From 27d6f2b771eca9cfb70d598688a76177abcd193a Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sat, 20 Feb 2016 07:53:02 -0500 Subject: testing --- src/firejail/env.c | 2 + test/env.exp | 8 +-- test/features/3.11.exp | 7 +- test/features/3.4.exp | 6 +- test/features/3.5.exp | 12 ++-- test/features/3.9.exp | 12 ++-- test/test.sh | 170 ++++++++++++++++++++++++------------------------- 7 files changed, 110 insertions(+), 107 deletions(-) diff --git a/src/firejail/env.c b/src/firejail/env.c index 7fbf7aac5..54a6b0036 100644 --- a/src/firejail/env.c +++ b/src/firejail/env.c @@ -86,7 +86,9 @@ void env_ibus_load(void) { *ptr = '\0'; if (arg_debug) printf("%s\n", buf); + EUID_USER(); env_store(buf); + EUID_ROOT(); } fclose(fp); diff --git a/test/env.exp b/test/env.exp index d2edb0477..d7aee3c64 100755 --- a/test/env.exp +++ b/test/env.exp @@ -12,17 +12,17 @@ expect { } sleep 1 -send -- "env | grep ENV\r" +send -- "env | grep ENV1\r" expect { timeout {puts "TESTING ERROR 1\n";exit} "ENV1" } -send -- "env | grep ENV\r" +send -- "env | grep ENV2\r" expect { timeout {puts "TESTING ERROR 2\n";exit} "ENV2" } -send -- "env | grep ENV\r" +send -- "env | grep ENV3\r" expect { timeout {puts "TESTING ERROR 3\n";exit} "ENV3" @@ -52,4 +52,4 @@ expect { "Werror" } -puts "\n" +puts "\nall done\n" diff --git a/test/features/3.11.exp b/test/features/3.11.exp index aeaf28bf8..b3d3af18d 100755 --- a/test/features/3.11.exp +++ b/test/features/3.11.exp @@ -22,7 +22,7 @@ expect { } sleep 1 -send -- "ls -l ~ | grep xy76_u9\r" +send -- "ls -l ~ | grep firejail-xy76_u9\r" expect { timeout {puts "TESTING ERROR 1\n";exit} "drwx------" @@ -71,7 +71,7 @@ if { $overlay == "overlay" } { } sleep 1 - send -- "ls -l ~ | grep xy76_u9\r" + send -- "ls -l ~ | grep firejail-xy76_u9\r" expect { timeout {puts "TESTING ERROR 11\n";exit} "drwx------" @@ -123,7 +123,7 @@ if { $chroot == "chroot" } { } sleep 1 - send -- "ls -l ~ | grep xy76_u9\r" + send -- "ls -l ~ | grep firejail-xy76_u9\r" expect { timeout {puts "TESTING ERROR 21\n";exit} "drwx------" @@ -162,3 +162,4 @@ if { $chroot == "chroot" } { puts "\nall done\n" + diff --git a/test/features/3.4.exp b/test/features/3.4.exp index 996312334..3f316af5b 100755 --- a/test/features/3.4.exp +++ b/test/features/3.4.exp @@ -53,7 +53,7 @@ expect { ".Xauthority" } -send -- "ls -al | grep config\r" +send -- "ls -al | grep .config\r" expect { timeout {puts "TESTING ERROR 1.8\n";exit} "netblue" @@ -117,7 +117,7 @@ if { $overlay == "overlay" } { ".Xauthority" } - send -- "ls -al | grep config\r" + send -- "ls -al | grep .config\r" expect { timeout {puts "TESTING ERROR 3.8\n";exit} "netblue" @@ -181,7 +181,7 @@ if { $chroot == "chroot" } { ".Xauthority" } - send -- "ls -al | grep config\r" + send -- "ls -al | grep .config\r" expect { timeout {puts "TESTING ERROR 5.8\n";exit} "netblue" diff --git a/test/features/3.5.exp b/test/features/3.5.exp index d190ef36f..35de90429 100755 --- a/test/features/3.5.exp +++ b/test/features/3.5.exp @@ -19,10 +19,10 @@ expect { } sleep 1 -send -- "ls -al /dev | wc -l\r" +send -- "ls -l /dev | wc -l\r" expect { timeout {puts "TESTING ERROR 1.1\n";exit} - "14" + "12" } after 100 @@ -40,10 +40,10 @@ if { $overlay == "overlay" } { } sleep 1 - send -- "ls -al /dev | wc -l\r" + send -- "ls -l /dev | wc -l\r" expect { timeout {puts "TESTING ERROR 3.1\n";exit} - "13" + "12" } after 100 @@ -62,10 +62,10 @@ if { $chroot == "chroot" } { } sleep 1 - send -- "ls -al /dev | wc -l\r" + send -- "ls -l /dev | wc -l\r" expect { timeout {puts "TESTING ERROR 5.1\n";exit} - "13" + "12" } after 100 diff --git a/test/features/3.9.exp b/test/features/3.9.exp index 1dc556d78..a1797804f 100755 --- a/test/features/3.9.exp +++ b/test/features/3.9.exp @@ -12,7 +12,7 @@ set chroot [lindex $argv 1] # # N # -send -- "firejail --noprofile --whitelist=/dev/tty --whitelist=/dev/shm --whitelist=/dev/null\r" +send -- "firejail --noprofile --whitelist=/dev/tty --whitelist=/dev/null\r" expect { timeout {puts "TESTING ERROR 0\n";exit} "Child process initialized" @@ -22,7 +22,7 @@ sleep 1 send -- "ls -l /dev | wc -l\r" expect { timeout {puts "TESTING ERROR 1.1\n";exit} - "4" + "3" } @@ -35,7 +35,7 @@ sleep 1 # O # if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay --whitelist=/dev/tty --whitelist=/dev/shm --whitelist=/dev/null\r" + send -- "firejail --noprofile --overlay --whitelist=/dev/tty --whitelist=/dev/null\r" expect { timeout {puts "TESTING ERROR 2\n";exit} "Child process initialized" @@ -45,7 +45,7 @@ if { $overlay == "overlay" } { send -- "ls -l /dev | wc -l\r" expect { timeout {puts "TESTING ERROR 3.1\n";exit} - "4" + "3" } @@ -58,7 +58,7 @@ if { $overlay == "overlay" } { # C # if { $chroot == "chroot" } { - send -- "firejail --noprofile --chroot=/tmp/chroot --whitelist=/dev/tty --whitelist=/dev/shm --whitelist=/dev/null\r" + send -- "firejail --noprofile --chroot=/tmp/chroot --whitelist=/dev/tty --whitelist=/dev/null\r" expect { timeout {puts "TESTING ERROR 4\n";exit} "Child process initialized" @@ -68,7 +68,7 @@ if { $chroot == "chroot" } { send -- "ls -l /dev | wc -l\r" expect { timeout {puts "TESTING ERROR 5.1\n";exit} - "4" + "3" } after 100 diff --git a/test/test.sh b/test/test.sh index 923a9b390..48f74a0ed 100755 --- a/test/test.sh +++ b/test/test.sh @@ -6,37 +6,37 @@ ./fscheck.sh -echo "TESTING: nice" +echo "TESTING: nice (nice.exp)" ./nice.exp -echo "TESTING: protocol" +echo "TESTING: protocol (protocol.exp)" ./protocol.exp -echo "TESTING: invalid filename" +echo "TESTING: invalid filename (invalid_filename.exp)" ./invalid_filename.exp -echo "TESTING: environment variables" +echo "TESTING: environment variables (env.exp)" ./env.exp -echo "TESTING: whitelist empty" +echo "TESTING: whitelist empty (whitelist-empty.exp)" ./whitelist-empty.exp -echo "TESTING: ignore command" +echo "TESTING: ignore command (ignore.exp)" ./ignore.exp -echo "TESTING: private-etc" +echo "TESTING: private-etc (private-etc.exp)" ./private-etc.exp -echo "TESTING: private-bin" +echo "TESTING: private-bin (private-bin.exp)" ./private-bin.exp -echo "TESTING: private whitelist" +echo "TESTING: private whitelist (private-whitelist.exp)" ./private-whitelist.exp sleep 1 rm -fr dir\ with\ space mkdir dir\ with\ space -echo "TESTING: blacklist" +echo "TESTING: blacklist (blacklist.exp)" ./blacklist.exp sleep 1 rm -fr dir\ with\ space @@ -44,31 +44,31 @@ rm -fr dir\ with\ space ln -s auto auto2 ln -s /bin auto3 ln -s /usr/bin auto4 -echo "TESTING: blacklist directory link" +echo "TESTING: blacklist directory link (blacklist-link.exp)" ./blacklist-link.exp rm -fr auto2 rm -fr auto3 rm -fr auto4 -echo "TESTING: version" +echo "TESTING: version (option_version.exp)" ./option_version.exp -echo "TESTING: help" +echo "TESTING: help (option_help.exp)" ./option_help.exp -echo "TESTING: man" +echo "TESTING: man (opton_man.exp)" ./option_man.exp -echo "TESTING: list" +echo "TESTING: list (option_list.exp)" ./option_list.exp -echo "TESTING: tree" +echo "TESTING: tree (option_tree.exp)" ./option_tree.exp if [ -f /proc/self/uid_map ]; then - echo "TESTING: noroot" + echo "TESTING: noroot (noroot.exp)" ./noroot.exp else echo "TESTING: user namespaces not available" @@ -81,78 +81,78 @@ cp -- /bin/bash -testdir/. ./doubledash.exp rm -fr -- -testdir -echo "TESTING: trace1" +echo "TESTING: trace1 (option-trace.exp)" ./option-trace.exp -echo "TESTING: trace2" +echo "TESTING: trace2 (trace.exp)" rm -f index.html* ./trace.exp rm -f index.html* -echo "TESTING: extract command" +echo "TESTING: extract command (extract_command.exp)" ./extract_command.exp -echo "TESTING: kmsg access" +echo "TESTING: kmsg access (kmsg.exp)" ./kmsg.exp -echo "TESTING: rlimit" +echo "TESTING: rlimit (option_rlimit.exp)" ./option_rlimit.exp -echo "TESTING: shutdown" +echo "TESTING: shutdown (option_shutdown.exp)" ./option-shutdown.exp -echo "TESTING: join" +echo "TESTING: join (opton-join.exp)" ./option-join.exp -echo "TESTING: join profile" +echo "TESTING: join profile (option-join-profile.exp)" ./option-join-profile.exp -echo "TESTING: firejail in firejail - single sandbox" +echo "TESTING: firejail in firejail - single sandbox (firejail-in-firejail.exp)" ./firejail-in-firejail.exp -echo "TESTING: firejail in firejail - force new sandbox" +echo "TESTING: firejail in firejail - force new sandbox (firejail-in-firejail2.exp)" ./firejail-in-firejail2.exp -echo "TESTING: chroot overlay" +echo "TESTING: chroot overlay (opton_chroot_overlay.exp)" ./option_chroot_overlay.exp -echo "TESTING: blacklist directory" +echo "TESTING: blacklist directory (option_blacklist.exp)" ./option_blacklist.exp -echo "TESTING: blacklist file" +echo "TESTING: blacklist file (opton_blacklist_file.exp)" ./option_blacklist_file.exp -echo "TESTING: bind as user" +echo "TESTING: bind as user (option_bind_user.exp)" ./option_bind_user.exp if [ -d /home/bingo ]; then - echo "TESTING: home sanitize" + echo "TESTING: home sanitize (opton_version.exp)" ./option_version.exp fi -echo "TESTING: chroot as user" +echo "TESTING: chroot as user (fs_chroot.exp)" ./fs_chroot.exp -echo "TESTING: /sys" +echo "TESTING: /sys (fs_sys.exp)" ./fs_sys.exp -echo "TESTING: readonly" +echo "TESTING: readonly (option_readonly.exp)" ls -al > tmpreadonly ./option_readonly.exp sleep 5 rm -f tmpreadonly -echo "TESTING: zsh" +echo "TESTING: zsh (shell_zsh.exp)" ./shell_zsh.exp -echo "TESTING: csh" +echo "TESTING: csh (shell_csh.exp)" ./shell_csh.exp which dash if [ "$?" -eq 0 ]; then - echo "TESTING: dash" + echo "TESTING: dash (shell_dash.exp)" ./shell_dash.exp else echo "TESTING: dash not found" @@ -160,151 +160,151 @@ fi ./test-apps.sh -echo "TESTING: PID" +echo "TESTING: PID (pid.exp)" ./pid.exp -echo "TESTING: output" +echo "TESTING: output (output.exp)" ./output.exp -echo "TESTING: profile no permissions" +echo "TESTING: profile no permissions (profile_noperm.exp)" ./profile_noperm.exp -echo "TESTING: profile syntax" +echo "TESTING: profile syntax (profile_syntax.exp)" ./profile_syntax.exp -echo "TESTING: profile syntax 2" +echo "TESTING: profile syntax 2 (profile_syntax2.exp)" ./profile_syntax2.exp -echo "TESTING: profile rlimit" +echo "TESTING: profile rlimit (profile_rlimit.exp)" ./profile_rlimit.exp -echo "TESTING: profile read-only" +echo "TESTING: profile read-only (profile_readonly.exp)" ./profile_readonly.exp -echo "TESTING: private" +echo "TESTING: private (private.exp)" ./private.exp `whoami` -echo "TESTING: private directory" +echo "TESTING: private directory (private_dir.exp)" rm -fr dirprivate mkdir dirprivate ./private_dir.exp rm -fr dirprivate -echo "TESTING: private directory profile" +echo "TESTING: private directory profile (private_dir_profile.exp)" rm -fr dirprivate mkdir dirprivate ./private_dir_profile.exp rm -fr dirprivate -echo "TESTING: overlayfs" +echo "TESTING: overlayfs (fs_overlay.exp)" ./fs_overlay.exp -echo "TESTING: seccomp debug" +echo "TESTING: seccomp debug (seccomp-debug.exp)" ./seccomp-debug.exp -echo "TESTING: seccomp errno" +echo "TESTING: seccomp errno (seccomp-errno.exp)" ./seccomp-errno.exp -echo "TESTING: seccomp su" +echo "TESTING: seccomp su (seccomp-su.exp)" ./seccomp-su.exp -echo "TESTING: seccomp ptrace" +echo "TESTING: seccomp ptrace (seccomp-ptrace.exp)" ./seccomp-ptrace.exp -echo "TESTING: seccomp chmod - seccomp lists" +echo "TESTING: seccomp chmod - seccomp lists (seccomp-chmod.exp)" ./seccomp-chmod.exp -echo "TESTING: seccomp chmod profile - seccomp lists" +echo "TESTING: seccomp chmod profile - seccomp lists (seccomp-chmod-profile.exp)" ./seccomp-chmod-profile.exp -echo "TESTING: seccomp empty" +echo "TESTING: seccomp empty (seccomp-empty.exp)" ./seccomp-empty.exp -echo "TESTING: seccomp bad empty" +echo "TESTING: seccomp bad empty (seccomp-bad-empty.exp)" ./seccomp-bad-empty.exp -echo "TESTING: seccomp dual filter" +echo "TESTING: seccomp dual filter (seccomp-dualfilter.exp)" ./seccomp-dualfilter.exp -echo "TESTING: read/write /var/tmp" +echo "TESTING: read/write /var/tmp (fs_var_tmp.exp)" ./fs_var_tmp.exp -echo "TESTING: read/write /var/lock" +echo "TESTING: read/write /var/lock (fs_var_lock.exp)" ./fs_var_lock.exp -echo "TESTING: read/write /dev/shm" +echo "TESTING: read/write /dev/shm (fs_dev_shm.exp)" ./fs_dev_shm.exp -echo "TESTING: quiet" +echo "TESTING: quiet (quiet.exp)" ./quiet.exp -echo "TESTING: IPv6 support" +echo "TESTING: IPv6 support (ip6.exp)" ./ip6.exp -echo "TESTING: local network" +echo "TESTING: local network (net_local.exp)" ./net_local.exp -echo "TESTING: no network" +echo "TESTING: no network (net_none.exp)" ./net_none.exp -echo "TESTING: network IP" +echo "TESTING: network IP (net_ip.exp)" ./net_ip.exp -echo "TESTING: network MAC" +echo "TESTING: network MAC (net_mac.exp)" sleep 2 ./net_mac.exp -echo "TESTING: network MTU" +echo "TESTING: network MTU (net_mtu.exp)" ./net_mtu.exp -echo "TESTING: network hostname" +echo "TESTING: network hostname (hostname.exp)" ./hostname.exp -echo "TESTING: network bad IP" +echo "TESTING: network bad IP (net_badip.exp)" ./net_badip.exp -echo "TESTING: network no IP test 1" +echo "TESTING: network no IP test 1 (net_noip.exp)" ./net_noip.exp -echo "TESTING: network no IP test 2" +echo "TESTING: network no IP test 2 (net_noip2.exp)" ./net_noip2.exp -echo "TESTING: network default gateway test 1" +echo "TESTING: network default gateway test 1 (net_defaultgw.exp)" ./net_defaultgw.exp -echo "TESTING: network default gateway test 2" +echo "TESTING: network default gateway test 2 (net_defaultgw2.exp)" ./net_defaultgw2.exp -echo "TESTING: network default gateway test 3" +echo "TESTING: network default gateway test 3 (net_defaultgw3.exp)" ./net_defaultgw3.exp -echo "TESTING: netfilter" +echo "TESTING: netfilter (net_netfilter.exp)" ./net_netfilter.exp -echo "TESTING: 4 bridges ARP" +echo "TESTING: 4 bridges ARP (4bridges_arp.exp)" ./4bridges_arp.exp -echo "TESTING: 4 bridges IP" +echo "TESTING: 4 bridges IP (4bridges_ip.exp)" ./4bridges_ip.exp -echo "TESTING: login SSH" +echo "TESTING: login SSH (login_ssh.exp)" ./login_ssh.exp -echo "TESTING: ARP" +echo "TESTING: ARP (net_arp.exp)" ./net_arp.exp -echo "TESTING: DNS" +echo "TESTING: DNS (dns.exp)" ./dns.exp -echo "TESTING: firemon --arp" +echo "TESTING: firemon --arp (firemon-arp.exp)" ./firemon-arp.exp -echo "TESTING: firemon --route" +echo "TESTING: firemon --route (firemon-route.exp)" ./firemon-route.exp -echo "TESTING: firemon --seccomp" +echo "TESTING: firemon --seccomp (firemon-seccomp.exp)" ./firemon-seccomp.exp -echo "TESTING: firemon --caps" +echo "TESTING: firemon --caps (firemon-caps.exp)" ./firemon-caps.exp -- cgit v1.2.3-54-g00ecf