127 files changed, 6300 insertions, 0 deletions

diff --git a/test/4bridges_arp.exp b/test/4bridges_arp.exp
new file mode 100755
index 000000000..3004082e6
--- /dev/null
+++ b/test/4bridges_arp.exp
@@ -0,0 +1,175 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# check eth0
+send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r"
+expect {
+        timeout {puts "TESTING ERROR 0.0\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.1\n";exit}
+        "10.10.20"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.2\n";exit}
+        "255.255.255.248"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.3\n";exit}
+        "UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "exit\r"
+sleep 2
+
+# check eth1
+send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r"
+expect {
+        timeout {puts "TESTING ERROR 1.0\n";exit}
+        "eth1"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "10.10.30"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.2\n";exit}
+        "255.255.255.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.3\n";exit}
+        "UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "exit\r"
+sleep 2
+
+
+# check eth2
+send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r"
+expect {
+        timeout {puts "TESTING ERROR 2.0\n";exit}
+        "eth2"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "10.10.40"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.2\n";exit}
+        "255.255.255.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.3\n";exit}
+        "UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "exit\r"
+sleep 2
+
+
+
+# check eth3
+send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r"
+expect {
+        timeout {puts "TESTING ERROR 3.0\n";exit}
+        "eth3"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "10.10.50"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.2\n";exit}
+        "255.255.255.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.3\n";exit}
+        "UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "exit\r"
+sleep 2
+
+
+
+
+# check loopback
+send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "lo"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "127.0.0.1"
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "255.0.0.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "Child process initialized"
+}
+
+# check default gateway
+send -- "bash\r"
+sleep 1
+send -- "netstat -rn;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 10.1\n";exit}
+        "0.0.0.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.2\n";exit}
+        "10.10.20.1"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.3\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.4\n";exit}
+        "10.10.20.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.5\n";exit}
+        "0.0.0.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.6\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/4bridges_ip.exp b/test/4bridges_ip.exp
new file mode 100755
index 000000000..9e37b4ff4
--- /dev/null
+++ b/test/4bridges_ip.exp
@@ -0,0 +1,175 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# check eth0
+send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r"
+expect {
+        timeout {puts "TESTING ERROR 0.0\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.1\n";exit}
+        "10.10.20"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.2\n";exit}
+        "255.255.255.248"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.3\n";exit}
+        "UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "exit\r"
+sleep 2
+
+# check eth1
+send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r"
+expect {
+        timeout {puts "TESTING ERROR 1.0\n";exit}
+        "eth1"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "10.10.30.50"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.2\n";exit}
+        "255.255.255.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.3\n";exit}
+        "UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "exit\r"
+sleep 2
+
+
+# check eth2
+send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r"
+expect {
+        timeout {puts "TESTING ERROR 2.0\n";exit}
+        "eth2"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "10.10.40.100"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.2\n";exit}
+        "255.255.255.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.3\n";exit}
+        "UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "exit\r"
+sleep 2
+
+
+
+# check eth3
+send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r"
+expect {
+        timeout {puts "TESTING ERROR 3.0\n";exit}
+        "eth3"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "10.10.50"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.2\n";exit}
+        "255.255.255.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.3\n";exit}
+        "UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "exit\r"
+sleep 2
+
+
+
+
+# check loopback
+send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "lo"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "127.0.0.1"
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "255.0.0.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "Child process initialized"
+}
+
+# check default gateway
+send -- "bash\r"
+sleep 1
+send -- "netstat -rn;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 10.1\n";exit}
+        "0.0.0.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.2\n";exit}
+        "10.10.20.1"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.3\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.4\n";exit}
+        "10.10.20.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.5\n";exit}
+        "0.0.0.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.6\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/auto/autotest.sh b/test/auto/autotest.sh
new file mode 100755
index 000000000..0fb7565af
--- /dev/null
+++ b/test/auto/autotest.sh
@@ -0,0 +1,202 @@
+#!/bin/bash
+
+arr[1]="TEST 1: svn and standard compilation"
+arr[2]="TEST 2: cppcheck"
+arr[3]="TEST 3: compile seccomp disabled, chroot disabled, bind disabled"
+arr[4]="TEST 4: rvtest"
+arr[5]="TEST 5: expect test as root, no malloc perturb"
+arr[6]="TEST 6: expect test as user, no malloc perturb"
+arr[7]="TEST 7: expect test as root, malloc perturb"
+arr[8]="TEST 8: expect test as user, malloc perturb"
+
+
+# remove previous reports and output file
+cleanup() {
+        rm -f out-test
+        rm -f output*
+        rm -f report*
+        rm -fr firejail-trunk
+}
+
+print_title() {
+        echo
+        echo
+        echo
+        echo "**************************************************"
+        echo $1
+        echo "**************************************************"
+}
+
+while [ $# -gt 0 ]; do    # Until you run out of parameters . . .
+    case "$1" in
+    --clean)
+        cleanup
+        exit
+        ;;
+    --help)
+        echo "./autotest.sh [--clean|--help]"
+        exit
+        ;;
+    esac
+    shift       # Check next set of parameters.
+done
+
+cleanup
+# enable sudo
+sudo ls -al
+
+#*****************************************************************
+# TEST 1
+#*****************************************************************
+# - checkout source code
+# - check compilation
+# - install
+#*****************************************************************
+print_title "${arr[1]}"
+svn checkout svn://svn.code.sf.net/p/firejail/code-0/trunk firejail-trunk
+cd firejail-trunk
+./configure --prefix=/usr 2>&1 | tee ../output-configure
+make -j4 2>&1 | tee ../output-make
+sudo make install 2>&1 | tee ../output-install
+cd src/tools
+gcc -o rvtest rvtest.c
+cd ../..
+cd test
+sudo ./configure > /dev/null
+cd ../..
+grep warning output-configure output-make output-install > ./report-test1
+grep error output-configure output-make output-install >> ./report-test1
+cat report-test1 > out-test1
+
+#*****************************************************************
+# TEST 2
+#*****************************************************************
+# - run cppcheck
+#*****************************************************************
+print_title "${arr[2]}"
+cd firejail-trunk
+cp /home/netblue/bin/cfg/std.cfg .
+cppcheck --force . 2>&1 | tee ../output-cppcheck
+cd ..
+grep error output-cppcheck > report-test2
+cat report-test2 > out-test2
+
+#*****************************************************************
+# TEST 3
+#*****************************************************************
+# - disable seccomp configuration
+# - check compilation
+#*****************************************************************
+print_title "${arr[3]}"
+# seccomp
+cd firejail-trunk
+make distclean
+./configure --prefix=/usr --disable-seccomp 2>&1 | tee ../output-configure-noseccomp
+make -j4 2>&1 | tee ../output-make-noseccomp
+cd ..
+grep warning output-configure-noseccomp output-make-noseccomp > ./report-test3
+grep error output-configure-noseccomp output-make-noseccomp >> ./report-test3
+# chroot
+cd firejail-trunk
+make distclean
+./configure --prefix=/usr --disable-chroot 2>&1 | tee ../output-configure-nochroot
+make -j4 2>&1 | tee ../output-make-nochroot
+cd ..
+grep warning output-configure-nochroot output-make-nochroot >> ./report-test3
+grep error output-configure-nochroot output-make-nochroot >> ./report-test3
+# bind
+cd firejail-trunk
+make distclean
+./configure --prefix=/usr --disable-bind 2>&1 | tee ../output-configure-nobind
+make -j4 2>&1 | tee ../output-make-nobind
+cd ..
+grep warning output-configure-nobind output-make-nobind >> ./report-test3
+grep error output-configure-nobind output-make-nobind >> ./report-test3
+# save result
+cat report-test3 > out-test3
+
+#*****************************************************************
+# TEST 4
+#*****************************************************************
+# - rvtest
+#*****************************************************************
+print_title "${arr[4]}"
+cd firejail-trunk
+cd test
+../src/tools/rvtest test.rv 2>/dev/null | tee ../../output-test4 | grep TESTING
+cd ../..
+grep TESTING output-test4 > ./report-test4
+grep ERROR report-test4 > out-test4
+
+
+#*****************************************************************
+# TEST 5
+#*****************************************************************
+# - expect test as root, no malloc perturb
+#*****************************************************************
+print_title "${arr[5]}"
+cd firejail-trunk/test
+sudo ./test-root.sh 2>&1 | tee ../../output-test5 | grep TESTING
+cd ../..
+grep TESTING output-test5 > ./report-test5
+grep ERROR report-test5 > out-test5
+
+#*****************************************************************
+# TEST 6
+#*****************************************************************
+# - expect test as user, no malloc perturb
+#*****************************************************************
+print_title "${arr[6]}"
+cd firejail-trunk/test
+./test.sh 2>&1 | tee ../../output-test6 | grep TESTING
+cd ../..
+grep TESTING output-test6 > ./report-test6
+grep ERROR report-test6 > out-test6
+
+
+
+#*****************************************************************
+# TEST 7
+#*****************************************************************
+# - expect test as root, malloc perturb
+#*****************************************************************
+print_title "${arr[7]}"
+export MALLOC_CHECK_=3
+export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
+cd firejail-trunk/test
+sudo ./test-root.sh 2>&1 | tee ../../output-test7 | grep TESTING
+cd ../..
+grep TESTING output-test7 > ./report-test7
+grep ERROR report-test7 > out-test7
+
+#*****************************************************************
+# TEST 8
+#*****************************************************************
+# - expect test as user, malloc perturb
+#*****************************************************************
+print_title "${arr[8]}"
+cd firejail-trunk/test
+./test.sh 2>&1 | tee ../../output-test8| grep TESTING
+cd ../..
+grep TESTING output-test8 > ./report-test8
+grep ERROR report-test8 > out-test8
+
+#*****************************************************************
+# PRINT REPORTS
+#*****************************************************************
+echo
+echo
+echo
+echo
+echo "**********************************************************"
+echo "TEST RESULTS"
+echo "**********************************************************"
+
+wc -l out-test*
+rm out-test*
+echo
+
+
+
+
+exit
diff --git a/test/caps1.profile b/test/caps1.profile
new file mode 100644
index 000000000..e14655b2e
--- /dev/null
+++ b/test/caps1.profile
@@ -0,0 +1 @@
+caps.drop chown,kill
\ No newline at end of file
diff --git a/test/caps2.profile b/test/caps2.profile
new file mode 100644
index 000000000..cb2258c52
--- /dev/null
+++ b/test/caps2.profile
@@ -0,0 +1 @@
+caps.keep chown,kill
\ No newline at end of file
diff --git a/test/chk_config.exp b/test/chk_config.exp
new file mode 100755
index 000000000..ada59d655
--- /dev/null
+++ b/test/chk_config.exp
@@ -0,0 +1,86 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# check br0
+send -- "/sbin/ifconfig;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 0 - please run ./configure\n";exit}
+        "br0"
+}
+expect {
+        timeout {puts "TESTING ERROR 0 - please run ./configure\n";exit}
+        "10.10.20.1"
+}
+expect {
+        timeout {puts "TESTING ERROR 0 - please run ./configure\n";exit}
+        "home"
+}
+
+# check br1
+send -- "/sbin/ifconfig;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "br1"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "10.10.30.1"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "home"
+}
+
+# check br2
+send -- "/sbin/ifconfig;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "br2"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "10.10.40.1"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "home"
+}
+
+# check br3
+send -- "/sbin/ifconfig;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "br3"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "10.10.50.1"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "home"
+}
+
+# start a sandbox and check MALLOC_PERTURB
+send -- "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+set timeout 2
+send -- "env | grep MALLOC;pwd\r"
+expect {
+        timeout {puts "\nTESTING: MALLOC_PERTURB_ disabled\n"}
+        "MALLOC_PERTURB_" {puts "\nTESTING: MALLOC_PERTURB_ enabled\n"}
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "home"
+}
+
+
diff --git a/test/chromium.exp b/test/chromium.exp
new file mode 100755
index 000000000..020826f3d
--- /dev/null
+++ b/test/chromium.exp
@@ -0,0 +1,72 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail chromium-browser www.gentoo.org\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Reading profile /etc/firejail/chromium-browser.profile"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 10
+
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "chromium-browser"
+}
+sleep 1
+
+send -- "firejail --name=blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+spawn $env(SHELL)
+send -- "firemon --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        ":firejail chromium-browser"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "Seccomp:       0"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "name=blablabla"
+}
+sleep 1
+send -- "firemon --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        ":firejail chromium-browser"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "fffffffff"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.3\n";exit}
+        "name=blablabla"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/configure b/test/configure
new file mode 100755
index 000000000..17bb22e1b
--- /dev/null
+++ b/test/configure
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+brctl addbr br0
+ifconfig br0 10.10.20.1/29 up
+# NAT masquerade
+iptables -t nat -A POSTROUTING -o eth0 -s 10.10.20.0/29 -j MASQUERADE
+# port forwarding
+# iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.10.20.2:80
+        
+brctl addbr br1
+ifconfig br1 10.10.30.1/24 up
+brctl addbr br2
+ifconfig br2 10.10.40.1/24 up
+brctl addbr br3
+ifconfig br3 10.10.50.1/24 up
+brctl addbr br4
+ifconfig br4 10.10.60.1/24 up
+
+
+# build a very small chroot
+ROOTDIR="/tmp/chroot"                   # default chroot directory
+DEFAULT_FILES="/bin/bash /bin/sh "      # basic chroot files
+DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group "
+DEFAULT_FILES+=`find /lib -name libnss*`        # files required by glibc
+DEFAULT_FILES+=" /bin/ls /bin/cat /bin/ps /usr/bin/id /usr/bin/whoami /usr/bin/wc /usr/bin/wget"
+
+rm -fr $ROOTDIR
+mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,proc}
+SORTED=`for FILE in $* $DEFAULT_FILES; do echo " $FILE "; ldd $FILE | grep -v dynamic | cut -d " " -f 3; done | sort -u`
+for FILE in $SORTED
+do
+        cp --parents $FILE $ROOTDIR
+done
+cp --parents /lib64/ld-linux-x86-64.so.2 $ROOTDIR
+cp --parents /lib/ld-linux.so.2 $ROOTDIR
+
+cd $ROOTDIR; find .
+mkdir -p usr/lib/firejail/
+cp /usr/lib/firejail/libtrace.so usr/lib/firejail/.
+
+
+echo "To enter the chroot directory run: firejail --chroot=$ROOTDIR"
diff --git a/test/dns.exp b/test/dns.exp
new file mode 100755
index 000000000..96513f278
--- /dev/null
+++ b/test/dns.exp
@@ -0,0 +1,69 @@
+#!/usr/bin/expect -f
+
+set timeout 30
+spawn $env(SHELL)
+match_max 100000
+
+# no chroot
+send -- "firejail --trace --dns=208.67.222.222 wget -q debian.org\r"
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "Child process initialized"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.2\n";exit}
+        "1:wget:connect 208.67.222.222:53"
+}
+sleep 1
+
+send -- "rm index.html\r"
+sleep 1
+
+# with chroot
+send -- "firejail --chroot=/tmp/chroot --trace --dns=208.67.222.222 wget -q debian.org\r"
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "Child process initialized"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.2\n";exit}
+        "1:wget:connect 208.67.222.222:53"
+}
+sleep 1
+
+send -- "rm index.html\r"
+sleep 1
+
+# net eth0
+send -- "firejail --net=eth0 --trace --dns=208.67.222.222 wget -q debian.org\r"
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "Child process initialized"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.2\n";exit}
+        "1:wget:connect 208.67.222.222:53"
+}
+sleep 1
+
+send -- "rm index.html\r"
+sleep 1
+
+# net eth0 and chroot
+send -- "firejail --net=eth0 --chroot=/tmp/chroot --trace --dns=208.67.222.222 wget -q debian.org\r"
+expect {
+        timeout {puts "TESTING ERROR 4.1\n";exit}
+        "Child process initialized"
+}
+expect {
+        timeout {puts "TESTING ERROR 4.2\n";exit}
+        "1:wget:connect 208.67.222.222:53"
+}
+sleep 1
+
+send -- "rm index.html\r"
+sleep 1
+
+
+puts "\n"
+
diff --git a/test/doubledash.exp b/test/doubledash.exp
new file mode 100755
index 000000000..3c8a42471
--- /dev/null
+++ b/test/doubledash.exp
@@ -0,0 +1,60 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail -- ls -- -testdir\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "ttt"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "parent is shutting down"
+}
+sleep 1
+
+
+send --  "firejail --name=testing -- -testdir/bash\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 3
+
+spawn $env(SHELL)
+send --  "firejail --join=testing -- -testdir/bash\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "the first child process inside the sandbox"
+}
+sleep 3
+
+spawn $env(SHELL)
+send --  "firejail --list;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "name=testing"
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "home"
+}
+send --  "firejail --list;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 8 (join)\n";exit}
+        "join=testing"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "home"
+}
+
+sleep 1
+
+puts "\n"
diff --git a/test/evince.exp b/test/evince.exp
new file mode 100755
index 000000000..7b115144c
--- /dev/null
+++ b/test/evince.exp
@@ -0,0 +1,72 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail evince\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Reading profile /etc/firejail/evince.profile"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 10
+
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "evince"
+}
+sleep 1
+
+send -- "firejail --name=blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+spawn $env(SHELL)
+send -- "firemon --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        ":firejail evince"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
+        "Seccomp:       2"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "name=blablabla"
+}
+sleep 1
+send -- "firemon --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        ":firejail evince"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "0000000000000000"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.3\n";exit}
+        "name=blablabla"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/extract_command.exp b/test/extract_command.exp
new file mode 100755
index 000000000..c49614b84
--- /dev/null
+++ b/test/extract_command.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --debug /usr/bin/firefox www.gentoo.org\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Reading profile /etc/firejail/firefox.profile"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Starting /usr/bin/firefox"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 5
+
+puts "\n"
+
diff --git a/test/firefox.exp b/test/firefox.exp
new file mode 100755
index 000000000..c2e64e04f
--- /dev/null
+++ b/test/firefox.exp
@@ -0,0 +1,74 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail firefox www.gentoo.org\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Reading profile /etc/firejail/firefox.profile"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 10
+
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "firefox" {puts "firefox detected\n";}
+        "iceweasel" {puts "iceweasel detected\n";}
+}
+sleep 1
+send -- "firejail --name=blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+spawn $env(SHELL)
+send -- "firemon --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        " firefox" {puts "firefox detected\n";}
+        " iceweasel" {puts "iceweasel detected\n";}
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
+        "Seccomp:       2"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "name=blablabla"
+}
+sleep 1
+send -- "firemon --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        " firefox" {puts "firefox detected\n";}
+        " iceweasel" {puts "iceweasel detected\n";}
+}
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "0000000000000000"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.3\n";exit}
+        "name=blablabla"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/firejail-in-firejail.exp b/test/firejail-in-firejail.exp
new file mode 100755
index 000000000..404eb03bb
--- /dev/null
+++ b/test/firejail-in-firejail.exp
@@ -0,0 +1,37 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send --  "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send --  "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+puts "\n"
+
+send -- "exit\r"
+sleep 1
+send -- "exit\r"
+sleep 1
+send -- "exit\r"
+sleep 1
+
+
+puts "\n"
diff --git a/test/firemon-arp.exp b/test/firemon-arp.exp
new file mode 100755
index 000000000..3fc8c2aee
--- /dev/null
+++ b/test/firemon-arp.exp
@@ -0,0 +1,34 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "ping -c 3 192.168.1.1\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "3 packets transmitted"
+}
+sleep 1
+
+send --  "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+spawn $env(SHELL)
+send -- "firemon --arp\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "192.168.1.1 dev eth0 lladdr" {puts "Debian testing\n";}
+        "192.168.1.1 dev enp0s3 lladdr" {puts "Centos 7 testing\n";}
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "REACHABLE"
+}
+sleep 1
+
+puts "\n"
diff --git a/test/firemon-caps.exp b/test/firemon-caps.exp
new file mode 100755
index 000000000..547d04c02
--- /dev/null
+++ b/test/firemon-caps.exp
@@ -0,0 +1,135 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --name=bingo1 --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+spawn $env(SHELL)
+send --  "firejail --name=bingo2\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+spawn $env(SHELL)
+send --  "firejail --name=bingo3 --caps.drop=all\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+spawn $env(SHELL)
+send --  "firejail --name=bingo4 --caps.drop=chown,kill\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+spawn $env(SHELL)
+send --  "firejail --name=bingo5 --caps.keep=chown,kill\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+spawn $env(SHELL)
+send --  "firejail --name=bingo6 --profile=caps1.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+spawn $env(SHELL)
+send --  "firejail --name=bingo7 --profile=caps2.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+
+
+
+spawn $env(SHELL)
+send -- "firemon --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "bingo1"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "31cffff"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "bingo2"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "fffffff"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "bingo3"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "000000000000"
+}
+
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "bingo4"
+}
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "ffffffde"
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "bingo5"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "0000000000000021"
+}
+
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "bingo6"
+}
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "ffffffde"
+}
+expect {
+        timeout {puts "TESTING ERROR 12\n";exit}
+        "bingo7"
+}
+expect {
+        timeout {puts "TESTING ERROR 13\n";exit}
+        "0000000000000021"
+}
+
+
+
+
+
+
+
+sleep 1
+
+puts "\n"
+
diff --git a/test/firemon-cgroup.exp b/test/firemon-cgroup.exp
new file mode 100755
index 000000000..41a38b3b6
--- /dev/null
+++ b/test/firemon-cgroup.exp
@@ -0,0 +1,40 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --name=bingo1 --cgroup=/sys/fs/cgroup/g1/tasks\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+spawn $env(SHELL)
+send --  "firejail --name=bingo2\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+
+spawn $env(SHELL)
+send -- "firemon --cgroup\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "bingo1"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        ":/g1"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "bingo2"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/firemon-interface.exp b/test/firemon-interface.exp
new file mode 100755
index 000000000..6a82ae41e
--- /dev/null
+++ b/test/firemon-interface.exp
@@ -0,0 +1,34 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+spawn $env(SHELL)
+send -- "firemon --interface\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "lo UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "10.10.20.1/29"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "10.10.50.1/24"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "br3"
+}
+sleep 1
+
+puts "\n"
diff --git a/test/firemon-route.exp b/test/firemon-route.exp
new file mode 100755
index 000000000..76ebd70f6
--- /dev/null
+++ b/test/firemon-route.exp
@@ -0,0 +1,32 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+spawn $env(SHELL)
+send -- "firemon --route\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "0.0.0.0/0 via 192.168.1.1, dev eth0, metric 0" {puts "Debian testing\n";}
+        "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 1024" {puts "Centos 7 testing\n";}
+        "0.0.0.0/0 via 192.168.1.1, dev enp0s3, metric 0" {puts "OpenSUSE testing\n";}
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "10.10.30.0/24, dev br1, scope link src 10.10.30.1"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "10.10.50.0/24, dev br3, scope link src 10.10.50.1"
+}
+sleep 1
+
+puts "\n"
diff --git a/test/firemon-seccomp.exp b/test/firemon-seccomp.exp
new file mode 100755
index 000000000..0cf53b690
--- /dev/null
+++ b/test/firemon-seccomp.exp
@@ -0,0 +1,45 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --name=bingo1 --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+spawn $env(SHELL)
+send --  "firejail --name=bingo2\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+
+
+
+spawn $env(SHELL)
+send -- "firemon --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "bingo1"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Seccomp:       2"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "bingo2"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Seccomp:       0"
+}
+sleep 1
+
+puts "\n"
diff --git a/test/fs_chroot.exp b/test/fs_chroot.exp
new file mode 100755
index 000000000..ba832337b
--- /dev/null
+++ b/test/fs_chroot.exp
@@ -0,0 +1,54 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --chroot=/tmp/chroot\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "cd /home;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "home"
+}
+sleep 1
+send -- "bash\r"
+sleep 1
+send -- "ps aux; pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "/bin/bash"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "bash"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "ps aux"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "home"
+}
+sleep 1
+
+
+send -- "ps aux |wc -l; pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "5"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/fs_dev_shm.exp b/test/fs_dev_shm.exp
new file mode 100755
index 000000000..b54f24eb5
--- /dev/null
+++ b/test/fs_dev_shm.exp
@@ -0,0 +1,87 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# testing read-write /dev/shm
+send -- "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "echo mytest > /dev/shm/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "home"
+}
+
+send -- "cat /dev/shm/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "mytest"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "home"
+}
+
+send -- "rm /dev/shm/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "home"
+}
+
+send -- "cat /dev/shm/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "mytest" {puts "TESTING ERROR 4.1\n";exit}
+        "home"
+}
+
+sleep 1
+send -- "exit\r"
+sleep 1
+
+# redo the test with --private
+send -- "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "echo mytest > /dev/shm/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "home"
+}
+
+send -- "cat /dev/shm/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 12.1\n";exit}
+        "mytest"
+}
+expect {
+        timeout {puts "TESTING ERROR 12\n";exit}
+        "home"
+}
+
+send -- "rm /dev/shm/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 13\n";exit}
+        "home"
+}
+
+send -- "cat /dev/shm/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 14\n";exit}
+        "mytest" {puts "TESTING ERROR 14.1\n";exit}
+        "home"
+}
+
+sleep 1
+
+puts "\n"
diff --git a/test/fs_home_sanitize.exp b/test/fs_home_sanitize.exp
new file mode 100755
index 000000000..300babd1c
--- /dev/null
+++ b/test/fs_home_sanitize.exp
@@ -0,0 +1,33 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "ls /home;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "bingo"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "home"
+}
+sleep 1
+
+send -- "ls /home/bingo;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "cannot open directory"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/fs_overlay.exp b/test/fs_overlay.exp
new file mode 100755
index 000000000..166970a5c
--- /dev/null
+++ b/test/fs_overlay.exp
@@ -0,0 +1,64 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "rm -f /tmp/firejail-overlay-test;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "home"
+}
+
+send -- "ls > /tmp/firejail-overlay-test;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "home"
+}
+
+send -- "firejail --overlay\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "echo xyzxyzxyz > /tmp/firejail-overlay-test;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "home"
+}
+sleep 1
+
+send -- "cat  /tmp/firejail-overlay-test;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "xyzxyzxyz"
+}
+expect {
+        timeout {puts "TESTING ERROR 4.1\n";exit}
+        "home"
+}
+sleep 1
+
+send -- "exit\r"
+sleep 2
+
+send -- "cat  /tmp/firejail-overlay-test;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "xyzxyzxyz" {puts "TESTING ERROR 5.1\n";exit}
+        "home"
+}
+
+sleep 1
+send -- "rm -f /tmp/firejail-overlay-test;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "home"
+}
+
+
+sleep 1
+puts "\n"
+
diff --git a/test/fs_sys.exp b/test/fs_sys.exp
new file mode 100755
index 000000000..69f080460
--- /dev/null
+++ b/test/fs_sys.exp
@@ -0,0 +1,34 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --net=br0\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "find /sys | grep --color=never eth0;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "/sys/class/net/eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "home"
+}
+sleep 1
+
+send -- "find /sys | grep --color=never br0;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "/sys/class/net/br0" {puts "TESTING ERROR 5\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/fs_var_lock.exp b/test/fs_var_lock.exp
new file mode 100755
index 000000000..dfcf571f4
--- /dev/null
+++ b/test/fs_var_lock.exp
@@ -0,0 +1,87 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# testing read-write /var/lock
+send -- "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "echo mytest > /var/lock/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "home"
+}
+
+send -- "cat /var/lock/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "mytest"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "home"
+}
+
+send -- "rm /var/lock/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "home"
+}
+
+send -- "cat /var/lock/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "mytest" {puts "TESTING ERROR 4.1\n";exit}
+        "home"
+}
+
+sleep 1
+send -- "exit\r"
+sleep 1
+
+# redo the test with --private
+send -- "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "echo mytest > /var/lock/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "home"
+}
+
+send -- "cat /var/lock/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 12.1\n";exit}
+        "mytest"
+}
+expect {
+        timeout {puts "TESTING ERROR 12\n";exit}
+        "home"
+}
+
+send -- "rm /var/lock/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 13\n";exit}
+        "home"
+}
+
+send -- "cat /var/lock/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 14\n";exit}
+        "mytest" {puts "TESTING ERROR 14.1\n";exit}
+        "home"
+}
+
+sleep 1
+
+puts "\n"
diff --git a/test/fs_var_tmp.exp b/test/fs_var_tmp.exp
new file mode 100755
index 000000000..95ceeb2a4
--- /dev/null
+++ b/test/fs_var_tmp.exp
@@ -0,0 +1,87 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# testing read-write /var/tmp
+send -- "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "echo mytest > /var/tmp/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "home"
+}
+
+send -- "cat /var/tmp/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "mytest"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "home"
+}
+
+send -- "rm /var/tmp/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "home"
+}
+
+send -- "cat /var/tmp/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "mytest" {puts "TESTING ERROR 4.1\n";exit}
+        "home"
+}
+
+sleep 1
+send -- "exit\r"
+sleep 1
+
+# redo the test with --private
+send -- "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "echo mytest > /var/tmp/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 11\n";exit}
+        "home"
+}
+
+send -- "cat /var/tmp/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 12.1\n";exit}
+        "mytest"
+}
+expect {
+        timeout {puts "TESTING ERROR 12\n";exit}
+        "home"
+}
+
+send -- "rm /var/tmp/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 13\n";exit}
+        "home"
+}
+
+send -- "cat /var/tmp/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 14\n";exit}
+        "mytest" {puts "TESTING ERROR 14.1\n";exit}
+        "home"
+}
+
+sleep 1
+
+puts "\n"
diff --git a/test/fscheck-bindnoroot.exp b/test/fscheck-bindnoroot.exp
new file mode 100755
index 000000000..796a7d975
--- /dev/null
+++ b/test/fscheck-bindnoroot.exp
@@ -0,0 +1,14 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# dir
+send -- "firejail --net=br0 --bind=fscheck-dir,/etc\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Error"
+}
+after 100
+
diff --git a/test/fscheck-blacklist.exp b/test/fscheck-blacklist.exp
new file mode 100755
index 000000000..5b6a9623c
--- /dev/null
+++ b/test/fscheck-blacklist.exp
@@ -0,0 +1,14 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# dir
+send -- "firejail --net=br0 --blacklist=../test/fscheck-dir\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Error"
+}
+after 100
+
diff --git a/test/fscheck-chroot.exp b/test/fscheck-chroot.exp
new file mode 100755
index 000000000..208ca6a43
--- /dev/null
+++ b/test/fscheck-chroot.exp
@@ -0,0 +1,77 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# dir
+#send -- "firejail --net=br0 --chroot=fscheck-dir\r"
+#expect {
+#       timeout {puts "TESTING ERROR 0\n";exit}
+#       "Error"
+#}
+#after 100
+
+# ..
+send -- "firejail --net=br0 --chroot=../test/fscheck-dir\r"
+expect {
+        timeout {puts "TESTING ERROR 0.1\n";exit}
+        "Error"
+}
+after 100
+
+# dir link
+send -- "firejail --net=br0 --chroot=fscheck-dir-link\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Error"
+}
+after 100
+
+# ..
+send -- "firejail --net=br0 --chroot=../test/fscheck-dir-link\r"
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "Error"
+}
+after 100
+
+# file link
+send -- "firejail --net=br0 --chroot=fscheck-file-link\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Error"
+}
+after 100
+
+# file 
+send -- "firejail --net=br0 --chroot=fscheck-file\r"
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "Error"
+}
+after 100
+
+# ..
+send -- "firejail --net=br0 --chroot=../test/fscheck-file\r"
+expect {
+        timeout {puts "TESTING ERROR 2.2\n";exit}
+        "Error"
+}
+after 100
+
+# no file
+send -- "firejail --net=br0 --chroot=../test/nodir\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Error"
+}
+after 100
+
+# same owner
+#send -- "firejail --net=br0 --chroot=/etc\r"
+#expect {
+#       timeout {puts "TESTING ERROR 4\n";exit}
+#       "Error"
+#}
+#after 100
diff --git a/test/fscheck-netfilter.exp b/test/fscheck-netfilter.exp
new file mode 100755
index 000000000..d2339c8b9
--- /dev/null
+++ b/test/fscheck-netfilter.exp
@@ -0,0 +1,69 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# dir
+send -- "firejail --net=br0 --netfilter=fscheck-dir\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Error"
+}
+after 100
+
+# ..
+send -- "firejail --net=br0 --netfilter=../test/fscheck-dir\r"
+expect {
+        timeout {puts "TESTING ERROR 0.1\n";exit}
+        "Error"
+}
+after 100
+
+# dir link
+send -- "firejail --net=br0 --netfilter=fscheck-dir-link\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Error"
+}
+after 100
+
+# ..
+send -- "firejail --net=br0 --netfilter=../test/fscheck-dir-link\r"
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "Error"
+}
+after 100
+
+# file link
+send -- "firejail --net=br0 --netfilter=fscheck-file-link\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Error"
+}
+after 100
+
+# ..
+send -- "firejail --net=br0 --netfilter=../test/fscheck-file-link\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Error"
+}
+after 100
+
+# no file
+send -- "firejail --net=br0 --netfilter=../test/nofile\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Error"
+}
+after 100
+
+# real GID/UID
+send -- "firejail --net=br0 --netfilter=/etc/shadow\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Error"
+}
+after 100
diff --git a/test/fscheck-output.exp b/test/fscheck-output.exp
new file mode 100755
index 000000000..0b444d6ba
--- /dev/null
+++ b/test/fscheck-output.exp
@@ -0,0 +1,104 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# dir
+send -- "firejail --net=br0 --output=fscheck-dir\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Error"
+}
+after 100
+
+# ..
+send -- "firejail --net=br0 --output=../test/fscheck-dir\r"
+expect {
+        timeout {puts "TESTING ERROR 0.1\n";exit}
+        "Error"
+}
+after 100
+
+# dir link
+send -- "firejail --net=br0 --output=fscheck-dir-link\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Error"
+}
+after 100
+
+# ..
+send -- "firejail --net=br0 --output=../test/fscheck-dir-link\r"
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "Error"
+}
+after 100
+
+# file link
+send -- "firejail --net=br0 --output=fscheck-file-link\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Error"
+}
+after 100
+
+# ..
+send -- "firejail --net=br0 --output=../test/fscheck-file-link\r"
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "Error"
+}
+after 100
+
+# hard link1
+send -- "firejail --net=br0 --output=fscheck-file-hard1\r"
+expect {
+        timeout {puts "TESTING ERROR 2.2\n";exit}
+        "Error"
+}
+after 100
+
+# hard link2
+send -- "firejail --net=br0 --output=fscheck-file-hard2\r"
+expect {
+        timeout {puts "TESTING ERROR 2.3\n";exit}
+        "Error"
+}
+after 100
+
+# ..
+send -- "firejail --net=br0 --output=../test/fscheck-file-hard1\r"
+expect {
+        timeout {puts "TESTING ERROR 2.4\n";exit}
+        "Error"
+}
+after 100
+
+# ..
+send -- "firejail --net=br0 --output=../test/fscheck-file-hard2\r"
+expect {
+        timeout {puts "TESTING ERROR 2.5\n";exit}
+        "Error"
+}
+after 100
+
+
+
+
+# no file
+send -- "firejail --net=br0 --output=../test/nofile\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Error"
+}
+after 100
+
+# real GID/UID
+send -- "firejail --net=br0 --output=/etc/shadow\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Error"
+}
+after 100
diff --git a/test/fscheck-private.exp b/test/fscheck-private.exp
new file mode 100755
index 000000000..4c791423d
--- /dev/null
+++ b/test/fscheck-private.exp
@@ -0,0 +1,77 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# dir
+#send -- "firejail --net=br0 --private=fscheck-dir\r"
+#expect {
+#       timeout {puts "TESTING ERROR 0\n";exit}
+#       "Error"
+#}
+#after 100
+
+# ..
+send -- "firejail --net=br0 --private=../test/fscheck-dir\r"
+expect {
+        timeout {puts "TESTING ERROR 0.1\n";exit}
+        "Error"
+}
+after 100
+
+# dir link
+send -- "firejail --net=br0 --private=fscheck-dir-link\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Error"
+}
+after 100
+
+# ..
+send -- "firejail --net=br0 --private=../test/fscheck-dir-link\r"
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "Error"
+}
+after 100
+
+# file link
+send -- "firejail --net=br0 --private=fscheck-file-link\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Error"
+}
+after 100
+
+# file 
+send -- "firejail --net=br0 --private=fscheck-file\r"
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "Error"
+}
+after 100
+
+# ..
+send -- "firejail --net=br0 --private=../test/fscheck-file\r"
+expect {
+        timeout {puts "TESTING ERROR 2.2\n";exit}
+        "Error"
+}
+after 100
+
+# no file
+send -- "firejail --net=br0 --private=../test/nodir\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Error"
+}
+after 100
+
+# same owner
+send -- "firejail --net=br0 --private=/etc\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Error"
+}
+after 100
diff --git a/test/fscheck-privatekeep.exp b/test/fscheck-privatekeep.exp
new file mode 100755
index 000000000..513dcc37a
--- /dev/null
+++ b/test/fscheck-privatekeep.exp
@@ -0,0 +1,93 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# dir
+#send -- "firejail --net=br0 --private.keep=fscheck-dir\r"
+#expect {
+#       timeout {puts "TESTING ERROR 0\n";exit}
+#       "Error"
+#}
+#after 100
+
+# ..
+send -- "firejail --net=br0 --private.keep=../test/fscheck-dir\r"
+expect {
+        timeout {puts "TESTING ERROR 0.1\n";exit}
+        "Error"
+}
+after 100
+
+# dir link
+send -- "firejail --net=br0 --private.keep=fscheck-dir-link\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Error"
+}
+after 100
+
+# ..
+send -- "firejail --net=br0 --private.keep=../test/fscheck-dir-link\r"
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "Error"
+}
+after 100
+
+# file link
+send -- "firejail --net=br0 --private.keep=fscheck-file-link\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Error"
+}
+after 100
+
+# file 
+#send -- "firejail --net=br0 --private.keep=fscheck-file\r"
+#expect {
+#       timeout {puts "TESTING ERROR 2.1\n";exit}
+#       "Error"
+#}
+#after 100
+
+# ..
+send -- "firejail --net=br0 --private.keep=../test/fscheck-file\r"
+expect {
+        timeout {puts "TESTING ERROR 2.2\n";exit}
+        "Error"
+}
+after 100
+
+# no dir
+send -- "firejail --net=br0 --private.keep=../test/nodir\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Error"
+}
+after 100
+
+# no file
+send -- "firejail --net=br0 --private.keep=../test/nofile\r"
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "Error"
+}
+after 100
+
+# same owner
+send -- "firejail --net=br0 --private=/etc\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Error"
+}
+after 100
+
+# same owner
+send -- "firejail --net=br0 --private=/etc/shadow\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Error"
+}
+after 100
diff --git a/test/fscheck-profile.exp b/test/fscheck-profile.exp
new file mode 100755
index 000000000..d7d7c7cd1
--- /dev/null
+++ b/test/fscheck-profile.exp
@@ -0,0 +1,69 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# dir
+send -- "firejail --net=br0 --profile=fscheck-dir\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Error"
+}
+after 100
+
+# ..
+send -- "firejail --net=br0 --profile=../test/fscheck-dir\r"
+expect {
+        timeout {puts "TESTING ERROR 0.1\n";exit}
+        "Error"
+}
+after 100
+
+# dir link
+send -- "firejail --net=br0 --profile=fscheck-dir-link\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Error"
+}
+after 100
+
+# ..
+send -- "firejail --net=br0 --profile=../test/fscheck-dir-link\r"
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "Error"
+}
+after 100
+
+# file link
+send -- "firejail --net=br0 --profile=fscheck-file-link\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Error"
+}
+after 100
+
+# ..
+send -- "firejail --net=br0 --profile=../test/fscheck-file-link\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Error"
+}
+after 100
+
+# no file
+send -- "firejail --net=br0 --profile=../test/nofile\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Error"
+}
+after 100
+
+# real GID/UID
+send -- "firejail --net=br0 --profile=/etc/shadow\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Error"
+}
+after 100
diff --git a/test/fscheck-readonly.exp b/test/fscheck-readonly.exp
new file mode 100755
index 000000000..e0f0a8a1d
--- /dev/null
+++ b/test/fscheck-readonly.exp
@@ -0,0 +1,14 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# dir
+send -- "firejail --net=br0 --read-only=../test/fscheck-dir\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Error"
+}
+after 100
+
diff --git a/test/fscheck-shell.exp b/test/fscheck-shell.exp
new file mode 100755
index 000000000..d2320a4c3
--- /dev/null
+++ b/test/fscheck-shell.exp
@@ -0,0 +1,69 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# dir
+send -- "firejail --net=br0 --shell=fscheck-dir\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Error"
+}
+after 100
+
+# ..
+send -- "firejail --net=br0 --shell=../test/fscheck-dir\r"
+expect {
+        timeout {puts "TESTING ERROR 0.1\n";exit}
+        "Error"
+}
+after 100
+
+# dir link
+send -- "firejail --net=br0 --shell=fscheck-dir-link\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Error"
+}
+after 100
+
+# ..
+send -- "firejail --net=br0 --shell=../test/fscheck-dir-link\r"
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "Error"
+}
+after 100
+
+# file link
+send -- "firejail --net=br0 --shell=fscheck-file-link\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Error"
+}
+after 100
+
+# ..
+send -- "firejail --net=br0 --shell=../test/fscheck-file-link\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Error"
+}
+after 100
+
+# no file
+send -- "firejail --net=br0 --shell=../test/nofile\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Error"
+}
+after 100
+
+# real GID/UID
+send -- "firejail --net=br0 --shell=/etc/shadow\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Error"
+}
+after 100
diff --git a/test/fscheck-tmpfs.exp b/test/fscheck-tmpfs.exp
new file mode 100755
index 000000000..d5bbccd96
--- /dev/null
+++ b/test/fscheck-tmpfs.exp
@@ -0,0 +1,14 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# ..
+send -- "firejail --net=br0 --tmpfs=../test/fscheck-dir\r"
+expect {
+        timeout {puts "TESTING ERROR 0.1\n";exit}
+        "Error"
+}
+after 100
+
diff --git a/test/fscheck.sh b/test/fscheck.sh
new file mode 100755
index 000000000..25756d5be
--- /dev/null
+++ b/test/fscheck.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+mkdir fscheck-dir
+ln -s fscheck-dir fscheck-dir-link
+touch fscheck-file
+ln -s fscheck-file fscheck-file-link
+touch fscheck-file-hard1
+ln fscheck-file-hard1 fscheck-file-hard2
+
+echo "TESTING: fscheck netfilter"
+./fscheck-netfilter.exp
+echo "TESTING: fscheck shell"
+./fscheck-shell.exp
+echo "TESTING: fscheck private"
+./fscheck-private.exp
+echo "TESTING: fscheck private keep"
+./fscheck-privatekeep.exp
+echo "TESTING: fscheck profile"
+./fscheck-profile.exp
+echo "TESTING: fscheck chroot"
+./fscheck-chroot.exp
+echo "TESTING: fscheck output"
+./fscheck-output.exp
+echo "TESTING: fscheck bind nonroot"
+./fscheck-bindnoroot.exp
+echo "TESTING: fscheck tmpfs"
+./fscheck-tmpfs.exp
+echo "TESTING: fscheck readonly"
+./fscheck-readonly.exp
+echo "TESTING: fscheck blacklist"
+./fscheck-blacklist.exp
+
+
+rm -fr fscheck-dir 
+rm -fr fscheck-dir-link 
+rm -fr fscheck-file-link 
+rm -fr fscheck-file
+rm -fr fscheck-file-hard1
+rm -fr fscheck-file-hard2
diff --git a/test/login_ssh.exp b/test/login_ssh.exp
new file mode 100755
index 000000000..dff6dc655
--- /dev/null
+++ b/test/login_ssh.exp
@@ -0,0 +1,59 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "ssh bingo@0\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "password:" {
+                puts "\nTESTING: please enter SSH password"
+                set oldmode [stty -echo -raw]
+                expect_user -re "(.*)\n"
+                send_user "\n"
+                eval stty $oldmode
+#               stty echo
+                set pass $expect_out(1,string)
+                send -- "$pass\r"
+                puts "TESTING: password sent to the server"
+        }       
+        "Child process initialized"
+}
+sleep 1
+
+# test default gw
+send -- "bash\r"
+sleep 1
+send -- "ps aux; pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "/bin/bash"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "bash"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "ps aux"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "home"
+}
+sleep 1
+
+
+send -- "ps aux |wc -l; pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "5"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
diff --git a/test/midori.exp b/test/midori.exp
new file mode 100755
index 000000000..ec33816dd
--- /dev/null
+++ b/test/midori.exp
@@ -0,0 +1,73 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail midori www.gentoo.org\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Reading profile /etc/firejail/midori.profile"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 10
+
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "midori"
+}
+sleep 1
+
+send -- "firejail --name=blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+spawn $env(SHELL)
+send -- "firemon --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        ":firejail midori"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
+        "Seccomp:       2"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "name=blablabla"
+}
+sleep 1
+send -- "firemon --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        ":firejail midori"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "CapBnd"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "0000000000000000"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.3n";exit}
+        "name=blablabla"
+}
+sleep 1
+
+
+puts "\n"
+
diff --git a/test/name.exp b/test/name.exp
new file mode 100755
index 000000000..704b8315e
--- /dev/null
+++ b/test/name.exp
@@ -0,0 +1,25 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --name=baluba\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "ping -c 3 baluba;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "3 packets transmitted, 3 received"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
diff --git a/test/net_arp.exp b/test/net_arp.exp
new file mode 100755
index 000000000..9e07744f3
--- /dev/null
+++ b/test/net_arp.exp
@@ -0,0 +1,71 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --net=br0 sleep 20 &\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+send -- "firejail --net=br0 sleep 20 &\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+send -- "firejail --net=br0 sleep 20 &\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Child process initialized"
+}
+send -- "firejail --net=br0 sleep 20 &\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Child process initialized"
+}
+send -- "firejail --net=br0 sleep 20 &\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+
+# will fail
+send -- "firejail --net=br0 sleep 20 &\r"
+expect {
+        timeout {puts "TESTING ERROR 5n";exit}
+        "cannot assign an IP address"
+}
+
+send -- "firejail --net=br0 sleep 20 &\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "cannot assign an IP address"
+}
+
+# check firejail --list
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 7.1\n";exit}
+        "sleep 20"
+}
+expect {
+        timeout {puts "TESTING ERROR 7.2\n";exit}
+        "sleep 20"
+}
+expect {
+        timeout {puts "TESTING ERROR 7.3\n";exit}
+        "sleep 20"
+}
+expect {
+        timeout {puts "TESTING ERROR 7.4\n";exit}
+        "sleep 20"
+}
+expect {
+        timeout {puts "TESTING ERROR 7.5\n";exit}
+        "sleep 20"
+}
+
+# wait for snadboxes to be shutdown
+sleep 30
+puts "\n"
diff --git a/test/net_badip.exp b/test/net_badip.exp
new file mode 100755
index 000000000..71b69e104
--- /dev/null
+++ b/test/net_badip.exp
@@ -0,0 +1,16 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# check eth0
+send -- "firejail --net=br0 --net=br1 --ip=10.100.10.47\r"
+expect {
+        timeout {puts "TESTING ERROR 0.0\n";exit}
+        "the IP address is not"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/net_defaultgw.exp b/test/net_defaultgw.exp
new file mode 100755
index 000000000..9820660b7
--- /dev/null
+++ b/test/net_defaultgw.exp
@@ -0,0 +1,65 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# check ip address
+send -- "firejail --net=br0 --ip=10.10.20.5 --defaultgw=10.10.20.2\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "10.10.20.5"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "255.255.255.248"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+
+# check default gateway
+send -- "bash\r"
+sleep 1
+send -- "netstat -rn;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 10.1\n";exit}
+        "0.0.0.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.2\n";exit}
+        "10.10.20.2"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.3\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.4\n";exit}
+        "10.10.20.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.5\n";exit}
+        "0.0.0.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.6\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/net_defaultgw2.exp b/test/net_defaultgw2.exp
new file mode 100755
index 000000000..be9b4882a
--- /dev/null
+++ b/test/net_defaultgw2.exp
@@ -0,0 +1,65 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# check ip address
+send -- "firejail --net=br0 --net=br1 --defaultgw=10.10.30.89\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "eth1"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+
+# check default gateway
+send -- "bash\r"
+sleep 1
+send -- "netstat -rn;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 10.1\n";exit}
+        "0.0.0.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.2\n";exit}
+        "10.10.30.89"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.3\n";exit}
+        "eth1"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.4\n";exit}
+        "10.10.20.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.5\n";exit}
+        "0.0.0.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.6\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.4\n";exit}
+        "10.10.30.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.5\n";exit}
+        "0.0.0.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.6\n";exit}
+        "eth1"
+}
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/net_defaultgw3.exp b/test/net_defaultgw3.exp
new file mode 100755
index 000000000..64da9dfca
--- /dev/null
+++ b/test/net_defaultgw3.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# check ip address
+send -- "firejail --net=br0 --net=br1 --defaultgw=10.10.95.89\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "default gateway 10.10.95.89 is not in the range of any network"
+}
+
+sleep 1
+
+puts "\n"
+
diff --git a/test/net_ip.exp b/test/net_ip.exp
new file mode 100755
index 000000000..5995296c7
--- /dev/null
+++ b/test/net_ip.exp
@@ -0,0 +1,91 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# check ip address
+send -- "firejail --net=br0 --ip=10.10.20.5\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "10.10.20.5"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "255.255.255.248"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "exit\r"
+sleep 2
+
+# check loopback
+send -- "firejail --net=br0 --ip=10.10.20.5\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "lo"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "127.0.0.1"
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "255.0.0.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "Child process initialized"
+}
+
+# check default gateway
+send -- "bash\r"
+sleep 1
+send -- "netstat -rn;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 10.1\n";exit}
+        "0.0.0.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.2\n";exit}
+        "10.10.20.1"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.3\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.4\n";exit}
+        "10.10.20.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.5\n";exit}
+        "0.0.0.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10.6\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/net_local.exp b/test/net_local.exp
new file mode 100755
index 000000000..9302ec4ef
--- /dev/null
+++ b/test/net_local.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# check ip address
+send -- "firejail --debug\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Using the local network stack"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "exit\r"
+sleep 2
+
+# check loopback
+send -- "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+
+send -- "/sbin/ifconfig\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "lo"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "127.0.0.1"
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "255.0.0.0"
+}
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "UP"
+}
+
+puts "\n"
+
diff --git a/test/net_mac.exp b/test/net_mac.exp
new file mode 100755
index 000000000..555d86b74
--- /dev/null
+++ b/test/net_mac.exp
@@ -0,0 +1,36 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# check ip address
+send -- "firejail --net=br0 --ip=10.10.20.5 --mac=00:11:22:33:44:55\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.1\n";exit}
+        "00:11:22:33:44:55"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "10.10.20.5"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "255.255.255.248"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "UP"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/net_macvlan.exp b/test/net_macvlan.exp
new file mode 100755
index 000000000..20d022de9
--- /dev/null
+++ b/test/net_macvlan.exp
@@ -0,0 +1,88 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# check the existing address
+spawn $env(SHELL)
+send -- "firejail --net=eth0 --ip=192.168.1.60\r"
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";puts "Please open a sandbox on 192.168.1.60\n";exit}
+        "the address 192.168.1.60 is already in use"
+}
+
+
+
+# grab 30 ip addresses
+set MAXi 229
+set i 200
+while { $i <= $MAXi } {
+        spawn $env(SHELL)
+        send -- "firejail --net=eth0 --ip=192.168.1.$i\r"
+        expect {
+                timeout {puts "TESTING ERROR 0\n";exit}
+                "Child process initialized"
+        }
+        incr i
+        after 100
+}
+
+
+# check an existing address
+spawn $env(SHELL)
+send -- "firejail --net=eth0 --ip=192.168.1.200\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "the address 192.168.1.200 is already in use"
+}
+
+
+set MAXi 254
+set i 2
+while { $i <= $MAXi } {
+        spawn $env(SHELL)
+        send -- "firejail --net=eth0\r"
+        expect {
+                timeout {puts "TESTING ERROR 2.1\n";exit}
+                "192.168.1.60" {puts "TESTING ERROR 2.2\n";exit}
+                "192.168.1.200" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.201" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.202" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.203" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.204" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.205" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.206" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.207" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.208" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.209" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.210" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.211" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.212" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.213" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.214" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.215" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.216" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.217" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.218" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.219" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.220" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.221" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.222" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.223" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.224" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.225" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.226" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.227" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.228" {puts "TESTING ERROR 3\n";exit}
+                "192.168.1.229" {puts "TESTING ERROR 3\n";exit}
+                "Child process initialized"
+        }
+        puts "************ $i ******************\n"
+        incr i
+        after 100
+#       sleep 1
+}
+
+puts "\n"
+
diff --git a/test/net_netfilter.exp b/test/net_netfilter.exp
new file mode 100755
index 000000000..8583d4625
--- /dev/null
+++ b/test/net_netfilter.exp
@@ -0,0 +1,88 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# check default netfilter on br0
+send -- "firejail --debug --net=br0 --ip=10.10.20.5 --netfilter\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Installing network filter"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Chain INPUT (policy DROP"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "ACCEPT     all  --  any    any     anywhere"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "ACCEPT     icmp --  any    any     anywhere"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "exit\r"
+sleep 1
+
+# check default netfilter no new network
+send -- "firejail --debug --netfilter\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "Installing network filter" {puts "TESTING ERROR 5.1\n";exit}
+        "Chain INPUT (policy DROP" {puts "TESTING ERROR 5.1\n";exit}
+        "ACCEPT     all  --  any    any     anywhere" {puts "TESTING ERROR 5.1\n";exit}
+        "ACCEPT     icmp --  any    any     anywhere" {puts "TESTING ERROR 5.1\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "exit\r"
+sleep 1
+
+# check file filter netfilter on br0
+send -- "firejail --debug --net=br0 --ip=10.10.20.5 --netfilter=netfilter.filter\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "Installing network filter"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "ping -c 1 -w 3 10.10.20.1\r"
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "0 received, 100% packet loss"
+}
+
+send -- "exit\r"
+sleep 1
+
+# check profile netfilter on br0
+send -- "firejail --debug --net=br0 --ip=10.10.20.5 --profile=netfilter.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "Installing network filter"
+}
+expect {
+        timeout {puts "TESTING ERROR 7.1\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "ping -c 1 -w 3 10.10.20.1\r"
+expect {
+        timeout {puts "TESTING ERROR 7.2\n";exit}
+        "0 received, 100% packet loss"
+}
+
+send -- "exit\r"
+sleep 1
+
+puts "\n"
+
diff --git a/test/net_noip.exp b/test/net_noip.exp
new file mode 100755
index 000000000..3db67885d
--- /dev/null
+++ b/test/net_noip.exp
@@ -0,0 +1,41 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# check ip address
+send -- "firejail --net=br0 --ip=none\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "eth0" {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "bash\r"
+sleep 1
+
+# no default gateway configured
+send -- "netstat -rn;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "0.0.0.0" {puts "TESTING ERROR 3\n";exit}
+        "eth0" {puts "TESTING ERROR 4\n";exit}
+        "home"
+}
+sleep 1
+
+# eth0 configured
+send -- "/sbin/ifconfig;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/net_noip2.exp b/test/net_noip2.exp
new file mode 100755
index 000000000..234aec8a8
--- /dev/null
+++ b/test/net_noip2.exp
@@ -0,0 +1,41 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# check ip address
+send -- "firejail --net=br1 --ip=none --defaultgw=10.10.30.78\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "eth0" {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "bash\r"
+sleep 1
+
+# no default gateway configured
+send -- "netstat -rn;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "0.0.0.0" {puts "TESTING ERROR 3\n";exit}
+        "eth0" {puts "TESTING ERROR 4\n";exit}
+        "home"
+}
+sleep 1
+
+# eth0 configured
+send -- "/sbin/ifconfig;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "eth0"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/net_none.exp b/test/net_none.exp
new file mode 100755
index 000000000..dfa14a211
--- /dev/null
+++ b/test/net_none.exp
@@ -0,0 +1,36 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --net=none\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "eth0" {puts "TESTING ERROR 0.1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+# test default gw
+send -- "bash\r"
+sleep 1
+send -- "netstat -rn; pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "0.0.0.0" {puts "TESTING ERROR 1.1\n";exit}
+        "home"
+}
+sleep 1
+
+# check again devices
+send -- "cat /proc/1/net/dev;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "eth0" {puts "TESTING ERROR 2.1\n";exit}
+        "home"
+}
+sleep 1
+
+
+puts "\n"
diff --git a/test/netfilter.filter b/test/netfilter.filter
new file mode 100644
index 000000000..3e232065c
--- /dev/null
+++ b/test/netfilter.filter
@@ -0,0 +1,6 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -i lo -j ACCEPT
+COMMIT
diff --git a/test/netfilter.profile b/test/netfilter.profile
new file mode 100644
index 000000000..824c6cd0f
--- /dev/null
+++ b/test/netfilter.profile
@@ -0,0 +1 @@
+netfilter netfilter.filter
diff --git a/test/noroot.exp b/test/noroot.exp
new file mode 100755
index 000000000..78991d4a9
--- /dev/null
+++ b/test/noroot.exp
@@ -0,0 +1,124 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --debug --noroot --caps.drop=all --seccomp --cpu=0,1 --name=noroot-sandbox\r"
+expect {
+        timeout {puts "TESTING ERROR 0.1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "cat /proc/self/status\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "0000000000000000"
+}
+
+send -- "cat /proc/self/status\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Cpus_allowed:"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "3"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.2\n";exit}
+        "Cpus_allowed_list:"
+}
+puts "\n"
+
+send -- "cat /proc/self/status\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Seccomp:"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "2"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.2\n";exit}
+        "Cpus_allowed:"
+}
+puts "\n"
+
+send -- "cat /etc/hostname\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "noroot-sandbox"
+}
+puts "\n"
+
+send -- "ping 0\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Operation not permitted"
+}
+puts "\n"
+
+send -- "whoami\r"
+expect {
+        timeout {puts "TESTING ERROR 55\\n";exit}
+        "netblue"
+}
+puts "\n"
+send -- "exit\r"
+sleep 2
+
+
+send -- "firejail --noroot\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "whoami\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "netblue"
+}
+send -- "sudo -s\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
+        "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
+}
+puts "\n"
+send -- "exit\r"
+sleep 2
+
+send -- "firejail --name=test --noroot\r"
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+spawn $env(SHELL)
+send -- "firejail --debug --join=test\r"
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "User namespace detected"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "Joining user namespace"
+}
+sleep 1
+
+send -- "sudo -s\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
+        "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
+}
+puts "\n"
diff --git a/test/opera.exp b/test/opera.exp
new file mode 100755
index 000000000..f536ae866
--- /dev/null
+++ b/test/opera.exp
@@ -0,0 +1,72 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail opera www.gentoo.org\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Reading profile /etc/firejail/opera.profile"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 10
+
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "opera"
+}
+sleep 1
+
+send -- "firejail --name=blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+spawn $env(SHELL)
+send -- "firemon --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        ":firejail opera"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "Seccomp:       0"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "name=blablabla"
+}
+sleep 1
+send -- "firemon --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        ":firejail opera"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "CapBnd:"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "fffffffff"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.3\n";exit}
+        "name=blablabla"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/option-join.exp b/test/option-join.exp
new file mode 100755
index 000000000..ad8ba73e0
--- /dev/null
+++ b/test/option-join.exp
@@ -0,0 +1,43 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --name=svntesting\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 3
+
+spawn $env(SHELL)
+send --  "firejail --join=svntesting;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Switching to pid"
+}
+expect {
+        timeout {puts "TESTING ERROR 2 (join) \n";exit}
+        "@svntesting"
+}
+sleep 1
+
+
+spawn $env(SHELL)
+send --  "firejail --shutdown=svntesting;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "home"
+}
+sleep 1
+
+send --  "firejail --list;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "svntesting" {puts "TESTING ERROR 5\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
diff --git a/test/option-shutdown.exp b/test/option-shutdown.exp
new file mode 100755
index 000000000..260a5b84f
--- /dev/null
+++ b/test/option-shutdown.exp
@@ -0,0 +1,30 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --name=svntesting\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 3
+
+spawn $env(SHELL)
+send --  "firejail --shutdown=svntesting;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "home"
+}
+sleep 1
+
+send --  "firejail --list;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "svntesting" {puts "TESTING ERROR 6\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
diff --git a/test/option-trace.exp b/test/option-trace.exp
new file mode 100755
index 000000000..b8f723fb8
--- /dev/null
+++ b/test/option-trace.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --trace firefox --name=testing\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "command not found" {puts "\nTESTING: not tested, firefox not found\n"; exit}
+        "1:firefox:open" {puts "\n"}
+        "1:iceweasel:open"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "1:firefox:access" {puts "\n"}
+        "1:iceweasel:access"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "1:firefox:connect" {puts "\n"}
+        "1:iceweasel:connect"
+}
+
+sleep 1
+
+puts "\n"
diff --git a/test/option_bind_directory.exp b/test/option_bind_directory.exp
new file mode 100755
index 000000000..1c1acc814
--- /dev/null
+++ b/test/option_bind_directory.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --bind=/tmp/chroot,mntpoint\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "ls mntpoint;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "root"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/option_bind_file.exp b/test/option_bind_file.exp
new file mode 100755
index 000000000..0380b68b5
--- /dev/null
+++ b/test/option_bind_file.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --bind=tmpfile,/etc/passwd\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "cat /etc/passwd;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "hello"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/option_bind_user.exp b/test/option_bind_user.exp
new file mode 100755
index 000000000..9d2d17d7f
--- /dev/null
+++ b/test/option_bind_user.exp
@@ -0,0 +1,15 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --bind=/tmp/chroot,mntpoint\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "bind option is available only if running as root"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/option_blacklist.exp b/test/option_blacklist.exp
new file mode 100755
index 000000000..b80d0cc60
--- /dev/null
+++ b/test/option_blacklist.exp
@@ -0,0 +1,35 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --blacklist=/var\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "ls -l /var;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Permission denied"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "home"
+}
+send -- "cd /var;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Permission denied"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/option_blacklist_file.exp b/test/option_blacklist_file.exp
new file mode 100755
index 000000000..ecdfe3b82
--- /dev/null
+++ b/test/option_blacklist_file.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --blacklist=/etc/passwd\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "cat /etc/passwd;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Permission denied"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/option_chroot_overlay.exp b/test/option_chroot_overlay.exp
new file mode 100755
index 000000000..b39bc0c8e
--- /dev/null
+++ b/test/option_chroot_overlay.exp
@@ -0,0 +1,21 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --chroot=/tmp/chroot --overlay\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "mutually exclusive"
+}
+sleep 1
+
+send --  "firejail --overlay --chroot=/tmp/chroot\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "mutually exclusive"
+}
+sleep 1
+
+puts "\n"
diff --git a/test/option_help.exp b/test/option_help.exp
new file mode 100755
index 000000000..f4518219c
--- /dev/null
+++ b/test/option_help.exp
@@ -0,0 +1,22 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --help\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "License GPL version 2 or later"
+}
+after 100
+
+send -- "firejail -?\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "License GPL version 2 or later"
+}
+after 100
+
+puts "\n"
+
diff --git a/test/option_list.exp b/test/option_list.exp
new file mode 100755
index 000000000..b9c73e52b
--- /dev/null
+++ b/test/option_list.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+after 100
+
+spawn $env(SHELL)
+send -- "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+after 100
+
+spawn $env(SHELL)
+send -- "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        ":firejail"
+}
+after 100
+
+
+puts "\n"
+
diff --git a/test/option_man.exp b/test/option_man.exp
new file mode 100755
index 000000000..d941a2432
--- /dev/null
+++ b/test/option_man.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "man firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Linux namespaces sandbox program"
+}
+after 100
+
+send -- "q\r"
+after 100
+puts "\n"
+
diff --git a/test/option_readonly.exp b/test/option_readonly.exp
new file mode 100755
index 000000000..4abbef617
--- /dev/null
+++ b/test/option_readonly.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --read-only=tmpreadonly\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "touch tmpreadonly;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Read-only file system"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/option_rlimit.exp b/test/option_rlimit.exp
new file mode 100755
index 000000000..17d2bd9d1
--- /dev/null
+++ b/test/option_rlimit.exp
@@ -0,0 +1,36 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --rlimit-fsize=1024 --rlimit-nproc=1000 --rlimit-nofile=500 --rlimit-sigpending=200\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "cat /proc/self/limits; pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "Max file size             1024                 1024"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.2\n";exit}
+        "Max processes             1000                 1000"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.3\n";exit}
+        "Max open files            500                  500"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.4\n";exit}
+        "Max pending signals       200                  200"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.5\n";exit}
+        "home"
+}
+sleep 1
+puts "\n"
diff --git a/test/option_tmpfs.exp b/test/option_tmpfs.exp
new file mode 100755
index 000000000..1ff47ab13
--- /dev/null
+++ b/test/option_tmpfs.exp
@@ -0,0 +1,26 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --tmpfs=/var\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "ls -l /var;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "total 0"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/option_tree.exp b/test/option_tree.exp
new file mode 100755
index 000000000..1841907d1
--- /dev/null
+++ b/test/option_tree.exp
@@ -0,0 +1,60 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+after 100
+
+spawn $env(SHELL)
+send -- "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+after 100
+
+spawn $env(SHELL)
+send -- "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+spawn $env(SHELL)
+send -- "firejail --tree\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        ":/bin/bash"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 4.1\n";exit}
+        ":/bin/bash"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        ":/bin/bash"
+}
+after 100
+
+
+puts "\n"
+
diff --git a/test/option_version.exp b/test/option_version.exp
new file mode 100755
index 000000000..44c0c217f
--- /dev/null
+++ b/test/option_version.exp
@@ -0,0 +1,15 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --version\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "firejail version "
+}
+after 100
+
+puts "\n"
+
diff --git a/test/output.exp b/test/output.exp
new file mode 100755
index 000000000..90a9d64b6
--- /dev/null
+++ b/test/output.exp
@@ -0,0 +1,66 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "rm -f logfile*\r"
+sleep 1
+puts "\n"
+
+send -- "firejail --output=logfile -- ./output.sh\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "20000"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "60000"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.2\n";exit}
+        "100000"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.3\n";exit}
+        "120000"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.4\n";exit}
+        "14999"
+}
+sleep 2
+puts "\n"
+
+
+set timeout 2
+send -- "ls -al logfile*\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "logfile"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "logfile.1"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "logfile.2"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "logfile.3"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "logfile.4"
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "logfile.5"
+}
+sleep 1
+send -- "rm -f logfile*\r"
+sleep 1
+
+puts "\n"
diff --git a/test/output.sh b/test/output.sh
new file mode 100755
index 000000000..2be188e3a
--- /dev/null
+++ b/test/output.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+i="0"
+
+while  [ $i -lt 150000 ]
+do
+        echo message number $i
+        i=$[$i+1]
+done
diff --git a/test/pid.exp b/test/pid.exp
new file mode 100755
index 000000000..0baf3af0e
--- /dev/null
+++ b/test/pid.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+# test processes
+send -- "bash\r"
+sleep 1
+send -- "ps aux; pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "/bin/bash"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "bash"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "ps aux"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "home"
+}
+sleep 1
+
+
+send -- "ps aux |wc -l; pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "5"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
diff --git a/test/private-keep.exp b/test/private-keep.exp
new file mode 100755
index 000000000..cdae12ac3
--- /dev/null
+++ b/test/private-keep.exp
@@ -0,0 +1,66 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --private.keep=.mozilla,.config/firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "ls -al\r"
+expect {
+        timeout {puts "TESTING ERROR 0.1\n";exit}
+        ".config"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.2\n";exit}
+        ".mozilla"
+}
+sleep 1
+
+send -- "find .config\r"
+expect {
+        timeout {puts "TESTING ERROR 0.3\n";exit}
+        ".config"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.4\n";exit}
+        ".config/firejail"
+}
+sleep 1
+puts "\n"
+send -- "exit\r"
+sleep 2
+
+
+send -- "firejail --profile=private-keep.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 1.0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "ls -al\r"
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        ".config"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.2\n";exit}
+        ".mozilla"
+}
+sleep 1
+
+send -- "find .config\r"
+expect {
+        timeout {puts "TESTING ERROR 1.3\n";exit}
+        ".config"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.4\n";exit}
+        ".config/firejail"
+}
diff --git a/test/private-keep.profile b/test/private-keep.profile
new file mode 100644
index 000000000..7f842cc04
--- /dev/null
+++ b/test/private-keep.profile
@@ -0,0 +1 @@
+private.keep .mozilla,.config/firejail
diff --git a/test/private.exp b/test/private.exp
new file mode 100755
index 000000000..e2ae80b33
--- /dev/null
+++ b/test/private.exp
@@ -0,0 +1,95 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+if { $argc != 1 } {
+        puts "TESTING ERROR: argument missing"
+        puts "Usage: private.exp username"
+        puts "where username is the name of the current user"
+        exit
+}
+
+# testing profile and private
+send -- "firejail --private --profile=/etc/firejail/firefox.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "exit\r"
+sleep 1
+
+send -- "firejail --private\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+
+sleep 1
+send -- "ls -al; pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 0.1\n";exit}
+        ".bashrc"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.2\n";exit}
+        [lindex $argv 0]
+}
+send -- "ls -al; pwd\r"
+expect {
+        timeout {
+                # OpenSUSE doesn't use .Xauthority from user home directory
+                send -- "env | grep XAUTHORITY\r"
+
+                expect {
+                        timeout {puts "TESTING ERROR 0.3\n";exit}
+                        "/run/lightdm/netblue/xauthority"
+                }
+        }
+        ".Xauthority"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.4\n";exit}
+        [lindex $argv 0]
+}
+
+
+# testing private only
+send -- "bash\r"
+sleep 1
+# owner /home/netblue
+send -- "ls -l /home;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        [lindex $argv 0]
+}
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        [lindex $argv 0]
+}
+expect {
+        timeout {puts "TESTING ERROR 1.2\n";exit}
+        [lindex $argv 0]
+}
+expect {
+        timeout {puts "TESTING ERROR 1.3\n";exit}
+        "home"
+}
+sleep 1
+
+# owner /tmp
+send -- "stat -c %U%a /tmp;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "root777" {puts "version 1\n";}
+        "root1777" {puts "version 2\n";}
+}
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "home"
+}
+sleep 1
+
+puts "\n"
diff --git a/test/private.profile b/test/private.profile
new file mode 100644
index 000000000..1b947b6f7
--- /dev/null
+++ b/test/private.profile
@@ -0,0 +1 @@
+private ./dirprivate
diff --git a/test/private_dir.exp b/test/private_dir.exp
new file mode 100755
index 000000000..95f89362a
--- /dev/null
+++ b/test/private_dir.exp
@@ -0,0 +1,53 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# testing private
+send -- "firejail --private=./dirprivate\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "ls -al;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 0.1\n";exit}
+        "bashrc"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.2\n";exit}
+        "home"
+}
+send -- "ls -al;pwd\r"
+expect {
+        timeout {
+                # OpenSUSE doesn't use .Xauthority from user home directory
+                send -- "env | grep XAUTHORITY\r"
+
+                expect {
+                        timeout {puts "TESTING ERROR 0.3\n";exit}
+                        "/run/lightdm/netblue/xauthority"
+                }
+        }
+        ".Xauthority"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.4\n";exit}
+        [lindex $argv 0]
+}
+
+send -- "ls -al | wc -l;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "5" {puts "normal system\n";}
+        "4" {puts "OpenSUSE\n";}
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "home"
+}
+
+puts "\n"
diff --git a/test/private_dir_profile.exp b/test/private_dir_profile.exp
new file mode 100755
index 000000000..e6c01798e
--- /dev/null
+++ b/test/private_dir_profile.exp
@@ -0,0 +1,54 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# testing private
+send -- "firejail --profile=private.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "ls -al;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 0.1\n";exit}
+        "bashrc"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.2\n";exit}
+        "home"
+}
+send -- "ls -al;pwd\r"
+expect {
+        timeout {
+                # OpenSUSE doesn't use .Xauthority from user home directory
+                send -- "env | grep XAUTHORITY\r"
+
+                expect {
+                        timeout {puts "TESTING ERROR 0.3\n";exit}
+                        "/run/lightdm/netblue/xauthority"
+                }
+        }
+        ".Xauthority"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.4\n";exit}
+        [lindex $argv 0]
+}
+
+send -- "ls -al | wc -l;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "5" {puts "normal system\n";}
+        "4" {puts "OpenSUSE\n";}
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "home"
+}
+
+puts "\n"
+
diff --git a/test/profile_apps.exp b/test/profile_apps.exp
new file mode 100755
index 000000000..c57b31489
--- /dev/null
+++ b/test/profile_apps.exp
@@ -0,0 +1,48 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# firefox
+send -- "firejail --profile=/etc/firejail/firefox.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "exit\r"
+sleep 1
+
+# iceweasel
+send -- "firejail --profile=/etc/firejail/iceweasel.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "exit\r"
+sleep 1
+
+# evince
+send -- "firejail --profile=/etc/firejail/evince.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "exit\r"
+sleep 1
+
+# midori
+send -- "firejail --profile=/etc/firejail/midori.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Child process initialized"
+}
+sleep 1
+send -- "exit\r"
+sleep 1
+
+
+puts "\n"
diff --git a/test/profile_followlnk.exp b/test/profile_followlnk.exp
new file mode 100755
index 000000000..e2ede2865
--- /dev/null
+++ b/test/profile_followlnk.exp
@@ -0,0 +1,68 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "mkdir /tmp/firejailtestdir\r"
+sleep 1
+send -- "ln -s /tmp/firejailtestdir  /tmp/firejailtestdirlnk\r"
+sleep 1
+send -- "touch /tmp/firejailtestfile\r"
+sleep 1
+send -- "ln -s /tmp/firejailtestfile /tmp/firejailtestfilelnk\r"
+sleep 1
+
+send -- "firejail --profile=readonly-lnk.profile --debug\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+
+# testing private only
+send -- "bash\r"
+sleep 1
+
+
+send -- "ls > /tmp/firejailtestdirlnk/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Read-only file system"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "home"
+}
+sleep 1
+
+send -- "ls > /tmp/firejailtestfilelnk;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Read-only file system"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "home"
+}
+sleep 1
+
+send -- "exit\r"
+sleep 1
+send -- "pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "home"
+}
+sleep 1
+send -- "exit\r"
+sleep 1
+send -- "pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "home"
+}
+sleep 2
+send -- "rm -fr /tmp/firejailtest*\r"
+sleep 1
+
+puts "\n"
diff --git a/test/profile_noperm.exp b/test/profile_noperm.exp
new file mode 100755
index 000000000..b3ed558bc
--- /dev/null
+++ b/test/profile_noperm.exp
@@ -0,0 +1,13 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --profile=/etc/shadow\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "cannot access profile"
+}
+sleep 1
+puts "\n"
diff --git a/test/profile_readonly.exp b/test/profile_readonly.exp
new file mode 100755
index 000000000..046b0d738
--- /dev/null
+++ b/test/profile_readonly.exp
@@ -0,0 +1,64 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "mkdir /tmp/firejailtestdir\r"
+sleep 1
+send -- "touch /tmp/firejailtestfile\r"
+sleep 1
+
+send -- "firejail --profile=readonly.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+
+# testing private only
+send -- "bash\r"
+sleep 1
+
+
+send -- "ls > /tmp/firejailtestdir/ttt;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Read-only file system"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "home"
+}
+sleep 1
+
+send -- "ls > /tmp/firejailtestfile;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Read-only file system"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "home"
+}
+sleep 1
+
+send -- "exit\r"
+sleep 1
+send -- "pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "home"
+}
+sleep 1
+send -- "exit\r"
+sleep 1
+send -- "pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "home"
+}
+sleep 2
+send -- "rm -fr /tmp/firejailtest*\r"
+sleep 1
+
+puts "\n"
diff --git a/test/profile_rlimit.exp b/test/profile_rlimit.exp
new file mode 100755
index 000000000..7d2637444
--- /dev/null
+++ b/test/profile_rlimit.exp
@@ -0,0 +1,36 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --profile=rlimit.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "cat /proc/self/limits; pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "Max file size             1024                 1024"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.2\n";exit}
+        "Max processes             1000                 1000"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.3\n";exit}
+        "Max open files            500                  500"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.4\n";exit}
+        "Max pending signals       200                  200"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.5\n";exit}
+        "home"
+}
+sleep 1
+puts "\n"
diff --git a/test/profile_syntax.exp b/test/profile_syntax.exp
new file mode 100755
index 000000000..3218177c3
--- /dev/null
+++ b/test/profile_syntax.exp
@@ -0,0 +1,69 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --profile=test.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+
+sleep 2
+send -- "ls /sbin\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "cannot open"
+}
+
+sleep 1
+send -- "ls /usr/sbin\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "cannot open"
+}
+
+sleep 1
+send -- "ls -l /etc/shadow\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "root root 0"
+}
+
+sleep 1
+send -- "rmdir;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Permission denied"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "home"
+}
+
+sleep 1
+send -- "mount;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "Permission denied"
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "home"
+}
+
+sleep 1
+send -- "umount;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "Permission denied"
+}
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "home"
+}
+send -- "exit\r"
+
+sleep 1
+puts "\n"
diff --git a/test/profile_syntax2.exp b/test/profile_syntax2.exp
new file mode 100755
index 000000000..cd514aa0e
--- /dev/null
+++ b/test/profile_syntax2.exp
@@ -0,0 +1,47 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --debug --profile=test2.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Reading profile test2.profile"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Reading profile test.profile"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Disable /bin/rmdir" {puts "Most Linux platforms\n"}
+        "Disable /usr/bin/rmdir" { puts "OpenSUSE platform\n"}
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "Mounting a new /home directory"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Drop CAP_SYS_MODULE"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "Initialize seccomp filter"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "Blacklisting syscall"
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "mount"
+}
+expect {
+        timeout {puts "TESTING ERROR 8\n";exit}
+        "Child process initialized"
+}
+
+sleep 1
+puts "\n"
diff --git a/test/profile_tmpfs.exp b/test/profile_tmpfs.exp
new file mode 100755
index 000000000..a2faa32f7
--- /dev/null
+++ b/test/profile_tmpfs.exp
@@ -0,0 +1,37 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "mkdir /tmp/firejailtestdir\r"
+sleep 1
+send -- "ls > /tmp/firejailtestdir/tmpfile\r"
+sleep 1
+
+send -- "firejail --profile=tmpfs.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+
+# testing private only
+send -- "bash\r"
+sleep 1
+
+send -- "ls -l /tmp/firejailtestdir;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "tmpfile" {puts "TESTING ERROR 1\n";exit}
+        "home"
+}
+sleep 1
+send -- "exit\r"
+sleep 1
+send -- "exit\r"
+sleep 1
+send -- "rm -fr  /tmp/firejailtestdir\r"
+
+sleep 1
+
+puts "\n"
diff --git a/test/readonly-lnk.profile b/test/readonly-lnk.profile
new file mode 100644
index 000000000..71ffb1a26
--- /dev/null
+++ b/test/readonly-lnk.profile
@@ -0,0 +1,2 @@
+read-only /tmp/firejailtestdirlnk
+read-only /tmp/firejailtestfilelnk
diff --git a/test/readonly.profile b/test/readonly.profile
new file mode 100644
index 000000000..55d89e3d7
--- /dev/null
+++ b/test/readonly.profile
@@ -0,0 +1,2 @@
+read-only /tmp/firejailtestdir
+read-only /tmp/firejailtestfile
\ No newline at end of file
diff --git a/test/rlimit.profile b/test/rlimit.profile
new file mode 100644
index 000000000..271891c03
--- /dev/null
+++ b/test/rlimit.profile
@@ -0,0 +1,4 @@
+  rlimit-fsize 1024
+rlimit-nproc 1000
+        rlimit-nofile   500
+rlimit-sigpending       200
\ No newline at end of file
diff --git a/test/seccomp-bad-empty.exp b/test/seccomp-bad-empty.exp
new file mode 100755
index 000000000..53b5c2e21
--- /dev/null
+++ b/test/seccomp-bad-empty.exp
@@ -0,0 +1,38 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --seccomp=\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Error: empty syscall lists are not allowed"
+}
+
+send --  "firejail --seccomp.drop=\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Error: empty syscall lists are not allowed"
+}
+
+send --  "firejail --seccomp.keep=\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Error: empty syscall lists are not allowed"
+}
+
+send --  "firejail --profile=seccomp-bad-empty.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "Error: line 1 in the custom profile is invalid"
+}
+
+send --  "firejail --profile=seccomp-bad-empty2.profile\r"
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "Error: line 1 in the custom profile is invalid"
+}
+sleep 1
+puts "\n"
+
diff --git a/test/seccomp-bad-empty.profile b/test/seccomp-bad-empty.profile
new file mode 100644
index 000000000..2d4fcde7c
--- /dev/null
+++ b/test/seccomp-bad-empty.profile
@@ -0,0 +1 @@
+seccomp.drop
diff --git a/test/seccomp-bad-empty2.profile b/test/seccomp-bad-empty2.profile
new file mode 100644
index 000000000..c4e6c9f74
--- /dev/null
+++ b/test/seccomp-bad-empty2.profile
@@ -0,0 +1 @@
+seccomp.keep
diff --git a/test/seccomp-chmod-profile.exp b/test/seccomp-chmod-profile.exp
new file mode 100755
index 000000000..098328cea
--- /dev/null
+++ b/test/seccomp-chmod-profile.exp
@@ -0,0 +1,46 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --profile=seccomp.profile --private\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+send -- "touch testfile;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "/root" {puts "running as root"}
+        "/home"
+}
+
+send -- "ls -l testfile;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "testfile"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "/root" {puts "running as root"}
+        "/home"
+}
+
+send -- "chmod +x testfile;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Bad system call"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "/root" {puts "running as root"}
+        "/home"
+}
+
+
+send -- "exit\r"
+sleep 1
+puts "\n"
diff --git a/test/seccomp-chmod.exp b/test/seccomp-chmod.exp
new file mode 100755
index 000000000..b4a213206
--- /dev/null
+++ b/test/seccomp-chmod.exp
@@ -0,0 +1,46 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --seccomp=chmod,fchmod,fchmodat --private\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+send -- "touch testfile;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "/root" {puts "running as root"}
+        "/home"
+}
+
+send -- "ls -l testfile;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "testfile"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "/root" {puts "running as root"}
+        "/home"
+}
+
+send -- "chmod +x testfile;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Bad system call"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "/root" {puts "running as root"}
+        "/home"
+}
+
+
+send -- "exit\r"
+sleep 1
+puts "\n"
diff --git a/test/seccomp-chown.exp b/test/seccomp-chown.exp
new file mode 100755
index 000000000..69b896700
--- /dev/null
+++ b/test/seccomp-chown.exp
@@ -0,0 +1,46 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --seccomp=chown,fchown,fchownat,lchown --private\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+send -- "touch testfile;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "/root" {puts "running as root"}
+        "/home"
+}
+
+send -- "ls -l testfile;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "testfile"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "/root" {puts "running as root"}
+        "/home"
+}
+
+send -- "chown netblue:netblue testfile;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Bad system call"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "/root" {puts "running as root"}
+        "/home"
+}
+
+
+send -- "exit\r"
+sleep 1
+puts "\n"
diff --git a/test/seccomp-debug.exp b/test/seccomp-debug.exp
new file mode 100755
index 000000000..a7b89912a
--- /dev/null
+++ b/test/seccomp-debug.exp
@@ -0,0 +1,32 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --seccomp --debug\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Blacklisting syscall"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "open_by_handle_at"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "BLACKLIST"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "open_by_handle_at"
+}
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+send -- "exit\r"
+sleep 1
+puts "\n"
diff --git a/test/seccomp-empty.exp b/test/seccomp-empty.exp
new file mode 100755
index 000000000..11abf2e00
--- /dev/null
+++ b/test/seccomp-empty.exp
@@ -0,0 +1,145 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --debug --seccomp=chmod,fchmod,fchmodat --private\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "VALIDATE_ARCHITECTURE"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.1\n";exit}
+        "mount"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.2\n";exit}
+        "ptrace"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.3\n";exit}
+        "chmod"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.4\n";exit}
+        "fchmod"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.5\n";exit}
+        "fchmodat"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.6\n";exit}
+        "RETURN_ALLOW"
+}
+expect {
+        timeout {puts "TESTING ERROR 0.7\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "exit\r"
+sleep 3
+puts "\n"
+
+send --  "firejail --debug --seccomp.drop=chmod,fchmod,fchmodat --private\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "VALIDATE_ARCHITECTURE"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "mount" {puts "TESTING ERROR 1.2\n";exit}
+        "ptrace" {puts "TESTING ERROR 1.3\n";exit}
+        "chmod"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.4\n";exit}
+        "fchmod"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.5\n";exit}
+        "fchmodat"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.6\n";exit}
+        "RETURN_ALLOW"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.7\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "exit\r"
+puts "\n"
+
+sleep 2
+send --  "firejail --debug --profile=seccomp.profile --private\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "VALIDATE_ARCHITECTURE"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "mount"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.2\n";exit}
+        "ptrace"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.3\n";exit}
+        "chmod"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.4\n";exit}
+        "fchmod"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.5\n";exit}
+        "fchmodat"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.6\n";exit}
+        "RETURN_ALLOW"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.7\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "exit\r"
+sleep 3
+puts "\n"
+
+send --  "firejail --debug --profile=seccomp-empty.profile --private\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "VALIDATE_ARCHITECTURE"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "mount" {puts "TESTING ERROR 3.2\n";exit}
+        "ptrace" {puts "TESTING ERROR 3.3\n";exit}
+        "chmod"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.4\n";exit}
+        "fchmod"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.5\n";exit}
+        "fchmodat"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.6\n";exit}
+        "RETURN_ALLOW"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.7\n";exit}
+        "Child process initialized"
+}
+sleep 2
+send -- "exit\r"
+puts "\n"
+
diff --git a/test/seccomp-empty.profile b/test/seccomp-empty.profile
new file mode 100644
index 000000000..8f71f55a5
--- /dev/null
+++ b/test/seccomp-empty.profile
@@ -0,0 +1 @@
+seccomp.drop chmod,fchmod,fchmodat
diff --git a/test/seccomp-ptrace.exp b/test/seccomp-ptrace.exp
new file mode 100755
index 000000000..c5411c249
--- /dev/null
+++ b/test/seccomp-ptrace.exp
@@ -0,0 +1,23 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+send -- "strace ls\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Bad system call" {puts "version 1\n";}
+        " unexpected signal 31" {puts "version 2\n"}
+}
+
+send -- "exit\r"
+sleep 1
+puts "\n"
diff --git a/test/seccomp-su.exp b/test/seccomp-su.exp
new file mode 100755
index 000000000..dca6f15ee
--- /dev/null
+++ b/test/seccomp-su.exp
@@ -0,0 +1,34 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+send -- "sudo su -\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "effective uid is not 0"
+}
+
+send -- "sudo ls\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "effective uid is not 0"
+}
+
+send -- "ping google.com\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Operation not permitted"
+}
+
+send -- "exit\r"
+sleep 1
+puts "\n"
diff --git a/test/seccomp-umount.exp b/test/seccomp-umount.exp
new file mode 100755
index 000000000..e037d3264
--- /dev/null
+++ b/test/seccomp-umount.exp
@@ -0,0 +1,28 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "sudo ls; sudo whoami; sudo pwd\r"
+expect {
+        timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit}
+        "root"
+}
+
+send --  "firejail --net=br0 --ip=10.10.20.5 --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+send -- "umount /proc\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Bad system call"
+}
+
+send -- "exit\r"
+sleep 1
+puts "\n"
diff --git a/test/seccomp.profile b/test/seccomp.profile
new file mode 100644
index 000000000..cb0b15aee
--- /dev/null
+++ b/test/seccomp.profile
@@ -0,0 +1 @@
+seccomp chmod,fchmod,fchmodat
diff --git a/test/servers.exp b/test/servers.exp
new file mode 100755
index 000000000..a36814a69
--- /dev/null
+++ b/test/servers.exp
@@ -0,0 +1,40 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "sudo ls; sudo whoami; sudo pwd\r"
+expect {
+        timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit}
+        "root"
+}
+
+send --  "firejail --net=br0 --ip=10.10.20.5 --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+
+send -- "/etc/init.d/rsyslog start;sleep 1;/etc/init.d/ssh start;sleep 1;/etc/init.d/nginx start\r"
+sleep 3
+
+send -- "ps aux; pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "rsyslogd"
+}
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "sshd"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "nginx"
+}
+
+send -- "exit\r"
+sleep 1
+puts "\n"
diff --git a/test/servers2.exp b/test/servers2.exp
new file mode 100755
index 000000000..28bcae207
--- /dev/null
+++ b/test/servers2.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "sudo ls; sudo whoami; sudo pwd\r"
+expect {
+        timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit}
+        "root"
+}
+
+send --  "firejail --net=br0 --ip=10.10.20.5--seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+send -- "/etc/init.d/snmpd start"
+sleep 2
+
+send -- "ps aux; pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "snmpd"
+}
+
+send -- "exit\r"
+sleep 1
+puts "\n"
diff --git a/test/servers3.exp b/test/servers3.exp
new file mode 100755
index 000000000..f23ffba46
--- /dev/null
+++ b/test/servers3.exp
@@ -0,0 +1,31 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "sudo ls; sudo whoami; sudo pwd\r"
+expect {
+        timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit}
+        "root"
+}
+
+send --  "firejail --net=br0 --ip=10.10.20.5 --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+send -- "/etc/init.d/apache2 start\r"
+sleep 2
+
+send -- "ps aux; pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "apache"
+}
+
+send -- "exit\r"
+sleep 1
+puts "\n"
diff --git a/test/servers4.exp b/test/servers4.exp
new file mode 100755
index 000000000..9feeecf61
--- /dev/null
+++ b/test/servers4.exp
@@ -0,0 +1,32 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "sudo ls; sudo whoami; sudo pwd\r"
+expect {
+        timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit}
+        "root"
+}
+
+send --  "firejail --net=br0 --ip=10.10.20.5 --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+send -- "/etc/init.d/isc-dhcp-server start\r"
+sleep 5
+
+
+send -- "ps aux; pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "dhcpd"
+}
+
+send -- "exit\r"
+sleep 1
+puts "\n"
diff --git a/test/shell_csh.exp b/test/shell_csh.exp
new file mode 100755
index 000000000..8fa1ef166
--- /dev/null
+++ b/test/shell_csh.exp
@@ -0,0 +1,40 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --private --csh\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "ls -al;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        ".cshrc"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "home"
+}
+send -- "env | grep SHELL;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "SHELL"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "/bin/csh"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.2\n";exit}
+        "home"
+}
+send -- "exit\r"
+sleep 1
+
+puts "\n"
+
diff --git a/test/shell_dash.exp b/test/shell_dash.exp
new file mode 100755
index 000000000..298b65a0d
--- /dev/null
+++ b/test/shell_dash.exp
@@ -0,0 +1,41 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --private --shell=/bin/dash\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+#send -- "ls -al;pwd\r"
+#expect {
+#       timeout {puts "TESTING ERROR 1\n";exit}
+#       ".zshrc"
+#}
+#expect {
+#       timeout {puts "TESTING ERROR 1.1\n";exit}
+#       "home"
+#}
+
+send -- "env | grep SHELL;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "SHELL"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "/bin/dash"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.2\n";exit}
+        "home"
+}
+send -- "exit\r"
+sleep 1
+
+puts "\n"
+
diff --git a/test/shell_zsh.exp b/test/shell_zsh.exp
new file mode 100755
index 000000000..79cd78a3e
--- /dev/null
+++ b/test/shell_zsh.exp
@@ -0,0 +1,40 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --private --zsh\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "ls -al;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        ".zshrc"
+}
+expect {
+        timeout {puts "TESTING ERROR 1.1\n";exit}
+        "home"
+}
+send -- "env | grep SHELL;pwd\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "SHELL"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.1\n";exit}
+        "/usr/bin/zsh"
+}
+expect {
+        timeout {puts "TESTING ERROR 2.2\n";exit}
+        "home"
+}
+send -- "exit\r"
+sleep 1
+
+puts "\n"
+
diff --git a/test/sysrq-trigger.exp b/test/sysrq-trigger.exp
new file mode 100755
index 000000000..18fb4a01a
--- /dev/null
+++ b/test/sysrq-trigger.exp
@@ -0,0 +1,21 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+
+send -- "echo b > /proc/sysrq-trigger\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Read-only file system"
+}
+sleep 1
+
+puts "\n"
diff --git a/test/test-nonet.sh b/test/test-nonet.sh
new file mode 100755
index 000000000..3df8b2d4e
--- /dev/null
+++ b/test/test-nonet.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+echo "TESTING: version"
+./option_version.exp
+
+echo "TESTING: help"
+./option_help.exp
+
+echo "TESTING: man"
+./option_man.exp
+
+echo "TESTING: list"
+./option_list.exp
+
+echo "TESTING: PID"
+./pid.exp
+
+echo "TESTING: profile no permissions"
+./profile_noperm.exp
+
+echo "TESTING: profile syntax"
+./profile_syntax.exp
+
+echo "TESTING: profile read-only"
+./profile_readonly.exp
+
+echo "TESTING: profile tmpfs"
+./profile_tmpfs.exp
+
+echo "TESTING: private"
+./private.exp `whoami`
+
+echo "TESTING: read/write /var/tmp"
+./fs_var_tmp.exp
+
+echo "TESTING: read/write /var/run"
+./fs_var_run.exp
+
+echo "TESTING: read/write /var/lock"
+./fs_var_lock.exp
+
+echo "TESTING: read/write /dev/shm"
+./fs_dev_shm.exp
+
diff --git a/test/test-root.sh b/test/test-root.sh
new file mode 100755
index 000000000..cd607b75b
--- /dev/null
+++ b/test/test-root.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+
+./chk_config.exp
+
+echo "TESTING: servers rsyslogd, sshd, nginx"
+./servers.exp
+
+if [ -f /etc/init.d/snmpd ]
+then
+        echo "TESTING: servers snmpd"
+        ./servers2.exp
+fi
+
+if [ -f /etc/init.d/apache2 ]
+then
+        echo "TESTING: servers apache2"
+        ./servers3.exp
+fi
+
+if [ -f /etc/init.d/isc-dhcp-server ]
+then
+        echo "TESTING: servers isc dhcp server"
+        ./servers4.exp
+fi
+
+echo "TESTING: /proc/sysrq-trigger reset disabled"
+./sysrq-trigger.exp
+
+echo "TESTING: seccomp umount"
+./seccomp-umount.exp
+
+echo "TESTING: seccomp chmod (seccomp lists)"
+./seccomp-chmod.exp
+
+echo "TESTING: seccomp chown (seccomp lists)"
+./seccomp-chown.exp
+
+echo "TESTING: bind directory"
+./option_bind_directory.exp
+
+echo "TESTING: bind file"
+echo hello > tmpfile
+./option_bind_file.exp
+rm -f tmpfile
+
+echo "TESTING: chroot"
+./fs_chroot.exp
+
+echo "TESTING: firemon --interface"
+./firemon-interface.exp
+
+if [ -f /sys/fs/cgroup/g1/tasks ]
+then
+        echo "TESTING: firemon --cgroup"
+        ./firemon-cgroup.exp
+fi
diff --git a/test/test.profile b/test/test.profile
new file mode 100644
index 000000000..716419fd0
--- /dev/null
+++ b/test/test.profile
@@ -0,0 +1,6 @@
+   blacklist /sbin
+blacklist /usr/sbin
+blacklist                /etc/shadow
+        blacklist               /bin/rmdir
+blacklist ${PATH}/umount
+blacklist ${PATH}/mount
diff --git a/test/test.rv b/test/test.rv
new file mode 100644
index 000000000..98a04fba2
--- /dev/null
+++ b/test/test.rv
@@ -0,0 +1,49 @@
+# run it as:
+#     ../src/tools/rvtest test.rv 2>/dev/null | grep TESTING
+#
+
+
+# invalid options
+1 firejail -blablabla
+1 firejail --blablabla
+1 firejail --debug --blablabla
+
+# misc options
+0 firejail --help
+0 firejail --list
+
+# network testing
+0 firejail --net=none exit
+1 firejail --ip=none --net=none exit # noip requires at least one network
+0 firejail --net=br0 exit
+1 firejail --net=none --net=br0 exit # --net and --net=none are mutually exclusive
+1 firejail --ip=none exit # noip requires at least one network
+1 firejail --defaultgw=10.10.20.1 # no bridge configured
+0 firejail --net=br0 --ip=10.10.20.6 exit
+1 firejail --net=br0 --ip=192.168.5.6 exit # interface range
+1 firejail --net=br0 --ip=10.10 # bad ip
+1 firejail --net=br0 --ip=asdf   #bad ip
+1 firejail --ip=asdf  # no bridge configured
+0 firejail --net=br0 --defaultgw=10.10.20.1 exit
+1 firejail --net=br0 --defaultgw=10.10.20 exit # invalid ip address
+1 firejail --net=br0 --defaultgw=asdf exit # invalid ip address
+0 firejail --net=br0 --ip=10.10.20.2 --defaultgw=10.10.20.1 exit
+0 firejail --net=br0 --net=br1 --net=br2 --net=br3 exit
+1 firejail --net
+1 firejail --net=
+1 firejail --net=bingo
+1 firejail --net=loopback
+1 firejail --net=lo     #invalid network device
+1 firejail --net=/br0 exit
+1 firejail --net=br0 --net=br1 --net=br2 --net=br3 --net=br4 exit # only 4 networks allowed
+0 firejail --net=eth0 exit
+1 firejail --net=/dev/eth0 exit
+1 firejail --net=br0 --net=br1 --net=/dev/eth0 exit
+0 firejail --net=br0 --net=br0 exit # same device twice
+0 firejail --net=eth0 --net=br2 --net=br3 --net=eth0 exit # same device twice
+0 firejail --net=eth0 --net=br0 exit
+
+# private mode
+0 firejail --private exit
+1 firejail --private=/etc sleep 1
+1 firejail --private=bingo sleep 1
diff --git a/test/test.sh b/test/test.sh
new file mode 100755
index 000000000..5fe01eb2a
--- /dev/null
+++ b/test/test.sh
@@ -0,0 +1,329 @@
+#!/bin/bash
+
+./chk_config.exp
+
+./fscheck.sh
+
+echo "TESTING: version"
+./option_version.exp
+
+echo "TESTING: help"
+./option_help.exp
+
+echo "TESTING: man"
+./option_man.exp
+
+echo "TESTING: list"
+./option_list.exp
+
+echo "TESTING: tree"
+./option_tree.exp
+
+if [ -f /proc/self/uid_map ];
+then
+        echo "TESTING: noroot"
+        ./noroot.exp
+else
+        echo "TESTING: user namespaces not available"
+fi
+
+echo "TESTING: doubledash"
+mkdir -- -testdir
+touch -- -testdir/ttt
+cp -- /bin/bash -testdir/.
+./doubledash.exp
+rm -fr -- -testdir
+
+echo "TESTING: trace1"
+./option-trace.exp
+
+echo "TESTING: trace2"
+rm -f index.html*
+./trace.exp
+rm -f index.html*
+
+echo "TESTING: extract command"
+./extract_command.exp
+
+echo "TESTING: rlimit"
+./option_rlimit.exp
+
+echo "TESTING: shutdown"
+./option-shutdown.exp
+
+echo "TESTING: join"
+./option-join.exp
+
+echo "TESTING: firejail in firejail"
+./firejail-in-firejail.exp
+
+echo "TESTING: chroot overlay"
+./option_chroot_overlay.exp
+
+echo "TESTING: tmpfs"
+./option_tmpfs.exp
+
+echo "TESTING: blacklist directory"
+./option_blacklist.exp
+
+echo "TESTING: blacklist file"
+./option_blacklist_file.exp
+
+echo "TESTING: bind as user"
+./option_bind_user.exp
+
+if [ -d /home/bingo ];
+then
+        echo "TESTING: home sanitize"
+        ./option_version.exp
+fi
+
+echo "TESTING: chroot as user"
+./fs_chroot.exp
+
+echo "TESTING: /sys"
+./fs_sys.exp
+
+echo "TESTING: readonly"
+ls -al > tmpreadonly
+./option_readonly.exp
+sleep 5
+rm -f tmpreadonly
+
+echo "TESTING: name"
+./name.exp
+
+echo "TESTING: zsh"
+./shell_zsh.exp
+
+echo "TESTING: csh"
+./shell_csh.exp
+
+which dash
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: dash"
+        ./shell_dash.exp
+else
+        echo "TESTING: dash not found"
+fi
+
+which firefox
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: firefox"
+        ./firefox.exp
+else
+        echo "TESTING: firefox not found"
+fi
+
+which midori
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: midori"
+        ./midori.exp
+else
+        echo "TESTING: midori not found"
+fi
+
+which chromium-browser
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: chromium"
+        ./chromium.exp
+else
+        echo "TESTING: chromium not found"
+fi
+
+which opera
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: opera"
+        ./opera.exp
+else
+        echo "TESTING: opera not found"
+fi
+
+which transmission-gtk
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: transmission-gtk"
+        ./transmission-gtk.exp
+else
+        echo "TESTING: transmission-gtk not found"
+fi
+
+which transmission-qt
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: transmission-qt"
+        ./transmission-qt.exp
+else
+        echo "TESTING: transmission-qt not found"
+fi
+
+which evince
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: evince"
+        ./evince.exp
+else
+        echo "TESTING: evince not found"
+fi
+
+echo "TESTING: PID"
+./pid.exp
+
+echo "TESTING: output"
+./output.exp
+
+echo "TESTING: profile no permissions"
+./profile_noperm.exp
+
+echo "TESTING: profile syntax"
+./profile_syntax.exp
+
+echo "TESTING: profile syntax 2"
+./profile_syntax2.exp
+
+echo "TESTING: profile rlimit"
+./profile_rlimit.exp
+
+echo "TESTING: profile read-only"
+./profile_readonly.exp
+
+echo "TESTING: profile tmpfs"
+./profile_tmpfs.exp
+
+echo "TESTING: profile applications"
+./profile_apps.exp
+
+echo "TESTING: private"
+./private.exp `whoami`
+
+echo "TESTING: private directory"
+rm -fr dirprivate
+mkdir dirprivate
+./private_dir.exp
+rm -fr dirprivate
+
+echo "TESTING: private directory profile"
+rm -fr dirprivate
+mkdir dirprivate
+./private_dir_profile.exp
+rm -fr dirprivate
+
+echo "TESTING: private keep"
+./private-keep.exp
+
+uname -r | grep "3.18"
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: overlayfs on 3.18 kernel"
+        ./fs_overlay.exp
+fi
+
+grep "openSUSE" /etc/os-release
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: overlayfs"
+        ./fs_overlay.exp
+fi
+
+grep "Ubuntu" /etc/os-release
+if [ "$?" -eq 0 ];
+then
+        echo "TESTING: overlayfs"
+        ./fs_overlay.exp
+fi
+
+echo "TESTING: seccomp debug"
+./seccomp-debug.exp
+
+echo "TESTING: seccomp su"
+./seccomp-su.exp
+
+echo "TESTING: seccomp ptrace"
+./seccomp-ptrace.exp
+
+echo "TESTING: seccomp chmod (seccomp lists)"
+./seccomp-chmod.exp
+
+echo "TESTING: seccomp chmod profile (seccomp lists)"
+./seccomp-chmod-profile.exp
+
+echo "TESTING: seccomp empty"
+./seccomp-empty.exp
+
+echo "TESTING: seccomp bad empty"
+./seccomp-bad-empty.exp
+
+echo "TESTING: read/write /var/tmp"
+./fs_var_tmp.exp
+
+echo "TESTING: read/write /var/lock"
+./fs_var_lock.exp
+
+echo "TESTING: read/write /dev/shm"
+./fs_dev_shm.exp
+
+echo "TESTING: local network"
+./net_local.exp
+
+echo "TESTING: no network"
+./net_none.exp
+
+echo "TESTING: network IP"
+./net_ip.exp
+
+echo "TESTING: network MAC"
+./net_mac.exp
+
+echo "TESTING: network bad IP"
+./net_badip.exp
+
+echo "TESTING: network no IP test 1"
+./net_noip.exp
+
+echo "TESTING: network no IP test 2"
+./net_noip2.exp
+
+echo "TESTING: network default gateway test 1"
+./net_defaultgw.exp
+
+echo "TESTING: network default gateway test 2"
+./net_defaultgw2.exp
+
+echo "TESTING: network default gateway test 3"
+./net_defaultgw3.exp
+
+echo "TESTING: netfilter"
+./net_netfilter.exp
+
+echo "TESTING: 4 bridges ARP"
+./4bridges_arp.exp
+
+echo "TESTING: 4 bridges IP"
+./4bridges_ip.exp
+
+echo "TESTING: login SSH"
+./login_ssh.exp
+
+echo "TESTING: ARP"
+./net_arp.exp
+
+echo "TESTING: DNS"
+./dns.exp
+
+echo "TESTING: firemon --arp"
+./firemon-arp.exp
+
+echo "TESTING: firemon --route"
+./firemon-route.exp
+
+echo "TESTING: firemon --seccomp"
+./firemon-seccomp.exp
+
+echo "TESTING: firemon --caps"
+./firemon-caps.exp
+
diff --git a/test/test2.profile b/test/test2.profile
new file mode 100644
index 000000000..d7e1a1f21
--- /dev/null
+++ b/test/test2.profile
@@ -0,0 +1,4 @@
+caps    
+seccomp 
+  private   
+  include test.profile
diff --git a/test/tmpfs.profile b/test/tmpfs.profile
new file mode 100644
index 000000000..0680f4d69
--- /dev/null
+++ b/test/tmpfs.profile
@@ -0,0 +1 @@
+tmpfs /tmp/firejailtestdir
\ No newline at end of file
diff --git a/test/trace.exp b/test/trace.exp
new file mode 100755
index 000000000..bca3ac3b3
--- /dev/null
+++ b/test/trace.exp
@@ -0,0 +1,95 @@
+#!/usr/bin/expect -f
+
+set timeout 30
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --trace mkdir ttt\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "1:mkdir:mkdir ttt"
+}
+sleep 1
+
+send -- "firejail --trace rmdir ttt\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Child process initialized"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        "1:rmdir:rmdir ttt"
+}
+sleep 1
+
+send -- "firejail --trace touch ttt\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        "1:touch:open ttt" {puts "OK\n";}
+        "1:touch:open64 ttt" {puts "OK\n";}
+}
+sleep 1
+
+send -- "firejail --trace rm ttt\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        "Child process initialized"
+}
+expect {
+        timeout {puts "TESTING ERROR 7\n";exit}
+        "1:rm:unlinkat ttt"
+}
+sleep 1
+
+send -- "firejail --trace wget -q debian.org\r"
+expect {
+        timeout {puts "TESTING ERROR 8.1\n";exit}
+        "Child process initialized"
+}
+expect {
+        timeout {puts "TESTING ERROR 8.2\n";exit}
+        "1:bash:open /dev/tty" {puts "OK\n";}
+        "1:bash:open64 /dev/tty" {puts "OK\n";}
+}
+expect {
+        timeout {puts "TESTING ERROR 8.3\n";exit}
+        "1:wget:fopen64 /etc/wgetrc" {puts "OK\n";}
+        "1:wget:fopen /etc/wgetrc"  {puts "OK\n";}
+}
+expect {
+        timeout {puts "TESTING ERROR 8.4\n";exit}
+        "1:wget:fopen /etc/hosts"
+}
+expect {
+        timeout {puts "TESTING ERROR 8.5\n";exit}
+        "1:wget:connect"
+}
+expect {
+        timeout {puts "TESTING ERROR 8.6\n";exit}
+        "1:wget:fopen64 index.html" {puts "OK\n";}
+        "1:wget:fopen index.html" {puts "OK\n";}
+}
+sleep 1
+
+send -- "firejail --trace rm index.html\r"
+expect {
+        timeout {puts "TESTING ERROR 9\n";exit}
+        "Child process initialized"
+}
+expect {
+        timeout {puts "TESTING ERROR 10\n";exit}
+        "1:rm:unlinkat index.html"
+}
+sleep 1
+
+
+puts "\n"
+
diff --git a/test/transmission-gtk.exp b/test/transmission-gtk.exp
new file mode 100755
index 000000000..7760ae3ad
--- /dev/null
+++ b/test/transmission-gtk.exp
@@ -0,0 +1,68 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail transmission-gtk\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 10
+
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "transmission-gtk"
+}
+sleep 1
+
+send -- "firejail --name=blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+spawn $env(SHELL)
+send -- "firemon --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        ":firejail transmission-gtk"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
+        "Seccomp:       2"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "name=blablabla"
+}
+sleep 1
+send -- "firemon --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        ":firejail transmission-gtk"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "CapBnd"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "0000000000000000"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.3\n";exit}
+        "name=blablabla"
+}
+sleep 1
+
+puts "\n"
+
diff --git a/test/transmission-qt.exp b/test/transmission-qt.exp
new file mode 100755
index 000000000..85457aeb8
--- /dev/null
+++ b/test/transmission-qt.exp
@@ -0,0 +1,72 @@
+#!/usr/bin/expect -f
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail transmission-qt\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Reading profile /etc/firejail/transmission-qt.profile"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Child process initialized"
+}
+sleep 10
+
+spawn $env(SHELL)
+send -- "firejail --list\r"
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ":firejail"
+}
+expect {
+        timeout {puts "TESTING ERROR 3.1\n";exit}
+        "transmission-qt"
+}
+sleep 1
+
+send -- "firejail --name=blablabla\r"
+expect {
+        timeout {puts "TESTING ERROR 4\n";exit}
+        "Child process initialized"
+}
+sleep 2
+
+spawn $env(SHELL)
+send -- "firemon --seccomp\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        ":firejail transmission-qt"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit}
+        "Seccomp:       2"
+}
+expect {
+        timeout {puts "TESTING ERROR 5.1\n";exit}
+        "name=blablabla"
+}
+sleep 1
+send -- "firemon --caps\r"
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        ":firejail transmission-qt"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.1\n";exit}
+        "CapBnd"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.2\n";exit}
+        "0000000000000000"
+}
+expect {
+        timeout {puts "TESTING ERROR 6.3\n";exit}
+        "name=blablabla"
+}
+sleep 1
+
+puts "\n"
+