From 3fe00bab994c8ac9da482c7711aaadd38e2ea97d Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 24 Nov 2015 11:28:03 -0500 Subject: feature testing --- test/configure | 4 ++- test/features/3.1.exp | 72 ++++++++++++++++++++++++++++++++++++++++++++++ test/features/3.2.exp | 72 ++++++++++++++++++++++++++++++++++++++++++++++ test/features/features.txt | 1 + 4 files changed, 148 insertions(+), 1 deletion(-) create mode 100755 test/features/3.1.exp create mode 100755 test/features/3.2.exp diff --git a/test/configure b/test/configure index 73c808020..67122cfe1 100755 --- a/test/configure +++ b/test/configure @@ -28,12 +28,14 @@ ROOTDIR="/tmp/chroot" # default chroot directory DEFAULT_FILES="/bin/bash /bin/sh " # basic chroot files DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group " DEFAULT_FILES+=`find /lib -name libnss*` # files required by glibc -DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount" +DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /usr/bin/touch /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount" rm -fr $ROOTDIR mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc} mkdir -p $ROOTDIR/etc/firejail mkdir -p $ROOTDIR/home/netblue/.config/firejail +chown netblue:netblue $ROOTDIR/home/netblue +chown netblue:netblue $ROOTDIR/home/netblue/.config mkdir $ROOTDIR/home/someotheruser mkdir $ROOTDIR/boot mkdir $ROOTDIR/selinux diff --git a/test/features/3.1.exp b/test/features/3.1.exp new file mode 100755 index 000000000..6abbf94a5 --- /dev/null +++ b/test/features/3.1.exp @@ -0,0 +1,72 @@ +#!/usr/bin/expect -f +# +# tmpfs +# + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# +# N +# +send -- "touch ~/.config/firejail-test-file\r" +sleep 1 +send -- "firejail --noprofile --tmpfs=/home/netblue/.config\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ls ~/.config | wc -l\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "0" +} +after 100 +send -- "exit\r" +sleep 1 + +# +# O +# +send -- "firejail --noprofile --overlay --tmpfs=/home/netblue/.config\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ls ~/.config | wc -l\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "0" +} +after 100 +send -- "exit\r" +sleep 1 + +# +# C +# +send -- "touch /tmp/chroot/home/netblue/.config/firejail-test-file\r" +sleep 1 +send -- "firejail --noprofile --chroot=/tmp/chroot --tmpfs=/home/netblue/.config\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ls ~/.config | wc -l\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "0" +} +after 100 +send -- "exit\r" +sleep 1 + + +puts "\nall done\n" diff --git a/test/features/3.2.exp b/test/features/3.2.exp new file mode 100755 index 000000000..f6ed01310 --- /dev/null +++ b/test/features/3.2.exp @@ -0,0 +1,72 @@ +#!/usr/bin/expect -f +# +# disable /boot +# + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# +# N +# +send -- "rm -f ~/.config/firejail-test-file\r" +sleep 1 +send -- "firejail --noprofile --read-only=/home/netblue/.config\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "touch ~/.config/firejail-test-file\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Read-only file system" +} +after 100 +send -- "exit\r" +sleep 1 + +# +# O +# +send -- "firejail --noprofile --overlay --read-only=/home/netblue/.config\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "touch ~/.config/firejail-test-file\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "Read-only file system" +} +after 100 +send -- "exit\r" +sleep 1 + +# +# C +# +send -- "rm -f /tmp/chroot/home/netblue/.config/firejail-test-file\r" +sleep 1 +send -- "firejail --noprofile --chroot=/tmp/chroot --read-only=/home/netblue/.config\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "touch ~/.config/firejail-test-file\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "Read-only file system" +} +after 100 +send -- "exit\r" +sleep 1 + + +puts "\nall done\n" diff --git a/test/features/features.txt b/test/features/features.txt index 95e8cc5a0..492843adc 100644 --- a/test/features/features.txt +++ b/test/features/features.txt @@ -70,4 +70,5 @@ C - chroot filesystem 3. Filesystem features (use --noprofile) 3.1 tmpfs +3.2 read-only \ No newline at end of file -- cgit v1.2.3-70-g09d2