From 27c4d069f322fbeca07c88e0e96208233103a5db Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 28 Feb 2023 09:51:26 -0500 Subject: chroot testing --- .github/workflows/build.yml | 2 + Makefile | 15 -- test/appimage/appimage-args.exp | 4 +- test/appimage/appimage-v1.exp | 4 +- test/appimage/appimage-v2.exp | 4 +- test/chroot/chroot.sh | 5 + test/chroot/configure | 2 +- test/chroot/fs_chroot.exp | 48 +++--- test/chroot/fs_chroot_disabled.exp | 17 +++ test/chroot/unchroot-as-root.exp | 2 +- test/features/1.1.exp | 79 ---------- test/features/1.10.exp | 82 ---------- test/features/1.2.exp | 143 ----------------- test/features/1.4.exp | 116 -------------- test/features/1.5.exp | 79 ---------- test/features/1.6.exp | 79 ---------- test/features/1.7.exp | 81 ---------- test/features/1.8.exp | 169 --------------------- test/features/2.1.exp | 127 ---------------- test/features/2.2.exp | 103 ------------- test/features/2.3.exp | 295 ------------------------------------ test/features/2.4.exp | 239 ----------------------------- test/features/2.5.exp | 114 -------------- test/features/2.6.exp | 77 ---------- test/features/3.1.exp | 167 -------------------- test/features/3.10.exp | 187 ----------------------- test/features/3.11.exp | 174 --------------------- test/features/3.11.profile | 2 - test/features/3.2.exp | 82 ---------- test/features/3.3.exp | 78 ---------- test/features/3.4.exp | 208 ------------------------- test/features/3.5.exp | 83 ---------- test/features/3.6.exp | 87 ----------- test/features/3.7.exp | 95 ------------ test/features/3.8.exp | 87 ----------- test/features/3.9.exp | 84 ---------- test/features/features.txt | 61 -------- test/features/test.sh | 119 --------------- test/overlay/firefox-x11-xorg.exp | 89 ----------- test/overlay/firefox-x11.exp | 89 ----------- test/overlay/firefox.exp | 98 ------------ test/overlay/fs-named.exp | 72 --------- test/overlay/fs-tmpfs.exp | 70 --------- test/overlay/fs.exp | 62 -------- test/overlay/overlay.sh | 62 -------- test/root/apache2.exp | 68 --------- test/root/checkcfg.exp | 164 -------------------- test/root/firecfg.exp | 80 ---------- test/root/firejail.config | 26 ---- test/root/firemon-events.exp | 74 --------- test/root/isc-dhcp.exp | 51 ------- test/root/join.exp | 56 ------- test/root/login_nobody.exp | 35 ----- test/root/nginx.exp | 68 --------- test/root/option_bind_directory.exp | 24 --- test/root/option_bind_file.exp | 24 --- test/root/option_tmpfs.exp | 42 ----- test/root/private.exp | 111 -------------- test/root/profile_tmpfs.exp | 42 ----- test/root/root.sh | 127 ---------------- test/root/seccomp-chmod.exp | 53 ------- test/root/seccomp-chown.exp | 50 ------ test/root/seccomp-umount.exp | 25 --- test/root/snmpd.exp | 50 ------ test/root/tmpfs-bad.profile | 1 - test/root/tmpfs.profile | 1 - test/root/unbound.exp | 51 ------- test/root/whitelist.exp | 117 -------------- test/ssh/login.exp | 52 ------- test/ssh/scp.exp | 66 -------- test/ssh/sftp.exp | 90 ----------- test/ssh/ssh.sh | 17 --- test/stress/blacklist.exp | 59 -------- test/stress/env.exp | 31 ---- test/stress/net_macvlan.exp | 51 ------- test/stress/stress.sh | 42 ----- 76 files changed, 59 insertions(+), 5631 deletions(-) create mode 100755 test/chroot/fs_chroot_disabled.exp delete mode 100755 test/features/1.1.exp delete mode 100755 test/features/1.10.exp delete mode 100755 test/features/1.2.exp delete mode 100755 test/features/1.4.exp delete mode 100755 test/features/1.5.exp delete mode 100755 test/features/1.6.exp delete mode 100755 test/features/1.7.exp delete mode 100755 test/features/1.8.exp delete mode 100755 test/features/2.1.exp delete mode 100755 test/features/2.2.exp delete mode 100755 test/features/2.3.exp delete mode 100755 test/features/2.4.exp delete mode 100755 test/features/2.5.exp delete mode 100755 test/features/2.6.exp delete mode 100755 test/features/3.1.exp delete mode 100755 test/features/3.10.exp delete mode 100755 test/features/3.11.exp delete mode 100644 test/features/3.11.profile delete mode 100755 test/features/3.2.exp delete mode 100755 test/features/3.3.exp delete mode 100755 test/features/3.4.exp delete mode 100755 test/features/3.5.exp delete mode 100755 test/features/3.6.exp delete mode 100755 test/features/3.7.exp delete mode 100755 test/features/3.8.exp delete mode 100755 test/features/3.9.exp delete mode 100644 test/features/features.txt delete mode 100755 test/features/test.sh delete mode 100755 test/overlay/firefox-x11-xorg.exp delete mode 100755 test/overlay/firefox-x11.exp delete mode 100755 test/overlay/firefox.exp delete mode 100755 test/overlay/fs-named.exp delete mode 100755 test/overlay/fs-tmpfs.exp delete mode 100755 test/overlay/fs.exp delete mode 100755 test/overlay/overlay.sh delete mode 100755 test/root/apache2.exp delete mode 100755 test/root/checkcfg.exp delete mode 100755 test/root/firecfg.exp delete mode 100644 test/root/firejail.config delete mode 100755 test/root/firemon-events.exp delete mode 100755 test/root/isc-dhcp.exp delete mode 100755 test/root/join.exp delete mode 100755 test/root/login_nobody.exp delete mode 100755 test/root/nginx.exp delete mode 100755 test/root/option_bind_directory.exp delete mode 100755 test/root/option_bind_file.exp delete mode 100755 test/root/option_tmpfs.exp delete mode 100755 test/root/private.exp delete mode 100755 test/root/profile_tmpfs.exp delete mode 100755 test/root/root.sh delete mode 100755 test/root/seccomp-chmod.exp delete mode 100755 test/root/seccomp-chown.exp delete mode 100755 test/root/seccomp-umount.exp delete mode 100755 test/root/snmpd.exp delete mode 100644 test/root/tmpfs-bad.profile delete mode 100644 test/root/tmpfs.profile delete mode 100755 test/root/unbound.exp delete mode 100755 test/root/whitelist.exp delete mode 100755 test/ssh/login.exp delete mode 100755 test/ssh/scp.exp delete mode 100755 test/ssh/sftp.exp delete mode 100755 test/ssh/ssh.sh delete mode 100755 test/stress/blacklist.exp delete mode 100755 test/stress/env.exp delete mode 100755 test/stress/net_macvlan.exp delete mode 100755 test/stress/stress.sh diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5135dd193..edc1e8a1b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -71,6 +71,8 @@ jobs: run: command -V firejail && firejail --version - name: lab setup run: SHELL=/bin/bash make lab-setup + - name: run chroot tests + run: SHELL=/bin/bash make test-chroot - name: run sysutils tests run: SHELL=/bin/bash make test-sysutils - name: run private-etc tests diff --git a/Makefile b/Makefile index d7e2eb209..6814e8ddf 100644 --- a/Makefile +++ b/Makefile @@ -393,10 +393,6 @@ test-github: lab-setup test-profiles test-fcopy test-fnetfilter test-fs test-uti test-private-lib: $(MAKE) -C test $(subst test-,,$@) -# a firejail-test account is required, public/private key setup -test-ssh: - $(MAKE) -C test $(subst test-,,$@) - # requires root access test-chroot: $(MAKE) -C test $(subst test-,,$@) @@ -410,19 +406,8 @@ test-appimage: test-network: $(MAKE) -C test $(subst test-,,$@) -# requires the same setup as test-network -test-stress: - $(MAKE) -C test $(subst test-,,$@) - -# Tests running a root user -test-root: - $(MAKE) -C test $(subst test-,,$@) - # OverlayFS is not available on all platforms test-overlay: $(MAKE) -C test $(subst test-,,$@) # For testing hidepid system, the command to set it up is "mount -o remount,rw,hidepid=2 /proc" - -test-all: test-root test-chroot test-network test-appimage test-overlay - echo "TEST COMPLETE" diff --git a/test/appimage/appimage-args.exp b/test/appimage/appimage-args.exp index c10007603..e85e8a46a 100755 --- a/test/appimage/appimage-args.exp +++ b/test/appimage/appimage-args.exp @@ -8,7 +8,7 @@ spawn $env(SHELL) match_max 100000 set appimage_id $spawn_id -send -- "firejail --name=appimage-test --debug --appimage Leafpad-0.8.17-x86_64.AppImage testfile\r" +send -- "firejail --name=test --debug --appimage Leafpad-0.8.17-x86_64.AppImage testfile\r" expect { timeout {puts "TESTING ERROR 1\n";exit} "execvp argument 2" @@ -91,7 +91,7 @@ expect { after 100 spawn $env(SHELL) -send -- "firejail --shutdown=appimage-test\r" +send -- "firejail --shutdown=test\r" set spawn_id $appimage_id expect { diff --git a/test/appimage/appimage-v1.exp b/test/appimage/appimage-v1.exp index 72dfdea42..bb360cd18 100755 --- a/test/appimage/appimage-v1.exp +++ b/test/appimage/appimage-v1.exp @@ -8,7 +8,7 @@ spawn $env(SHELL) match_max 100000 set appimage_id $spawn_id -send -- "firejail --name=appimage-test --debug --appimage Leafpad-0.8.17-x86_64.AppImage\r" +send -- "firejail --name=test --debug --appimage Leafpad-0.8.17-x86_64.AppImage\r" expect { timeout {puts "TESTING ERROR 1\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" @@ -79,7 +79,7 @@ expect { after 100 spawn $env(SHELL) -send -- "firejail --shutdown=appimage-test\r" +send -- "firejail --shutdown=test\r" set spawn_id $appimage_id expect { diff --git a/test/appimage/appimage-v2.exp b/test/appimage/appimage-v2.exp index 0f865d94b..748ac3d79 100755 --- a/test/appimage/appimage-v2.exp +++ b/test/appimage/appimage-v2.exp @@ -8,7 +8,7 @@ spawn $env(SHELL) match_max 100000 set appimage_id $spawn_id -send -- "firejail --name=appimage-test --appimage Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage\r" +send -- "firejail --name=test --appimage Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage\r" expect { timeout {puts "TESTING ERROR 1\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" @@ -79,7 +79,7 @@ expect { after 100 spawn $env(SHELL) -send -- "firejail --shutdown=appimage-test\r" +send -- "firejail --shutdown=test\r" set spawn_id $appimage_id expect { timeout {puts "shutdown\n"} diff --git a/test/chroot/chroot.sh b/test/chroot/chroot.sh index 840f162cc..a1fb3ee38 100755 --- a/test/chroot/chroot.sh +++ b/test/chroot/chroot.sh @@ -11,6 +11,11 @@ rm -f unchroot gcc -o unchroot unchroot.c sudo ./configure +echo "TESTING: chroot disabled (test/chroot/fs_chroot_disabled.exp)" +./fs_chroot_disabled.exp + +sudo sed -i s/"# chroot no"/"chroot yes"/g /etc/firejail/firejail.config + echo "TESTING: chroot (test/chroot/fs_chroot.exp)" ./fs_chroot.exp diff --git a/test/chroot/configure b/test/chroot/configure index a817f6566..af511f9c7 100755 --- a/test/chroot/configure +++ b/test/chroot/configure @@ -8,7 +8,7 @@ ROOTDIR="/tmp/chroot" # default chroot directory DEFAULT_FILES="/bin/bash /bin/sh " # basic chroot files DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group " DEFAULT_FILES+=`find /lib -name libnss*` # files required by glibc -DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /usr/bin/touch /bin/ip /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount" +DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /usr/bin/touch /bin/grep" rm -fr $ROOTDIR mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc,sys} diff --git a/test/chroot/fs_chroot.exp b/test/chroot/fs_chroot.exp index 545de0c66..eb1349112 100755 --- a/test/chroot/fs_chroot.exp +++ b/test/chroot/fs_chroot.exp @@ -10,55 +10,61 @@ match_max 100000 send -- "firejail --chroot=/tmp/chroot\r" expect { timeout {puts "TESTING ERROR 0\n";exit} - "Error: --chroot option is not available on Grsecurity systems" {puts "\nall done\n"; exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "chroot available\n"}; } sleep 1 -send -- "cd /home;pwd\r" +send -- "pwd\r" expect { - timeout {puts "TESTING ERROR 0.1\n";exit} - "home" + timeout {puts "TESTING ERROR 1\n";exit} + "/home" } -sleep 1 -send -- "bash\r" -sleep 1 +after 100 send -- "ls /\r" expect { - timeout {puts "TESTING ERROR 0.2\n";exit} + timeout {puts "TESTING ERROR 2\n";exit} "this-is-my-chroot" } after 100 send -- "ps aux\r" expect { - timeout {puts "TESTING ERROR 1\n";exit} + timeout {puts "TESTING ERROR 3\n";exit} "/bin/bash" } expect { - timeout {puts "TESTING ERROR 2\n";exit} - "bash" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} + timeout {puts "TESTING ERROR 4\n";exit} "ps aux" } after 100 -send -- "ps aux | wc -l; pwd\r" +# check /sys directory +send -- "ls /sys\r" expect { timeout {puts "TESTING ERROR 5\n";exit} - "6" + "block" } -after 100 - -# check /sys directory -send -- "ls /sys\r" expect { timeout {puts "TESTING ERROR 6\n";exit} - "block" + "class" +} +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "dev" } after 100 +# check /bin directory +send -- "ls /bin/find\r" +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "No such file or directory" +} +after 100 +send -- "/bin/ping 1.1.1.1\r" +expect { + timeout {puts "TESTING ERROR 9\n";exit} + "Operation not permitted" +} puts "all done\n" diff --git a/test/chroot/fs_chroot_disabled.exp b/test/chroot/fs_chroot_disabled.exp new file mode 100755 index 000000000..e6cfe85f3 --- /dev/null +++ b/test/chroot/fs_chroot_disabled.exp @@ -0,0 +1,17 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2023 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --chroot=/tmp/chroot\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "feature is disabled" +} +sleep 1 + +puts "all done\n" diff --git a/test/chroot/unchroot-as-root.exp b/test/chroot/unchroot-as-root.exp index eccb400c0..7614ed406 100755 --- a/test/chroot/unchroot-as-root.exp +++ b/test/chroot/unchroot-as-root.exp @@ -22,7 +22,7 @@ after 100 send -- "./unchroot\r" expect { timeout {puts "TESTING ERROR 1\n";exit} - "Bad system call" + "Operation not permitted" } after 100 diff --git a/test/features/1.1.exp b/test/features/1.1.exp deleted file mode 100755 index 34159f114..000000000 --- a/test/features/1.1.exp +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# disable /boot -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "firejail --noprofile\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ls -l /boot\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "Permission denied" -} -after 100 -send -- "exit\r" -sleep 1 - - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "ls -l /boot\r" - expect { - timeout {puts "TESTING ERROR 3\n";exit} - "Permission denied" - } - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --chroot=/tmp/chroot\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "ls -l /boot\r" - expect { - timeout {puts "TESTING ERROR 5\n";exit} - "Permission denied" - } - after 100 - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/1.10.exp b/test/features/1.10.exp deleted file mode 100755 index 6744ce826..000000000 --- a/test/features/1.10.exp +++ /dev/null @@ -1,82 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# disable /selinux -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "firejail --noprofile\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ls -l /selinux\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "Permission denied" {puts "denied\n"} - "No such file or directory" {puts "no file\n"} -} -after 100 -send -- "exit\r" -sleep 1 - - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "ls -l /selinux\r" - expect { - timeout {puts "TESTING ERROR 3\n";exit} - "Permission denied" {puts "denied\n"} - "No such file or directory" {puts "no file\n"} - } - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --chroot=/tmp/chroot\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "ls -l /selinux\r" - expect { - timeout {puts "TESTING ERROR 5\n";exit} - "Permission denied" {puts "denied\n"} - "No such file or directory" {puts "no file\n"} - } - after 100 - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/1.2.exp b/test/features/1.2.exp deleted file mode 100755 index 56750670d..000000000 --- a/test/features/1.2.exp +++ /dev/null @@ -1,143 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# new /proc -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "firejail --noprofile\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "cat /proc/mounts | grep proc --color=never\r" -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "proc /proc proc" -} -expect { - timeout {puts "TESTING ERROR 1.2\n";exit} - "proc /proc proc" -} -expect { - timeout {puts "TESTING ERROR 1.3\n";exit} - "proc /proc/sys proc" -} -expect { - timeout {puts "TESTING ERROR 1.4\n";exit} - "/proc/sysrq-trigger" -} -#expect { -# timeout {puts "TESTING ERROR 1.5\n";exit} -# "proc /proc/sys/kernel/hotplug" -#} -expect { - timeout {puts "TESTING ERROR 1.6\n";exit} - "/proc/irq" -} -expect { - timeout {puts "TESTING ERROR 1.7\n";exit} - "/proc/bus" -} -after 100 -send -- "exit\r" -sleep 1 - - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "cat /proc/mounts | grep proc --color=never\r" - expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "proc /proc proc" - } - expect { - timeout {puts "TESTING ERROR 3.3\n";exit} - "proc /proc/sys proc" - } - expect { - timeout {puts "TESTING ERROR 3.4\n";exit} - "proc /proc/sysrq-trigger proc" - } -# expect { -# timeout {puts "TESTING ERROR 3.5\n";exit} -# "proc /proc/sys/kernel/hotplug" -# } - expect { - timeout {puts "TESTING ERROR 3.6\n";exit} - "proc /proc/irq proc" - } - expect { - timeout {puts "TESTING ERROR 3.7\n";exit} - "proc /proc/bus proc" - } - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --chroot=/tmp/chroot\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "cat /proc/mounts | grep proc --color=never\r" - expect { - timeout {puts "TESTING ERROR 5.1\n";exit} - "proc /proc proc" - } - expect { - timeout {puts "TESTING ERROR 5.3\n";exit} - "proc /proc/sys proc" - } -# expect { -# timeout {puts "TESTING ERROR 5.4\n";exit} -# "proc /proc/sysrq-trigger proc" -# } -# expect { -# timeout {puts "TESTING ERROR 5.5\n";exit} -# "proc /proc/sys/kernel/hotplug" -# } -# expect { -# timeout {puts "TESTING ERROR 5.6\n";exit} -# "proc /proc/irq proc" -# } -# expect { -# timeout {puts "TESTING ERROR 5.7\n";exit} -# "proc /proc/bus proc" -# } - after 100 - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/1.4.exp b/test/features/1.4.exp deleted file mode 100755 index f5db0c450..000000000 --- a/test/features/1.4.exp +++ /dev/null @@ -1,116 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# mask other users -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "firejail --noprofile\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ls -l /home | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "2" -} -after 100 -send -- "cat /etc/passwd | grep 1001 | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "0" -} -after 100 -send -- "cat /etc/group | grep 1001 | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1.2\n";exit} - "0" -} -after 100 - -send -- "exit\r" -sleep 1 - - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "ls -l /home | wc -l\r" - expect { - timeout {puts "TESTING ERROR 3\n";exit} - "2" - } - after 100 - send -- "cat /etc/passwd | grep 1001 | wc -l\r" - expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "0" - } - after 100 - send -- "cat /etc/group | grep 1001 | wc -l\r" - expect { - timeout {puts "TESTING ERROR 3.2\n";exit} - "0" - } - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --chroot=/tmp/chroot\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "ls -l /home | wc -l\r" - expect { - timeout {puts "TESTING ERROR 5\n";exit} - "2" - } - after 100 - send -- "cat /etc/passwd | grep 1001 | wc -l\r" - expect { - timeout {puts "TESTING ERROR 5.1\n";exit} - "0" - } - after 100 - send -- "cat /etc/group | grep 1001 | wc -l\r" - expect { - timeout {puts "TESTING ERROR 5.2\n";exit} - "0" - } - after 100 - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/1.5.exp b/test/features/1.5.exp deleted file mode 100755 index 68709fcad..000000000 --- a/test/features/1.5.exp +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# PID namespace -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "firejail --noprofile\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ps aux | wc -l \r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "5" -} -after 100 -send -- "exit\r" -sleep 1 - - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "ps aux | wc -l \r" - expect { - timeout {puts "TESTING ERROR 3\n";exit} - "5" - } - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --chroot=/tmp/chroot\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "ps aux | wc -l \r" - expect { - timeout {puts "TESTING ERROR 5\n";exit} - "5" - } - after 100 - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/1.6.exp b/test/features/1.6.exp deleted file mode 100755 index 0d0f08817..000000000 --- a/test/features/1.6.exp +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# new /var/log -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "firejail --noprofile\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ls -l /var/log/syslog | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "0" -} -after 100 -send -- "exit\r" -sleep 1 - - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "ls -l /var/log/syslog | wc -l\r" - expect { - timeout {puts "TESTING ERROR 3\n";exit} - "0" - } - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --chroot=/tmp/chroot\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "ls -l /var/log/syslog | wc -l\r" - expect { - timeout {puts "TESTING ERROR 5\n";exit} - "0" - } - after 100 - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/1.7.exp b/test/features/1.7.exp deleted file mode 100755 index b3264970d..000000000 --- a/test/features/1.7.exp +++ /dev/null @@ -1,81 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# new /var/tmp -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "touch /var/tmp/somefile\r" -sleep 1 -send -- "firejail --noprofile\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ls -l /var/tmp/somefile | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "0" -} -after 100 -send -- "exit\r" -sleep 1 - - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "ls -l /var/tmp/somefile | wc -l\r" - expect { - timeout {puts "TESTING ERROR 3\n";exit} - "0" - } - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --chroot=/tmp/chroot\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "ls -l /var/tmp/somefile | wc -l\r" - expect { - timeout {puts "TESTING ERROR 5\n";exit} - "0" - } - after 100 - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/1.8.exp b/test/features/1.8.exp deleted file mode 100755 index 028077b6f..000000000 --- a/test/features/1.8.exp +++ /dev/null @@ -1,169 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# disable /etc/firejail and ~/.config/firejail -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -sleep 1 -send -- "firejail --noprofile\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ls ~/.config/firejail\r" -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "Permission denied" -} -after 100 -send -- "ls /run/firejail/bandwidth\r" -expect { - timeout {puts "TESTING ERROR 1.2\n";exit} - "Permission denied" -} -after 100 -#send -- "ls /run/firejail/mnt\r" -#expect { -# timeout {puts "TESTING ERROR 1.3\n";exit} -# "Permission denied" -#} -#after 100 -send -- "ls /run/firejail/name\r" -expect { - timeout {puts "TESTING ERROR 1.4\n";exit} - "Permission denied" -} -after 100 -send -- "ls /run/firejail/network\r" -expect { - timeout {puts "TESTING ERROR 1.5\n";exit} - "Permission denied" -} -after 100 -send -- "ls /run/firejail/x11\r" -expect { - timeout {puts "TESTING ERROR 1.6\n";exit} - "Permission denied" -} -after 100 -send -- "exit\r" -sleep 1 - - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - send -- "ls ~/.config/firejail\r" - expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "Permission denied" - } - after 100 - send -- "ls /run/firejail/bandwidth\r" - expect { - timeout {puts "TESTING ERROR 3.2\n";exit} - "Permission denied" - } - after 100 - #send -- "ls /run/firejail/mnt\r" - #expect { - # timeout {puts "TESTING ERROR 3.3\n";exit} - # "Permission denied" - #} - #after 100 - send -- "ls /run/firejail/name\r" - expect { - timeout {puts "TESTING ERROR 3.4\n";exit} - "Permission denied" - } - after 100 - send -- "ls /run/firejail/network\r" - expect { - timeout {puts "TESTING ERROR 3.5\n";exit} - "Permission denied" - } - after 100 - send -- "ls /run/firejail/x11\r" - expect { - timeout {puts "TESTING ERROR 3.6\n";exit} - "Permission denied" - } - after 100 - - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --chroot=/tmp/chroot\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - send -- "ls ~/.config/firejail\r" - expect { - timeout {puts "TESTING ERROR 5.1\n";exit} - "Permission denied" - } - after 100 - send -- "ls /run/firejail/bandwidth\r" - expect { - timeout {puts "TESTING ERROR 5.2\n";exit} - "Permission denied" - } - after 100 - #send -- "ls /run/firejail/mnt\r" - #expect { - # timeout {puts "TESTING ERROR 5.3\n";exit} - # "Permission denied" - #} - #after 100 - send -- "ls /run/firejail/name\r" - expect { - timeout {puts "TESTING ERROR 5.4\n";exit} - "Permission denied" - } - after 100 - send -- "ls /run/firejail/network\r" - expect { - timeout {puts "TESTING ERROR 5.5\n";exit} - "Permission denied" - } - after 100 - send -- "ls /run/firejail/x11\r" - expect { - timeout {puts "TESTING ERROR 5.6\n";exit} - "Permission denied" - } - after 100 - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/2.1.exp b/test/features/2.1.exp deleted file mode 100755 index 8f7ddce2c..000000000 --- a/test/features/2.1.exp +++ /dev/null @@ -1,127 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# hostname -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "firejail --noprofile --hostname=bingo\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "hostname\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "bingo" -} -after 100 -send -- "cat /etc/hostname\r" -expect { - timeout {puts "TESTING ERROR 1.0\n";exit} - "bingo" -} -after 100 -send -- "getent hosts bingo\r" -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "127.0.0.1" -} -expect { - timeout {puts "TESTING ERROR 1.2\n";exit} - "bingo" -} -after 100 -send -- "exit\r" -sleep 1 - - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --hostname=bingo --overlay\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "hostname\r" - expect { - timeout {puts "TESTING ERROR 3\n";exit} - "bingo" - } - after 100 - send -- "cat /etc/hostname\r" - expect { - timeout {puts "TESTING ERROR 3.0\n";exit} - "bingo" - } - after 100 - send -- "getent hosts bingo\r" - expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "127.0.0.1" - } - expect { - timeout {puts "TESTING ERROR 3.2\n";exit} - "bingo" - } - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --hostname=bingo --chroot=/tmp/chroot\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "hostname\r" - expect { - timeout {puts "TESTING ERROR 5\n";exit} - "bingo" - } - after 100 - send -- "cat /etc/hostname\r" - expect { - timeout {puts "TESTING ERROR 5.0\n";exit} - "bingo" - } - after 100 - send -- "getent hosts bingo\r" - expect { - timeout {puts "TESTING ERROR 5.1\n";exit} - "127.0.0.1" - } - expect { - timeout {puts "TESTING ERROR 5.2\n";exit} - "bingo" - } - after 100 - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/2.2.exp b/test/features/2.2.exp deleted file mode 100755 index 94bd6f4db..000000000 --- a/test/features/2.2.exp +++ /dev/null @@ -1,103 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# DNS -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "firejail --noprofile --dns=4.2.2.1\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "dig google.com\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "ANSWER SECTION" -} -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "google.com" -} -expect { - timeout {puts "TESTING ERROR 1.3\n";exit} - "SERVER: 4.2.2.1" -} -after 100 -send -- "exit\r" -sleep 1 - - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --dns=4.2.2.1 --overlay\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "dig google.com\r" - expect { - timeout {puts "TESTING ERROR 3\n";exit} - "ANSWER SECTION" - } - expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "google.com" - } - expect { - timeout {puts "TESTING ERROR 3.3\n";exit} - "SERVER: 4.2.2.1" - } - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --dns=4.2.2.1 --chroot=/tmp/chroot\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "dig google.com\r" - expect { - timeout {puts "TESTING ERROR 5\n";exit} - "ANSWER SECTION" - } - expect { - timeout {puts "TESTING ERROR 5.1\n";exit} - "google.com" - } - expect { - timeout {puts "TESTING ERROR 5.3\n";exit} - "SERVER: 4.2.2.1" - } - after 100 - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/2.3.exp b/test/features/2.3.exp deleted file mode 100755 index 1e27a7632..000000000 --- a/test/features/2.3.exp +++ /dev/null @@ -1,295 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# mac-vlan -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "firejail --noprofile --net=eth0 --dns=8.8.8.8 --dns=8.8.4.4\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "dig google.com\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "ANSWER SECTION" -} -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "google.com" -} -expect { - timeout {puts "TESTING ERROR 1.3\n";exit} - "SERVER:" -} -after 100 - -send -- "/sbin/ifconfig\r" -expect { - timeout {puts "TESTING ERROR 1.4\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 1.5n";exit} - "Link" -} -expect { - timeout {puts "TESTING ERROR 1.6\n";exit} - "192.168.1" -} -expect { - timeout {puts "TESTING ERROR 1.7\n";exit} - "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" -} -after 100 - -send -- "exit\r" -sleep 3 - -send -- "firejail --noprofile --net=eth0 --ip=192.168.1.244 --dns=8.8.8.8 --dns=8.8.4.4\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "dig google.com\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "ANSWER SECTION" -} -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "google.com" -} -expect { - timeout {puts "TESTING ERROR 1.3\n";exit} - "SERVER:" -} -after 100 - -send -- "/sbin/ifconfig\r" -expect { - timeout {puts "TESTING ERROR 1.4\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 1.5n";exit} - "Link" -} -expect { - timeout {puts "TESTING ERROR 1.6\n";exit} - "192.168.1.244" -} -expect { - timeout {puts "TESTING ERROR 1.7\n";exit} - "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" -} -after 100 - -send -- "exit\r" -sleep 3 - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --net=eth0 --overlay --dns=8.8.8.8 --dns=8.8.4.4\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "dig google.com\r" - expect { - timeout {puts "TESTING ERROR 3\n";exit} - "ANSWER SECTION" - } - expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "google.com" - } - expect { - timeout {puts "TESTING ERROR 3.3\n";exit} - "SERVER" - } - after 100 - - send -- "/sbin/ifconfig\r" - expect { - timeout {puts "TESTING ERROR 3.4\n";exit} - "eth0" - } - expect { - timeout {puts "TESTING ERROR 3.5\n";exit} - "Link" - } - expect { - timeout {puts "TESTING ERROR 3.6\n";exit} - "192.168.1" - } - expect { - timeout {puts "TESTING ERROR 3.7\n";exit} - "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" - } - after 100 - - send -- "exit\r" - sleep 3 - - send -- "firejail --noprofile --net=eth0 --ip=192.168.1.244 --overlay --dns=8.8.8.8 --dns=8.8.4.4\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "dig google.com\r" - expect { - timeout {puts "TESTING ERROR 3\n";exit} - "ANSWER SECTION" - } - expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "google.com" - } - expect { - timeout {puts "TESTING ERROR 3.3\n";exit} - "SERVER" - } - after 100 - - send -- "/sbin/ifconfig\r" - expect { - timeout {puts "TESTING ERROR 3.4\n";exit} - "eth0" - } - expect { - timeout {puts "TESTING ERROR 3.5\n";exit} - "Link" - } - expect { - timeout {puts "TESTING ERROR 3.6\n";exit} - "192.168.1.244" - } - expect { - timeout {puts "TESTING ERROR 3.7\n";exit} - "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" - } - after 100 - - send -- "exit\r" - sleep 3 -} - - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --net=eth0 --chroot=/tmp/chroot --dns=8.8.8.8 --dns=8.8.4.4\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "dig google.com\r" - expect { - timeout {puts "TESTING ERROR 5\n";exit} - "ANSWER SECTION" - } - expect { - timeout {puts "TESTING ERROR 5.1\n";exit} - "google.com" - } - expect { - timeout {puts "TESTING ERROR 5.3\n";exit} - "SERVER:" - } - after 100 - - send -- "/sbin/ifconfig\r" - expect { - timeout {puts "TESTING ERROR 5.4\n";exit} - "eth0" - } - expect { - timeout {puts "TESTING ERROR 5.5\n";exit} - "Link" - } - expect { - timeout {puts "TESTING ERROR 5.6\n";exit} - "192.168.1" - } - expect { - timeout {puts "TESTING ERROR 5.7\n";exit} - "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" - } - after 100 - - send -- "exit\r" - sleep 3 - - send -- "firejail --noprofile --net=eth0 --ip=192.168.1.244 --chroot=/tmp/chroot --dns=8.8.8.8 --dns=8.8.4.4\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "dig google.com\r" - expect { - timeout {puts "TESTING ERROR 5\n";exit} - "ANSWER SECTION" - } - expect { - timeout {puts "TESTING ERROR 5.1\n";exit} - "google.com" - } - expect { - timeout {puts "TESTING ERROR 5.3\n";exit} - "SERVER:" - } - after 100 - - send -- "/sbin/ifconfig\r" - expect { - timeout {puts "TESTING ERROR 5.4\n";exit} - "eth0" - } - expect { - timeout {puts "TESTING ERROR 5.5\n";exit} - "Link" - } - expect { - timeout {puts "TESTING ERROR 5.6\n";exit} - "192.168.1.244" - } - expect { - timeout {puts "TESTING ERROR 5.7\n";exit} - "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" - } - after 100 - - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/2.4.exp b/test/features/2.4.exp deleted file mode 100755 index ed52f4bad..000000000 --- a/test/features/2.4.exp +++ /dev/null @@ -1,239 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# bridge -# - todo: ping test or equivalent on chroot -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "firejail --noprofile --net=br0\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ping -c 3 10.10.20.1\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - " packets transmitted, 3 received, 0% packet loss" -} -sleep 1 - - -send -- "/sbin/ifconfig\r" -expect { - timeout {puts "TESTING ERROR 1.4\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 1.5n";exit} - "Link" -} -expect { - timeout {puts "TESTING ERROR 1.6\n";exit} - "10.10.20" -} -expect { - timeout {puts "TESTING ERROR 1.7\n";exit} - "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" -} -after 100 - -send -- "exit\r" -sleep 1 - -send -- "firejail --noprofile --net=br0 --ip=10.10.20.4\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ping -c 3 10.10.20.1\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - " packets transmitted, 3 received, 0% packet loss" -} -sleep 1 - - -send -- "/sbin/ifconfig\r" -expect { - timeout {puts "TESTING ERROR 1.4\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 1.5n";exit} - "Link" -} -expect { - timeout {puts "TESTING ERROR 1.6\n";exit} - "10.10.20.4" -} -expect { - timeout {puts "TESTING ERROR 1.7\n";exit} - "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" -} -after 100 - -send -- "exit\r" -sleep 1 - - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --net=br0 --overlay\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "ping -c 3 10.10.20.1\r" - expect { - timeout {puts "TESTING ERROR 3\n";exit} - " packets transmitted, 3 received, 0% packet loss" - } - sleep 1 - - - send -- "/sbin/ifconfig\r" - expect { - timeout {puts "TESTING ERROR 3.4\n";exit} - "eth0" - } - expect { - timeout {puts "TESTING ERROR 3.5\n";exit} - "Link" - } - expect { - timeout {puts "TESTING ERROR 3.6\n";exit} - "10.10.20" - } - expect { - timeout {puts "TESTING ERROR 3.7\n";exit} - "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" - } - after 100 - - send -- "exit\r" - sleep 1 - - send -- "firejail --noprofile --net=br0 --ip=10.10.20.4 --overlay\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "ping -c 3 10.10.20.1\r" - expect { - timeout {puts "TESTING ERROR 3\n";exit} - " packets transmitted, 3 received, 0% packet loss" - } - sleep 1 - - - send -- "/sbin/ifconfig\r" - expect { - timeout {puts "TESTING ERROR 3.4\n";exit} - "eth0" - } - expect { - timeout {puts "TESTING ERROR 3.5\n";exit} - "Link" - } - expect { - timeout {puts "TESTING ERROR 3.6\n";exit} - "10.10.20.4" - } - expect { - timeout {puts "TESTING ERROR 3.7\n";exit} - "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" - } - after 100 - - send -- "exit\r" - sleep 1 -} - - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --net=br0 --chroot=/tmp/chroot\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "/sbin/ifconfig\r" - expect { - timeout {puts "TESTING ERROR 5.4\n";exit} - "eth0" - } - expect { - timeout {puts "TESTING ERROR 5.5\n";exit} - "Link" - } - expect { - timeout {puts "TESTING ERROR 5.6\n";exit} - "10.10.20" - } - expect { - timeout {puts "TESTING ERROR 5.7\n";exit} - "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" - } - after 100 - - send -- "exit\r" - sleep 1 - - send -- "firejail --noprofile --net=br0 --ip=10.10.20.4 --chroot=/tmp/chroot\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "/sbin/ifconfig\r" - expect { - timeout {puts "TESTING ERROR 5.4\n";exit} - "eth0" - } - expect { - timeout {puts "TESTING ERROR 5.5\n";exit} - "Link" - } - expect { - timeout {puts "TESTING ERROR 5.6\n";exit} - "10.10.20.4" - } - expect { - timeout {puts "TESTING ERROR 5.7\n";exit} - "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" - } - after 100 - - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/2.5.exp b/test/features/2.5.exp deleted file mode 100755 index ad462e440..000000000 --- a/test/features/2.5.exp +++ /dev/null @@ -1,114 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# interface -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "firejail --noprofile --interface=eth0.5\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "/sbin/ifconfig\r" -expect { - timeout {puts "TESTING ERROR 1.4\n";exit} - "eth0.5" -} -expect { - timeout {puts "TESTING ERROR 1.5n";exit} - "Link" -} -expect { - timeout {puts "TESTING ERROR 1.6\n";exit} - "10.10.205.10" -} -expect { - timeout {puts "TESTING ERROR 1.7\n";exit} - "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" -} -after 100 -send -- "exit\r" -sleep 1 - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay --interface=eth0.6\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "/sbin/ifconfig\r" - expect { - timeout {puts "TESTING ERROR 3.4\n";exit} - "eth0.6" - } - expect { - timeout {puts "TESTING ERROR 3.5n";exit} - "Link" - } - expect { - timeout {puts "TESTING ERROR 3.6\n";exit} - "10.10.206.10" - } - expect { - timeout {puts "TESTING ERROR 3.7\n";exit} - "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" - } - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --chroot=/tmp/chroot --interface=eth0.7\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "/sbin/ifconfig\r" - expect { - timeout {puts "TESTING ERROR 5.4\n";exit} - "eth0.7" - } - expect { - timeout {puts "TESTING ERROR 5.5n";exit} - "Link" - } - expect { - timeout {puts "TESTING ERROR 5.6\n";exit} - "10.10.207.10" - } - expect { - timeout {puts "TESTING ERROR 5.7\n";exit} - "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" - } - after 100 - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/2.6.exp b/test/features/2.6.exp deleted file mode 100755 index 7fdb69052..000000000 --- a/test/features/2.6.exp +++ /dev/null @@ -1,77 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# default gateway -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "firejail --noprofile --net=eth0 --defaultgw=192.168.1.10 --protocol=unix,inet,netlink\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "default via 192.168.1.10 dev eth0" -} -after 100 -send -- "exit\r" -sleep 1 - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay --net=eth0 --defaultgw=192.168.1.10 --protocol=unix,inet,netlink\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "ip route show\r" - expect { - timeout {puts "TESTING ERROR 3\n";exit} - "default via 192.168.1.10 dev eth0" - } - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --chroot=/tmp/chroot --net=eth0 --defaultgw=192.168.1.10 --protocol=unix,inet,netlink\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "ip route show\r" - expect { - timeout {puts "TESTING ERROR 5\n";exit} - "default via 192.168.1.10 dev eth0" - } - after 100 - send -- "exit\r" - sleep 1 -} - -puts "\nall done\n" diff --git a/test/features/3.1.exp b/test/features/3.1.exp deleted file mode 100755 index fb144b857..000000000 --- a/test/features/3.1.exp +++ /dev/null @@ -1,167 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# private -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "firejail --noprofile --private\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ls -al | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "6" -} - -send -- "ls -al .bashrc\r" -expect { - timeout {puts "TESTING ERROR 1.2\n";exit} - "netblue" -} -expect { - timeout {puts "TESTING ERROR 1.3\n";exit} - "netblue" -} -expect { - timeout {puts "TESTING ERROR 1.4\n";exit} - ".bashrc" -} - -send -- "ls -al .Xauthority\r" -expect { - timeout {puts "TESTING ERROR 1.5\n";exit} - "netblue" -} -expect { - timeout {puts "TESTING ERROR 1.6\n";exit} - "netblue" -} -expect { - timeout {puts "TESTING ERROR 1.7\n";exit} - ".Xauthority" -} - - - -after 100 -send -- "exit\r" -sleep 1 - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay --private\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "ls -al | wc -l\r" - expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "6" - } - - send -- "ls -al .bashrc\r" - expect { - timeout {puts "TESTING ERROR 3.2\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 3.3\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 3.4\n";exit} - ".bashrc" - } - - send -- "ls -al .Xauthority\r" - expect { - timeout {puts "TESTING ERROR 3.5\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 3.6\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 3.7\n";exit} - ".Xauthority" - } - - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --chroot=/tmp/chroot --private\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "ls -al | wc -l\r" - expect { - timeout {puts "TESTING ERROR 5.1\n";exit} - "5" - } - - send -- "ls -al .bashrc\r" - expect { - timeout {puts "TESTING ERROR 5.2\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 5.3\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 5.4\n";exit} - ".bashrc" - } - - send -- "ls -al .Xauthority\r" - expect { - timeout {puts "TESTING ERROR 5.5\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 5.6\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 5.7\n";exit} - ".Xauthority" - } - - after 100 - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/3.10.exp b/test/features/3.10.exp deleted file mode 100755 index 728ad91f5..000000000 --- a/test/features/3.10.exp +++ /dev/null @@ -1,187 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# whitelist tmp -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "mkdir /tmp/test1dir\r" -sleep 1 -send -- "touch /tmp/test1dir/test1\r" -sleep 1 -send -- "firejail --noprofile --whitelist=/tmp/test1dir\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ls -l /tmp | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "2" -} -send -- "ls -l /tmp\r" -expect { - timeout {puts "TESTING ERROR 1.2\n";exit} - "netblue" -} -expect { - timeout {puts "TESTING ERROR 1.3\n";exit} - "netblue" -} -expect { - timeout {puts "TESTING ERROR 1.4\n";exit} - "test1dir" -} - -send -- "ls -l /tmp/test1dir | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1.5\n";exit} - "2" -} -send -- "ls -l /tmp/test1dir\r" -expect { - timeout {puts "TESTING ERROR 1.6\n";exit} - "netblue" -} -expect { - timeout {puts "TESTING ERROR 1.7\n";exit} - "netblue" -} -expect { - timeout {puts "TESTING ERROR 1.8\n";exit} - "test1" -} - - -after 100 -send -- "exit\r" -sleep 1 - - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay --whitelist=/tmp/test1dir\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "ls -l /tmp | wc -l\r" - expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "2" - } - send -- "ls -l /tmp\r" - expect { - timeout {puts "TESTING ERROR 3.2\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 3.3\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 3.4\n";exit} - "test1dir" - } - - send -- "ls -l /tmp/test1dir | wc -l\r" - expect { - timeout {puts "TESTING ERROR 3.5\n";exit} - "2" - } - send -- "ls -l /tmp/test1dir\r" - expect { - timeout {puts "TESTING ERROR 3.6\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 3.7\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 3.8\n";exit} - "test1" - } - - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "mkdir /tmp/chroot/tmp/test1dir\r" - sleep 1 - send -- "touch /tmp/chroot/tmp/test1dir/test1\r" - sleep 1 - send -- "firejail --noprofile --chroot=/tmp/chroot --whitelist=/tmp/test1dir\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "ls -l /tmp | wc -l\r" - expect { - timeout {puts "TESTING ERROR 5.1\n";exit} - "2" - } - send -- "ls -l /tmp\r" - expect { - timeout {puts "TESTING ERROR 5.2\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 5.3\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 5.4\n";exit} - "test1dir" - } - - send -- "ls -l /tmp/test1dir | wc -l\r" - expect { - timeout {puts "TESTING ERROR 5.5\n";exit} - "2" - } - send -- "ls -l /tmp/test1dir\r" - expect { - timeout {puts "TESTING ERROR 5.6\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 5.7\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 5.8\n";exit} - "test1" - } - - after 100 - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/3.11.exp b/test/features/3.11.exp deleted file mode 100755 index 9e59b05e7..000000000 --- a/test/features/3.11.exp +++ /dev/null @@ -1,174 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# mkdir -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "rm -fr ~/firejail-xy76_u9\r" -sleep 1 - -send -- "firejail --profile=3.11.profile\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ls -l ~ | grep firejail-xy76_u9\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "drwx------" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "netblue netblue" { puts "Debian\n"} - "netblue users" { puts "Arch\n"} -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "firejail-xy76_u9" -} -after 100 - -send -- "ls -l ~/firejail-xy76_u9\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "drwx------" -} -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "netblue netblue" { puts "Debian\n"} - "netblue users" { puts "Arch\n"} -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "testdir" -} -after 100 - -send -- "exit\r" -sleep 1 -send -- "rm -fr ~/firejail-xy76_u9\r" -sleep 1 - -# -# O -# -if { $overlay == "overlay" } { - send -- "rm -fr ~/firejail-xy76_u9\r" - sleep 1 - - send -- "firejail --profile=3.11.profile\r" - expect { - timeout {puts "TESTING ERROR 10\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "ls -l ~ | grep firejail-xy76_u9\r" - expect { - timeout {puts "TESTING ERROR 11\n";exit} - "drwx------" - } - expect { - timeout {puts "TESTING ERROR 12\n";exit} - "netblue netblue" { puts "Debian\n"} - "netblue users" { puts "Arch\n"} - } - expect { - timeout {puts "TESTING ERROR 13\n";exit} - "firejail-xy76_u9" - } - after 100 - - send -- "ls -l ~/firejail-xy76_u9\r" - expect { - timeout {puts "TESTING ERROR 14\n";exit} - "drwx------" - } - expect { - timeout {puts "TESTING ERROR 15\n";exit} - "netblue netblue" { puts "Debian\n"} - "netblue users" { puts "Arch\n"} - } - expect { - timeout {puts "TESTING ERROR 16\n";exit} - "testdir" - } - after 100 - - send -- "exit\r" - sleep 1 - send -- "rm -fr ~/firejail-xy76_u9\r" - sleep 1 - - -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "rm -fr ~/firejail-xy76_u9\r" - sleep 1 - - send -- "firejail --profile=3.11.profile\r" - expect { - timeout {puts "TESTING ERROR 20\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "ls -l ~ | grep firejail-xy76_u9\r" - expect { - timeout {puts "TESTING ERROR 21\n";exit} - "drwx------" - } - expect { - timeout {puts "TESTING ERROR 22\n";exit} - "netblue netblue" { puts "Debian\n"} - "netblue users" { puts "Arch\n"} - } - expect { - timeout {puts "TESTING ERROR 23\n";exit} - "firejail-xy76_u9" - } - after 100 - - send -- "ls -l ~/firejail-xy76_u9\r" - expect { - timeout {puts "TESTING ERROR 24\n";exit} - "drwx------" - } - expect { - timeout {puts "TESTING ERROR 25\n";exit} - "netblue netblue" { puts "Debian\n"} - "netblue users" { puts "Arch\n"} - } - expect { - timeout {puts "TESTING ERROR 26\n";exit} - "testdir" - } - after 100 - - send -- "rm -fr ~/firejail-xy76_u9\r" - sleep 1 - - send -- "exit\r" - -} - - -puts "\nall done\n" diff --git a/test/features/3.11.profile b/test/features/3.11.profile deleted file mode 100644 index 144733f8f..000000000 --- a/test/features/3.11.profile +++ /dev/null @@ -1,2 +0,0 @@ -mkdir ~/firejail-xy76_u9 -mkdir ~/firejail-xy76_u9/testdir diff --git a/test/features/3.2.exp b/test/features/3.2.exp deleted file mode 100755 index 1fdb74a42..000000000 --- a/test/features/3.2.exp +++ /dev/null @@ -1,82 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# read-only -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "rm -f ~/.config/firejail-test-file\r" -sleep 1 -send -- "firejail --noprofile --read-only=/home/netblue/.config\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "touch ~/.config/firejail-test-file\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "Read-only file system" -} -after 100 -send -- "exit\r" -sleep 1 - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay --read-only=/home/netblue/.config\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "touch ~/.config/firejail-test-file\r" - expect { - timeout {puts "TESTING ERROR 3\n";exit} - "Read-only file system" - } - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "rm -f /tmp/chroot/home/netblue/.config/firejail-test-file\r" - sleep 1 - send -- "firejail --noprofile --chroot=/tmp/chroot --read-only=/home/netblue/.config\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "touch ~/.config/firejail-test-file\r" - expect { - timeout {puts "TESTING ERROR 5\n";exit} - "Read-only file system" - } - after 100 - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/3.3.exp b/test/features/3.3.exp deleted file mode 100755 index 8c931dcf1..000000000 --- a/test/features/3.3.exp +++ /dev/null @@ -1,78 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# blacklist -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "firejail --noprofile --blacklist=/home/netblue/.config\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "cd ~/.config\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "Permission denied" -} -after 100 -send -- "exit\r" -sleep 1 - - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay --blacklist=/home/netblue/.config\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "cd ~/.config\r" - expect { - timeout {puts "TESTING ERROR 3\n";exit} - "Permission denied" - } - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --chroot=/tmp/chroot --blacklist=/home/netblue/.config\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "cd ~/.config\r" - expect { - timeout {puts "TESTING ERROR 5\n";exit} - "Permission denied" - } - after 100 - send -- "exit\r" - sleep 1 -} - -puts "\nall done\n" diff --git a/test/features/3.4.exp b/test/features/3.4.exp deleted file mode 100755 index 813c2d86a..000000000 --- a/test/features/3.4.exp +++ /dev/null @@ -1,208 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# whitelist home -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "firejail --noprofile --whitelist=/home/netblue/.config\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ls -al | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "6" -} - -send -- "ls -al .bashrc\r" -expect { - timeout {puts "TESTING ERROR 1.2\n";exit} - "netblue" -} -expect { - timeout {puts "TESTING ERROR 1.3\n";exit} - "netblue" -} -expect { - timeout {puts "TESTING ERROR 1.4\n";exit} - ".bashrc" -} - -send -- "ls -al .Xauthority\r" -expect { - timeout {puts "TESTING ERROR 1.5\n";exit} - "netblue" -} -expect { - timeout {puts "TESTING ERROR 1.6\n";exit} - "netblue" -} -expect { - timeout {puts "TESTING ERROR 1.7\n";exit} - ".Xauthority" -} - -send -- "ls -al | grep .config\r" -expect { - timeout {puts "TESTING ERROR 1.8\n";exit} - "netblue" -} -expect { - timeout {puts "TESTING ERROR 1.9\n";exit} - "netblue" -} -expect { - timeout {puts "TESTING ERROR 1.10\n";exit} - ".config" -} - -after 100 -send -- "exit\r" -sleep 1 - - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay --whitelist=/home/netblue/.config\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "ls -al | wc -l\r" - expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "6" - } - - send -- "ls -al .bashrc\r" - expect { - timeout {puts "TESTING ERROR 3.2\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 3.3\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 3.4\n";exit} - ".bashrc" - } - - send -- "ls -al .Xauthority\r" - expect { - timeout {puts "TESTING ERROR 3.5\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 3.6\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 3.7\n";exit} - ".Xauthority" - } - - send -- "ls -al | grep .config\r" - expect { - timeout {puts "TESTING ERROR 3.8\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 3.9\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 3.10\n";exit} - ".config" - } - - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --chroot=/tmp/chroot --whitelist=/home/netblue/.config\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "ls -al | wc -l\r" - expect { - timeout {puts "TESTING ERROR 5.1\n";exit} - "6" - } - - send -- "ls -al .bashrc\r" - expect { - timeout {puts "TESTING ERROR 5.2\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 5.3\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 5.4\n";exit} - ".bashrc" - } - - send -- "ls -al .Xauthority\r" - expect { - timeout {puts "TESTING ERROR 5.5\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 5.6\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 5.7\n";exit} - ".Xauthority" - } - - send -- "ls -al | grep .config\r" - expect { - timeout {puts "TESTING ERROR 5.8\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 5.9\n";exit} - "netblue" - } - expect { - timeout {puts "TESTING ERROR 5.10\n";exit} - ".config" - } - - after 100 - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/3.5.exp b/test/features/3.5.exp deleted file mode 100755 index 93bbfe054..000000000 --- a/test/features/3.5.exp +++ /dev/null @@ -1,83 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# private-dev -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "firejail --noprofile --private-dev\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ls -l /dev | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "13" { puts "Debian\n"} - "12" { puts "Centos\n"} -} - -after 100 -send -- "exit\r" -sleep 1 - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay --private-dev\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "ls -l /dev | wc -l\r" - expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "13" { puts "Debian\n"} - "12" { puts "Centos\n"} - } - - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --chroot=/tmp/chroot --private-dev\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "ls -l /dev | wc -l\r" - expect { - timeout {puts "TESTING ERROR 5.1\n";exit} - "12" - } - - after 100 - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/3.6.exp b/test/features/3.6.exp deleted file mode 100755 index 5dcbdd483..000000000 --- a/test/features/3.6.exp +++ /dev/null @@ -1,87 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# private-etc -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "firejail --noprofile --private-etc=group,hostname,hosts,nsswitch.conf,passwd,resolv.conf,skel\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ls -al /etc | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "10" -} - -after 100 -send -- "exit\r" -sleep 1 - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay --private-etc=group,hostname,hosts,nsswitch.conf,passwd,resolv.conf,skel\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "ls -al /etc | wc -l\r" - expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "10" - } - - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --chroot=/tmp/chroot --private-etc=group,hostname,hosts,nsswitch.conf,passwd,resolv.conf,skel\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - "chroot option is not available" {puts "grsecurity\n"; exit} - "private-etc feature is disabled in chroot" - } - expect { - timeout {puts "TESTING ERROR 5\n";exit} - "chroot option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "ls /etc | grep firejail\r" - expect { - timeout {puts "TESTING ERROR 6\n";exit} - "firejail" - } - - after 100 - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/3.7.exp b/test/features/3.7.exp deleted file mode 100755 index f7f5fa67f..000000000 --- a/test/features/3.7.exp +++ /dev/null @@ -1,95 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# private-tmp -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "touch /tmp/test1\r" -sleep 1 -send -- "touch /tmp/test2\r" -sleep 1 -send -- "firejail --noprofile --private-tmp\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ls -al /tmp | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "3" -} - - -after 100 -send -- "exit\r" -sleep 1 - -# -# O -# -if { $overlay == "overlay" } { - send -- "touch /tmp/test1\r" - sleep 1 - send -- "touch /tmp/test2\r" - sleep 1 - send -- "firejail --noprofile --overlay --private-tmp\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "ls -al /tmp | wc -l\r" - expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "3" - } - - - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "touch /tmp/test1\r" - sleep 1 - send -- "touch /tmp/test2\r" - sleep 1 - send -- "firejail --noprofile --chroot=/tmp/chroot --private-tmp\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "ls -al /tmp | wc -l\r" - expect { - timeout {puts "TESTING ERROR 5.1\n";exit} - "3" - } - - after 100 - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/3.8.exp b/test/features/3.8.exp deleted file mode 100755 index 23adab634..000000000 --- a/test/features/3.8.exp +++ /dev/null @@ -1,87 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# private-bin -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "firejail --noprofile --private-bin=bash,cat,cp,ls,wc\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ls -l /usr/bin | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "6" -} - - -after 100 -send -- "exit\r" -sleep 1 - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay --private-bin=bash,cat,cp,ls,wc\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "ls -l /usr/bin | wc -l\r" - expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "6" - } - - - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --chroot=/tmp/chroot --private-bin=bash,cat,cp,ls,wc\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - "private-bin feature is disabled in chroot" - } - expect { - timeout {puts "TESTING ERROR 5\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "ls -l /usr/bin | wc -l\r" - expect { - timeout {puts "TESTING ERROR 6\n";exit} - "9" - } - - after 100 - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/3.9.exp b/test/features/3.9.exp deleted file mode 100755 index cfc588bf1..000000000 --- a/test/features/3.9.exp +++ /dev/null @@ -1,84 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 -# -# whitelist dev -# - -set timeout 10 -spawn $env(SHELL) -match_max 100000 -set overlay [lindex $argv 0] -set chroot [lindex $argv 1] - -# -# N -# -send -- "firejail --noprofile --whitelist=/dev/tty --whitelist=/dev/null\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ls -l /dev | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "3" -} - - -after 100 -send -- "exit\r" -sleep 1 - - -# -# O -# -if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay --whitelist=/dev/tty --whitelist=/dev/null\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - "overlay option is not available" {puts "grsecurity\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "normal system\n"} - } - sleep 1 - - send -- "ls -l /dev | wc -l\r" - expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "3" - } - - - after 100 - send -- "exit\r" - sleep 1 -} - -# -# C -# -if { $chroot == "chroot" } { - send -- "firejail --noprofile --chroot=/tmp/chroot --whitelist=/dev/tty --whitelist=/dev/null\r" - expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - sleep 1 - - send -- "ls -l /dev | wc -l\r" - expect { - timeout {puts "TESTING ERROR 5.1\n";exit} - "3" - } - - after 100 - send -- "exit\r" - sleep 1 -} - - -puts "\nall done\n" diff --git a/test/features/features.txt b/test/features/features.txt deleted file mode 100644 index 904803234..000000000 --- a/test/features/features.txt +++ /dev/null @@ -1,61 +0,0 @@ -Firejail Feature Testing - -N - normal user filesystem -O - overlay filesystem -C - chroot filesystem - - - -1. Default features (tesing with --noprofile) - -1.1 disable /boot -1.2 new /proc -1.3 new /sys - - N, O fails remount, C fails remount - -1.4 mask other users - - home directory: N, O, C - - /etc/passwd: N, O, C to test - - /etc/group: N, O, C to test - -1.5 PID namespace -1.6 new /var/log -1.7 new /var/tmp -1.8 disable firejail config and run time information -1.9 mount namespace -1.10 disable /selinux - - -2. Networking features - -2.1 Hostname (use --hostname=newhostname, do a ping and cat /etc/hostname) - - ping disabled for C by default seccomp filter, use "getent hosts bingo" - -2.2 DNS (use --dns=4.2.2.1, use "dig google.com") -2.3 mac-vlan (use --net=eth0 and --noprofile; run ifconfig and dig google.com) -2.4 bridge (use --net=br0 and --noprofile; run ifconfig, netstat -rn, ping default gw) - - ping disabled for C by default seccomp filter - transfer test not implemented for C -2.5 interface -2.6 Default gw (--noprofile --net=eth0 --defaultgw=192.168.1.10, run netstat -rn) - - -3. Filesystem features (use --noprofile) - -3.1 private -3.2 read-only -3.3 blacklist -3.4 whitelist home - - N braking on Fedora -3.5 private-dev - - O, C - somehow /dev/log is missing - - N - problems on Debian wheezy 32-bit, Fedora -3.6 private-etc - - O not working - todo -3.7 private-tmp -3.8 private-bin - - O, C not working - todo -3.9 whitelist dev - - N not working on Debian wheezy (32-bit and 64-bit) - todo -3.10 whitelist tmp - - O not working on Arch Linux - todo -3.11 mkdir diff --git a/test/features/test.sh b/test/features/test.sh deleted file mode 100755 index b3e29bc28..000000000 --- a/test/features/test.sh +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/bash -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -export LC_ALL=C -OVERLAY="overlay" -CHROOT="chroot" -NETWORK="network" - -while [[ $# -gt 0 ]]; do # Until you run out of parameters . . . - case "$1" in - --nooverlay) - OVERLAY="none" - ;; - --nochroot) - CHROOT="none" - ;; - --nonetwork) - NETWORK="none" - ;; - --help) - echo "./test.sh [--nooverlay|--nochroot|--nonetwork|--help] | grep TESTING" - exit - ;; - esac - shift # Check next set of parameters. -done - -# -# Feature testing -# - -#################### -# Default features -#################### -echo "TESTING: 1.1 disable /boot" -./1.1.exp "$OVERLAY" "$CHROOT" - -echo "TESTING: 1.2 new /proc" -./1.2.exp "$OVERLAY" "$CHROOT" - -echo "TESTING: 1.4 mask other users" -./1.4.exp "$OVERLAY" "$CHROOT" - -echo "TESTING: 1.5 PID namespace" -./1.5.exp "$OVERLAY" "$CHROOT" - -echo "TESTING: 1.6 new /var/log" -./1.6.exp "$OVERLAY" "$CHROOT" - -echo "TESTING: 1.7 new /var/tmp" -./1.7.exp "$OVERLAY" "$CHROOT" - -echo "TESTING: 1.8 disable firejail config and run time information" -./1.8.exp "$OVERLAY" "$CHROOT" - -echo "TESTING: 1.10 disable /selinux" -./1.10.exp "$OVERLAY" "$CHROOT" - -#################### -# networking features -#################### -if [[ $NETWORK == "network" ]] -then - echo "TESTING: 2.1 hostname" - ./2.1.exp "$OVERLAY" "$CHROOT" - - echo "TESTING: 2.2 DNS" - ./2.2.exp "$OVERLAY" "$CHROOT" - - echo "TESTING: 2.3 mac-vlan" - ./2.3.exp "$OVERLAY" "$CHROOT" - - echo "TESTING: 2.4 bridge" - ./2.4.exp "$OVERLAY" "$CHROOT" - - echo "TESTING: 2.5 interface" - ./2.5.exp "$OVERLAY" "$CHROOT" - - echo "TESTING: 2.6 Default gateway" - ./2.6.exp "$OVERLAY" "$CHROOT" -fi - -#################### -# filesystem features -#################### -echo "TESTING: 3.1 private (fails on OpenSUSE)" -./3.1.exp "$OVERLAY" "$CHROOT" - -echo "TESTING: 3.2 read-only" -./3.2.exp "$OVERLAY" "$CHROOT" - -echo "TESTING: 3.3 blacklist" -./3.3.exp "$OVERLAY" "$CHROOT" - -echo "TESTING: 3.4 whitelist home (fails on OpenSUSE)" -./3.4.exp "$OVERLAY" "$CHROOT" - -echo "TESTING: 3.5 private-dev" -./3.5.exp "$OVERLAY" "$CHROOT" - -echo "TESTING: 3.6 private-etc" -./3.6.exp notworking "$CHROOT" - -echo "TESTING: 3.7 private-tmp" -./3.7.exp "$OVERLAY" "$CHROOT" - -echo "TESTING: 3.8 private-bin" -./3.8.exp notworking notworking - -echo "TESTING: 3.9 whitelist dev" -./3.9.exp "$OVERLAY" "$CHROOT" - -echo "TESTING: 3.10 whitelist tmp" -./3.10.exp "$OVERLAY" "$CHROOT" - -echo "TESTING: 3.11 mkdir" -./3.11.exp "$OVERLAY" "$CHROOT" diff --git a/test/overlay/firefox-x11-xorg.exp b/test/overlay/firefox-x11-xorg.exp deleted file mode 100755 index 5457b512a..000000000 --- a/test/overlay/firefox-x11-xorg.exp +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --overlay --name=test --x11=xorg firefox -no-remote www.gentoo.org\r" -sleep 10 - -spawn $env(SHELL) -send -- "firejail --list\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - ":firejail" -} -expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "firefox" {puts "firefox detected\n";} - "iceweasel" {puts "iceweasel detected\n";} -} -expect { - timeout {puts "TESTING ERROR 3.2\n";exit} - "no-remote" -} -sleep 1 -# grsecurity exit -send -- "file /proc/sys/kernel/grsecurity\r" -expect { - timeout {puts "TESTING ERROR - grsecurity detection\n";exit} - "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} - "cannot open" {puts "grsecurity not present\n"} -} -send -- "firejail --overlay --name=blablabla\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 2 - -spawn $env(SHELL) -send -- "firemon --seccomp\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - " firefox" {puts "firefox detected\n";} - " iceweasel" {puts "iceweasel detected\n";} -} -expect { - timeout {puts "TESTING ERROR 5.0\n";exit} - "no-remote" -} -expect { - timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} - "Seccomp: 2" -} -expect { - timeout {puts "TESTING ERROR 5.1\n";exit} - "name=blablabla" -} -sleep 1 -send -- "firemon --caps\r" -expect { - timeout {puts "TESTING ERROR 6\n";exit} - " firefox" {puts "firefox detected\n";} - " iceweasel" {puts "iceweasel detected\n";} -} -expect { - timeout {puts "TESTING ERROR 6.0\n";exit} - "no-remote" -} -expect { - timeout {puts "TESTING ERROR 6.1\n";exit} - "CapBnd:" -} -expect { - timeout {puts "TESTING ERROR 6.2\n";exit} - "0000000000000000" -} -expect { - timeout {puts "TESTING ERROR 6.3\n";exit} - "name=blablabla" -} -sleep 1 -send -- "firejail --shutdown=test\r" -sleep 3 - -puts "\nall done\n" diff --git a/test/overlay/firefox-x11.exp b/test/overlay/firefox-x11.exp deleted file mode 100755 index 66b3d9d8e..000000000 --- a/test/overlay/firefox-x11.exp +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --overlay --name=test --x11 firefox -no-remote www.gentoo.org\r" -sleep 10 - -spawn $env(SHELL) -send -- "firejail --list\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - ":firejail" -} -expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "firefox" {puts "firefox detected\n";} - "iceweasel" {puts "iceweasel detected\n";} -} -expect { - timeout {puts "TESTING ERROR 3.2\n";exit} - "no-remote" -} -sleep 1 -# grsecurity exit -send -- "file /proc/sys/kernel/grsecurity\r" -expect { - timeout {puts "TESTING ERROR - grsecurity detection\n";exit} - "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} - "cannot open" {puts "grsecurity not present\n"} -} -send -- "firejail --name=blablabla --overlay\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 2 - -spawn $env(SHELL) -send -- "firemon --seccomp\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - " firefox" {puts "firefox detected\n";} - " iceweasel" {puts "iceweasel detected\n";} -} -expect { - timeout {puts "TESTING ERROR 5.0\n";exit} - "no-remote" -} -expect { - timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} - "Seccomp: 2" -} -expect { - timeout {puts "TESTING ERROR 5.1\n";exit} - "name=blablabla" -} -sleep 1 -send -- "firemon --caps\r" -expect { - timeout {puts "TESTING ERROR 6\n";exit} - " firefox" {puts "firefox detected\n";} - " iceweasel" {puts "iceweasel detected\n";} -} -expect { - timeout {puts "TESTING ERROR 6.0\n";exit} - "no-remote" -} -expect { - timeout {puts "TESTING ERROR 6.1\n";exit} - "CapBnd:" -} -expect { - timeout {puts "TESTING ERROR 6.2\n";exit} - "0000000000000000" -} -expect { - timeout {puts "TESTING ERROR 6.3\n";exit} - "name=blablabla" -} -sleep 1 -send -- "firejail --shutdown=test\r" -sleep 3 - -puts "\nall done\n" diff --git a/test/overlay/firefox.exp b/test/overlay/firefox.exp deleted file mode 100755 index 295a03f52..000000000 --- a/test/overlay/firefox.exp +++ /dev/null @@ -1,98 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --overlay firefox -no-remote www.gentoo.org\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "Reading profile /etc/firejail/firefox.profile" -} -expect { - timeout {puts "TESTING ERROR 1\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 10 - -spawn $env(SHELL) -send -- "firejail --list\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - ":firejail" -} -expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "firefox" {puts "firefox detected\n";} - "iceweasel" {puts "iceweasel detected\n";} -} -expect { - timeout {puts "TESTING ERROR 3.2\n";exit} - "no-remote" -} -after 100 - -# grsecurity exit -send -- "file /proc/sys/kernel/grsecurity\r" -expect { - timeout {puts "TESTING ERROR - grsecurity detection\n";exit} - "grsecurity: directory" {puts "grsecurity present, exiting...\n";exit} - "cannot open" {puts "grsecurity not present\n"} -} - - -send -- "firejail --name=blablabla --overlay\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 2 - -spawn $env(SHELL) -send -- "firemon --seccomp\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - " firefox" {puts "firefox detected\n";} - " iceweasel" {puts "iceweasel detected\n";} -} -expect { - timeout {puts "TESTING ERROR 5.0\n";exit} - "no-remote" -} -expect { - timeout {puts "TESTING ERROR 5.1 (seccomp)\n";exit} - "Seccomp: 2" -} -expect { - timeout {puts "TESTING ERROR 5.1\n";exit} - "name=blablabla" -} -after 100 -send -- "firemon --caps\r" -expect { - timeout {puts "TESTING ERROR 6\n";exit} - " firefox" {puts "firefox detected\n";} - " iceweasel" {puts "iceweasel detected\n";} -} -expect { - timeout {puts "TESTING ERROR 6.0\n";exit} - "no-remote" -} -expect { - timeout {puts "TESTING ERROR 6.1\n";exit} - "CapBnd:" -} -expect { - timeout {puts "TESTING ERROR 6.2\n";exit} - "0000000000000000" -} -expect { - timeout {puts "TESTING ERROR 6.3\n";exit} - "name=blablabla" -} -after 100 - -puts "\nall done\n" diff --git a/test/overlay/fs-named.exp b/test/overlay/fs-named.exp deleted file mode 100755 index 9e606183f..000000000 --- a/test/overlay/fs-named.exp +++ /dev/null @@ -1,72 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --overlay-named=firejail-test\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit} - "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "found\n"} -} -sleep 1 -send -- "stty -echo\r" -after 100 - -send -- "echo xyzxyzxyz > ~/_firejail_test_file; echo done\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "done" -} -after 100 - -send -- "cat ~/_firejail_test_file; echo done\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "xyzxyzxyz" -} -expect { - timeout {puts "TESTING ERROR 4.1\n";exit} - "done" -} -after 100 - -send -- "exit\r" -sleep 2 - -send -- "cat ~/_firejail_test_file; echo done\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "xyzxyzxyz" {puts "TESTING ERROR 5.1\n";exit} - "done" -} -after 100 - -send -- "firejail --overlay-named=firejail-test\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit} - "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "found\n"} -} -sleep 1 - -send -- "stty -echo\r" -after 100 -send -- "cat ~/_firejail_test_file; echo done\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "xyzxyzxyz" -} -expect { - timeout {puts "TESTING ERROR 4.1\n";exit} - "done" -} -after 100 - -puts "\nall done\n" diff --git a/test/overlay/fs-tmpfs.exp b/test/overlay/fs-tmpfs.exp deleted file mode 100755 index 8c8ebcb16..000000000 --- a/test/overlay/fs-tmpfs.exp +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --overlay-clean\r" -after 100 -send -- "file ~/.firejail\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "cannot open" -} -after 100 - -send -- "firejail --overlay-tmpfs\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit} - "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "found\n"} -} -sleep 1 -send -- "stty -echo\r" -after 100 - -send -- "echo xyzxyzxyz > ~/_firejail_test_file; echo done\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "done" -} -after 100 - -send -- "stty -echo\r" -after 100 -send -- "cat ~/_firejail_test_file; echo done\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "xyzxyzxyz" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "done" -} -after 100 - -send -- "exit\r" -sleep 1 - -send -- "stty -echo\r" -after 100 -send -- "cat ~/_firejail_test_file; echo done\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "xyzxyzxyz" {puts "TESTING ERROR 6\n";exit} - "done" -} -after 100 - -send -- "file ~/.firejail\r" -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "cannot open" -} -after 100 - -puts "\nall done\n" diff --git a/test/overlay/fs.exp b/test/overlay/fs.exp deleted file mode 100755 index e078e604c..000000000 --- a/test/overlay/fs.exp +++ /dev/null @@ -1,62 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --overlay\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "not available for kernels older than 3.18" {puts "\nTESTING: overlayfs not available\n"; exit} - "Error: --overlay option is not available on Grsecurity systems" {puts "\nTESTING: overlayfs not available\n"; exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "found\n"} -} -sleep 1 - -send -- "stty -echo\r" -after 100 -send -- "echo xyzxyzxyz > ~/_firejail_test_file; echo done\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "done" -} -after 100 - -send -- "stty -echo\r" -after 100 -send -- "cat ~/_firejail_test_file; echo done\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "xyzxyzxyz" -} -expect { - timeout {puts "TESTING ERROR 4.1\n";exit} - "done" -} -after 100 - -send -- "exit\r" -sleep 2 - -send -- "stty -echo\r" -after 100 -send -- "cat ~/_firejail_test_file; echo done\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "xyzxyzxyz" {puts "TESTING ERROR 5.1\n";exit} - "done" -} -after 100 - -# check /sys directory -send -- "ls /sys\r" -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "block" -} -after 100 - -puts "\nall done\n" diff --git a/test/overlay/overlay.sh b/test/overlay/overlay.sh deleted file mode 100755 index 2015942d9..000000000 --- a/test/overlay/overlay.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/bash -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -export MALLOC_CHECK_=3 -export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) -export LC_ALL=C - -echo "TESTING: overlay fs (test/overlay/fs.exp)" -rm -fr ~/_firejail_test_* -./fs.exp -rm -fr ~/_firejail_test_* - -echo "TESTING: overlay named fs (test/overlay/fs-named.exp)" -rm -fr ~/_firejail_test_* -./fs-named.exp -rm -fr ~/_firejail_test_* - -echo "TESTING: overlay tmpfs fs (test/overlay/fs-tmpfs.exp)" -rm -fr ~/_firejail_test_* -./fs-tmpfs.exp -rm -fr ~/_firejail_test_* - -if command -v firefox -then - echo "TESTING: overlay firefox" - ./firefox.exp -else - echo "TESTING SKIP: firefox not found" -fi - -if command -v firefox -then - echo "TESTING: overlay firefox x11 xorg" - ./firefox.exp -else - echo "TESTING SKIP: firefox not found" -fi - -# check xpra/xephyr -if command -v xpra -then - echo "xpra found" -else - echo "xpra not found" - if command -v Xephyr - then - echo "Xephyr found" - else - echo "TESTING SKIP: xpra and/or Xephyr not found" - exit - fi -fi - -if command -v firefox -then - echo "TESTING: overlay firefox x11" - ./firefox-x11.exp -else - echo "TESTING SKIP: firefox not found" -fi diff --git a/test/root/apache2.exp b/test/root/apache2.exp deleted file mode 100755 index 369cda40d..000000000 --- a/test/root/apache2.exp +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 5 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --name=apache /etc/init.d/apache2 start\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 2 - - -spawn $env(SHELL) -send -- "firejail --tree\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "root:apache:firejail --name=apache /etc/init.d/apache2" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "www-data::/usr/sbin/apache2" -} -sleep 2 - - -send -- "rm index.html\r" -sleep 1 -send -- "wget 127.0.0.1\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "saved" -} -send -- "cat index.html\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "DOCTYPE html PUBLIC" -} - -sleep 1 -send -- "rm index.html\r" - -send -- "firejail --join=apache\r" -sleep 2 - -send -- "ls /dev\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "tty0" {puts "TESTING ERROR 6\n";exit} - "ttyS0" {puts "TESTING ERROR 6\n";exit} - "audio" {puts "TESTING ERROR 6\n";exit} - "ppp" {puts "TESTING ERROR 6\n";exit} - "log" -} -sleep 1 -send -- "ls -al /tmp;pwd\r" -expect { - timeout {puts "TESTING ERROR 10\n";exit} - "X11-unix" {puts "TESTING ERROR 11\n";exit} - "/root" -} -sleep 2 - -puts "\nall done\n" diff --git a/test/root/checkcfg.exp b/test/root/checkcfg.exp deleted file mode 100755 index d7aea8084..000000000 --- a/test/root/checkcfg.exp +++ /dev/null @@ -1,164 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -cd /home -spawn $env(SHELL) -match_max 100000 - -send -- "rm /etc/firejail/firejail.config\r" -after 100 - -send -- "firejail\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "firejail.config not found" -} - -# seccomp -send -- "echo \"seccomp no\" > /etc/firejail/firejail.config\r" -after 100 -send -- "firejail --noprofile --seccomp\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "seccomp feature is disabled in Firejail configuration file\r" -} - -# whitelist -send -- "echo \"whitelist no\" > /etc/firejail/firejail.config\r" -after 100 -send -- "firejail --noprofile --whitelist=~/.config\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "whitelist feature is disabled in Firejail configuration file\r" -} - -# network -send -- "echo \"network no\" > /etc/firejail/firejail.config\r" -after 100 -send -- "firejail --noprofile --net=eth0\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "networking feature is disabled in Firejail configuration file\r" -} - -# bind -send -- "echo \"bind no\" > /etc/firejail/firejail.config\r" -after 100 -send -- "firejail --noprofile --bind=/tmp,/var/tmp\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "bind feature is disabled in Firejail configuration file\r" -} - -# overlay -send -- "echo \"overlayfs no\" > /etc/firejail/firejail.config\r" -after 100 -send -- "firejail --noprofile --overlay\r" -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "overlayfs feature is disabled in Firejail configuration file\r" -} - -# private-home -send -- "echo \"private-home no\" > /etc/firejail/firejail.config\r" -after 100 -send -- "firejail --noprofile --private-home=/tmp\r" -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "private-home feature is disabled in Firejail configuration file\r" -} - -# chroot -send -- "echo \"chroot no\" > /etc/firejail/firejail.config\r" -after 100 -send -- "firejail --noprofile --chroot=/tmp\r" -expect { - timeout {puts "TESTING ERROR 8\n";exit} - "chroot feature is disabled in Firejail configuration file\r" -} - -# userns -send -- "echo \"userns no\" > /etc/firejail/firejail.config\r" -after 100 -send -- "firejail --noprofile --noroot\r" -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "noroot feature is disabled in Firejail configuration file\r" -} -sleep 1 - -# netfilter-default -send -- "echo \"netfilter-default blablabla\" > /etc/firejail/firejail.config\r" -after 100 -send -- "firejail --noprofile\r" -expect { - timeout {puts "TESTING ERROR 10\n";exit} - "netfilter-default file blablabla not available\r" -} -after 100 - -# strings -send -- "echo \"xephyr-screen 800x600\" > /etc/firejail/firejail.config\r" -after 100 -send -- "echo \"xvfb-screen 800x600x24\" >> /etc/firejail/firejail.config\r" -after 100 -send -- "echo \"xvfb-extra-params blablabla\" >> /etc/firejail/firejail.config\r" -sleep 1 -send -- "stty -echo\r" -after 100 -send -- "firejail --noprofile echo done\r" -expect { - timeout {puts "TESTING ERROR 11\n";exit} - "done\r" -} -sleep 1 - -after 100 -send -- "echo \"join no\" > /etc/firejail/firejail.config\r" -after 100 -send -- "echo \"cache-tmpfs no\" >> /etc/firejail/firejail.config\r" -after 100 -send -- "echo \"file-transfer no\" >> /etc/firejail/firejail.config\r" -after 100 -send -- "echo \"x11 no\" >> /etc/firejail/firejail.config\r" -after 100 -send -- "echo \"firejail-prompt yes\" >> /etc/firejail/firejail.config\r" -after 100 -send -- "echo \"follow-symlink-as-user yes\" >> /etc/firejail/firejail.config\r" -after 100 -send -- "echo \"follow-symlink-private-bin yes\" >> /etc/firejail/firejail.config\r" -after 100 -send -- "echo \"force-nonewprivs yes\" >> /etc/firejail/firejail.config\r" -after 100 -send -- "echo \"seccomp no\" >> /etc/firejail/firejail.config\r" -after 100 -send -- "echo \"restricted-network yes\" >> /etc/firejail/firejail.config\r" -after 100 -send -- "echo \"xephyr-window-title yes\" >> /etc/firejail/firejail.config\r" -after 100 -send -- "echo \"quiet-by-default yes\" >> /etc/firejail/firejail.config\r" -after 100 -send -- "echo \"chroot-desktop no\" >> /etc/firejail/firejail.config\r" -after 100 -send -- "echo \"private-bin-no-local yes\" >> /etc/firejail/firejail.config\r" -after 100 -send -- "echo \"disable-mnt yes\" >> /etc/firejail/firejail.config\r" -after 100 -send -- "echo \"xephyr-window-title no\" >> /etc/firejail/firejail.config\r" -after 100 -send -- "echo \"remount-proc-sys no\" >> /etc/firejail/firejail.config\r" -after 100 -send -- "echo \"disable-mnt no\" >> /etc/firejail/firejail.config\r" -after 100 -send -- "echo \"blablabla\" >> /etc/firejail/firejail.config\r" -after 100 -send -- "firejail --noprofile\r" -expect { - timeout {puts "TESTING ERROR 12\n";exit} - "" -} -after 100 -puts "\nall done\n" diff --git a/test/root/firecfg.exp b/test/root/firecfg.exp deleted file mode 100755 index d78631c76..000000000 --- a/test/root/firecfg.exp +++ /dev/null @@ -1,80 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firecfg --debug\r" -sleep 1 - -send -- "firecfg --debug --clean\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "less removed" -} -sleep 1 - -send -- "stty -echo\r" -after 100 -send -- "file /usr/local/bin/firefox; echo done\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "symbolic link to /usr/bin/firejail" {puts "TESTING ERROR 2\n";exit} - "done" -} -sleep 1 - -send -- "firecfg --debug\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "less created" -} -sleep 1 - -send -- "file /usr/local/bin/less\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "symbolic link to /usr/bin/firejail" -} -sleep 1 - -send -- "firecfg --list\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "/usr/local/bin/less" -} -sleep 1 - -send -- "firecfg --fix\r" -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "this option is not supported for root user" -} -sleep 1 - -send -- "firecfg --fix-sound\r" -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "PulseAudio configured, please logout and login back again" -} -sleep 1 - -send -- "firecfg --version\r" -expect { - timeout {puts "TESTING ERROR 8\n";exit} - "firecfg version" -} -sleep 1 - -send -- "firecfg --blablabla\r" -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "invalid command line option" -} -sleep 1 - - -puts "\nall done\n" diff --git a/test/root/firejail.config b/test/root/firejail.config deleted file mode 100644 index 4ad5edd4d..000000000 --- a/test/root/firejail.config +++ /dev/null @@ -1,26 +0,0 @@ - -bind yes -chroot yes -chroot-desktop yes -cache-tmpfs yes -file-transfer yes -firejail-prompt no -follow-symlink-as-user no -follow-symlink-private-bin no -force-nonewprivs no -join yes -network yes -overlayfs yes -private-bin-no-local no -private-home yes -quiet-by-default no -remount-proc-sys yes -restricted-network no -# netfilter-default /etc/iptables.iptables.rules -seccomp yes -userns yes -whitelist yes -x11 yes -xephyr-screen 800x600 -xephyr-window-title yes -xephyr-extra-params -grayscale diff --git a/test/root/firemon-events.exp b/test/root/firemon-events.exp deleted file mode 100755 index 8ca222733..000000000 --- a/test/root/firemon-events.exp +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# start firemon -set firemon_id $spawn_id -send -- "firemon\r" -sleep 1 - -# start firejail -spawn $env(SHELL) -set firejail_id $spawn_id -send -- "firejail\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} - -# get messages on firemon -set spawn_id $firemon_id -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "exec" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "/bin/bash -c /bin/bash" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "exec" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "/bin/bash" -} -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "fork" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "child" -} -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "/bin/bash" -} -after 100 - -# exit firejail -set spawn_id $firejail_id -send -- "exit\r" -sleep 1 - -# get messages on firemon -set spawn_id $firemon_id -expect { - timeout {puts "TESTING ERROR 8\n";exit} - "exit" -} - -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "EXIT SANDBOX" -} - - -puts "\nall done\n" diff --git a/test/root/isc-dhcp.exp b/test/root/isc-dhcp.exp deleted file mode 100755 index dbafdb9d0..000000000 --- a/test/root/isc-dhcp.exp +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 5 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --name=dhcpd /etc/init.d/isc-dhcp-server start\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 2 - -spawn $env(SHELL) -send -- "firejail --tree\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "root:/usr/sbin/dhcpd" -} -sleep 2 - -send -- "tail -n 200 /var/log/syslog\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "Internet Systems Consortium DHCP Server" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "Wrote 0 leases to leases file" -} -sleep 2 - -send -- "firejail --join=dhcpd\r" -sleep 2 - -send -- "ls /dev\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "tty0" {puts "TESTING ERROR 6\n";exit} - "ttyS0" {puts "TESTING ERROR 6\n";exit} - "ppp" {puts "TESTING ERROR 6\n";exit} - "audio" {puts "TESTING ERROR 6\n";exit} - "log" -} -sleep 2 - - -puts "\nall done\n" diff --git a/test/root/join.exp b/test/root/join.exp deleted file mode 100755 index c488a488a..000000000 --- a/test/root/join.exp +++ /dev/null @@ -1,56 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -cd /home -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --name=jointesting --cpu=0 --nice=2\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 2 - -spawn $env(SHELL) -send -- "firejail --join=jointesting\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "Switching to pid" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 -send -- "ps aux\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "/bin/bash" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "/bin/bash" -} - -send -- "exit\r" -sleep 1 -send -- "firejail --join-network=jointesting\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -send -- "exit\r" -sleep 1 -send -- "firejail --join-filesystem=jointesting\r" -expect { - timeout {puts "TESTING ERROR 6\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} - -after 100 - -puts "\nall done\n" diff --git a/test/root/login_nobody.exp b/test/root/login_nobody.exp deleted file mode 100755 index 0c54488bd..000000000 --- a/test/root/login_nobody.exp +++ /dev/null @@ -1,35 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -cd /home -spawn $env(SHELL) -match_max 100000 - -send -- "su - nobody -s /usr/bin/firejail\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -after 100 - -send -- "cat /proc/self/status | grep Seccomp\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "2" -} -after 100 - -send -- "cat /proc/self/status | grep CapBnd\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "0000000000000000" -} -after 100 - -send -- "exit\r" -sleep 1 - -puts "\nall done\n" diff --git a/test/root/nginx.exp b/test/root/nginx.exp deleted file mode 100755 index cb7367729..000000000 --- a/test/root/nginx.exp +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 5 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --name=nginx /etc/init.d/nginx start\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 2 - - -spawn $env(SHELL) -send -- "firejail --tree\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "root::nginx: master process /usr/sbin/nginx" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "www-data::nginx: worker process" -} -sleep 2 - - -send -- "rm index.html\r" -sleep 1 -send -- "wget 127.0.0.1\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "saved" -} -send -- "cat index.html\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "DOCTYPE html PUBLIC" -} - -sleep 1 -send -- "rm index.html\r" - -send -- "firejail --join=nginx\r" -sleep 2 - -send -- "ls /dev\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "tty0" {puts "TESTING ERROR 6\n";exit} - "ttyS0" {puts "TESTING ERROR 6\n";exit} - "audio" {puts "TESTING ERROR 6\n";exit} - "ppp" {puts "TESTING ERROR 6\n";exit} - "log" -} -sleep 1 -send -- "ls -al /tmp;pwd\r" -expect { - timeout {puts "TESTING ERROR 10\n";exit} - "X11-unix" {puts "TESTING ERROR 11\n";exit} - "/root" -} -sleep 2 - -puts "\nall done\n" diff --git a/test/root/option_bind_directory.exp b/test/root/option_bind_directory.exp deleted file mode 100755 index 83ed6b84d..000000000 --- a/test/root/option_bind_directory.exp +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --bind=/tmp/chroot,mntpoint\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ls mntpoint;pwd\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "root" -} -sleep 1 - -puts "\n" diff --git a/test/root/option_bind_file.exp b/test/root/option_bind_file.exp deleted file mode 100755 index 0807f951a..000000000 --- a/test/root/option_bind_file.exp +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --bind=tmpfile,/etc/passwd\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "cat /etc/passwd;pwd\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "hello" -} -sleep 1 - -puts "\n" diff --git a/test/root/option_tmpfs.exp b/test/root/option_tmpfs.exp deleted file mode 100755 index 2d9eea8f5..000000000 --- a/test/root/option_tmpfs.exp +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --tmpfs=/var\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ls -l /var;pwd\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "total 0" -} -after 100 -send -- "exit\r" -sleep 1 - -send -- "firejail --debug-check-filename --tmpfs=\"bla&&bla\"\r" -expect { - timeout {puts "TESTING ERROR 13.1\n";exit} - "Checking filename bla&&bla" -} -expect { - timeout {puts "TESTING ERROR 13.2\n";exit} - "Error:" -} -expect { - timeout {puts "TESTING ERROR 13.3\n";exit} - "is an invalid filename" -} -after 100 - - -puts "\nall done\n" diff --git a/test/root/private.exp b/test/root/private.exp deleted file mode 100755 index 8c89e1f31..000000000 --- a/test/root/private.exp +++ /dev/null @@ -1,111 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --private\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 2 - -send -- "ls -l /home\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "total 0" -} -after 100 - -send -- "ls -l /root\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "total 0" -} -after 100 - -send -- "exit\r" -sleep 1 - - - -send -- "touch /opt/firejail-test-file\r" -after 100 -send -- "mkdir /opt/firejail-test-dir\r" -after 100 -send -- "touch /opt/firejail-test-dir/firejail-test-file\r" -after 100 -send -- "firejail --private-opt=firejail-test-file,firejail-test-dir --debug\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "find /opt | wc -l\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "4" -} -after 100 -send -- "exit\r" -sleep 1 -send -- "firejail --whitelist=/opt/firejail-test-file --whitelist=/opt/firejail-test-dir --debug\r" -expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "find /opt | wc -l\r" -expect { - timeout {puts "TESTING ERROR 4.1\n";exit} - "4" -} -after 100 -send -- "exit\r" -sleep 1 - - -send -- "touch /srv/firejail-test-file\r" -after 100 -send -- "mkdir /srv/firejail-test-dir\r" -after 100 -send -- "touch /srv/firejail-test-dir/firejail-test-file\r" -after 100 -send -- "firejail --private-srv=firejail-test-file,firejail-test-dir --debug\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "find /srv | wc -l\r" -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "4" -} -after 100 -send -- "exit\r" -sleep 1 -send -- "firejail --whitelist=/srv/firejail-test-file --whitelist=/srv/firejail-test-dir --debug\r" -expect { - timeout {puts "TESTING ERROR 5.1\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "find /srv | wc -l\r" -expect { - timeout {puts "TESTING ERROR 6.1\n";exit} - "4" -} -after 100 -send -- "exit\r" -sleep 1 - -puts "\nall done\n" diff --git a/test/root/profile_tmpfs.exp b/test/root/profile_tmpfs.exp deleted file mode 100755 index 7331225b3..000000000 --- a/test/root/profile_tmpfs.exp +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --profile=tmpfs.profile\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "ls -l /var;pwd\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "total 0" -} -after 100 -send -- "exit\r" -sleep 1 - -send -- "firejail --debug-check-filename --profile=tmpfs-bad.profile\r" -expect { - timeout {puts "TESTING ERROR 13.1\n";exit} - "Checking filename bla&&bla" -} -expect { - timeout {puts "TESTING ERROR 13.2\n";exit} - "Error:" -} -expect { - timeout {puts "TESTING ERROR 13.3\n";exit} - "is an invalid filename" -} -after 100 - - -puts "\nall done\n" diff --git a/test/root/root.sh b/test/root/root.sh deleted file mode 100755 index 84e430c7f..000000000 --- a/test/root/root.sh +++ /dev/null @@ -1,127 +0,0 @@ -#!/bin/bash -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -# set a new firejail config file -#cp firejail.config /etc/firejail/firejail.config - -export LC_ALL=C - -#******************************** -# firecfg -#******************************** -if command -v less -then - echo "TESTING: firecfg (test/root/firecfg.exp)" - mv /home/netblue/.local/share/applications /home/netblue/.local/share/applications-store - ./firecfg.exp - mv /home/netblue/.local/share/applications-store /home/netblue/.local/share/applications -else - echo "TESTING SKIP: firecfg, less not found" -fi - -#******************************** -# servers -#******************************** -if [[ -f /etc/init.d/snmpd ]] -then - echo "TESTING: snmpd (test/root/snmpd.exp)" - ./snmpd.exp -else - echo "TESTING SKIP: snmpd not found" -fi - - -if [[ -f /etc/init.d/apache2 ]] -then - echo "TESTING: apache2 (test/root/apache2.exp)" - ./apache2.exp -else - echo "TESTING SKIP: apache2 not found" -fi - -if [[ -f /etc/init.d/isc-dhcp-server ]] -then - echo "TESTING: isc dhcp server (test/root/isc-dhscp.exp)" - ./isc-dhcp.exp -else - echo "TESTING SKIP: isc dhcp server not found" -fi - -if [[ -f /etc/init.d/unbound ]] -then - echo "TESTING: unbound (test/root/unbound.exp)" - ./unbound.exp -else - echo "TESTING SKIP: unbound not found" -fi - -if [[ -f /etc/init.d/nginx ]] -then - echo "TESTING: nginx (test/root/nginx.exp)" - ./nginx.exp -else - echo "TESTING SKIP: nginx not found" -fi - -#******************************** -# filesystem -#******************************** -echo "TESTING: fs private (test/root/private.exp)" -./private.exp - -echo "TESTING: fs whitelist mnt, opt, media (test/root/whitelist-mnt.exp)" -./whitelist.exp - -#******************************** -# utils -#******************************** -echo "TESTING: join (test/root/join.exp)" -./join.exp - -echo "TESTING: login-nobody (test/root/login_nobody.exp)" -./login_nobody.exp - -#******************************** -# seccomp -#******************************** -echo "TESTING: seccomp umount (test/root/seccomp-umount.exp)" -./seccomp-umount.exp - -echo "TESTING: seccomp chmod (test/root/seccomp-chmod.exp)" -./seccomp-chmod.exp - -echo "TESTING: seccomp chown (test/root/seccomp-chown.exp)" -./seccomp-chown.exp - -#******************************** -# command line options -#******************************** -echo "TESTING: firejail configuration (test/root/checkcfg.exp)" -./checkcfg.exp -cp ../../etc/firejail.config /etc/firejail/. - -echo "TESTING: tmpfs (test/root/option_tmpfs.exp)" -./option_tmpfs.exp - -echo "TESTING: profile tmpfs (test/root/profile_tmpfs)" -./profile_tmpfs.exp - -echo "TESTING: bind directory (test/root/option_bind_directory.exp)" -./option_bind_directory.exp - -echo "TESTING: bind file (test/root/option_bind_file.exp)" -echo hello > tmpfile -./option_bind_file.exp -rm -f tmpfile - -#******************************** -# firemon -#******************************** -echo "TESTING: firemon events (test/root/firemon-events.exp)" -./firemon-events.exp - - -# restore the default config file -#cp ../../etc/firejail.config /etc/firejail/firejail.config diff --git a/test/root/seccomp-chmod.exp b/test/root/seccomp-chmod.exp deleted file mode 100755 index d26098524..000000000 --- a/test/root/seccomp-chmod.exp +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --seccomp=chmod,fchmod,fchmodat --private\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 2 - -send -- "stty -echo\r" -after 100 -send -- "cd ~; echo done\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "done" -} - -send -- "touch testfile; echo done\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "done" -} - -send -- "ls -l testfile; echo done\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "testfile" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "done" -} - -send -- "chmod +x testfile; echo done\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "Bad system call" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "done" -} - -send -- "exit\r" -after 100 -puts "\nall done\n" diff --git a/test/root/seccomp-chown.exp b/test/root/seccomp-chown.exp deleted file mode 100755 index e17bbc4bb..000000000 --- a/test/root/seccomp-chown.exp +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --seccomp=chown,fchown,fchownat,lchown --private\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 2 - -send -- "stty -echo\r" -after 100 -send -- "touch testfile; echo done\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "done" -} -after 100 - -send -- "ls -l testfile; echo done\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "testfile" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "done" -} -after 100 - -send -- "chown netblue:netblue testfile; echo done\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "Bad system call" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "done" -} - - -send -- "exit\r" -after 100 -puts "\nall done\n" diff --git a/test/root/seccomp-umount.exp b/test/root/seccomp-umount.exp deleted file mode 100755 index 70a39925d..000000000 --- a/test/root/seccomp-umount.exp +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --seccomp --noprofile\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 2 - -send -- "umount /proc\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "Bad system call" -} - -send -- "exit\r" -after 100 -puts "\n" diff --git a/test/root/snmpd.exp b/test/root/snmpd.exp deleted file mode 100755 index 63f488342..000000000 --- a/test/root/snmpd.exp +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 5 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --name=snmpd /etc/init.d/snmpd start\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 2 - -spawn $env(SHELL) -send -- "firejail --tree\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "snmp:/usr/sbin/snmpd" -} -sleep 2 - -send -- "tail /var/log/syslog\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "snmpd" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "NET-SNMP version" -} - -send -- "firejail --join=snmpd\r" -sleep 2 - -send -- "ls /dev\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "tty0" {puts "TESTING ERROR 6\n";exit} - "ttyS0" {puts "TESTING ERROR 6\n";exit} - "audio" {puts "TESTING ERROR 6\n";exit} - "ppp" {puts "TESTING ERROR 6\n";exit} - "log" -} -sleep 2 - -sleep 2 -puts "\nall done\n" diff --git a/test/root/tmpfs-bad.profile b/test/root/tmpfs-bad.profile deleted file mode 100644 index 7264e18ff..000000000 --- a/test/root/tmpfs-bad.profile +++ /dev/null @@ -1 +0,0 @@ -tmpfs bla&&bla diff --git a/test/root/tmpfs.profile b/test/root/tmpfs.profile deleted file mode 100644 index 55a6f7ebc..000000000 --- a/test/root/tmpfs.profile +++ /dev/null @@ -1 +0,0 @@ -tmpfs /var diff --git a/test/root/unbound.exp b/test/root/unbound.exp deleted file mode 100755 index d84c07452..000000000 --- a/test/root/unbound.exp +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 5 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --name=unbound unbound\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 2 - -spawn $env(SHELL) -send -- "firejail --tree\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "unbound:unbound" -} -sleep 2 - -send -- "tail /var/log/syslog\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "unbound" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "info: start of service" -} -sleep 2 - -send -- "firejail --join=unbound\r" -sleep 2 - -send -- "ls /dev\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "tty0" {puts "TESTING ERROR 6\n";exit} - "ttyS0" {puts "TESTING ERROR 6\n";exit} - "audio" {puts "TESTING ERROR 6\n";exit} - "ppp" {puts "TESTING ERROR 6\n";exit} - "log" -} -sleep 2 - - -puts "\nall done\n" diff --git a/test/root/whitelist.exp b/test/root/whitelist.exp deleted file mode 100755 index 063864e13..000000000 --- a/test/root/whitelist.exp +++ /dev/null @@ -1,117 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "touch /mnt/firejail-test-file\r" -after 100 -send -- "mkdir /mnt/firejail-test-dir\r" -after 100 -send -- "touch /mnt/firejail-test-dir/firejail-test-file\r" -after 100 -send -- "firejail --whitelist=/mnt/firejail-test-file --whitelist=/mnt/firejail-test-dir --debug\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "find /mnt | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "4" -} -after 100 -send -- "exit\r" -sleep 1 - - -send -- "touch /opt/firejail-test-file\r" -after 100 -send -- "mkdir /opt/firejail-test-dir\r" -after 100 -send -- "touch /opt/firejail-test-dir/firejail-test-file\r" -after 100 -send -- "firejail --whitelist=/opt/firejail-test-file --whitelist=/opt/firejail-test-dir --debug\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "find /opt | wc -l\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "4" -} -after 100 -send -- "exit\r" -sleep 1 - -send -- "touch /media/firejail-test-file\r" -after 100 -send -- "mkdir /media/firejail-test-dir\r" -after 100 -send -- "touch /media/firejail-test-dir/firejail-test-file\r" -after 100 -send -- "firejail --whitelist=/media/firejail-test-file --whitelist=/media/firejail-test-dir --debug\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "find /media | wc -l\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "4" -} -after 100 -send -- "exit\r" -sleep 1 - - -send -- "firejail --whitelist=/var/run --whitelist=/var/lock --debug\r" -expect { - timeout {puts "TESTING ERROR 6\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "find /var | wc -l\r" -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "" -} -after 100 -send -- "exit\r" -sleep 1 - -send -- "touch /srv/firejail-test-file\r" -after 100 -send -- "mkdir /srv/firejail-test-dir\r" -after 100 -send -- "touch /srv/firejail-test-dir/firejail-test-file\r" -after 100 -send -- "firejail --whitelist=/srv/firejail-test-file --whitelist=/srv/firejail-test-dir --debug\r" -expect { - timeout {puts "TESTING ERROR 8\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -send -- "find /srv | wc -l\r" -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "4" -} -after 100 -send -- "exit\r" - - -after 100 -puts "\nall done\n" diff --git a/test/ssh/login.exp b/test/ssh/login.exp deleted file mode 100755 index 0a05b2dd1..000000000 --- a/test/ssh/login.exp +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "ssh firejail-test@0\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "OK\n"} - "an existing sandbox was detected" {puts "OK\n"} -} -sleep 1 - -send -- "ps aux | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "5" -} -after 100 - -send -- "ls -l /home | grep drw | wc -l\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "1" -} -after 100 - -send -- "cat /proc/self/status | grep Seccomp\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "2" -} -after 100 - -send -- "cat /proc/self/status | grep CapBnd\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "0000000000000000" -} -after 100 - -# preparing scp/sftp tests -send -- "rm testfile\r" - -send -- "exit\r" -sleep 1 - -puts "\nall done\n" diff --git a/test/ssh/scp.exp b/test/ssh/scp.exp deleted file mode 100755 index a803e7131..000000000 --- a/test/ssh/scp.exp +++ /dev/null @@ -1,66 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "ssh firejail-test@0\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "OK\n"} - "an existing sandbox was detected" {puts "OK\n"} -} -sleep 1 - -send -- "rm -f testfile\r" -after 100 -send -- "exit\r" -sleep 1 - -send -- "echo 12345 > testfile\r" -after 100 -send -- "scp testfile firejail-test@0:~/testfile\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "100%" -} -sleep 1 - - -send -- "ssh firejail-test@0\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "OK\n"} - "an existing sandbox was detected" {puts "OK\n"} -} -sleep 1 -send -- "cat testfile\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "12345" -} -after 100 -send -- "exit\r" -sleep 1 - -send -- "rm testfile\r" -after 100 -send -- "scp firejail-test@0:~/testfile testfile\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "100%" -} -sleep 1 -send -- "cat testfile\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "12345" -} -after 100 -send -- "rm testfile\r" -sleep 1 - -puts "\nall done\n" diff --git a/test/ssh/sftp.exp b/test/ssh/sftp.exp deleted file mode 100755 index a3299ef26..000000000 --- a/test/ssh/sftp.exp +++ /dev/null @@ -1,90 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "ssh firejail-test@0\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "OK\n"} - "an existing sandbox was detected" {puts "OK\n"} -} -sleep 1 - -send -- "rm -f testfile\r" -after 100 -send -- "exit\r" -sleep 1 - -send -- "echo 12345 > testfile\r" -after 100 -send -- "sftp firejail-test@0\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "Connected to 0" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "sftp>" -} -after 100 -send -- "put testfile\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "100%" -} -after 100 -send -- "exit\r" -sleep 1 - - -send -- "ssh firejail-test@0\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" {puts "OK\n"} - "an existing sandbox was detected" {puts "OK\n"} -} -sleep 1 -send -- "cat testfile\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "12345" -} -after 100 -send -- "exit\r" -sleep 1 - -send -- "rm testfile\r" -after 100 -send -- "sftp firejail-test@0\r" -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "Connected to 0" -} -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "sftp>" -} -after 100 -send -- "get testfile\r" -expect { - timeout {puts "TESTING ERROR 8\n";exit} - "100%" -} -after 100 -send -- "exit\r" -sleep 1 -send -- "cat testfile\r" -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "12345" -} -after 100 -send -- "rm testfile\r" -sleep 1 - -puts "\nall done\n" diff --git a/test/ssh/ssh.sh b/test/ssh/ssh.sh deleted file mode 100755 index d9fedc969..000000000 --- a/test/ssh/ssh.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -export MALLOC_CHECK_=3 -export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) -export LC_ALL=C - -echo "TESTING: ssh login (test/ssh/login.exp)" -./login.exp - -echo "TESTING: sftp (test/ssh/sftp.exp)" -./sftp.exp - -echo "TESTING: scp (test/ssh/scp.exp)" -./scp.exp diff --git a/test/stress/blacklist.exp b/test/stress/blacklist.exp deleted file mode 100755 index 3c6801b99..000000000 --- a/test/stress/blacklist.exp +++ /dev/null @@ -1,59 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -set MAXi 100 - -# blacklist testing -set i 1 -send -- "firejail --profile=blacklist.profile\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} - -while { $i <= $MAXi } { - send -- "cat ~/fj-stress-test/testfile$i\r" - expect { - timeout {puts "TESTING ERROR 1\n";exit} - "denied" - } - incr i - after 100 -} -after 100 - -send -- "exit\r" -sleep 1 - -# noblacklist testing -set i 1 -send -- "firejail --profile=noblacklist.profile\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} - -while { $i <= $MAXi } { - send -- "cat ~/fj-stress-test/testfile$i\r" - expect { - timeout {puts "TESTING ERROR 1\n";exit} - "hello" - } - incr i - after 100 -} -after 100 - -send -- "exit\r" -sleep 1 - - - -after 100 -puts "\nall done\n" diff --git a/test/stress/env.exp b/test/stress/env.exp deleted file mode 100755 index 66e2d8374..000000000 --- a/test/stress/env.exp +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# env testing -send -- "firejail --profile=env.profile\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} - -send -- "env | grep FJSTRESS77\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "FJSTRESS77=stress" -} - -send -- "env | grep FJSTRESS | wc -l\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "100" -} - -send -- "exit\r" -after 100 -puts "\nall done\n" diff --git a/test/stress/net_macvlan.exp b/test/stress/net_macvlan.exp deleted file mode 100755 index 6471979e9..000000000 --- a/test/stress/net_macvlan.exp +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# grab 10 ip addresses -set MAXi 210 -set i 201 -while { $i <= $MAXi } { - spawn $env(SHELL) - send -- "firejail --net=eth0 --ip=192.168.1.$i\r" - expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - incr i - after 100 -} - - -# grab 10 more -set MAXi 210 -set i 201 -while { $i <= $MAXi } { - spawn $env(SHELL) - send -- "firejail --net=eth0 --iprange=192.168.1.201,192.168.1.220\r" - expect { - timeout {puts "TESTING ERROR 2\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" - } - puts "************ $i ******************\n" - incr i - after 100 -} - -# the next one should fail, all 20 addresses are in use -spawn $env(SHELL) -send -- "firejail --debug --net=eth0 --iprange=192.168.1.201,192.168.1.220\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "cannot assign an IP address" -} - - - -after 100 -puts "\nall done\n" diff --git a/test/stress/stress.sh b/test/stress/stress.sh deleted file mode 100755 index 9db7ac9d3..000000000 --- a/test/stress/stress.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -export MALLOC_CHECK_=3 -export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) -export LC_ALL=C - - -# blacklist testing -rm -fr ~/fj-stress-test -mkdir ~/fj-stress-test -rm blacklist.profile -rm noblacklist.profile -rm env.profile -for i in {1..100} -do - echo "hello" > ~/fj-stress-test/testfile$i - echo "blacklist ~/fj-stress-test/testfile$i" >> blacklist.profile - echo "blacklist \${PATH}/sh" >> blacklist.profile - echo "noblacklist ~/fj-stress-test/testfile$i" >> noblacklist.profile - echo "noblacklist \${PATH}/sh" >> noblacklist.profile - echo "env FJSTRESS$i=stress" >> env.profile -done -echo "include blacklist.profile" >> noblacklist.profile - -echo "TESTING: stress blacklist/noblacklist (/test/stress/blacklist.exp)" -./blacklist.exp - -echo "TESTING: stress env (/test/stress/env.exp)" -./env.exp - -rm -fr ~/fj-stress-test - -rm blacklist.profile -rm noblacklist.profile -rm env.profile - -# network arp testing -echo "TESTING: macvlan (test/stress/net_macvlan.exp)" -./net_macvlan.exp -- cgit v1.2.3-54-g00ecf