From a45897aef62277c58cbc9991ed5ffe6766287ac3 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 8 Jan 2019 14:39:36 -0500 Subject: test caps join --- test/filters/caps-join.exp | 96 ++++++++++++++++++++++++++++++++++++++++++++++ test/filters/filters.sh | 3 ++ 2 files changed, 99 insertions(+) create mode 100755 test/filters/caps-join.exp diff --git a/test/filters/caps-join.exp b/test/filters/caps-join.exp new file mode 100755 index 000000000..2e29ef763 --- /dev/null +++ b/test/filters/caps-join.exp @@ -0,0 +1,96 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2018 Firejail Authors +# License GPL v2 + +set timeout 10 +match_max 100000 +spawn $env(SHELL) +set id1 $spawn_id +spawn $env(SHELL) +set id2 $spawn_id + +send -- "stty -echo\r" +after 100 + +# +# regular run +# +set spawn_id $id1 +send -- "firejail --name=jointesting\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 1 + +set spawn_id $id2 + +send -- "firejail --join=jointesting cat /proc/self/status\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "CapBnd: 0000000000000000" +} +sleep 1 + +set spawn_id $id1 +send -- "exit\r" +after 100 + +# +# no caps +# +set spawn_id $id1 +send -- "firejail --name=jointesting --noprofile\r" +expect { + timeout {puts "TESTING ERROR 10\n";exit} + "Child process initialized" +} +sleep 1 + +set spawn_id $id2 + +send -- "firejail --join=jointesting cat /proc/self/status\r" +expect { + timeout {puts "TESTING ERROR 11\n";exit} + "CapBnd:" +} +expect { + timeout {puts "TESTING ERROR 12\n";exit} + "fffffffff" +} +expect { + timeout {puts "TESTING ERROR 13\n";exit} + "CapAmb:" +} +sleep 1 + +set spawn_id $id1 +send -- "exit\r" +after 100 + +# +# no caps +# +set spawn_id $id1 +send -- "firejail --name=jointesting --noprofile --caps.keep=chown,fowner\r" +expect { + timeout {puts "TESTING ERROR20\n";exit} + "Child process initialized" +} +sleep 1 + +set spawn_id $id2 + +send -- "firejail --join=jointesting cat /proc/self/status\r" +expect { + timeout {puts "TESTING ERROR 21\n";exit} + "CapBnd: 0000000000000009" +} +sleep 1 + +set spawn_id $id1 +send -- "exit\r" +after 100 + +puts "all done\n" diff --git a/test/filters/filters.sh b/test/filters/filters.sh index 259045e77..33f205e05 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh @@ -52,6 +52,9 @@ fi echo "TESTING: capabilities print (test/filters/caps-print.exp)" ./caps-print.exp +echo "TESTING: capabilities join (test/filters/caps-join.exp)" +./caps-join.exp + rm -f seccomp-test-file if [ "$(uname -m)" = "x86_64" ]; then echo "TESTING: fseccomp (test/filters/fseccomp.exp)" -- cgit v1.2.3-54-g00ecf