From 2d0d9a4080a5fd54c4914227843ae3e609bad1cb Mon Sep 17 00:00:00 2001 From: netblue30 Date: Thu, 12 Jan 2023 11:33:47 -0500 Subject: rel 0.9.72 testing: cleanup make test-private-lib --- Makefile | 9 +++++--- test/fs/fs.sh | 11 --------- test/fs/private-lib.exp | 48 ---------------------------------------- test/private-lib/private-lib.exp | 48 ++++++++++++++++++++++++++++++++++++++++ test/private-lib/private-lib.sh | 12 ++++++++++ 5 files changed, 66 insertions(+), 62 deletions(-) delete mode 100755 test/fs/private-lib.exp create mode 100755 test/private-lib/private-lib.exp diff --git a/Makefile b/Makefile index c5d823cac..57a692817 100644 --- a/Makefile +++ b/Makefile @@ -268,16 +268,16 @@ scan-build: clean # make test # -TESTS=profiles private-lib apps apps-x11 apps-x11-xorg sysutils utils environment filters fs fcopy fnetfilter +TESTS=profiles apps apps-x11 apps-x11-xorg sysutils utils environment filters fs fcopy fnetfilter TEST_TARGETS=$(patsubst %,test-%,$(TESTS)) $(TEST_TARGETS): $(MAKE) -C test $(subst test-,,$@) -test: test-profiles test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters +test: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters echo "TEST COMPLETE" -test-noprofiles: test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters +test-noprofiles: test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters echo "TEST COMPLETE" test-github: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment @@ -288,6 +288,9 @@ test-github: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sy # The tests are very intrusive, by the time you are done # with them you will need to restart your computer. ########################################## +# private-lib is disabled by default in /etc/firejail/firejail.config +test-private-lib: + $(MAKE) -C test $(subst test-,,$@) # a firejail-test account is required, public/private key setup test-ssh: diff --git a/test/fs/fs.sh b/test/fs/fs.sh index 697c86d3d..677b753fc 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh @@ -45,17 +45,6 @@ echo "TESTING: read/write /var/tmp (test/fs/fs_var_tmp.exp)" ./fs_var_tmp.exp rm -f /var/tmp/_firejail_test_file -if [[ $(uname -m) == "x86_64" ]]; then - fjconfig=/etc/firejail/firejail.config - printf 'private-lib yes\n' | sudo tee -a "$fjconfig" >/dev/null - echo "TESTING: private-lib (test/fs/private-lib.exp)" - ./private-lib.exp - printf '%s\n' "$(sed '/^private-lib yes$/d' "$fjconfig")" | - sudo tee "$fjconfig" >/dev/null -else - echo "TESTING SKIP: private-lib test implemented only for x86_64." -fi - echo "TESTING: read/write /var/lock (test/fs/fs_var_lock.exp)" ./fs_var_lock.exp rm -f /var/lock/_firejail_test_file diff --git a/test/fs/private-lib.exp b/test/fs/private-lib.exp deleted file mode 100755 index 5290def35..000000000 --- a/test/fs/private-lib.exp +++ /dev/null @@ -1,48 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2022 Firejail Authors -# License GPL v2 - - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --private-lib --private-bin=sh,bash,dash,ps,grep,ls,find,echo,stty \r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -after 100 -send -- "stty -echo\r" -after 100 - -send -- "cd /bin; find .\; echo done\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} -# "grep" {puts "TESTING ERROR 3\n";exit} - "rm" {puts "TESTING ERROR 3\n";exit} - "cp" {puts "TESTING ERROR 4\n";exit} - "done" -} -after 100 - -send -- "cd /lib; find .\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "./modules" {puts "TESTING ERROR 6\n";exit} - "./firmware" {puts "TESTING ERROR 7\n";exit} - "libc.so" -} -after 100 - -send -- "cd /usr/lib; find .\r" -expect { - timeout {puts "TESTING ERROR 8\n";exit} - "grub" {puts "TESTING ERROR 9\n";exit} - "mozilla" {puts "TESTING ERROR 10\n";exit} - "libdl.so" -} -after 100 - -puts "\nall done\n" diff --git a/test/private-lib/private-lib.exp b/test/private-lib/private-lib.exp new file mode 100755 index 000000000..5290def35 --- /dev/null +++ b/test/private-lib/private-lib.exp @@ -0,0 +1,48 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2022 Firejail Authors +# License GPL v2 + + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --private-lib --private-bin=sh,bash,dash,ps,grep,ls,find,echo,stty \r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +} +after 100 +send -- "stty -echo\r" +after 100 + +send -- "cd /bin; find .\; echo done\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} +# "grep" {puts "TESTING ERROR 3\n";exit} + "rm" {puts "TESTING ERROR 3\n";exit} + "cp" {puts "TESTING ERROR 4\n";exit} + "done" +} +after 100 + +send -- "cd /lib; find .\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "./modules" {puts "TESTING ERROR 6\n";exit} + "./firmware" {puts "TESTING ERROR 7\n";exit} + "libc.so" +} +after 100 + +send -- "cd /usr/lib; find .\r" +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "grub" {puts "TESTING ERROR 9\n";exit} + "mozilla" {puts "TESTING ERROR 10\n";exit} + "libdl.so" +} +after 100 + +puts "\nall done\n" diff --git a/test/private-lib/private-lib.sh b/test/private-lib/private-lib.sh index 6b7d433c8..43c42a098 100755 --- a/test/private-lib/private-lib.sh +++ b/test/private-lib/private-lib.sh @@ -18,3 +18,15 @@ for app in "${apps[@]}"; do echo "TESTING SKIP: $app not found" fi done + +if [[ $(uname -m) == "x86_64" ]]; then + fjconfig=/etc/firejail/firejail.config + printf 'private-lib yes\n' | sudo tee -a "$fjconfig" >/dev/null + echo "TESTING: private-lib (test/fs/private-lib.exp)" + ./private-lib.exp + printf '%s\n' "$(sed '/^private-lib yes$/d' "$fjconfig")" | + sudo tee "$fjconfig" >/dev/null +else + echo "TESTING SKIP: private-lib test implemented only for x86_64." +fi + -- cgit v1.2.3-70-g09d2