From 64699c828f52ab06055d50e1f4e781572a53c35f Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sat, 31 Mar 2018 07:49:55 -0400 Subject: testing --- Makefile.in | 1 + gcov.sh | 11 +++++++++-- test/root/firecfg.exp | 8 ++++---- test/root/root.sh | 4 ++-- test/utils/audit.exp | 20 ++++++++++++++++++++ test/utils/build.exp | 12 ++++++++++-- test/utils/utils.sh | 8 ++++++++ 7 files changed, 54 insertions(+), 10 deletions(-) diff --git a/Makefile.in b/Makefile.in index 21055b694..7b84c5605 100644 --- a/Makefile.in +++ b/Makefile.in @@ -107,6 +107,7 @@ endif install -c -m 0755 src/fbuilder/fbuilder $(DESTDIR)/$(libdir)/firejail/. ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP) install -c -m 0755 src/fsec-print/fsec-print $(DESTDIR)/$(libdir)/firejail/. + install -c -m 0755 src/fsec-optimize/fsec-optimize $(DESTDIR)/$(libdir)/firejail/. install -c -m 0755 src/fseccomp/fseccomp $(DESTDIR)/$(libdir)/firejail/. install -c -m 0644 seccomp $(DESTDIR)/$(libdir)/firejail/. install -c -m 0644 seccomp.debug $(DESTDIR)/$(libdir)/firejail/. diff --git a/gcov.sh b/gcov.sh index df1fcb51b..ff910cbe0 100755 --- a/gcov.sh +++ b/gcov.sh @@ -10,11 +10,18 @@ gcov_init() { /usr/lib/firejail/fcopy --help > /dev/null /usr/lib/firejail/fldd --help > /dev/null firecfg --help > /dev/null + + /usr/lib/firejail/fnetfilter --help > /dev/null + /usr/lib/firejail/fsec-print --help > /dev/null + /usr/lib/firejail/fsec-optimize --help > /dev/null + /usr/lib/firejail/faudit --help > /dev/null + /usr/lib/firejail/fbuilder --help > /dev/null + sudo chown $USER:$USER `find .` } generate() { - lcov -q --capture -d src/firejail -d src/firemon -d src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-new + lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder -d src/fcopy -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-new lcov --add-tracefile gcov-file-old --add-tracefile gcov-file-new --output-file gcov-file rm -fr gcov-dir genhtml -q gcov-file --output-directory gcov-dir @@ -25,7 +32,7 @@ generate() { gcov_init -lcov -q --capture -d src/firejail -d src/firemon -d src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-old +lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder -d src/fcopy -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-old #make test-environment #generate diff --git a/test/root/firecfg.exp b/test/root/firecfg.exp index 02f2323a0..656b8e215 100755 --- a/test/root/firecfg.exp +++ b/test/root/firecfg.exp @@ -13,7 +13,7 @@ sleep 1 send -- "firecfg --clean\r" expect { timeout {puts "TESTING ERROR 0\n";exit} - "/usr/local/bin/firefox removed" + "less removed" } sleep 1 @@ -30,11 +30,11 @@ sleep 1 send -- "firecfg\r" expect { timeout {puts "TESTING ERROR 3\n";exit} - "firefox created" + "less created" } sleep 1 -send -- "file /usr/local/bin/firefox\r" +send -- "file /usr/local/bin/less\r" expect { timeout {puts "TESTING ERROR 4\n";exit} "symbolic link to /usr/bin/firejail" @@ -44,7 +44,7 @@ sleep 1 send -- "firecfg --list\r" expect { timeout {puts "TESTING ERROR 5\n";exit} - "/usr/local/bin/firefox" + "/usr/local/bin/less" } sleep 1 diff --git a/test/root/root.sh b/test/root/root.sh index 912ae23f0..22b12cf86 100755 --- a/test/root/root.sh +++ b/test/root/root.sh @@ -110,13 +110,13 @@ echo "TESTING: firemon events (test/root/firemon-events.exp)" #******************************** # firecfg #******************************** -which firefox +which less if [ "$?" -eq 0 ]; then echo "TESTING: firecfg (test/root/firecfg.exp)" ./firecfg.exp else - echo "TESTING SKIP: firecfg, firefox not found" + echo "TESTING SKIP: firecfg, less not found" fi # restore the default config file diff --git a/test/utils/audit.exp b/test/utils/audit.exp index c68ee387c..684886af7 100755 --- a/test/utils/audit.exp +++ b/test/utils/audit.exp @@ -76,4 +76,24 @@ expect { } after 100 +# run audit executable without a sandbox +send -- "faudit\r" +expect { + timeout {puts "TESTING ERROR 13\n";exit} + "is not running in a PID namespace" +} +expect { + timeout {puts "TESTING ERROR 14\n";exit} + "BAD: seccomp disabled" +} +expect { + timeout {puts "TESTING ERROR 15\n";exit} + "BAD: the capability map is" +} +expect { + timeout {puts "TESTING ERROR 16\n";exit} + "MAYBE: /dev directory seems to be fully populated" +} +after 100 + puts "\nall done\n" diff --git a/test/utils/build.exp b/test/utils/build.exp index 916f373b9..de2a9b6ae 100755 --- a/test/utils/build.exp +++ b/test/utils/build.exp @@ -7,7 +7,15 @@ set timeout 10 spawn $env(SHELL) match_max 100000 -send -- "firejail --build ls ~\r" +send -- "firejail --build cat ~/firejail-test-file-7699\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "whitelist ~/firejail-test-file-7699" +} +expect { + timeout {puts "TESTING ERROR 0.1\n";exit} + "include /etc/firejail/whitelist-common.inc" +} expect { timeout {puts "TESTING ERROR 1\n";exit} "private-tmp" @@ -22,7 +30,7 @@ expect { } expect { timeout {puts "TESTING ERROR 4\n";exit} - "private-bin ls," + "private-bin cat," } expect { timeout {puts "TESTING ERROR 5\n";exit} diff --git a/test/utils/utils.sh b/test/utils/utils.sh index 59cd1cfd6..d72cc2269 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh @@ -6,8 +6,16 @@ export MALLOC_CHECK_=3 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) +if [ -f /etc/debian_version ]; then + libdir=$(dirname "$(dpkg -L firejail | grep faudit)") + export PATH="$PATH:$libdir" +fi +export PATH="$PATH:/usr/lib/firejail" + +echo "testing" > ~/firejail-test-file-7699 echo "TESTING: build (test/utils/build.exp)" ./build.exp +rm -f ~/firejail-test-file-7699 echo "TESTING: audit (test/utils/audit.exp)" ./audit.exp -- cgit v1.2.3-54-g00ecf