/catchsignal-master.sh index 62a1801cc..62a1801cc 100755 --- a/test/catchsignal-master.sh +++ b/test/utils/catchsignal-master.sh | |||
diff --git a/test/catchsignal.sh b/test/utils/catchsignal.sh index 87a1d0adf..87a1d0adf 100755 --- a/test/catchsignal.sh +++ b/test/utils/catchsignal.sh | |||
diff --git a/test/catchsignal2.sh b/test/utils/catchsignal2.sh index 424350397..424350397 100755 --- a/test/catchsignal2.sh +++ b/test/utils/catchsignal2.sh | |||
diff --git a/test/cpu-print.exp b/test/utils/cpu-print.exp index d8e3fbb04..ca2e57313 100755 --- a/test/cpu-print.exp +++ b/test/utils/cpu-print.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -17,5 +20,5 @@ expect { | |||
17 | timeout {puts "TESTING ERROR 1\n";exit} | 20 | timeout {puts "TESTING ERROR 1\n";exit} |
18 | "Cpus_allowed_list: 1-2" | 21 | "Cpus_allowed_list: 1-2" |
19 | } | 22 | } |
20 | sleep 1 | 23 | after 100 |
21 | puts "\nall done\n" | 24 | puts "\nall done\n" |
diff --git a/test/dns-print.exp b/test/utils/dns-print.exp index ee7b08e5e..406ab5149 100755 --- a/test/dns-print.exp +++ b/test/utils/dns-print.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -17,5 +20,5 @@ expect { | |||
17 | timeout {puts "TESTING ERROR 1\n";exit} | 20 | timeout {puts "TESTING ERROR 1\n";exit} |
18 | "nameserver 1.2.3.4" | 21 | "nameserver 1.2.3.4" |
19 | } | 22 | } |
20 | sleep 1 | 23 | after 100 |
21 | puts "\nall done\n" | 24 | puts "\nall done\n" |
diff --git a/test/firemon-caps.exp b/test/utils/firemon-caps.exp index 3dd6384db..76aa13725 100755 --- a/test/firemon-caps.exp +++ b/test/utils/firemon-caps.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -63,6 +66,7 @@ spawn $env(SHELL) | |||
63 | send -- "firemon --caps\r" | 66 | send -- "firemon --caps\r" |
64 | expect { | 67 | expect { |
65 | timeout {puts "TESTING ERROR 8.1\n";exit} | 68 | timeout {puts "TESTING ERROR 8.1\n";exit} |
69 | "need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit} | ||
66 | "bingo1" | 70 | "bingo1" |
67 | } | 71 | } |
68 | expect { | 72 | expect { |
diff --git a/test/utils/firemon-cgroup.exp b/test/utils/firemon-cgroup.exp new file mode 100755 index 000000000..b1ab083ae --- /dev/null +++ b/test/utils/firemon-cgroup.exp | |||
@@ -0,0 +1,41 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test1\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | spawn $env(SHELL) | ||
18 | send -- "firejail --name=test2\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1\n";exit} | ||
21 | "Child process initialized" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | spawn $env(SHELL) | ||
26 | send -- "firemon --cgroup\r" | ||
27 | sleep 4 | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 2\n";exit} | ||
30 | "need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit} | ||
31 | "name=test1" | ||
32 | } | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 3\n";exit} | ||
35 | "name=test2" | ||
36 | } | ||
37 | |||
38 | after 100 | ||
39 | |||
40 | puts "\nall done\n" | ||
41 | |||
diff --git a/test/seccomp-dualfilter.exp b/test/utils/firemon-cpu.exp index afdf8a53a..00156c909 100755 --- a/test/seccomp-dualfilter.exp +++ b/test/utils/firemon-cpu.exp | |||
@@ -1,38 +1,44 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
5 | match_max 100000 | 8 | match_max 100000 |
6 | 9 | ||
7 | send -- "firejail ../src/tools/syscall_test mount\r" | 10 | send -- "firejail --name=test1\r" |
8 | expect { | 11 | expect { |
9 | timeout {puts "TESTING ERROR 0\n";exit} | 12 | timeout {puts "TESTING ERROR 0\n";exit} |
10 | "Child process initialized" | 13 | "Child process initialized" |
11 | } | 14 | } |
15 | sleep 1 | ||
16 | |||
17 | spawn $env(SHELL) | ||
18 | send -- "firejail --name=test2\r" | ||
12 | expect { | 19 | expect { |
13 | timeout {puts "TESTING ERROR 1\n";exit} | 20 | timeout {puts "TESTING ERROR 1\n";exit} |
14 | "before mount" | 21 | "Child process initialized" |
15 | } | 22 | } |
23 | sleep 1 | ||
24 | |||
25 | spawn $env(SHELL) | ||
26 | send -- "firemon --cpu\r" | ||
16 | expect { | 27 | expect { |
17 | timeout {puts "TESTING ERROR 2\n";exit} | 28 | timeout {puts "TESTING ERROR 2\n";exit} |
18 | "after mount" {puts "TESTING ERROR 2.1\n";exit} | 29 | "need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit} |
19 | "Parent is shutting down" | 30 | "name=test1" |
20 | } | 31 | } |
21 | sleep 1 | ||
22 | |||
23 | send -- "firejail ../src/tools/syscall_test32 mount\r" | ||
24 | expect { | 32 | expect { |
25 | timeout {puts "TESTING ERROR 3\n";exit} | 33 | timeout {puts "TESTING ERROR 3\n";exit} |
26 | "Child process initialized" | 34 | "Cpus_allowed_list" |
27 | } | 35 | } |
28 | expect { | 36 | expect { |
29 | timeout {puts "TESTING ERROR 4\n";exit} | 37 | timeout {puts "TESTING ERROR 4\n";exit} |
30 | "before mount" | 38 | "name=test2" |
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 5\n";exit} | ||
34 | "after mount" {puts "TESTING ERROR 5.1\n";exit} | ||
35 | "Parent is shutting down" | ||
36 | } | 39 | } |
37 | 40 | ||
41 | after 100 | ||
42 | |||
38 | puts "\nall done\n" | 43 | puts "\nall done\n" |
44 | |||
diff --git a/test/utils/firemon-interface.exp b/test/utils/firemon-interface.exp new file mode 100755 index 000000000..edafd1639 --- /dev/null +++ b/test/utils/firemon-interface.exp | |||
@@ -0,0 +1,18 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firemon --interface\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "you need to be root" | ||
14 | } | ||
15 | after 100 | ||
16 | |||
17 | puts "\nall done\n" | ||
18 | |||
diff --git a/test/utils/firemon-name.exp b/test/utils/firemon-name.exp new file mode 100755 index 000000000..c5dbfabab --- /dev/null +++ b/test/utils/firemon-name.exp | |||
@@ -0,0 +1,28 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | spawn $env(SHELL) | ||
18 | send -- "firemon --cpu --name=test\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 2\n";exit} | ||
21 | "need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit} | ||
22 | "Cpus_allowed_list" | ||
23 | } | ||
24 | |||
25 | after 100 | ||
26 | |||
27 | puts "\nall done\n" | ||
28 | |||
diff --git a/test/firemon-seccomp.exp b/test/utils/firemon-seccomp.exp index 55817faf3..26c478344 100755 --- a/test/firemon-seccomp.exp +++ b/test/utils/firemon-seccomp.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -26,6 +29,7 @@ spawn $env(SHELL) | |||
26 | send -- "firemon --seccomp\r" | 29 | send -- "firemon --seccomp\r" |
27 | expect { | 30 | expect { |
28 | timeout {puts "TESTING ERROR 1\n";exit} | 31 | timeout {puts "TESTING ERROR 1\n";exit} |
32 | "need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit} | ||
29 | "bingo1" | 33 | "bingo1" |
30 | } | 34 | } |
31 | expect { | 35 | expect { |
@@ -37,7 +41,7 @@ expect { | |||
37 | "bingo2" | 41 | "bingo2" |
38 | } | 42 | } |
39 | expect { | 43 | expect { |
40 | timeout {puts "TESTING ERROR 3\n";exit} | 44 | timeout {puts "TESTING ERROR 4\n";exit} |
41 | "Seccomp: 0" | 45 | "Seccomp: 0" |
42 | } | 46 | } |
43 | after 100 | 47 | after 100 |
diff --git a/test/utils/firemon-version.exp b/test/utils/firemon-version.exp new file mode 100755 index 000000000..639c15c29 --- /dev/null +++ b/test/utils/firemon-version.exp | |||
@@ -0,0 +1,18 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firemon --version\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "firemon version" | ||
14 | } | ||
15 | after 100 | ||
16 | |||
17 | puts "\nall done\n" | ||
18 | |||
diff --git a/test/fs-print.exp b/test/utils/fs-print.exp index 48056a3bf..4d4ceb718 100755 --- a/test/fs-print.exp +++ b/test/utils/fs-print.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -25,5 +28,5 @@ expect { | |||
25 | timeout {puts "TESTING ERROR 3\n";exit} | 28 | timeout {puts "TESTING ERROR 3\n";exit} |
26 | "blacklist /proc/kmsg" | 29 | "blacklist /proc/kmsg" |
27 | } | 30 | } |
28 | sleep 1 | 31 | after 100 |
29 | puts "\nall done\n" | 32 | puts "\nall done\n" |
diff --git a/test/option_help.exp b/test/utils/help.exp index f4518219c..5b9864578 100755 --- a/test/option_help.exp +++ b/test/utils/help.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
diff --git a/test/firemon-interface.exp b/test/utils/join-profile.exp index 6a82ae41e..a2078c2f6 100755 --- a/test/firemon-interface.exp +++ b/test/utils/join-profile.exp | |||
@@ -4,31 +4,32 @@ set timeout 10 | |||
4 | spawn $env(SHELL) | 4 | spawn $env(SHELL) |
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
7 | send -- "firejail\r" | 7 | |
8 | send -- "firejail --profile=name.profile\r" | ||
8 | expect { | 9 | expect { |
9 | timeout {puts "TESTING ERROR 0\n";exit} | 10 | timeout {puts "TESTING ERROR 0\n";exit} |
10 | "Child process initialized" | 11 | "Child process initialized" |
11 | } | 12 | } |
12 | sleep 1 | 13 | sleep 2 |
13 | 14 | ||
14 | spawn $env(SHELL) | 15 | spawn $env(SHELL) |
15 | send -- "firemon --interface\r" | 16 | send -- "firejail --join=jointesting\r" |
16 | expect { | 17 | expect { |
17 | timeout {puts "TESTING ERROR 1\n";exit} | 18 | timeout {puts "TESTING ERROR 1\n";exit} |
18 | "lo UP" | 19 | "Switching to pid" |
19 | } | 20 | } |
21 | sleep 1 | ||
22 | send -- "ps aux\r" | ||
20 | expect { | 23 | expect { |
21 | timeout {puts "TESTING ERROR 2\n";exit} | 24 | timeout {puts "TESTING ERROR 2\n";exit} |
22 | "10.10.20.1/29" | 25 | "/bin/bash" |
23 | } | ||
24 | expect { | ||
25 | timeout {puts "TESTING ERROR 3\n";exit} | ||
26 | "10.10.50.1/24" | ||
27 | } | 26 | } |
28 | expect { | 27 | expect { |
29 | timeout {puts "TESTING ERROR 3\n";exit} | 28 | timeout {puts "TESTING ERROR 3\n";exit} |
30 | "br3" | 29 | "/bin/bash" |
31 | } | 30 | } |
32 | sleep 1 | ||
33 | 31 | ||
34 | puts "\n" | 32 | send -- "exit" |
33 | after 100 | ||
34 | |||
35 | puts "\nall done\n" | ||
diff --git a/test/utils/join.exp b/test/utils/join.exp new file mode 100755 index 000000000..79fe99f2d --- /dev/null +++ b/test/utils/join.exp | |||
@@ -0,0 +1,51 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | cd /home | ||
8 | spawn $env(SHELL) | ||
9 | match_max 100000 | ||
10 | |||
11 | send -- "firejail --name=jointesting --cpu=0 --nice=2\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 2 | ||
17 | |||
18 | spawn $env(SHELL) | ||
19 | send -- "firejail --join=jointesting\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "Switching to pid" | ||
23 | } | ||
24 | sleep 1 | ||
25 | send -- "ps aux\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 2\n";exit} | ||
28 | "/bin/bash" | ||
29 | } | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 3\n";exit} | ||
32 | "/bin/bash" | ||
33 | } | ||
34 | |||
35 | send -- "exit\r" | ||
36 | sleep 1 | ||
37 | send -- "firejail --join-network=jointesting\r" | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 4\n";exit} | ||
40 | "is only available to root user" | ||
41 | } | ||
42 | after 100 | ||
43 | send -- "firejail --join-filesystem=jointesting\r" | ||
44 | expect { | ||
45 | timeout {puts "TESTING ERROR 5\n";exit} | ||
46 | "is only available to root user" | ||
47 | } | ||
48 | |||
49 | after 100 | ||
50 | |||
51 | puts "\nall done\n" | ||
diff --git a/test/utils/join2.exp b/test/utils/join2.exp new file mode 100755 index 000000000..5895eb730 --- /dev/null +++ b/test/utils/join2.exp | |||
@@ -0,0 +1,38 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | cd /home | ||
8 | spawn $env(SHELL) | ||
9 | match_max 100000 | ||
10 | |||
11 | send -- "firejail --name=\"join testing\"\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 2 | ||
17 | |||
18 | spawn $env(SHELL) | ||
19 | send -- "firejail --join=\"join testing\"\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "Switching to pid" | ||
23 | } | ||
24 | sleep 1 | ||
25 | send -- "ps aux\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 2\n";exit} | ||
28 | "/bin/bash" | ||
29 | } | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 3\n";exit} | ||
32 | "/bin/bash" | ||
33 | } | ||
34 | |||
35 | send -- "exit" | ||
36 | after 100 | ||
37 | |||
38 | puts "\nall done\n" | ||
diff --git a/test/utils/join3.exp b/test/utils/join3.exp new file mode 100755 index 000000000..3ccc47bf9 --- /dev/null +++ b/test/utils/join3.exp | |||
@@ -0,0 +1,38 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | cd /home | ||
8 | spawn $env(SHELL) | ||
9 | match_max 100000 | ||
10 | |||
11 | send -- "firejail --name=join\\ testing\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 2 | ||
17 | |||
18 | spawn $env(SHELL) | ||
19 | send -- "firejail --join=join\\ testing\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "Switching to pid" | ||
23 | } | ||
24 | sleep 1 | ||
25 | send -- "ps aux\r" | ||
26 | expect { | ||
27 | timeout {puts "TESTING ERROR 2\n";exit} | ||
28 | "/bin/bash" | ||
29 | } | ||
30 | expect { | ||
31 | timeout {puts "TESTING ERROR 3\n";exit} | ||
32 | "/bin/bash" | ||
33 | } | ||
34 | |||
35 | send -- "exit" | ||
36 | after 100 | ||
37 | |||
38 | puts "\nall done\n" | ||
diff --git a/test/firemon-arp.exp b/test/utils/join4.exp index 3fc8c2aee..c367dd770 100755 --- a/test/firemon-arp.exp +++ b/test/utils/join4.exp | |||
@@ -1,34 +1,38 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
7 | cd /home | ||
4 | spawn $env(SHELL) | 8 | spawn $env(SHELL) |
5 | match_max 100000 | 9 | match_max 100000 |
6 | 10 | ||
7 | send -- "ping -c 3 192.168.1.1\r" | 11 | send -- "firejail --name=123test\r" |
8 | expect { | 12 | expect { |
9 | timeout {puts "TESTING ERROR 0\n";exit} | 13 | timeout {puts "TESTING ERROR 0\n";exit} |
10 | "3 packets transmitted" | 14 | "Child process initialized" |
11 | } | 15 | } |
12 | sleep 1 | 16 | sleep 2 |
13 | 17 | ||
14 | send -- "firejail\r" | 18 | spawn $env(SHELL) |
19 | send -- "firejail --join=123test\r" | ||
15 | expect { | 20 | expect { |
16 | timeout {puts "TESTING ERROR 1\n";exit} | 21 | timeout {puts "TESTING ERROR 1\n";exit} |
17 | "Child process initialized" | 22 | "Switching to pid" |
18 | } | 23 | } |
19 | sleep 1 | 24 | sleep 1 |
20 | 25 | send -- "ps aux\r" | |
21 | spawn $env(SHELL) | ||
22 | send -- "firemon --arp\r" | ||
23 | expect { | 26 | expect { |
24 | timeout {puts "TESTING ERROR 2\n";exit} | 27 | timeout {puts "TESTING ERROR 2\n";exit} |
25 | "192.168.1.1 dev eth0 lladdr" {puts "Debian testing\n";} | 28 | "/bin/bash" |
26 | "192.168.1.1 dev enp0s3 lladdr" {puts "Centos 7 testing\n";} | ||
27 | } | 29 | } |
28 | expect { | 30 | expect { |
29 | timeout {puts "TESTING ERROR 3\n";exit} | 31 | timeout {puts "TESTING ERROR 3\n";exit} |
30 | "REACHABLE" | 32 | "/bin/bash" |
31 | } | 33 | } |
32 | sleep 1 | ||
33 | 34 | ||
34 | puts "\n" | 35 | send -- "exit" |
36 | after 100 | ||
37 | |||
38 | puts "\nall done\n" | ||
diff --git a/test/option_list.exp b/test/utils/list.exp index b9c73e52b..69db1f568 100755 --- a/test/option_list.exp +++ b/test/utils/list.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
diff --git a/test/ls.exp b/test/utils/ls.exp index 5fe6d79c6..ff6867c51 100755 --- a/test/ls.exp +++ b/test/utils/ls.exp | |||
@@ -3,6 +3,8 @@ | |||
3 | set timeout 10 | 3 | set timeout 10 |
4 | spawn $env(SHELL) | 4 | spawn $env(SHELL) |
5 | match_max 100000 | 5 | match_max 100000 |
6 | set firstspawn $spawn_id | ||
7 | |||
6 | 8 | ||
7 | send -- "rm -f lstesting\r" | 9 | send -- "rm -f lstesting\r" |
8 | sleep 1 | 10 | sleep 1 |
@@ -11,11 +13,11 @@ expect { | |||
11 | timeout {puts "TESTING ERROR 0\n";exit} | 13 | timeout {puts "TESTING ERROR 0\n";exit} |
12 | "Child process initialized" | 14 | "Child process initialized" |
13 | } | 15 | } |
14 | sleep 2 | 16 | sleep 1 |
15 | send -- "echo my_testing > lstesting\r" | 17 | send -- "echo my_testing > ~/lstesting\r" |
16 | sleep 2 | 18 | after 100 |
17 | |||
18 | 19 | ||
20 | # ls | ||
19 | spawn $env(SHELL) | 21 | spawn $env(SHELL) |
20 | send -- "firejail --ls=test ~/.\r" | 22 | send -- "firejail --ls=test ~/.\r" |
21 | expect { | 23 | expect { |
@@ -23,19 +25,45 @@ expect { | |||
23 | "lstesting" | 25 | "lstesting" |
24 | } | 26 | } |
25 | sleep 1 | 27 | sleep 1 |
28 | |||
29 | # get | ||
26 | send -- "firejail --get=test ~/lstesting\r" | 30 | send -- "firejail --get=test ~/lstesting\r" |
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 1\n";exit} | ||
29 | "lstesting" | ||
30 | } | ||
31 | sleep 1 | 31 | sleep 1 |
32 | send -- "cat lstesting\r" | 32 | send -- "cat lstesting\r" |
33 | expect { | 33 | expect { |
34 | timeout {puts "TESTING ERROR 1\n";exit} | 34 | timeout {puts "TESTING ERROR 2n";exit} |
35 | "my_testing" | 35 | "my_testing" |
36 | } | 36 | } |
37 | after 100 | ||
38 | |||
39 | # put | ||
40 | send -- "echo put_test > ~/lstesting\r" | ||
41 | after 100 | ||
42 | send -- "firejail --put=test ~/lstesting ~/lstesting_2\r" | ||
37 | sleep 1 | 43 | sleep 1 |
38 | send -- "rm -f lstesting\r" | ||
39 | 44 | ||
45 | set spawn_id $firstspawn | ||
46 | send -- "ls -al ~\r" | ||
47 | expect { | ||
48 | timeout {puts "TESTING ERROR 3\n";exit} | ||
49 | "lstesting_2" | ||
50 | } | ||
51 | |||
52 | after 100 | ||
53 | send -- "cat ~/lstesting_2\r" | ||
54 | expect { | ||
55 | timeout {puts "TESTING ERROR 4\n";exit} | ||
56 | "put_test" | ||
57 | } | ||
58 | after 100 | ||
59 | send -- "exit\r" | ||
40 | sleep 1 | 60 | sleep 1 |
61 | |||
62 | |||
63 | |||
64 | |||
65 | |||
66 | send -- "rm -f lstesting\r" | ||
67 | |||
68 | after 100 | ||
41 | puts "\nall done\n" | 69 | puts "\nall done\n" |
diff --git a/test/option_man.exp b/test/utils/man.exp index d941a2432..d29f760b0 100755 --- a/test/option_man.exp +++ b/test/utils/man.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
diff --git a/test/name.profile b/test/utils/name.profile index 1aa9f2d64..1aa9f2d64 100644 --- a/test/name.profile +++ b/test/utils/name.profile | |||
diff --git a/test/protocol-print.exp b/test/utils/protocol-print.exp index 4d1ae34d6..b4b94ea93 100755 --- a/test/protocol-print.exp +++ b/test/utils/protocol-print.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -17,5 +20,5 @@ expect { | |||
17 | timeout {puts "TESTING ERROR 1\n";exit} | 20 | timeout {puts "TESTING ERROR 1\n";exit} |
18 | "unix,inet,inet6" | 21 | "unix,inet,inet6" |
19 | } | 22 | } |
20 | sleep 1 | 23 | after 100 |
21 | puts "\nall done\n" | 24 | puts "\nall done\n" |
diff --git a/test/seccomp-print.exp b/test/utils/seccomp-print.exp index b4e6ed35e..f6ff1e721 100755 --- a/test/seccomp-print.exp +++ b/test/utils/seccomp-print.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -29,5 +32,5 @@ expect { | |||
29 | timeout {puts "TESTING ERROR 4\n";exit} | 32 | timeout {puts "TESTING ERROR 4\n";exit} |
30 | "RETURN_ALLOW" | 33 | "RETURN_ALLOW" |
31 | } | 34 | } |
32 | sleep 1 | 35 | after 100 |
33 | puts "\nall done\n" | 36 | puts "\nall done\n" |
diff --git a/test/utils/shutdown.exp b/test/utils/shutdown.exp new file mode 100755 index 000000000..1ab231bf4 --- /dev/null +++ b/test/utils/shutdown.exp | |||
@@ -0,0 +1,49 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | cd /home | ||
8 | spawn $env(SHELL) | ||
9 | match_max 100000 | ||
10 | |||
11 | send -- "firejail --name=shutdowntesting\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 2 | ||
17 | |||
18 | spawn $env(SHELL) | ||
19 | send -- "firejail --shutdown=shutdowntesting; echo done\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 4\n";exit} | ||
22 | "done" | ||
23 | } | ||
24 | sleep 5 | ||
25 | |||
26 | spawn $env(SHELL) | ||
27 | send -- "firejail --list;echo done\r" | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 5\n";exit} | ||
30 | "shutdowntesting" {puts "TESTING ERROR 6\n";exit} | ||
31 | "done" | ||
32 | } | ||
33 | sleep 1 | ||
34 | |||
35 | send -- "firejail --shutdown=sutdowntesting\r" | ||
36 | expect { | ||
37 | timeout {puts "TESTING ERROR 5\n";exit} | ||
38 | "cannot find sandbox sutdowntesting" | ||
39 | } | ||
40 | after 100 | ||
41 | |||
42 | send -- "firejail --shutdown=10\r" | ||
43 | expect { | ||
44 | timeout {puts "TESTING ERROR 5\n";exit} | ||
45 | "this is not a firejail sandbox" | ||
46 | } | ||
47 | after 100 | ||
48 | |||
49 | puts "\nall done\n" | ||
diff --git a/test/option-shutdown2.exp b/test/utils/shutdown2.exp index 403bc30be..777a73ec9 100755 --- a/test/option-shutdown2.exp +++ b/test/utils/shutdown2.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -37,6 +40,6 @@ expect { | |||
37 | timeout {puts "TESTING ERROR 5\n";exit} | 40 | timeout {puts "TESTING ERROR 5\n";exit} |
38 | "5" | 41 | "5" |
39 | } | 42 | } |
40 | sleep 1 | 43 | after 100 |
41 | 44 | ||
42 | puts "\nalldone\n" | 45 | puts "\nalldone\n" |
diff --git a/test/option-shutdown3.exp b/test/utils/shutdown3.exp index 0ef371cd8..a74fb3386 100755 --- a/test/option-shutdown3.exp +++ b/test/utils/shutdown3.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -57,6 +60,6 @@ expect { | |||
57 | timeout {puts "TESTING ERROR 10\n";exit} | 60 | timeout {puts "TESTING ERROR 10\n";exit} |
58 | "5" | 61 | "5" |
59 | } | 62 | } |
60 | sleep 1 | 63 | after 100 |
61 | 64 | ||
62 | puts "\nalldone\n" | 65 | puts "\nalldone\n" |
diff --git a/test/option-shutdown4.exp b/test/utils/shutdown4.exp index f188ec66d..2942ba3d5 100755 --- a/test/option-shutdown4.exp +++ b/test/utils/shutdown4.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -57,10 +60,6 @@ expect { | |||
57 | timeout {puts "TESTING ERROR 50\n";exit} | 60 | timeout {puts "TESTING ERROR 50\n";exit} |
58 | "50" | 61 | "50" |
59 | } | 62 | } |
60 | expect { | 63 | after 100 |
61 | timeout {puts "TESTING ERROR 60\n";exit} | ||
62 | "Killed" | ||
63 | } | ||
64 | sleep 1 | ||
65 | 64 | ||
66 | puts "\nalldone\n" | 65 | puts "\nalldone\n" |
diff --git a/test/utils/top.exp b/test/utils/top.exp new file mode 100755 index 000000000..d530e5a85 --- /dev/null +++ b/test/utils/top.exp | |||
@@ -0,0 +1,40 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail --name=test1\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Child process initialized" | ||
14 | } | ||
15 | sleep 1 | ||
16 | |||
17 | spawn $env(SHELL) | ||
18 | send -- "firejail --name=test2\r" | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 1\n";exit} | ||
21 | "Child process initialized" | ||
22 | } | ||
23 | sleep 1 | ||
24 | |||
25 | spawn $env(SHELL) | ||
26 | send -- "firejail --top\r" | ||
27 | sleep 4 | ||
28 | expect { | ||
29 | timeout {puts "TESTING ERROR 2\n";exit} | ||
30 | "name=test1" | ||
31 | } | ||
32 | expect { | ||
33 | timeout {puts "TESTING ERROR 2\n";exit} | ||
34 | "name=test2" | ||
35 | } | ||
36 | |||
37 | after 100 | ||
38 | |||
39 | puts "\nall done\n" | ||
40 | |||
diff --git a/test/trace.exp b/test/utils/trace.exp index 21dd6a559..78a04b273 100755 --- a/test/trace.exp +++ b/test/utils/trace.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 30 | 6 | set timeout 30 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
@@ -76,6 +79,7 @@ expect { | |||
76 | timeout {puts "TESTING ERROR 8.6\n";exit} | 79 | timeout {puts "TESTING ERROR 8.6\n";exit} |
77 | "wget:fopen64 index.html" {puts "OK\n";} | 80 | "wget:fopen64 index.html" {puts "OK\n";} |
78 | "wget:fopen index.html" {puts "OK\n";} | 81 | "wget:fopen index.html" {puts "OK\n";} |
82 | "Parent is shutting down" {puts "OK\n";} | ||
79 | } | 83 | } |
80 | sleep 1 | 84 | sleep 1 |
81 | 85 | ||
@@ -86,9 +90,26 @@ expect { | |||
86 | } | 90 | } |
87 | expect { | 91 | expect { |
88 | timeout {puts "TESTING ERROR 10\n";exit} | 92 | timeout {puts "TESTING ERROR 10\n";exit} |
89 | "rm:unlinkat index.html" | 93 | "rm:unlinkat index.html" {puts "OK\n";} |
94 | "Parent is shutting down" {puts "OK\n";} | ||
90 | } | 95 | } |
91 | sleep 1 | 96 | sleep 1 |
92 | 97 | ||
98 | send -- "firejail --trace\r" | ||
99 | expect { | ||
100 | timeout {puts "TESTING ERROR 11\n";exit} | ||
101 | "Child process initialized" | ||
102 | } | ||
103 | expect { | ||
104 | timeout {puts "TESTING ERROR 12\n";exit} | ||
105 | "bash:open /dev/tty" {puts "64bit\n"} | ||
106 | "bash:open64 /dev/tty" {puts "32bit\n"} | ||
107 | } | ||
108 | expect { | ||
109 | timeout {puts "TESTING ERROR 13\n";exit} | ||
110 | "bash:access /etc/terminfo/" {puts "debian\n"} | ||
111 | "bash:access /usr/share/terminfo/" {puts "arch\n"} | ||
112 | } | ||
113 | after 100 | ||
93 | 114 | ||
94 | puts "\nall done\n" | 115 | puts "\nall done\n" |
diff --git a/test/option_tree.exp b/test/utils/tree.exp index 1841907d1..a8ef763f1 100755 --- a/test/option_tree.exp +++ b/test/utils/tree.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
diff --git a/test/utils/utils.sh b/test/utils/utils.sh new file mode 100755 index 000000000..04702597f --- /dev/null +++ b/test/utils/utils.sh | |||
@@ -0,0 +1,114 @@ | |||
1 | #!/bin/bash | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | export MALLOC_CHECK_=3 | ||
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | ||
8 | |||
9 | echo "TESTING: audit (test/utils/audit.exp)" | ||
10 | ./audit.exp | ||
11 | |||
12 | echo "TESTING: version (test/utils/version.exp)" | ||
13 | ./version.exp | ||
14 | |||
15 | echo "TESTING: help (test/utils/help.exp)" | ||
16 | ./help.exp | ||
17 | |||
18 | which man | ||
19 | if [ "$?" -eq 0 ]; | ||
20 | then | ||
21 | echo "TESTING: man (test/utils/man.exp)" | ||
22 | ./man.exp | ||
23 | else | ||
24 | echo "TESTING SKIP: man not found" | ||
25 | fi | ||
26 | |||
27 | echo "TESTING: list (test/utils/list.exp)" | ||
28 | ./list.exp | ||
29 | |||
30 | echo "TESTING: tree (test/utils/tree.exp)" | ||
31 | ./tree.exp | ||
32 | |||
33 | if [ $(grep -c ^processor /proc/cpuinfo) -gt 1 ]; | ||
34 | then | ||
35 | echo "TESTING: cpu.print (test/utils/cpu-print.exp)" | ||
36 | ./cpu-print.exp | ||
37 | else | ||
38 | echo "TESTING SKIP: cpu.print, not enough CPUs" | ||
39 | fi | ||
40 | |||
41 | echo "TESTING: fs.print (test/utils/fs-print.exp)" | ||
42 | ./fs-print.exp | ||
43 | |||
44 | echo "TESTING: dns.print (test/utils/dns-print.exp)" | ||
45 | ./dns-print.exp | ||
46 | |||
47 | echo "TESTING: caps.print (test/utils/caps-print.exp)" | ||
48 | ./caps-print.exp | ||
49 | |||
50 | echo "TESTING: seccomp.print (test/utils/seccomp-print.exp)" | ||
51 | ./seccomp-print.exp | ||
52 | |||
53 | echo "TESTING: protocol.print (test/utils/protocol-print.exp)" | ||
54 | ./protocol-print.exp | ||
55 | |||
56 | echo "TESTING: shutdown (test/utils/shutdown.exp)" | ||
57 | ./shutdown.exp | ||
58 | |||
59 | echo "TESTING: shutdown2 (test/utils/shutdown2.exp)" | ||
60 | ./shutdown2.exp | ||
61 | |||
62 | echo "TESTING: shutdown3 (test/utils/shutdown3.exp)" | ||
63 | ./shutdown3.exp | ||
64 | |||
65 | echo "TESTING: shutdown4 (test/utils/shutdown4.exp)" | ||
66 | ./shutdown4.exp | ||
67 | |||
68 | echo "TESTING: join (test/utils/join.exp)" | ||
69 | ./join.exp | ||
70 | |||
71 | echo "TESTING: join2 (test/utils/join2.exp)" | ||
72 | ./join2.exp | ||
73 | |||
74 | echo "TESTING: join3 (test/utils/join3.exp)" | ||
75 | ./join3.exp | ||
76 | |||
77 | echo "TESTING: join3 (test/utils/join4.exp)" | ||
78 | ./join4.exp | ||
79 | |||
80 | echo "TESTING: join profile (test/utils/join-profile.exp)" | ||
81 | ./join-profile.exp | ||
82 | |||
83 | echo "TESTING: trace (test/utils/trace.exp)" | ||
84 | rm -f index.html* | ||
85 | ./trace.exp | ||
86 | rm -f index.html* | ||
87 | |||
88 | echo "TESTING: top (test/utils/top.exp)" | ||
89 | ./top.exp | ||
90 | |||
91 | echo "TESTING: file transfer (test/utils/ls.exp)" | ||
92 | ./ls.exp | ||
93 | |||
94 | echo "TESTING: firemon seccomp (test/utils/firemon-seccomp.exp)" | ||
95 | ./firemon-seccomp.exp | ||
96 | |||
97 | echo "TESTING: firemon caps (test/utils/firemon-caps.exp)" | ||
98 | ./firemon-caps.exp | ||
99 | |||
100 | echo "TESTING: firemon cpu (test/utils/firemon-cpu.exp)" | ||
101 | ./firemon-cpu.exp | ||
102 | |||
103 | echo "TESTING: firemon cgroup (test/utils/firemon-cgroup.exp)" | ||
104 | ./firemon-cgroup.exp | ||
105 | |||
106 | echo "TESTING: firemon version (test/utils/firemon-version.exp)" | ||
107 | ./firemon-version.exp | ||
108 | |||
109 | echo "TESTING: firemon interface (test/utils/firemon-interface.exp)" | ||
110 | ./firemon-interface.exp | ||
111 | |||
112 | echo "TESTING: firemon name (test/utils/firemon-name.exp)" | ||
113 | ./firemon-name.exp | ||
114 | |||
diff --git a/test/option_version.exp b/test/utils/version.exp index 44c0c217f..2ce6f1680 100755 --- a/test/option_version.exp +++ b/test/utils/version.exp | |||
@@ -1,4 +1,7 @@ | |||
1 | #!/usr/bin/expect -f | 1 | #!/usr/bin/expect -f |
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2016 Firejail Authors | ||
4 | # License GPL v2 | ||
2 | 5 | ||
3 | set timeout 10 | 6 | set timeout 10 |
4 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |