From b9888e6a388b7d2c17f0aa75b2ef5205b4b90720 Mon Sep 17 00:00:00 2001 From: smitsohu Date: Thu, 26 Sep 2019 10:59:26 +0200 Subject: testing --- test/environment/environment.sh | 3 +++ test/environment/umask.exp | 41 ++++++++++++++++++++++++++++++ test/fs/fs.sh | 9 +++++++ test/fs/noblacklist-blacklist-noexec.exp | 36 ++++++++++++++++++++++++++ test/fs/noblacklist-blacklist-readonly.exp | 35 +++++++++++++++++++++++++ test/fs/whitelist-noexec.exp | 36 ++++++++++++++++++++++++++ 6 files changed, 160 insertions(+) create mode 100755 test/environment/umask.exp create mode 100755 test/fs/noblacklist-blacklist-noexec.exp create mode 100755 test/fs/noblacklist-blacklist-readonly.exp create mode 100755 test/fs/whitelist-noexec.exp diff --git a/test/environment/environment.sh b/test/environment/environment.sh index 735d3e59e..f860f7c24 100755 --- a/test/environment/environment.sh +++ b/test/environment/environment.sh @@ -120,3 +120,6 @@ echo "TESTING: rlimit errors profile (test/environment/rlimit-bad-profile.exp)" echo "TESTING: deterministic exit code (test/environment/deterministic-exit-code.exp" ./deterministic-exit-code.exp + +echo "TESTING: retain umask (test/environment/umask.exp" +(umask 123 && ./umask.exp) diff --git a/test/environment/umask.exp b/test/environment/umask.exp new file mode 100755 index 000000000..e93d71bd4 --- /dev/null +++ b/test/environment/umask.exp @@ -0,0 +1,41 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --noprofile\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "umask\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "0123" +} +after 100 + +send -- "firejail\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Warning: an existing sandbox was detected" +} +after 100 + +send -- "umask\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "0123" +} +after 100 + +send -- "exit\r" +after 100 + +send -- "exit\r" +sleep 1 + +puts "\nall done\n" diff --git a/test/fs/fs.sh b/test/fs/fs.sh index fa642443f..2509638fc 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh @@ -99,6 +99,12 @@ echo "TESTING: blacklist file (test/fs/option_blacklist_file.exp)" echo "TESTING: blacklist glob (test/fs/option_blacklist_glob.exp)" ./option_blacklist_glob.exp +echo "TESTING: noblacklist blacklist noexec (test/fs/noblacklist-blacklist-noexec.exp)" +./noblacklist-blacklist-noexec.exp + +echo "TESTING: noblacklist blacklist readonly (test/fs/noblacklist-blacklist-readonly.exp)" +./noblacklist-blacklist-readonly.exp + echo "TESTING: bind as user (test/fs/option_bind_user.exp)" ./option_bind_user.exp @@ -114,6 +120,9 @@ echo "TESTING: whitelist (test/fs/whitelist.exp)" echo "TESTING: whitelist dev, var(test/fs/whitelist-dev.exp)" ./whitelist-dev.exp +echo "TESTING: whitelist noexec (test/fs/whitelist-noexec.exp)" +./whitelist-noexec.exp + echo "TESTING: whitelist with whitespaces (test/fs/whitelist-whitespace.exp)" ./whitelist-whitespace.exp diff --git a/test/fs/noblacklist-blacklist-noexec.exp b/test/fs/noblacklist-blacklist-noexec.exp new file mode 100755 index 000000000..5d0581a8c --- /dev/null +++ b/test/fs/noblacklist-blacklist-noexec.exp @@ -0,0 +1,36 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2019 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 +set PWD $env(PWD) + + +send -- "firejail --noprofile --noblacklist=$PWD --blacklist=$PWD --noexec=$PWD\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ls $PWD\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "noblacklist-blacklist-noexec.exp" +} +after 100 + +send -- "$PWD/noblacklist-blacklist-noexec.exp\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Permission denied" +} +after 100 + +send -- "exit\r" +sleep 1 + +puts "\nall done\n" diff --git a/test/fs/noblacklist-blacklist-readonly.exp b/test/fs/noblacklist-blacklist-readonly.exp new file mode 100755 index 000000000..c31bd6948 --- /dev/null +++ b/test/fs/noblacklist-blacklist-readonly.exp @@ -0,0 +1,35 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2019 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + + +send -- "firejail --noprofile --noblacklist=~ --blacklist=~ --read-only=~\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ls ~\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Downloads" +} +after 100 + +send -- "echo World > ~/Hello\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Read-only file system" +} +after 100 + +send -- "exit\r" +sleep 1 + +puts "\nall done\n" diff --git a/test/fs/whitelist-noexec.exp b/test/fs/whitelist-noexec.exp new file mode 100755 index 000000000..f05316a30 --- /dev/null +++ b/test/fs/whitelist-noexec.exp @@ -0,0 +1,36 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2019 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 +set PWD $env(PWD) + + +send -- "firejail --noprofile --whitelist=$PWD --noexec=$PWD\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ls $PWD\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "whitelist-noexec.exp" +} +after 100 + +send -- "$PWD/whitelist-noexec.exp\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Permission denied" +} +after 100 + +send -- "exit\r" +sleep 1 + +puts "\nall done\n" -- cgit v1.2.3-54-g00ecf