diff options
Diffstat (limited to 'test')
-rwxr-xr-x | test/chromium.exp | 10 | ||||
-rwxr-xr-x | test/fscheck-shell.exp | 14 | ||||
-rwxr-xr-x | test/private-bin.exp | 71 | ||||
-rw-r--r-- | test/private-bin.profile | 1 | ||||
-rwxr-xr-x | test/test.sh | 12 |
5 files changed, 93 insertions, 15 deletions
diff --git a/test/chromium.exp b/test/chromium.exp index 020826f3d..77325d070 100755 --- a/test/chromium.exp +++ b/test/chromium.exp | |||
@@ -4,10 +4,10 @@ set timeout 10 | |||
4 | spawn $env(SHELL) | 4 | spawn $env(SHELL) |
5 | match_max 100000 | 5 | match_max 100000 |
6 | 6 | ||
7 | send -- "firejail chromium-browser www.gentoo.org\r" | 7 | send -- "firejail chromium www.gentoo.org\r" |
8 | expect { | 8 | expect { |
9 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
10 | "Reading profile /etc/firejail/chromium-browser.profile" | 10 | "Reading profile /etc/firejail/chromium.profile" |
11 | } | 11 | } |
12 | expect { | 12 | expect { |
13 | timeout {puts "TESTING ERROR 1\n";exit} | 13 | timeout {puts "TESTING ERROR 1\n";exit} |
@@ -23,7 +23,7 @@ expect { | |||
23 | } | 23 | } |
24 | expect { | 24 | expect { |
25 | timeout {puts "TESTING ERROR 3.1\n";exit} | 25 | timeout {puts "TESTING ERROR 3.1\n";exit} |
26 | "chromium-browser" | 26 | "chromium" |
27 | } | 27 | } |
28 | sleep 1 | 28 | sleep 1 |
29 | 29 | ||
@@ -38,7 +38,7 @@ spawn $env(SHELL) | |||
38 | send -- "firemon --seccomp\r" | 38 | send -- "firemon --seccomp\r" |
39 | expect { | 39 | expect { |
40 | timeout {puts "TESTING ERROR 5\n";exit} | 40 | timeout {puts "TESTING ERROR 5\n";exit} |
41 | ":firejail chromium-browser" | 41 | ":firejail chromium" |
42 | } | 42 | } |
43 | expect { | 43 | expect { |
44 | timeout {puts "TESTING ERROR 5.1\n";exit} | 44 | timeout {puts "TESTING ERROR 5.1\n";exit} |
@@ -52,7 +52,7 @@ sleep 1 | |||
52 | send -- "firemon --caps\r" | 52 | send -- "firemon --caps\r" |
53 | expect { | 53 | expect { |
54 | timeout {puts "TESTING ERROR 6\n";exit} | 54 | timeout {puts "TESTING ERROR 6\n";exit} |
55 | ":firejail chromium-browser" | 55 | ":firejail chromium" |
56 | } | 56 | } |
57 | expect { | 57 | expect { |
58 | timeout {puts "TESTING ERROR 6.1\n";exit} | 58 | timeout {puts "TESTING ERROR 6.1\n";exit} |
diff --git a/test/fscheck-shell.exp b/test/fscheck-shell.exp index d2320a4c3..548955e60 100755 --- a/test/fscheck-shell.exp +++ b/test/fscheck-shell.exp | |||
@@ -15,7 +15,7 @@ after 100 | |||
15 | # .. | 15 | # .. |
16 | send -- "firejail --net=br0 --shell=../test/fscheck-dir\r" | 16 | send -- "firejail --net=br0 --shell=../test/fscheck-dir\r" |
17 | expect { | 17 | expect { |
18 | timeout {puts "TESTING ERROR 0.1\n";exit} | 18 | timeout {puts "TESTING ERROR 1\n";exit} |
19 | "Error" | 19 | "Error" |
20 | } | 20 | } |
21 | after 100 | 21 | after 100 |
@@ -23,7 +23,7 @@ after 100 | |||
23 | # dir link | 23 | # dir link |
24 | send -- "firejail --net=br0 --shell=fscheck-dir-link\r" | 24 | send -- "firejail --net=br0 --shell=fscheck-dir-link\r" |
25 | expect { | 25 | expect { |
26 | timeout {puts "TESTING ERROR 1\n";exit} | 26 | timeout {puts "TESTING ERROR 2\n";exit} |
27 | "Error" | 27 | "Error" |
28 | } | 28 | } |
29 | after 100 | 29 | after 100 |
@@ -31,7 +31,7 @@ after 100 | |||
31 | # .. | 31 | # .. |
32 | send -- "firejail --net=br0 --shell=../test/fscheck-dir-link\r" | 32 | send -- "firejail --net=br0 --shell=../test/fscheck-dir-link\r" |
33 | expect { | 33 | expect { |
34 | timeout {puts "TESTING ERROR 1.1\n";exit} | 34 | timeout {puts "TESTING ERROR 3\n";exit} |
35 | "Error" | 35 | "Error" |
36 | } | 36 | } |
37 | after 100 | 37 | after 100 |
@@ -39,7 +39,7 @@ after 100 | |||
39 | # file link | 39 | # file link |
40 | send -- "firejail --net=br0 --shell=fscheck-file-link\r" | 40 | send -- "firejail --net=br0 --shell=fscheck-file-link\r" |
41 | expect { | 41 | expect { |
42 | timeout {puts "TESTING ERROR 2\n";exit} | 42 | timeout {puts "TESTING ERROR 4\n";exit} |
43 | "Error" | 43 | "Error" |
44 | } | 44 | } |
45 | after 100 | 45 | after 100 |
@@ -47,7 +47,7 @@ after 100 | |||
47 | # .. | 47 | # .. |
48 | send -- "firejail --net=br0 --shell=../test/fscheck-file-link\r" | 48 | send -- "firejail --net=br0 --shell=../test/fscheck-file-link\r" |
49 | expect { | 49 | expect { |
50 | timeout {puts "TESTING ERROR 2\n";exit} | 50 | timeout {puts "TESTING ERROR 5\n";exit} |
51 | "Error" | 51 | "Error" |
52 | } | 52 | } |
53 | after 100 | 53 | after 100 |
@@ -55,7 +55,7 @@ after 100 | |||
55 | # no file | 55 | # no file |
56 | send -- "firejail --net=br0 --shell=../test/nofile\r" | 56 | send -- "firejail --net=br0 --shell=../test/nofile\r" |
57 | expect { | 57 | expect { |
58 | timeout {puts "TESTING ERROR 3\n";exit} | 58 | timeout {puts "TESTING ERROR 6\n";exit} |
59 | "Error" | 59 | "Error" |
60 | } | 60 | } |
61 | after 100 | 61 | after 100 |
@@ -63,7 +63,7 @@ after 100 | |||
63 | # real GID/UID | 63 | # real GID/UID |
64 | send -- "firejail --net=br0 --shell=/etc/shadow\r" | 64 | send -- "firejail --net=br0 --shell=/etc/shadow\r" |
65 | expect { | 65 | expect { |
66 | timeout {puts "TESTING ERROR 4\n";exit} | 66 | timeout {puts "TESTING ERROR 7\n";exit} |
67 | "Error" | 67 | "Error" |
68 | } | 68 | } |
69 | after 100 | 69 | after 100 |
diff --git a/test/private-bin.exp b/test/private-bin.exp new file mode 100755 index 000000000..cc5ea99c7 --- /dev/null +++ b/test/private-bin.exp | |||
@@ -0,0 +1,71 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | |||
3 | set timeout 10 | ||
4 | spawn $env(SHELL) | ||
5 | match_max 100000 | ||
6 | |||
7 | send -- "firejail --private-bin=bash,ls,sh\r" | ||
8 | expect { | ||
9 | timeout {puts "TESTING ERROR 1\n";exit} | ||
10 | "Child process initialized" | ||
11 | } | ||
12 | sleep 1 | ||
13 | |||
14 | send -- "ls -al /bin\r" | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 2\n";exit} | ||
17 | "bash" | ||
18 | } | ||
19 | expect { | ||
20 | timeout {puts "TESTING ERROR 3\n";exit} | ||
21 | "ls" | ||
22 | } | ||
23 | expect { | ||
24 | timeout {puts "TESTING ERROR 4\n";exit} | ||
25 | "sh" | ||
26 | } | ||
27 | |||
28 | send -- "ls -al /bin\r" | ||
29 | expect { | ||
30 | timeout {puts "TESTING ERROR 5\n";exit} | ||
31 | "ping" {puts "TESTING ERROR 6\n";exit} | ||
32 | "sh" | ||
33 | } | ||
34 | send -- "exit\r" | ||
35 | sleep 1 | ||
36 | |||
37 | send -- "firejail --profile=private-bin.profile\r" | ||
38 | expect { | ||
39 | timeout {puts "TESTING ERROR 7\n";exit} | ||
40 | "Child process initialized" | ||
41 | } | ||
42 | sleep 1 | ||
43 | |||
44 | send -- "ls -al /bin\r" | ||
45 | expect { | ||
46 | timeout {puts "TESTING ERROR 8\n";exit} | ||
47 | "bash" | ||
48 | } | ||
49 | expect { | ||
50 | timeout {puts "TESTING ERROR 9\n";exit} | ||
51 | "ls" | ||
52 | } | ||
53 | expect { | ||
54 | timeout {puts "TESTING ERROR 10\n";exit} | ||
55 | "sh" | ||
56 | } | ||
57 | |||
58 | send -- "ls -al /bin\r" | ||
59 | expect { | ||
60 | timeout {puts "TESTING ERROR 5\n";exit} | ||
61 | "ping" {puts "TESTING ERROR 6\n";exit} | ||
62 | "sh" | ||
63 | } | ||
64 | send -- "exit\r" | ||
65 | |||
66 | |||
67 | |||
68 | |||
69 | sleep 1 | ||
70 | puts "\nall done\n" | ||
71 | |||
diff --git a/test/private-bin.profile b/test/private-bin.profile new file mode 100644 index 000000000..24cf5929a --- /dev/null +++ b/test/private-bin.profile | |||
@@ -0,0 +1 @@ | |||
private-bin bash,ls,sh | |||
diff --git a/test/test.sh b/test/test.sh index 6f198cd52..2e7b1e2bc 100755 --- a/test/test.sh +++ b/test/test.sh | |||
@@ -18,9 +18,15 @@ echo "TESTING: environment variables" | |||
18 | echo "TESTING: private-etc" | 18 | echo "TESTING: private-etc" |
19 | ./private-etc.exp | 19 | ./private-etc.exp |
20 | 20 | ||
21 | echo "TESTING: private-bin" | ||
22 | ./private-bin.exp | ||
23 | |||
24 | sleep 1 | ||
25 | rm -fr dir\ with\ space | ||
21 | mkdir dir\ with\ space | 26 | mkdir dir\ with\ space |
22 | echo "TESTING: blacklist" | 27 | echo "TESTING: blacklist" |
23 | ./blacklist.exp | 28 | ./blacklist.exp |
29 | sleep 1 | ||
24 | rm -fr dir\ with\ space | 30 | rm -fr dir\ with\ space |
25 | 31 | ||
26 | ln -s auto auto2 | 32 | ln -s auto auto2 |
@@ -155,7 +161,7 @@ else | |||
155 | echo "TESTING: midori not found" | 161 | echo "TESTING: midori not found" |
156 | fi | 162 | fi |
157 | 163 | ||
158 | which chromium-browser | 164 | which chromium |
159 | if [ "$?" -eq 0 ]; | 165 | if [ "$?" -eq 0 ]; |
160 | then | 166 | then |
161 | echo "TESTING: chromium" | 167 | echo "TESTING: chromium" |
@@ -278,10 +284,10 @@ echo "TESTING: seccomp su" | |||
278 | echo "TESTING: seccomp ptrace" | 284 | echo "TESTING: seccomp ptrace" |
279 | ./seccomp-ptrace.exp | 285 | ./seccomp-ptrace.exp |
280 | 286 | ||
281 | echo "TESTING: seccomp chmod (seccomp lists)" | 287 | echo "TESTING: seccomp chmod - seccomp lists" |
282 | ./seccomp-chmod.exp | 288 | ./seccomp-chmod.exp |
283 | 289 | ||
284 | echo "TESTING: seccomp chmod profile (seccomp lists)" | 290 | echo "TESTING: seccomp chmod profile - seccomp lists" |
285 | ./seccomp-chmod-profile.exp | 291 | ./seccomp-chmod-profile.exp |
286 | 292 | ||
287 | echo "TESTING: seccomp empty" | 293 | echo "TESTING: seccomp empty" |